]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | /* ssl/s3_pkt.c */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
8 | * | |
9 | * This library is free for commercial and non-commercial use as long as | |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15 | * | |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
22 | * | |
23 | * Redistribution and use in source and binary forms, with or without | |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | |
38 | * the apps directory (application code) you must include an acknowledgement: | |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
40 | * | |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
52 | * | |
53 | * The licence and distribution terms for any publically available version or | |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
60 | #include <errno.h> | |
61 | #define USE_SOCKETS | |
ec577822 BM |
62 | #include <openssl/evp.h> |
63 | #include <openssl/buffer.h> | |
d02b48c6 RE |
64 | #include "ssl_locl.h" |
65 | ||
61f5b6f3 BL |
66 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
67 | unsigned int len); | |
68 | static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | |
e778802f | 69 | unsigned int len); |
d02b48c6 RE |
70 | static int ssl3_get_record(SSL *s); |
71 | static int do_compress(SSL *ssl); | |
72 | static int do_uncompress(SSL *ssl); | |
58964a49 | 73 | static int do_change_cipher_spec(SSL *ssl); |
6b691a5c | 74 | static int ssl3_read_n(SSL *s, int n, int max, int extend) |
d02b48c6 RE |
75 | { |
76 | int i,off,newb; | |
77 | ||
78 | /* if there is stuff still in the buffer from a previous read, | |
79 | * and there is more than we want, take some. */ | |
80 | if (s->s3->rbuf.left >= (int)n) | |
81 | { | |
82 | if (extend) | |
83 | s->packet_length+=n; | |
84 | else | |
85 | { | |
86 | s->packet= &(s->s3->rbuf.buf[s->s3->rbuf.offset]); | |
87 | s->packet_length=n; | |
88 | } | |
89 | s->s3->rbuf.left-=n; | |
90 | s->s3->rbuf.offset+=n; | |
91 | return(n); | |
92 | } | |
93 | ||
94 | /* else we need to read more data */ | |
95 | if (!s->read_ahead) max=n; | |
96 | if (max > SSL3_RT_MAX_PACKET_SIZE) | |
97 | max=SSL3_RT_MAX_PACKET_SIZE; | |
98 | ||
99 | /* First check if there is some left or we want to extend */ | |
100 | off=0; | |
101 | if ( (s->s3->rbuf.left != 0) || | |
102 | ((s->packet_length != 0) && extend)) | |
103 | { | |
104 | newb=s->s3->rbuf.left; | |
105 | if (extend) | |
106 | { | |
107 | /* Copy bytes back to the front of the buffer | |
108 | * Take the bytes already pointed to by 'packet' | |
109 | * and take the extra ones on the end. */ | |
110 | off=s->packet_length; | |
111 | if (s->packet != s->s3->rbuf.buf) | |
112 | memcpy(s->s3->rbuf.buf,s->packet,newb+off); | |
113 | } | |
114 | else if (s->s3->rbuf.offset != 0) | |
115 | { /* so the data is not at the start of the buffer */ | |
116 | memcpy(s->s3->rbuf.buf, | |
117 | &(s->s3->rbuf.buf[s->s3->rbuf.offset]),newb); | |
118 | s->s3->rbuf.offset=0; | |
119 | } | |
120 | ||
121 | s->s3->rbuf.left=0; | |
122 | } | |
123 | else | |
124 | newb=0; | |
125 | ||
126 | /* So we now have 'newb' bytes at the front of | |
127 | * s->s3->rbuf.buf and need to read some more in on the end | |
128 | * We start reading into the buffer at 's->s3->rbuf.offset' | |
129 | */ | |
130 | s->packet=s->s3->rbuf.buf; | |
131 | ||
132 | while (newb < n) | |
133 | { | |
58964a49 | 134 | clear_sys_error(); |
d02b48c6 RE |
135 | if (s->rbio != NULL) |
136 | { | |
137 | s->rwstate=SSL_READING; | |
138 | i=BIO_read(s->rbio, | |
139 | (char *)&(s->s3->rbuf.buf[off+newb]), | |
140 | max-newb); | |
141 | } | |
142 | else | |
143 | { | |
144 | SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); | |
145 | i= -1; | |
146 | } | |
147 | ||
148 | if (i <= 0) | |
149 | { | |
150 | s->s3->rbuf.left+=newb; | |
151 | return(i); | |
152 | } | |
153 | newb+=i; | |
154 | } | |
155 | ||
156 | /* record used data read */ | |
157 | if (newb > n) | |
158 | { | |
159 | s->s3->rbuf.offset=n+off; | |
160 | s->s3->rbuf.left=newb-n; | |
161 | } | |
162 | else | |
163 | { | |
164 | s->s3->rbuf.offset=0; | |
165 | s->s3->rbuf.left=0; | |
166 | } | |
167 | ||
168 | if (extend) | |
169 | s->packet_length+=n; | |
170 | else | |
171 | s->packet_length+=n; | |
172 | return(n); | |
173 | } | |
174 | ||
175 | /* Call this to get a new input record. | |
176 | * It will return <= 0 if more data is needed, normally due to an error | |
177 | * or non-blocking IO. | |
178 | * When it finishes, one packet has been decoded and can be found in | |
179 | * ssl->s3->rrec.type - is the type of record | |
180 | * ssl->s3->rrec.data, - data | |
181 | * ssl->s3->rrec.length, - number of bytes | |
182 | */ | |
6b691a5c | 183 | static int ssl3_get_record(SSL *s) |
d02b48c6 RE |
184 | { |
185 | int ssl_major,ssl_minor,al; | |
186 | int n,i,ret= -1; | |
187 | SSL3_BUFFER *rb; | |
188 | SSL3_RECORD *rr; | |
189 | SSL_SESSION *sess; | |
190 | unsigned char *p; | |
191 | unsigned char md[EVP_MAX_MD_SIZE]; | |
192 | short version; | |
193 | unsigned int mac_size; | |
194 | int clear=0,extra; | |
195 | ||
196 | rr= &(s->s3->rrec); | |
197 | rb= &(s->s3->rbuf); | |
198 | sess=s->session; | |
199 | ||
58964a49 | 200 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) |
d02b48c6 RE |
201 | extra=SSL3_RT_MAX_EXTRA; |
202 | else | |
203 | extra=0; | |
204 | ||
205 | again: | |
206 | /* check if we have the header */ | |
207 | if ( (s->rstate != SSL_ST_READ_BODY) || | |
208 | (s->packet_length < SSL3_RT_HEADER_LENGTH)) | |
209 | { | |
210 | n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH, | |
211 | SSL3_RT_MAX_PACKET_SIZE,0); | |
212 | if (n <= 0) return(n); /* error or non-blocking */ | |
213 | s->rstate=SSL_ST_READ_BODY; | |
214 | ||
215 | p=s->packet; | |
216 | ||
217 | /* Pull apart the header into the SSL3_RECORD */ | |
218 | rr->type= *(p++); | |
219 | ssl_major= *(p++); | |
220 | ssl_minor= *(p++); | |
221 | version=(ssl_major<<8)|ssl_minor; | |
222 | n2s(p,rr->length); | |
223 | ||
224 | /* Lets check version */ | |
225 | if (s->first_packet) | |
226 | { | |
227 | s->first_packet=0; | |
228 | } | |
229 | else | |
230 | { | |
58964a49 RE |
231 | if (version != s->version) |
232 | { | |
233 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); | |
234 | /* Send back error using their | |
235 | * version number :-) */ | |
236 | s->version=version; | |
237 | al=SSL_AD_PROTOCOL_VERSION; | |
238 | goto f_err; | |
239 | } | |
d02b48c6 RE |
240 | } |
241 | ||
58964a49 | 242 | if ((version>>8) != SSL3_VERSION_MAJOR) |
d02b48c6 | 243 | { |
58964a49 | 244 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); |
d02b48c6 RE |
245 | goto err; |
246 | } | |
247 | ||
248 | if (rr->length > | |
249 | (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) | |
250 | { | |
58964a49 | 251 | al=SSL_AD_RECORD_OVERFLOW; |
d02b48c6 RE |
252 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); |
253 | goto f_err; | |
254 | } | |
255 | ||
256 | s->rstate=SSL_ST_READ_BODY; | |
257 | } | |
258 | ||
259 | /* get and decode the data */ | |
260 | if (s->rstate == SSL_ST_READ_BODY) | |
261 | { | |
262 | if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH)) | |
263 | { | |
264 | i=rr->length; | |
265 | /*-(s->packet_length-SSL3_RT_HEADER_LENGTH); */ | |
266 | n=ssl3_read_n(s,i,i,1); | |
267 | if (n <= 0) return(n); /* error or non-blocking io */ | |
268 | } | |
269 | s->rstate=SSL_ST_READ_HEADER; | |
270 | } | |
271 | ||
272 | /* At this point, we have the data in s->packet and there should be | |
273 | * s->packet_length bytes, we must not 'overrun' this buffer :-) | |
274 | * One of the following functions will copy the data from the | |
275 | * s->packet buffer */ | |
276 | ||
277 | rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); | |
278 | ||
279 | /* ok, we can now read from 's->packet' data into 'rr' | |
280 | * rr->input points at rr->length bytes, which | |
281 | * need to be copied into rr->data by either | |
282 | * the decryption or by the decompression | |
283 | * When the data is 'copied' into the rr->data buffer, | |
284 | * rr->input will be pointed at the new buffer */ | |
285 | ||
286 | /* Set the state for the following operations */ | |
287 | s->rstate=SSL_ST_READ_HEADER; | |
288 | ||
289 | /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] | |
290 | * rr->length bytes of encrypted compressed stuff. */ | |
291 | ||
292 | /* check is not needed I belive */ | |
293 | if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) | |
294 | { | |
58964a49 | 295 | al=SSL_AD_RECORD_OVERFLOW; |
d02b48c6 RE |
296 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); |
297 | goto f_err; | |
298 | } | |
299 | ||
300 | /* decrypt in place in 'rr->input' */ | |
301 | rr->data=rr->input; | |
302 | ||
58964a49 | 303 | if (!s->method->ssl3_enc->enc(s,0)) |
d02b48c6 | 304 | { |
58964a49 | 305 | al=SSL_AD_DECRYPT_ERROR; |
d02b48c6 RE |
306 | goto f_err; |
307 | } | |
58964a49 RE |
308 | #ifdef TLS_DEBUG |
309 | printf("dec %d\n",rr->length); | |
dfeab068 | 310 | { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } |
58964a49 RE |
311 | printf("\n"); |
312 | #endif | |
d02b48c6 RE |
313 | /* r->length is now the compressed data plus mac */ |
314 | if ( (sess == NULL) || | |
315 | (s->enc_read_ctx == NULL) || | |
316 | (s->read_hash == NULL)) | |
317 | clear=1; | |
318 | ||
319 | if (!clear) | |
320 | { | |
321 | mac_size=EVP_MD_size(s->read_hash); | |
322 | ||
323 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) | |
324 | { | |
58964a49 | 325 | al=SSL_AD_RECORD_OVERFLOW; |
d02b48c6 RE |
326 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); |
327 | goto f_err; | |
328 | } | |
329 | /* check MAC for rr->input' */ | |
330 | if (rr->length < mac_size) | |
331 | { | |
58964a49 | 332 | al=SSL_AD_DECODE_ERROR; |
d02b48c6 RE |
333 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); |
334 | goto f_err; | |
335 | } | |
336 | rr->length-=mac_size; | |
58964a49 | 337 | i=s->method->ssl3_enc->mac(s,md,0); |
d02b48c6 RE |
338 | if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) |
339 | { | |
58964a49 | 340 | al=SSL_AD_BAD_RECORD_MAC; |
d02b48c6 | 341 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE); |
58964a49 | 342 | ret= -1; |
d02b48c6 RE |
343 | goto f_err; |
344 | } | |
345 | } | |
346 | ||
347 | /* r->length is now just compressed */ | |
dfeab068 | 348 | if (s->expand != NULL) |
d02b48c6 RE |
349 | { |
350 | if (rr->length > | |
351 | (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra) | |
352 | { | |
58964a49 | 353 | al=SSL_AD_RECORD_OVERFLOW; |
d02b48c6 RE |
354 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); |
355 | goto f_err; | |
356 | } | |
357 | if (!do_uncompress(s)) | |
358 | { | |
58964a49 | 359 | al=SSL_AD_DECOMPRESSION_FAILURE; |
d02b48c6 RE |
360 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); |
361 | goto f_err; | |
362 | } | |
363 | } | |
364 | ||
365 | if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra) | |
366 | { | |
58964a49 | 367 | al=SSL_AD_RECORD_OVERFLOW; |
d02b48c6 RE |
368 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); |
369 | goto f_err; | |
370 | } | |
371 | ||
372 | rr->off=0; | |
373 | /* So at this point the following is true | |
374 | * ssl->s3->rrec.type is the type of record | |
375 | * ssl->s3->rrec.length == number of bytes in record | |
376 | * ssl->s3->rrec.off == offset to first valid byte | |
377 | * ssl->s3->rrec.data == where to take bytes from, increment | |
378 | * after use :-). | |
379 | */ | |
380 | ||
381 | /* we have pulled in a full packet so zero things */ | |
382 | s->packet_length=0; | |
383 | ||
384 | /* just read a 0 length packet */ | |
385 | if (rr->length == 0) goto again; | |
386 | ||
387 | return(1); | |
388 | f_err: | |
389 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | |
390 | err: | |
391 | return(ret); | |
392 | } | |
393 | ||
6b691a5c | 394 | static int do_uncompress(SSL *ssl) |
d02b48c6 | 395 | { |
dfeab068 RE |
396 | int i; |
397 | SSL3_RECORD *rr; | |
398 | ||
399 | rr= &(ssl->s3->rrec); | |
400 | i=COMP_expand_block(ssl->expand,rr->comp, | |
401 | SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length); | |
402 | if (i < 0) | |
403 | return(0); | |
404 | else | |
405 | rr->length=i; | |
406 | rr->data=rr->comp; | |
407 | ||
d02b48c6 RE |
408 | return(1); |
409 | } | |
410 | ||
6b691a5c | 411 | static int do_compress(SSL *ssl) |
d02b48c6 | 412 | { |
dfeab068 RE |
413 | int i; |
414 | SSL3_RECORD *wr; | |
415 | ||
416 | wr= &(ssl->s3->wrec); | |
417 | i=COMP_compress_block(ssl->compress,wr->data, | |
418 | SSL3_RT_MAX_COMPRESSED_LENGTH, | |
419 | wr->input,(int)wr->length); | |
420 | if (i < 0) | |
421 | return(0); | |
422 | else | |
423 | wr->length=i; | |
424 | ||
425 | wr->input=wr->data; | |
d02b48c6 RE |
426 | return(1); |
427 | } | |
428 | ||
58964a49 | 429 | /* Call this to write data |
d02b48c6 RE |
430 | * It will return <= 0 if not all data has been sent or non-blocking IO. |
431 | */ | |
61f5b6f3 | 432 | int ssl3_write_bytes(SSL *s, int type, const void *_buf, int len) |
d02b48c6 | 433 | { |
61f5b6f3 | 434 | const unsigned char *buf=_buf; |
d02b48c6 RE |
435 | unsigned int tot,n,nw; |
436 | int i; | |
437 | ||
438 | s->rwstate=SSL_NOTHING; | |
439 | tot=s->s3->wnum; | |
440 | s->s3->wnum=0; | |
441 | ||
442 | if (SSL_in_init(s) && !s->in_handshake) | |
443 | { | |
444 | i=s->handshake_func(s); | |
445 | if (i < 0) return(i); | |
446 | if (i == 0) | |
447 | { | |
448 | SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | |
449 | return(-1); | |
450 | } | |
451 | } | |
452 | ||
453 | n=(len-tot); | |
454 | for (;;) | |
455 | { | |
456 | if (n > SSL3_RT_MAX_PLAIN_LENGTH) | |
457 | nw=SSL3_RT_MAX_PLAIN_LENGTH; | |
458 | else | |
459 | nw=n; | |
58964a49 | 460 | |
d02b48c6 RE |
461 | i=do_ssl3_write(s,type,&(buf[tot]),nw); |
462 | if (i <= 0) | |
463 | { | |
464 | s->s3->wnum=tot; | |
465 | return(i); | |
466 | } | |
467 | ||
468 | if (type == SSL3_RT_HANDSHAKE) | |
e778802f | 469 | ssl3_finish_mac(s,&(buf[tot]),i); |
d02b48c6 RE |
470 | |
471 | if (i == (int)n) return(tot+i); | |
472 | ||
473 | n-=i; | |
474 | tot+=i; | |
475 | } | |
476 | } | |
477 | ||
61f5b6f3 BL |
478 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
479 | unsigned int len) | |
d02b48c6 RE |
480 | { |
481 | unsigned char *p,*plen; | |
482 | int i,mac_size,clear=0; | |
483 | SSL3_RECORD *wr; | |
484 | SSL3_BUFFER *wb; | |
485 | SSL_SESSION *sess; | |
486 | ||
487 | /* first check is there is a SSL3_RECORD still being written | |
488 | * out. This will happen with non blocking IO */ | |
489 | if (s->s3->wbuf.left != 0) | |
490 | return(ssl3_write_pending(s,type,buf,len)); | |
491 | ||
492 | /* If we have an alert to send, lets send it */ | |
493 | if (s->s3->alert_dispatch) | |
494 | { | |
495 | i=ssl3_dispatch_alert(s); | |
496 | if (i <= 0) | |
497 | return(i); | |
498 | /* if it went, fall through and send more stuff */ | |
499 | } | |
500 | ||
501 | if (len <= 0) return(len); | |
502 | ||
503 | wr= &(s->s3->wrec); | |
504 | wb= &(s->s3->wbuf); | |
505 | sess=s->session; | |
506 | ||
507 | if ( (sess == NULL) || | |
508 | (s->enc_write_ctx == NULL) || | |
509 | (s->write_hash == NULL)) | |
510 | clear=1; | |
511 | ||
512 | if (clear) | |
513 | mac_size=0; | |
514 | else | |
515 | mac_size=EVP_MD_size(s->write_hash); | |
516 | ||
517 | p=wb->buf; | |
518 | ||
519 | /* write the header */ | |
520 | *(p++)=type&0xff; | |
521 | wr->type=type; | |
522 | ||
58964a49 RE |
523 | *(p++)=(s->version>>8); |
524 | *(p++)=s->version&0xff; | |
d02b48c6 RE |
525 | |
526 | /* record where we are to write out packet length */ | |
527 | plen=p; | |
528 | p+=2; | |
529 | ||
530 | /* lets setup the record stuff. */ | |
531 | wr->data=p; | |
532 | wr->length=(int)len; | |
533 | wr->input=(unsigned char *)buf; | |
534 | ||
535 | /* we now 'read' from wr->input, wr->length bytes into | |
536 | * wr->data */ | |
537 | ||
538 | /* first we compress */ | |
dfeab068 | 539 | if (s->compress != NULL) |
d02b48c6 RE |
540 | { |
541 | if (!do_compress(s)) | |
542 | { | |
543 | SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE); | |
544 | goto err; | |
545 | } | |
546 | } | |
547 | else | |
548 | { | |
549 | memcpy(wr->data,wr->input,wr->length); | |
550 | wr->input=wr->data; | |
551 | } | |
552 | ||
553 | /* we should still have the output to wr->data and the input | |
554 | * from wr->input. Length should be wr->length. | |
555 | * wr->data still points in the wb->buf */ | |
556 | ||
557 | if (mac_size != 0) | |
558 | { | |
58964a49 | 559 | s->method->ssl3_enc->mac(s,&(p[wr->length]),1); |
d02b48c6 RE |
560 | wr->length+=mac_size; |
561 | wr->input=p; | |
562 | wr->data=p; | |
563 | } | |
564 | ||
565 | /* ssl3_enc can only have an error on read */ | |
58964a49 | 566 | s->method->ssl3_enc->enc(s,1); |
d02b48c6 RE |
567 | |
568 | /* record length after mac and block padding */ | |
569 | s2n(wr->length,plen); | |
570 | ||
571 | /* we should now have | |
572 | * wr->data pointing to the encrypted data, which is | |
573 | * wr->length long */ | |
574 | wr->type=type; /* not needed but helps for debugging */ | |
575 | wr->length+=SSL3_RT_HEADER_LENGTH; | |
576 | ||
577 | /* Now lets setup wb */ | |
578 | wb->left=wr->length; | |
579 | wb->offset=0; | |
580 | ||
581 | s->s3->wpend_tot=len; | |
582 | s->s3->wpend_buf=buf; | |
583 | s->s3->wpend_type=type; | |
584 | s->s3->wpend_ret=len; | |
585 | ||
586 | /* we now just need to write the buffer */ | |
587 | return(ssl3_write_pending(s,type,buf,len)); | |
588 | err: | |
589 | return(-1); | |
590 | } | |
591 | ||
592 | /* if s->s3->wbuf.left != 0, we need to call this */ | |
61f5b6f3 BL |
593 | static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, |
594 | unsigned int len) | |
d02b48c6 RE |
595 | { |
596 | int i; | |
597 | ||
58964a49 RE |
598 | /* XXXX */ |
599 | if ((s->s3->wpend_tot > (int)len) || (s->s3->wpend_buf != buf) | |
d02b48c6 RE |
600 | || (s->s3->wpend_type != type)) |
601 | { | |
602 | SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); | |
58964a49 | 603 | return(-1); |
d02b48c6 RE |
604 | } |
605 | ||
606 | for (;;) | |
607 | { | |
58964a49 | 608 | clear_sys_error(); |
d02b48c6 RE |
609 | if (s->wbio != NULL) |
610 | { | |
611 | s->rwstate=SSL_WRITING; | |
612 | i=BIO_write(s->wbio, | |
613 | (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]), | |
614 | (unsigned int)s->s3->wbuf.left); | |
615 | } | |
616 | else | |
617 | { | |
618 | SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET); | |
619 | i= -1; | |
620 | } | |
621 | if (i == s->s3->wbuf.left) | |
622 | { | |
623 | s->s3->wbuf.left=0; | |
624 | s->rwstate=SSL_NOTHING; | |
625 | return(s->s3->wpend_ret); | |
626 | } | |
627 | else if (i <= 0) | |
628 | return(i); | |
629 | s->s3->wbuf.offset+=i; | |
630 | s->s3->wbuf.left-=i; | |
631 | } | |
632 | } | |
633 | ||
61f5b6f3 | 634 | int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len) |
d02b48c6 RE |
635 | { |
636 | int al,i,j,n,ret; | |
637 | SSL3_RECORD *rr; | |
d02b48c6 | 638 | void (*cb)()=NULL; |
58964a49 | 639 | BIO *bio; |
d02b48c6 | 640 | |
13e91dd3 | 641 | if (s->s3->rbuf.buf == NULL) /* Not initialize yet */ |
d02b48c6 RE |
642 | if (!ssl3_setup_buffers(s)) |
643 | return(-1); | |
644 | ||
58964a49 | 645 | if (!s->in_handshake && SSL_in_init(s)) |
d02b48c6 RE |
646 | { |
647 | i=s->handshake_func(s); | |
648 | if (i < 0) return(i); | |
649 | if (i == 0) | |
650 | { | |
651 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | |
652 | return(-1); | |
653 | } | |
654 | } | |
655 | start: | |
656 | s->rwstate=SSL_NOTHING; | |
657 | ||
658 | /* s->s3->rrec.type - is the type of record | |
659 | * s->s3->rrec.data, - data | |
660 | * s->s3->rrec.off, - ofset into 'data' for next read | |
661 | * s->s3->rrec.length, - number of bytes. */ | |
662 | rr= &(s->s3->rrec); | |
663 | ||
664 | /* get new packet */ | |
665 | if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) | |
666 | { | |
667 | ret=ssl3_get_record(s); | |
668 | if (ret <= 0) return(ret); | |
669 | } | |
670 | ||
671 | /* we now have a packet which can be read and processed */ | |
672 | ||
673 | if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE)) | |
674 | { | |
58964a49 | 675 | al=SSL_AD_UNEXPECTED_MESSAGE; |
d02b48c6 RE |
676 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); |
677 | goto err; | |
678 | } | |
679 | ||
680 | /* If the other end has shutdown, throw anything we read away */ | |
681 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | |
682 | { | |
683 | rr->length=0; | |
684 | s->rwstate=SSL_NOTHING; | |
685 | return(0); | |
686 | } | |
687 | ||
688 | /* Check for an incoming 'Client Request' message */ | |
689 | if ((rr->type == SSL3_RT_HANDSHAKE) && (rr->length == 4) && | |
690 | (rr->data[0] == SSL3_MT_CLIENT_REQUEST) && | |
691 | (s->session != NULL) && (s->session->cipher != NULL)) | |
692 | { | |
693 | if ((rr->data[1] != 0) || (rr->data[2] != 0) || | |
694 | (rr->data[3] != 0)) | |
695 | { | |
58964a49 | 696 | al=SSL_AD_DECODE_ERROR; |
d02b48c6 RE |
697 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CLIENT_REQUEST); |
698 | goto err; | |
699 | } | |
700 | ||
701 | if (SSL_is_init_finished(s) && | |
58964a49 RE |
702 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && |
703 | !s->s3->renegotiate) | |
d02b48c6 RE |
704 | { |
705 | ssl3_renegotiate(s); | |
58964a49 | 706 | if (ssl3_renegotiate_check(s)) |
d02b48c6 | 707 | { |
58964a49 RE |
708 | n=s->handshake_func(s); |
709 | if (n < 0) return(n); | |
710 | if (n == 0) | |
711 | { | |
712 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | |
713 | return(-1); | |
714 | } | |
d02b48c6 RE |
715 | } |
716 | } | |
717 | rr->length=0; | |
718 | /* ZZZ */ goto start; | |
719 | } | |
720 | ||
721 | /* if it is not the type we want, or we have shutdown and want | |
722 | * the peer shutdown */ | |
723 | if ((rr->type != type) || (s->shutdown & SSL_SENT_SHUTDOWN)) | |
724 | { | |
725 | if (rr->type == SSL3_RT_ALERT) | |
726 | { | |
727 | if ((rr->length != 2) || (rr->off != 0)) | |
728 | { | |
58964a49 | 729 | al=SSL_AD_DECODE_ERROR; |
d02b48c6 RE |
730 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_ALERT_RECORD); |
731 | goto f_err; | |
732 | } | |
733 | ||
734 | i=rr->data[0]; | |
735 | n=rr->data[1]; | |
736 | ||
737 | /* clear from buffer */ | |
738 | rr->length=0; | |
739 | ||
740 | if (s->info_callback != NULL) | |
741 | cb=s->info_callback; | |
742 | else if (s->ctx->info_callback != NULL) | |
743 | cb=s->ctx->info_callback; | |
744 | ||
745 | if (cb != NULL) | |
746 | { | |
747 | j=(i<<8)|n; | |
748 | cb(s,SSL_CB_READ_ALERT,j); | |
749 | } | |
750 | ||
751 | if (i == 1) | |
752 | { | |
753 | s->s3->warn_alert=n; | |
58964a49 | 754 | if (n == SSL_AD_CLOSE_NOTIFY) |
d02b48c6 RE |
755 | { |
756 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; | |
757 | return(0); | |
758 | } | |
759 | } | |
760 | else if (i == 2) | |
761 | { | |
58964a49 RE |
762 | char tmp[16]; |
763 | ||
d02b48c6 RE |
764 | s->rwstate=SSL_NOTHING; |
765 | s->s3->fatal_alert=n; | |
dfeab068 RE |
766 | SSLerr(SSL_F_SSL3_READ_BYTES, |
767 | SSL_AD_REASON_OFFSET+n); | |
58964a49 RE |
768 | sprintf(tmp,"%d",n); |
769 | ERR_add_error_data(2,"SSL alert number ",tmp); | |
d02b48c6 RE |
770 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; |
771 | SSL_CTX_remove_session(s->ctx,s->session); | |
772 | return(0); | |
773 | } | |
774 | else | |
775 | { | |
58964a49 | 776 | al=SSL_AD_ILLEGAL_PARAMETER; |
d02b48c6 RE |
777 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE); |
778 | goto f_err; | |
779 | } | |
780 | ||
781 | rr->length=0; | |
782 | goto start; | |
783 | } | |
784 | ||
785 | if (s->shutdown & SSL_SENT_SHUTDOWN) | |
786 | { | |
787 | s->rwstate=SSL_NOTHING; | |
788 | rr->length=0; | |
789 | return(0); | |
790 | } | |
791 | ||
792 | if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) | |
793 | { | |
794 | if ( (rr->length != 1) || (rr->off != 0) || | |
795 | (rr->data[0] != SSL3_MT_CCS)) | |
796 | { | |
58964a49 | 797 | i=SSL_AD_ILLEGAL_PARAMETER; |
d02b48c6 RE |
798 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); |
799 | goto err; | |
800 | } | |
801 | ||
802 | rr->length=0; | |
d02b48c6 | 803 | s->s3->change_cipher_spec=1; |
58964a49 | 804 | if (!do_change_cipher_spec(s)) |
d02b48c6 | 805 | goto err; |
58964a49 RE |
806 | else |
807 | goto start; | |
d02b48c6 RE |
808 | } |
809 | ||
810 | /* else we have a handshake */ | |
811 | if ((rr->type == SSL3_RT_HANDSHAKE) && | |
812 | !s->in_handshake) | |
813 | { | |
814 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | |
815 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) | |
816 | { | |
413c4f45 MC |
817 | s->state=SSL_ST_BEFORE|(s->server) |
818 | ?SSL_ST_ACCEPT | |
819 | :SSL_ST_CONNECT; | |
d02b48c6 RE |
820 | s->new_session=1; |
821 | } | |
822 | n=s->handshake_func(s); | |
823 | if (n < 0) return(n); | |
824 | if (n == 0) | |
825 | { | |
826 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | |
827 | return(-1); | |
828 | } | |
58964a49 RE |
829 | |
830 | /* In the case where we try to read application data | |
831 | * the first time, but we trigger an SSL handshake, we | |
832 | * return -1 with the retry option set. I do this | |
833 | * otherwise renegotiation can cause nasty problems | |
834 | * in the non-blocking world */ | |
835 | ||
836 | s->rwstate=SSL_READING; | |
837 | bio=SSL_get_rbio(s); | |
838 | BIO_clear_retry_flags(bio); | |
839 | BIO_set_retry_read(bio); | |
840 | return(-1); | |
d02b48c6 RE |
841 | } |
842 | ||
58964a49 RE |
843 | switch (rr->type) |
844 | { | |
845 | default: | |
846 | #ifndef NO_TLS | |
847 | /* TLS just ignores unknown message types */ | |
848 | if (s->version == TLS1_VERSION) | |
849 | { | |
850 | goto start; | |
851 | } | |
852 | #endif | |
853 | case SSL3_RT_CHANGE_CIPHER_SPEC: | |
854 | case SSL3_RT_ALERT: | |
855 | case SSL3_RT_HANDSHAKE: | |
856 | al=SSL_AD_UNEXPECTED_MESSAGE; | |
857 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); | |
858 | goto f_err; | |
859 | case SSL3_RT_APPLICATION_DATA: | |
860 | /* At this point, we were expecting something else, | |
861 | * but have application data. What we do is set the | |
862 | * error, and return -1. On the way out, if the | |
863 | * library was running inside ssl3_read() and it makes | |
864 | * sense to read application data at this point, we | |
865 | * will indulge it. This will mostly happen during | |
866 | * session renegotiation. | |
867 | */ | |
868 | if (s->s3->in_read_app_data && | |
869 | (s->s3->total_renegotiations != 0) && | |
870 | (( | |
871 | (s->state & SSL_ST_CONNECT) && | |
872 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && | |
873 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A) | |
874 | ) || ( | |
875 | (s->state & SSL_ST_ACCEPT) && | |
876 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && | |
877 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A) | |
878 | ) | |
879 | )) | |
880 | { | |
881 | s->s3->in_read_app_data=0; | |
882 | return(-1); | |
883 | } | |
884 | else | |
885 | { | |
886 | al=SSL_AD_UNEXPECTED_MESSAGE; | |
887 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); | |
888 | goto f_err; | |
889 | } | |
890 | } | |
d02b48c6 RE |
891 | } |
892 | ||
893 | /* make sure that we are not getting application data when we | |
894 | * are doing a handshake for the first time */ | |
895 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | |
896 | (s->enc_read_ctx == NULL)) | |
897 | { | |
58964a49 | 898 | al=SSL_AD_UNEXPECTED_MESSAGE; |
d02b48c6 RE |
899 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE); |
900 | goto f_err; | |
901 | } | |
902 | ||
903 | if (len <= 0) return(len); | |
904 | ||
905 | if ((unsigned int)len > rr->length) | |
906 | n=rr->length; | |
907 | else | |
908 | n=len; | |
909 | ||
910 | memcpy(buf,&(rr->data[rr->off]),(unsigned int)n); | |
911 | rr->length-=n; | |
912 | rr->off+=n; | |
913 | if (rr->length <= 0) | |
58964a49 | 914 | { |
d02b48c6 | 915 | s->rstate=SSL_ST_READ_HEADER; |
58964a49 RE |
916 | rr->off=0; |
917 | } | |
d02b48c6 RE |
918 | |
919 | if (type == SSL3_RT_HANDSHAKE) | |
e778802f | 920 | ssl3_finish_mac(s,buf,n); |
d02b48c6 RE |
921 | return(n); |
922 | f_err: | |
923 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | |
924 | err: | |
925 | return(-1); | |
926 | } | |
927 | ||
6b691a5c | 928 | static int do_change_cipher_spec(SSL *s) |
58964a49 RE |
929 | { |
930 | int i; | |
931 | unsigned char *sender; | |
932 | int slen; | |
933 | ||
934 | if (s->state & SSL_ST_ACCEPT) | |
935 | i=SSL3_CHANGE_CIPHER_SERVER_READ; | |
936 | else | |
937 | i=SSL3_CHANGE_CIPHER_CLIENT_READ; | |
938 | ||
939 | if (s->s3->tmp.key_block == NULL) | |
940 | { | |
941 | s->session->cipher=s->s3->tmp.new_cipher; | |
942 | if (!s->method->ssl3_enc->setup_key_block(s)) return(0); | |
943 | } | |
944 | ||
945 | if (!s->method->ssl3_enc->change_cipher_state(s,i)) | |
946 | return(0); | |
947 | ||
948 | /* we have to record the message digest at | |
949 | * this point so we can get it before we read | |
950 | * the finished message */ | |
951 | if (s->state & SSL_ST_CONNECT) | |
952 | { | |
953 | sender=s->method->ssl3_enc->server_finished; | |
954 | slen=s->method->ssl3_enc->server_finished_len; | |
955 | } | |
956 | else | |
957 | { | |
958 | sender=s->method->ssl3_enc->client_finished; | |
959 | slen=s->method->ssl3_enc->client_finished_len; | |
960 | } | |
961 | ||
962 | s->method->ssl3_enc->final_finish_mac(s, | |
963 | &(s->s3->finish_dgst1), | |
964 | &(s->s3->finish_dgst2), | |
965 | sender,slen,&(s->s3->tmp.finish_md[0])); | |
966 | ||
967 | return(1); | |
968 | } | |
969 | ||
6b691a5c | 970 | int ssl3_do_write(SSL *s, int type) |
d02b48c6 RE |
971 | { |
972 | int ret; | |
973 | ||
61f5b6f3 BL |
974 | ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], |
975 | s->init_num); | |
d02b48c6 RE |
976 | if (ret == s->init_num) |
977 | return(1); | |
978 | if (ret < 0) return(-1); | |
979 | s->init_off+=ret; | |
980 | s->init_num-=ret; | |
981 | return(0); | |
982 | } | |
983 | ||
6b691a5c | 984 | void ssl3_send_alert(SSL *s, int level, int desc) |
d02b48c6 | 985 | { |
58964a49 RE |
986 | /* Map tls/ssl alert value to correct one */ |
987 | desc=s->method->ssl3_enc->alert_value(desc); | |
988 | if (desc < 0) return; | |
d02b48c6 RE |
989 | /* If a fatal one, remove from cache */ |
990 | if ((level == 2) && (s->session != NULL)) | |
991 | SSL_CTX_remove_session(s->ctx,s->session); | |
992 | ||
993 | s->s3->alert_dispatch=1; | |
994 | s->s3->send_alert[0]=level; | |
995 | s->s3->send_alert[1]=desc; | |
996 | if (s->s3->wbuf.left == 0) /* data still being written out */ | |
997 | ssl3_dispatch_alert(s); | |
998 | /* else data is still being written out, we will get written | |
999 | * some time in the future */ | |
1000 | } | |
1001 | ||
6b691a5c | 1002 | int ssl3_dispatch_alert(SSL *s) |
d02b48c6 RE |
1003 | { |
1004 | int i,j; | |
1005 | void (*cb)()=NULL; | |
1006 | ||
1007 | s->s3->alert_dispatch=0; | |
61f5b6f3 | 1008 | i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2); |
d02b48c6 RE |
1009 | if (i <= 0) |
1010 | { | |
1011 | s->s3->alert_dispatch=1; | |
1012 | } | |
1013 | else | |
1014 | { | |
1015 | /* If it is important, send it now. If the message | |
1016 | * does not get sent due to non-blocking IO, we will | |
1017 | * not worry too much. */ | |
1018 | if (s->s3->send_alert[0] == SSL3_AL_FATAL) | |
d58d092b | 1019 | (void)BIO_flush(s->wbio); |
d02b48c6 RE |
1020 | |
1021 | if (s->info_callback != NULL) | |
1022 | cb=s->info_callback; | |
1023 | else if (s->ctx->info_callback != NULL) | |
1024 | cb=s->ctx->info_callback; | |
1025 | ||
1026 | if (cb != NULL) | |
1027 | { | |
1028 | j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; | |
1029 | cb(s,SSL_CB_WRITE_ALERT,j); | |
1030 | } | |
1031 | } | |
1032 | return(i); | |
1033 | } | |
1034 |