2 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
64 /* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_NO_CIPHER);
65 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_NO_CERTIFICATE);
66 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_CERTIFICATE);
67 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
68 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_UNKNOWN_REMOTE_ERROR_TYPE);
72 static int read_n(SSL
*s
,unsigned int n
,unsigned int max
,unsigned int extend
);
73 static int do_ssl_write(SSL
*s
, const char *buf
, unsigned int len
);
74 static int write_pending(SSL
*s
, const char *buf
, unsigned int len
);
75 static int ssl_mt_error(int n
);
78 static int do_ssl_write();
79 static int write_pending();
80 static int ssl_mt_error();
83 int ssl2_peek(s
,buf
,len
)
90 ret
=ssl2_read(s
,buf
,len
);
93 s
->s2
->ract_data_length
+=ret
;
94 s
->s2
->ract_data
-=ret
;
100 * This routine will return 0 to len bytes, decrypted etc if required.
102 int ssl2_read(s
, buf
, len
)
108 unsigned char mac
[MAX_MAC_SIZE
];
111 unsigned int mac_size
=0;
113 if (SSL_in_init(s
) && !s
->in_handshake
)
115 n
=s
->handshake_func(s
);
116 if (n
< 0) return(n
);
119 SSLerr(SSL_F_SSL2_READ
,SSL_R_SSL_HANDSHAKE_FAILURE
);
125 s
->rwstate
=SSL_NOTHING
;
126 if (len
<= 0) return(len
);
128 if (s
->s2
->ract_data_length
!= 0) /* read from buffer */
130 if (len
> s
->s2
->ract_data_length
)
131 n
=s
->s2
->ract_data_length
;
135 memcpy(buf
,s
->s2
->ract_data
,(unsigned int)n
);
136 s
->s2
->ract_data_length
-=n
;
138 if (s
->s2
->ract_data_length
== 0)
139 s
->rstate
=SSL_ST_READ_HEADER
;
143 if (s
->rstate
== SSL_ST_READ_HEADER
)
147 n
=read_n(s
,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+2,0);
148 if (n
<= 0) return(n
); /* error or non-blocking */
151 if (!((p
[0] & 0x80) && (
152 (p
[2] == SSL2_MT_CLIENT_HELLO
) ||
153 (p
[2] == SSL2_MT_SERVER_HELLO
))))
155 SSLerr(SSL_F_SSL2_READ
,SSL_R_NON_SSLV2_INITIAL_PACKET
);
161 n
=read_n(s
,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+2,0);
162 if (n
<= 0) return(n
); /* error or non-blocking */
164 /* part read stuff */
166 s
->rstate
=SSL_ST_READ_BODY
;
169 /*s->s2->padding=0;*/
171 s
->s2
->rlength
=(((unsigned int)p
[0])<<8)|((unsigned int)p
[1]);
172 if ((p
[0] & TWO_BYTE_BIT
)) /* Two byte header? */
174 s
->s2
->three_byte_header
=0;
175 s
->s2
->rlength
&=TWO_BYTE_MASK
;
179 s
->s2
->three_byte_header
=1;
180 s
->s2
->rlength
&=THREE_BYTE_MASK
;
182 /* security >s2->escape */
183 s
->s2
->escape
=((p
[0] & SEC_ESC_BIT
))?1:0;
187 if (s
->rstate
== SSL_ST_READ_BODY
)
189 n
=s
->s2
->rlength
+2+s
->s2
->three_byte_header
;
190 if (n
> (int)s
->packet_length
)
193 i
=read_n(s
,(unsigned int)n
,(unsigned int)n
,1);
194 if (i
<= 0) return(i
); /* ERROR */
198 s
->rstate
=SSL_ST_READ_HEADER
;
199 if (s
->s2
->three_byte_header
)
200 s
->s2
->padding
= *(p
++);
201 else s
->s2
->padding
=0;
204 if (s
->s2
->clear_text
)
208 s
->s2
->pad_data
=NULL
;
212 mac_size
=EVP_MD_size(s
->read_hash
);
214 s
->s2
->ract_data
= &p
[mac_size
];
215 s
->s2
->pad_data
= &p
[mac_size
+
216 s
->s2
->rlength
-s
->s2
->padding
];
219 s
->s2
->ract_data_length
=s
->s2
->rlength
;
220 /* added a check for length > max_size in case
221 * encryption was not turned on yet due to an error */
222 if ((!s
->s2
->clear_text
) &&
223 (s
->s2
->rlength
>= mac_size
))
226 s
->s2
->ract_data_length
-=mac_size
;
228 s
->s2
->ract_data_length
-=s
->s2
->padding
;
229 if ( (memcmp(mac
,s
->s2
->mac_data
,
230 (unsigned int)mac_size
) != 0) ||
231 (s
->s2
->rlength
%EVP_CIPHER_CTX_block_size(s
->enc_read_ctx
) != 0))
233 SSLerr(SSL_F_SSL2_READ
,SSL_R_BAD_MAC_DECODE
);
234 return(SSL_RWERR_BAD_MAC_DECODE
);
237 INC32(s
->s2
->read_sequence
); /* expect next number */
238 /* s->s2->ract_data is now available for processing */
240 /* If a 0 byte packet was sent, return 0, otherwise
241 * we play havoc with people using select with
242 * blocking sockets. Let them handle a packet at a time,
243 * they should really be using non-blocking sockets. */
244 if (s
->s2
->ract_data_length
== 0)
246 return(ssl2_read(s
,buf
,len
));
250 SSLerr(SSL_F_SSL2_READ
,SSL_R_BAD_STATE
);
251 return(SSL_RWERR_INTERNAL_ERROR
);
255 static int read_n(s
, n
, max
, extend
)
263 /* if there is stuff still in the buffer from a previous read,
264 * and there is more than we want, take some. */
265 if (s
->s2
->rbuf_left
>= (int)n
)
271 s
->packet
= &(s
->s2
->rbuf
[s
->s2
->rbuf_offs
]);
279 if (!s
->read_ahead
) max
=n
;
280 if (max
> (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+2))
281 max
=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+2;
284 /* Else we want more than we have.
285 * First, if there is some left or we want to extend */
287 if ((s
->s2
->rbuf_left
!= 0) || ((s
->packet_length
!= 0) && extend
))
289 newb
=s
->s2
->rbuf_left
;
292 off
=s
->packet_length
;
293 if (s
->packet
!= s
->s2
->rbuf
)
294 memcpy(s
->s2
->rbuf
,s
->packet
,
295 (unsigned int)newb
+off
);
297 else if (s
->s2
->rbuf_offs
!= 0)
299 memcpy(s
->s2
->rbuf
,&(s
->s2
->rbuf
[s
->s2
->rbuf_offs
]),
308 /* off is the offset to start writing too.
309 * r->s2->rbuf_offs is the 'unread data', now 0.
310 * newb is the number of new bytes so far
312 s
->packet
=s
->s2
->rbuf
;
313 while (newb
< (int)n
)
318 s
->rwstate
=SSL_READING
;
319 i
=BIO_read(s
->rbio
,(char *)&(s
->s2
->rbuf
[off
+newb
]),
324 SSLerr(SSL_F_READ_N
,SSL_R_READ_BIO_NOT_SET
);
328 if (s
->debug
& 0x01) sleep(1);
332 s
->s2
->rbuf_left
+=newb
;
338 /* record unread data */
341 s
->s2
->rbuf_offs
=n
+off
;
342 s
->s2
->rbuf_left
=newb
-n
;
353 s
->rwstate
=SSL_NOTHING
;
357 int ssl2_write(s
, buf
, len
)
365 if (SSL_in_init(s
) && !s
->in_handshake
)
367 i
=s
->handshake_func(s
);
368 if (i
< 0) return(i
);
371 SSLerr(SSL_F_SSL2_WRITE
,SSL_R_SSL_HANDSHAKE_FAILURE
);
384 s
->rwstate
=SSL_NOTHING
;
385 if (len
<= 0) return(len
);
393 i
=do_ssl_write(s
,&(buf
[tot
]),n
);
399 if (i
== (int)n
) return(tot
+i
);
406 static int write_pending(s
,buf
,len
)
413 /* s->s2->wpend_len != 0 MUST be true. */
415 /* check that they have given us the same buffer to
417 if ((s
->s2
->wpend_tot
!= (int)len
) || (s
->s2
->wpend_buf
!= buf
))
419 SSLerr(SSL_F_WRITE_PENDING
,SSL_R_BAD_WRITE_RETRY
);
420 return(SSL_RWERR_BAD_WRITE_RETRY
);
428 s
->rwstate
=SSL_WRITING
;
430 (char *)&(s
->s2
->write_ptr
[s
->s2
->wpend_off
]),
431 (unsigned int)s
->s2
->wpend_len
);
435 SSLerr(SSL_F_WRITE_PENDING
,SSL_R_WRITE_BIO_NOT_SET
);
439 if (s
->debug
& 0x01) sleep(1);
441 if (i
== s
->s2
->wpend_len
)
444 s
->rwstate
=SSL_NOTHING
;
445 return(s
->s2
->wpend_ret
);
454 static int do_ssl_write(s
, buf
, len
)
459 unsigned int j
,k
,olen
,p
,mac_size
,bs
;
460 register unsigned char *pp
;
464 /* first check if there is data from an encryption waiting to
465 * be sent - it must be sent because the other end is waiting.
466 * This will happen with non-blocking IO. We print it and then
469 if (s
->s2
->wpend_len
!= 0) return(write_pending(s
,buf
,len
));
471 /* set mac_size to mac size */
472 if (s
->s2
->clear_text
)
475 mac_size
=EVP_MD_size(s
->write_hash
);
477 /* lets set the pad p */
478 if (s
->s2
->clear_text
)
480 if (len
> SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
)
481 len
=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
;
483 s
->s2
->three_byte_header
=0;
488 bs
=EVP_CIPHER_CTX_block_size(s
->enc_read_ctx
);
490 if ((j
> SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER
) &&
493 if (j
> SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
)
494 j
=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
;
495 /* set k to the max number of bytes with 2
498 /* how many data bytes? */
500 s
->s2
->three_byte_header
=0;
503 else if ((bs
<= 1) && (!s
->s2
->escape
))
506 s
->s2
->three_byte_header
=0;
509 else /* 3 byte header */
515 s
->s2
->three_byte_header
=1;
517 s
->s2
->three_byte_header
=(p
== 0)?0:1;
520 /* mac_size is the number of MAC bytes
521 * len is the number of data bytes we are going to send
522 * p is the number of padding bytes
523 * if p == 0, it is a 2 byte header */
527 s
->s2
->mac_data
= &(s
->s2
->wbuf
[3]);
528 s
->s2
->wact_data
= &(s
->s2
->wbuf
[3+mac_size
]);
529 /* we copy the data into s->s2->wbuf */
530 memcpy(s
->s2
->wact_data
,buf
,len
);
533 memset(&(s
->s2
->wact_data
[len
]),0,p
);
536 if (!s
->s2
->clear_text
)
538 s
->s2
->wact_data_length
=len
+p
;
539 ssl2_mac(s
,s
->s2
->mac_data
,1);
540 s
->s2
->wlength
+=p
+mac_size
;
544 /* package up the header */
545 s
->s2
->wpend_len
=s
->s2
->wlength
;
546 if (s
->s2
->three_byte_header
) /* 3 byte header */
550 pp
[0]=(s
->s2
->wlength
>>8)&(THREE_BYTE_MASK
>>8);
551 if (s
->s2
->escape
) pp
[0]|=SEC_ESC_BIT
;
552 pp
[1]=s
->s2
->wlength
&0xff;
553 pp
[2]=s
->s2
->padding
;
560 pp
[0]=((s
->s2
->wlength
>>8)&(TWO_BYTE_MASK
>>8))|TWO_BYTE_BIT
;
561 pp
[1]=s
->s2
->wlength
&0xff;
566 INC32(s
->s2
->write_sequence
); /* expect next number */
568 /* lets try to actually write the data */
569 s
->s2
->wpend_tot
=olen
;
570 s
->s2
->wpend_buf
=(char *)buf
;
572 s
->s2
->wpend_ret
=len
;
575 return(write_pending(s
,buf
,olen
));
578 int ssl2_part_read(s
,f
,i
)
586 /* check for error */
587 if ((s
->init_num
== 0) && (i
>= 3))
589 p
=(unsigned char *)s
->init_buf
->data
;
590 if (p
[0] == SSL2_MT_ERROR
)
593 SSLerr((int)f
,ssl_mt_error(j
));
599 /* ssl2_return_error(s); */
600 /* for non-blocking io,
601 * this is not fatal */
616 ret
=ssl2_write(s
,(char *)&(s
->init_buf
->data
[s
->init_off
]),
618 if (ret
== s
->init_num
)
627 static int ssl_mt_error(n
)
634 case SSL2_PE_NO_CIPHER
:
635 ret
=SSL_R_PEER_ERROR_NO_CIPHER
;
637 case SSL2_PE_NO_CERTIFICATE
:
638 ret
=SSL_R_PEER_ERROR_NO_CERTIFICATE
;
640 case SSL2_PE_BAD_CERTIFICATE
:
641 ret
=SSL_R_PEER_ERROR_CERTIFICATE
;
643 case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE
:
644 ret
=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
;
647 ret
=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE
;