155714Skris/* ssl/s2_pkt.c */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 8280304Sjkim * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15280304Sjkim * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 22280304Sjkim * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 37280304Sjkim * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40280304Sjkim * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 52280304Sjkim * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5772616Skris */ 5872616Skris/* ==================================================================== 5989840Skris * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 6055949Skris * 6172616Skris * Redistribution and use in source and binary forms, with or without 6272616Skris * modification, are permitted provided that the following conditions 6372616Skris * are met: 6472616Skris * 6572616Skris * 1. Redistributions of source code must retain the above copyright 66280304Sjkim * notice, this list of conditions and the following disclaimer. 6772616Skris * 6872616Skris * 2. Redistributions in binary form must reproduce the above copyright 6972616Skris * notice, this list of conditions and the following disclaimer in 7072616Skris * the documentation and/or other materials provided with the 7172616Skris * distribution. 7272616Skris * 7372616Skris * 3. All advertising materials mentioning features or use of this 7472616Skris * software must display the following acknowledgment: 7572616Skris * "This product includes software developed by the OpenSSL Project 7672616Skris * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 7772616Skris * 7872616Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 7972616Skris * endorse or promote products derived from this software without 8072616Skris * prior written permission. For written permission, please contact 8172616Skris * openssl-core@openssl.org. 8272616Skris * 8372616Skris * 5. Products derived from this software may not be called "OpenSSL" 8472616Skris * nor may "OpenSSL" appear in their names without prior written 8572616Skris * permission of the OpenSSL Project. 8672616Skris * 8772616Skris * 6. Redistributions of any form whatsoever must retain the following 8872616Skris * acknowledgment: 8972616Skris * "This product includes software developed by the OpenSSL Project 9072616Skris * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 9172616Skris * 9272616Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 9372616Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 9472616Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 9572616Skris * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 9672616Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 9772616Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 9872616Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 9972616Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 10072616Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 10172616Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 10272616Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 10372616Skris * OF THE POSSIBILITY OF SUCH DAMAGE. 10472616Skris * ==================================================================== 10572616Skris * 10672616Skris * This product includes cryptographic software written by Eric Young 10772616Skris * (eay@cryptsoft.com). This product includes software written by Tim 10872616Skris * Hudson (tjh@cryptsoft.com). 10972616Skris * 11055714Skris */ 11155714Skris 11259194Skris#include "ssl_locl.h" 113110007Smarkm#ifndef OPENSSL_NO_SSL2 114280304Sjkim# include <stdio.h> 115280304Sjkim# include <errno.h> 116280304Sjkim# define USE_SOCKETS 11755714Skris 118280304Sjkimstatic int read_n(SSL *s, unsigned int n, unsigned int max, 119280304Sjkim unsigned int extend); 120238405Sjkimstatic int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len); 12155714Skrisstatic int write_pending(SSL *s, const unsigned char *buf, unsigned int len); 12255714Skrisstatic int ssl_mt_error(int n); 12355714Skris 124280304Sjkim/* 125280304Sjkim * SSL 2.0 imlementation for SSL_read/SSL_peek - This routine will return 0 126280304Sjkim * to len bytes, decrypted etc if required. 12755714Skris */ 12872616Skrisstatic int ssl2_read_internal(SSL *s, void *buf, int len, int peek) 129280304Sjkim{ 130280304Sjkim int n; 131280304Sjkim unsigned char mac[MAX_MAC_SIZE]; 132280304Sjkim unsigned char *p; 133280304Sjkim int i; 134280304Sjkim int mac_size; 13555714Skris 13672616Skris ssl2_read_again: 137280304Sjkim if (SSL_in_init(s) && !s->in_handshake) { 138280304Sjkim n = s->handshake_func(s); 139280304Sjkim if (n < 0) 140280304Sjkim return (n); 141280304Sjkim if (n == 0) { 142280304Sjkim SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_SSL_HANDSHAKE_FAILURE); 143280304Sjkim return (-1); 144280304Sjkim } 145280304Sjkim } 14655714Skris 147280304Sjkim clear_sys_error(); 148280304Sjkim s->rwstate = SSL_NOTHING; 149280304Sjkim if (len <= 0) 150280304Sjkim return (len); 15155714Skris 152280304Sjkim if (s->s2->ract_data_length != 0) { /* read from buffer */ 153280304Sjkim if (len > s->s2->ract_data_length) 154280304Sjkim n = s->s2->ract_data_length; 155280304Sjkim else 156280304Sjkim n = len; 15755714Skris 158280304Sjkim memcpy(buf, s->s2->ract_data, (unsigned int)n); 159280304Sjkim if (!peek) { 160280304Sjkim s->s2->ract_data_length -= n; 161280304Sjkim s->s2->ract_data += n; 162280304Sjkim if (s->s2->ract_data_length == 0) 163280304Sjkim s->rstate = SSL_ST_READ_HEADER; 164280304Sjkim } 16572616Skris 166280304Sjkim return (n); 167280304Sjkim } 16855714Skris 169280304Sjkim /* 170280304Sjkim * s->s2->ract_data_length == 0 Fill the buffer, then goto 171280304Sjkim * ssl2_read_again. 172280304Sjkim */ 17372616Skris 174280304Sjkim if (s->rstate == SSL_ST_READ_HEADER) { 175280304Sjkim if (s->first_packet) { 176280304Sjkim n = read_n(s, 5, SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2, 0); 177280304Sjkim if (n <= 0) 178280304Sjkim return (n); /* error or non-blocking */ 179280304Sjkim s->first_packet = 0; 180280304Sjkim p = s->packet; 181280304Sjkim if (!((p[0] & 0x80) && ((p[2] == SSL2_MT_CLIENT_HELLO) || 182280304Sjkim (p[2] == SSL2_MT_SERVER_HELLO)))) { 183280304Sjkim SSLerr(SSL_F_SSL2_READ_INTERNAL, 184280304Sjkim SSL_R_NON_SSLV2_INITIAL_PACKET); 185280304Sjkim return (-1); 186280304Sjkim } 187280304Sjkim } else { 188280304Sjkim n = read_n(s, 2, SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2, 0); 189280304Sjkim if (n <= 0) 190280304Sjkim return (n); /* error or non-blocking */ 191280304Sjkim } 192280304Sjkim /* part read stuff */ 19355714Skris 194280304Sjkim s->rstate = SSL_ST_READ_BODY; 195280304Sjkim p = s->packet; 196280304Sjkim /* Do header */ 197280304Sjkim /* 198280304Sjkim * s->s2->padding=0; 199280304Sjkim */ 200280304Sjkim s->s2->escape = 0; 201280304Sjkim s->s2->rlength = (((unsigned int)p[0]) << 8) | ((unsigned int)p[1]); 202280304Sjkim if ((p[0] & TWO_BYTE_BIT)) { /* Two byte header? */ 203280304Sjkim s->s2->three_byte_header = 0; 204280304Sjkim s->s2->rlength &= TWO_BYTE_MASK; 205280304Sjkim } else { 206280304Sjkim s->s2->three_byte_header = 1; 207280304Sjkim s->s2->rlength &= THREE_BYTE_MASK; 20855714Skris 209280304Sjkim /* security >s2->escape */ 210280304Sjkim s->s2->escape = ((p[0] & SEC_ESC_BIT)) ? 1 : 0; 211280304Sjkim } 212280304Sjkim } 21355714Skris 214280304Sjkim if (s->rstate == SSL_ST_READ_BODY) { 215280304Sjkim n = s->s2->rlength + 2 + s->s2->three_byte_header; 216280304Sjkim if (n > (int)s->packet_length) { 217280304Sjkim n -= s->packet_length; 218280304Sjkim i = read_n(s, (unsigned int)n, (unsigned int)n, 1); 219280304Sjkim if (i <= 0) 220280304Sjkim return (i); /* ERROR */ 221280304Sjkim } 22255714Skris 223280304Sjkim p = &(s->packet[2]); 224280304Sjkim s->rstate = SSL_ST_READ_HEADER; 225280304Sjkim if (s->s2->three_byte_header) 226280304Sjkim s->s2->padding = *(p++); 227280304Sjkim else 228280304Sjkim s->s2->padding = 0; 22955714Skris 230280304Sjkim /* Data portion */ 231280304Sjkim if (s->s2->clear_text) { 232280304Sjkim mac_size = 0; 233280304Sjkim s->s2->mac_data = p; 234280304Sjkim s->s2->ract_data = p; 235280304Sjkim if (s->s2->padding) { 236280304Sjkim SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_ILLEGAL_PADDING); 237280304Sjkim return (-1); 238280304Sjkim } 239280304Sjkim } else { 240280304Sjkim mac_size = EVP_MD_CTX_size(s->read_hash); 241280304Sjkim if (mac_size < 0) 242280304Sjkim return -1; 243280304Sjkim OPENSSL_assert(mac_size <= MAX_MAC_SIZE); 244280304Sjkim s->s2->mac_data = p; 245280304Sjkim s->s2->ract_data = &p[mac_size]; 246280304Sjkim if (s->s2->padding + mac_size > s->s2->rlength) { 247280304Sjkim SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_ILLEGAL_PADDING); 248280304Sjkim return (-1); 249280304Sjkim } 250280304Sjkim } 25155714Skris 252280304Sjkim s->s2->ract_data_length = s->s2->rlength; 253280304Sjkim /* 254280304Sjkim * added a check for length > max_size in case encryption was not 255280304Sjkim * turned on yet due to an error 256280304Sjkim */ 257280304Sjkim if ((!s->s2->clear_text) && 258280304Sjkim (s->s2->rlength >= (unsigned int)mac_size)) { 259280304Sjkim if (!ssl2_enc(s, 0)) { 260280304Sjkim SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_DECRYPTION_FAILED); 261280304Sjkim return (-1); 262280304Sjkim } 263280304Sjkim s->s2->ract_data_length -= mac_size; 264280304Sjkim ssl2_mac(s, mac, 0); 265280304Sjkim s->s2->ract_data_length -= s->s2->padding; 266280304Sjkim if ((CRYPTO_memcmp(mac, s->s2->mac_data, mac_size) != 0) || 267280304Sjkim (s->s2->rlength % 268280304Sjkim EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0)) { 269280304Sjkim SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_BAD_MAC_DECODE); 270280304Sjkim return (-1); 271280304Sjkim } 272280304Sjkim } 273280304Sjkim INC32(s->s2->read_sequence); /* expect next number */ 274280304Sjkim /* s->s2->ract_data is now available for processing */ 27555714Skris 276280304Sjkim /* 277280304Sjkim * Possibly the packet that we just read had 0 actual data bytes. 278280304Sjkim * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.) 279280304Sjkim * In this case, returning 0 would be interpreted by the caller as 280280304Sjkim * indicating EOF, so it's not a good idea. Instead, we just 281280304Sjkim * continue reading; thus ssl2_read_internal may have to process 282280304Sjkim * multiple packets before it can return. [Note that using select() 283280304Sjkim * for blocking sockets *never* guarantees that the next SSL_read 284280304Sjkim * will not block -- the available data may contain incomplete 285280304Sjkim * packets, and except for SSL 2, renegotiation can confuse things 286280304Sjkim * even more.] 287280304Sjkim */ 28855714Skris 289280304Sjkim goto ssl2_read_again; /* This should really be "return 290280304Sjkim * ssl2_read(s,buf,len)", but that would 291280304Sjkim * allow for denial-of-service attacks if a C 292280304Sjkim * compiler is used that does not recognize 293280304Sjkim * end-recursion. */ 294280304Sjkim } else { 295280304Sjkim SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_BAD_STATE); 296280304Sjkim return (-1); 297280304Sjkim } 298280304Sjkim} 29955714Skris 30072616Skrisint ssl2_read(SSL *s, void *buf, int len) 301280304Sjkim{ 302280304Sjkim return ssl2_read_internal(s, buf, len, 0); 303280304Sjkim} 30472616Skris 30576870Skrisint ssl2_peek(SSL *s, void *buf, int len) 306280304Sjkim{ 307280304Sjkim return ssl2_read_internal(s, buf, len, 1); 308280304Sjkim} 30972616Skris 31055714Skrisstatic int read_n(SSL *s, unsigned int n, unsigned int max, 311280304Sjkim unsigned int extend) 312280304Sjkim{ 313280304Sjkim int i, off, newb; 31455714Skris 315280304Sjkim /* 316280304Sjkim * if there is stuff still in the buffer from a previous read, and there 317280304Sjkim * is more than we want, take some. 318280304Sjkim */ 319280304Sjkim if (s->s2->rbuf_left >= (int)n) { 320280304Sjkim if (extend) 321280304Sjkim s->packet_length += n; 322280304Sjkim else { 323280304Sjkim s->packet = &(s->s2->rbuf[s->s2->rbuf_offs]); 324280304Sjkim s->packet_length = n; 325280304Sjkim } 326280304Sjkim s->s2->rbuf_left -= n; 327280304Sjkim s->s2->rbuf_offs += n; 328280304Sjkim return (n); 329280304Sjkim } 33055714Skris 331280304Sjkim if (!s->read_ahead) 332280304Sjkim max = n; 333280304Sjkim if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2)) 334280304Sjkim max = SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2; 33555714Skris 336280304Sjkim /* 337280304Sjkim * Else we want more than we have. First, if there is some left or we 338280304Sjkim * want to extend 339280304Sjkim */ 340280304Sjkim off = 0; 341280304Sjkim if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend)) { 342280304Sjkim newb = s->s2->rbuf_left; 343280304Sjkim if (extend) { 344280304Sjkim off = s->packet_length; 345280304Sjkim if (s->packet != s->s2->rbuf) 346280304Sjkim memcpy(s->s2->rbuf, s->packet, (unsigned int)newb + off); 347280304Sjkim } else if (s->s2->rbuf_offs != 0) { 348280304Sjkim memcpy(s->s2->rbuf, &(s->s2->rbuf[s->s2->rbuf_offs]), 349280304Sjkim (unsigned int)newb); 350280304Sjkim s->s2->rbuf_offs = 0; 351280304Sjkim } 352280304Sjkim s->s2->rbuf_left = 0; 353280304Sjkim } else 354280304Sjkim newb = 0; 35555714Skris 356280304Sjkim /* 357280304Sjkim * off is the offset to start writing too. r->s2->rbuf_offs is the 358280304Sjkim * 'unread data', now 0. newb is the number of new bytes so far 359280304Sjkim */ 360280304Sjkim s->packet = s->s2->rbuf; 361280304Sjkim while (newb < (int)n) { 362280304Sjkim clear_sys_error(); 363280304Sjkim if (s->rbio != NULL) { 364280304Sjkim s->rwstate = SSL_READING; 365280304Sjkim i = BIO_read(s->rbio, (char *)&(s->s2->rbuf[off + newb]), 366280304Sjkim max - newb); 367280304Sjkim } else { 368280304Sjkim SSLerr(SSL_F_READ_N, SSL_R_READ_BIO_NOT_SET); 369280304Sjkim i = -1; 370280304Sjkim } 371280304Sjkim# ifdef PKT_DEBUG 372280304Sjkim if (s->debug & 0x01) 373280304Sjkim sleep(1); 374280304Sjkim# endif 375280304Sjkim if (i <= 0) { 376280304Sjkim s->s2->rbuf_left += newb; 377280304Sjkim return (i); 378280304Sjkim } 379280304Sjkim newb += i; 380280304Sjkim } 38155714Skris 382280304Sjkim /* record unread data */ 383280304Sjkim if (newb > (int)n) { 384280304Sjkim s->s2->rbuf_offs = n + off; 385280304Sjkim s->s2->rbuf_left = newb - n; 386280304Sjkim } else { 387280304Sjkim s->s2->rbuf_offs = 0; 388280304Sjkim s->s2->rbuf_left = 0; 389280304Sjkim } 390280304Sjkim if (extend) 391280304Sjkim s->packet_length += n; 392280304Sjkim else 393280304Sjkim s->packet_length = n; 394280304Sjkim s->rwstate = SSL_NOTHING; 395280304Sjkim return (n); 396280304Sjkim} 39755714Skris 39855714Skrisint ssl2_write(SSL *s, const void *_buf, int len) 399280304Sjkim{ 400280304Sjkim const unsigned char *buf = _buf; 401280304Sjkim unsigned int n, tot; 402280304Sjkim int i; 40355714Skris 404280304Sjkim if (SSL_in_init(s) && !s->in_handshake) { 405280304Sjkim i = s->handshake_func(s); 406280304Sjkim if (i < 0) 407280304Sjkim return (i); 408280304Sjkim if (i == 0) { 409280304Sjkim SSLerr(SSL_F_SSL2_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE); 410280304Sjkim return (-1); 411280304Sjkim } 412280304Sjkim } 41355714Skris 414280304Sjkim if (s->error) { 415280304Sjkim ssl2_write_error(s); 416280304Sjkim if (s->error) 417280304Sjkim return (-1); 418280304Sjkim } 41955714Skris 420280304Sjkim clear_sys_error(); 421280304Sjkim s->rwstate = SSL_NOTHING; 422280304Sjkim if (len <= 0) 423280304Sjkim return (len); 42455714Skris 425280304Sjkim tot = s->s2->wnum; 426280304Sjkim s->s2->wnum = 0; 42755714Skris 428280304Sjkim n = (len - tot); 429280304Sjkim for (;;) { 430280304Sjkim i = n_do_ssl_write(s, &(buf[tot]), n); 431280304Sjkim if (i <= 0) { 432280304Sjkim s->s2->wnum = tot; 433280304Sjkim return (i); 434280304Sjkim } 435280304Sjkim if ((i == (int)n) || (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)) { 436280304Sjkim return (tot + i); 437280304Sjkim } 43855714Skris 439280304Sjkim n -= i; 440280304Sjkim tot += i; 441280304Sjkim } 442280304Sjkim} 443280304Sjkim 44455714Skrisstatic int write_pending(SSL *s, const unsigned char *buf, unsigned int len) 445280304Sjkim{ 446280304Sjkim int i; 44755714Skris 448280304Sjkim /* s->s2->wpend_len != 0 MUST be true. */ 44955714Skris 450280304Sjkim /* 451280304Sjkim * check that they have given us the same buffer to write 452280304Sjkim */ 453280304Sjkim if ((s->s2->wpend_tot > (int)len) || 454280304Sjkim ((s->s2->wpend_buf != buf) && 455280304Sjkim !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))) { 456280304Sjkim SSLerr(SSL_F_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); 457280304Sjkim return (-1); 458280304Sjkim } 45955714Skris 460280304Sjkim for (;;) { 461280304Sjkim clear_sys_error(); 462280304Sjkim if (s->wbio != NULL) { 463280304Sjkim s->rwstate = SSL_WRITING; 464280304Sjkim i = BIO_write(s->wbio, 465280304Sjkim (char *)&(s->s2->write_ptr[s->s2->wpend_off]), 466280304Sjkim (unsigned int)s->s2->wpend_len); 467280304Sjkim } else { 468280304Sjkim SSLerr(SSL_F_WRITE_PENDING, SSL_R_WRITE_BIO_NOT_SET); 469280304Sjkim i = -1; 470280304Sjkim } 471280304Sjkim# ifdef PKT_DEBUG 472280304Sjkim if (s->debug & 0x01) 473280304Sjkim sleep(1); 474280304Sjkim# endif 475280304Sjkim if (i == s->s2->wpend_len) { 476280304Sjkim s->s2->wpend_len = 0; 477280304Sjkim s->rwstate = SSL_NOTHING; 478280304Sjkim return (s->s2->wpend_ret); 479280304Sjkim } else if (i <= 0) 480280304Sjkim return (i); 481280304Sjkim s->s2->wpend_off += i; 482280304Sjkim s->s2->wpend_len -= i; 483280304Sjkim } 484280304Sjkim} 48555714Skris 486238405Sjkimstatic int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) 487280304Sjkim{ 488280304Sjkim unsigned int j, k, olen, p, bs; 489280304Sjkim int mac_size; 490280304Sjkim register unsigned char *pp; 49155714Skris 492280304Sjkim olen = len; 49355714Skris 494280304Sjkim /* 495280304Sjkim * first check if there is data from an encryption waiting to be sent - 496280304Sjkim * it must be sent because the other end is waiting. This will happen 497280304Sjkim * with non-blocking IO. We print it and then return. 498280304Sjkim */ 499280304Sjkim if (s->s2->wpend_len != 0) 500280304Sjkim return (write_pending(s, buf, len)); 50155714Skris 502280304Sjkim /* set mac_size to mac size */ 503280304Sjkim if (s->s2->clear_text) 504280304Sjkim mac_size = 0; 505280304Sjkim else { 506280304Sjkim mac_size = EVP_MD_CTX_size(s->write_hash); 507280304Sjkim if (mac_size < 0) 508280304Sjkim return -1; 509280304Sjkim } 51055714Skris 511280304Sjkim /* lets set the pad p */ 512280304Sjkim if (s->s2->clear_text) { 513280304Sjkim if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) 514280304Sjkim len = SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER; 515280304Sjkim p = 0; 516280304Sjkim s->s2->three_byte_header = 0; 517280304Sjkim /* len=len; */ 518280304Sjkim } else { 519280304Sjkim bs = EVP_CIPHER_CTX_block_size(s->enc_read_ctx); 520280304Sjkim j = len + mac_size; 521280304Sjkim /* 522280304Sjkim * Two-byte headers allow for a larger record length than three-byte 523280304Sjkim * headers, but we can't use them if we need padding or if we have to 524280304Sjkim * set the escape bit. 525280304Sjkim */ 526280304Sjkim if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) && (!s->s2->escape)) { 527280304Sjkim if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) 528280304Sjkim j = SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER; 529280304Sjkim /* 530280304Sjkim * set k to the max number of bytes with 2 byte header 531280304Sjkim */ 532280304Sjkim k = j - (j % bs); 533280304Sjkim /* how many data bytes? */ 534280304Sjkim len = k - mac_size; 535280304Sjkim s->s2->three_byte_header = 0; 536280304Sjkim p = 0; 537280304Sjkim } else if ((bs <= 1) && (!s->s2->escape)) { 538280304Sjkim /*- 539280304Sjkim * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus 540280304Sjkim * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 541280304Sjkim */ 542280304Sjkim s->s2->three_byte_header = 0; 543280304Sjkim p = 0; 544280304Sjkim } else { /* we may have to use a 3 byte header */ 54572616Skris 546280304Sjkim /*- 547280304Sjkim * If s->s2->escape is not set, then 548280304Sjkim * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus 549280304Sjkim * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. 550280304Sjkim */ 551280304Sjkim p = (j % bs); 552280304Sjkim p = (p == 0) ? 0 : (bs - p); 553280304Sjkim if (s->s2->escape) { 554280304Sjkim s->s2->three_byte_header = 1; 555280304Sjkim if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) 556280304Sjkim j = SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER; 557280304Sjkim } else 558280304Sjkim s->s2->three_byte_header = (p == 0) ? 0 : 1; 559280304Sjkim } 560280304Sjkim } 56172616Skris 562280304Sjkim /*- 563280304Sjkim * Now 564280304Sjkim * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 565280304Sjkim * holds, and if s->s2->three_byte_header is set, then even 566280304Sjkim * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER. 567280304Sjkim */ 56855714Skris 569280304Sjkim /* 570280304Sjkim * mac_size is the number of MAC bytes len is the number of data bytes we 571280304Sjkim * are going to send p is the number of padding bytes (if it is a 572280304Sjkim * two-byte header, then p == 0) 573280304Sjkim */ 57455714Skris 575280304Sjkim s->s2->wlength = len; 576280304Sjkim s->s2->padding = p; 577280304Sjkim s->s2->mac_data = &(s->s2->wbuf[3]); 578280304Sjkim s->s2->wact_data = &(s->s2->wbuf[3 + mac_size]); 579284285Sjkim 580284285Sjkim /* 581284285Sjkim * It would be clearer to write this as follows: 582284285Sjkim * if (mac_size + len + p > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) 583284285Sjkim * However |len| is user input that could in theory be very large. We 584284285Sjkim * know |mac_size| and |p| are small, so to avoid any possibility of 585284285Sjkim * overflow we write it like this. 586284285Sjkim * 587284285Sjkim * In theory this should never fail because the logic above should have 588284285Sjkim * modified |len| if it is too big. But we are being cautious. 589284285Sjkim */ 590284285Sjkim if (len > (SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER - (mac_size + p))) { 591284285Sjkim return -1; 592284285Sjkim } 593280304Sjkim /* we copy the data into s->s2->wbuf */ 594280304Sjkim memcpy(s->s2->wact_data, buf, len); 595280304Sjkim if (p) 596280304Sjkim memset(&(s->s2->wact_data[len]), 0, p); /* arbitrary padding */ 59755714Skris 598280304Sjkim if (!s->s2->clear_text) { 599280304Sjkim s->s2->wact_data_length = len + p; 600280304Sjkim ssl2_mac(s, s->s2->mac_data, 1); 601280304Sjkim s->s2->wlength += p + mac_size; 602280304Sjkim if (ssl2_enc(s, 1) < 1) 603280304Sjkim return -1; 604280304Sjkim } 60555714Skris 606280304Sjkim /* package up the header */ 607280304Sjkim s->s2->wpend_len = s->s2->wlength; 608280304Sjkim if (s->s2->three_byte_header) { /* 3 byte header */ 609280304Sjkim pp = s->s2->mac_data; 610280304Sjkim pp -= 3; 611280304Sjkim pp[0] = (s->s2->wlength >> 8) & (THREE_BYTE_MASK >> 8); 612280304Sjkim if (s->s2->escape) 613280304Sjkim pp[0] |= SEC_ESC_BIT; 614280304Sjkim pp[1] = s->s2->wlength & 0xff; 615280304Sjkim pp[2] = s->s2->padding; 616280304Sjkim s->s2->wpend_len += 3; 617280304Sjkim } else { 618280304Sjkim pp = s->s2->mac_data; 619280304Sjkim pp -= 2; 620280304Sjkim pp[0] = ((s->s2->wlength >> 8) & (TWO_BYTE_MASK >> 8)) | TWO_BYTE_BIT; 621280304Sjkim pp[1] = s->s2->wlength & 0xff; 622280304Sjkim s->s2->wpend_len += 2; 623280304Sjkim } 624280304Sjkim s->s2->write_ptr = pp; 62555714Skris 626280304Sjkim INC32(s->s2->write_sequence); /* expect next number */ 62755714Skris 628280304Sjkim /* lets try to actually write the data */ 629280304Sjkim s->s2->wpend_tot = olen; 630280304Sjkim s->s2->wpend_buf = buf; 63155714Skris 632280304Sjkim s->s2->wpend_ret = len; 633280304Sjkim 634280304Sjkim s->s2->wpend_off = 0; 635280304Sjkim return (write_pending(s, buf, olen)); 636280304Sjkim} 637280304Sjkim 63855714Skrisint ssl2_part_read(SSL *s, unsigned long f, int i) 639280304Sjkim{ 640280304Sjkim unsigned char *p; 641280304Sjkim int j; 64255714Skris 643280304Sjkim if (i < 0) { 644280304Sjkim /* ssl2_return_error(s); */ 645280304Sjkim /* 646280304Sjkim * for non-blocking io, this is not necessarily fatal 647280304Sjkim */ 648280304Sjkim return (i); 649280304Sjkim } else { 650280304Sjkim s->init_num += i; 65189840Skris 652280304Sjkim /* 653280304Sjkim * Check for error. While there are recoverable errors, this 654280304Sjkim * function is not called when those must be expected; any error 655280304Sjkim * detected here is fatal. 656280304Sjkim */ 657280304Sjkim if (s->init_num >= 3) { 658280304Sjkim p = (unsigned char *)s->init_buf->data; 659280304Sjkim if (p[0] == SSL2_MT_ERROR) { 660280304Sjkim j = (p[1] << 8) | p[2]; 661280304Sjkim SSLerr((int)f, ssl_mt_error(j)); 662280304Sjkim s->init_num -= 3; 663280304Sjkim if (s->init_num > 0) 664280304Sjkim memmove(p, p + 3, s->init_num); 665280304Sjkim } 666280304Sjkim } 66789840Skris 668280304Sjkim /* 669280304Sjkim * If it's not an error message, we have some error anyway -- the 670280304Sjkim * message was shorter than expected. This too is treated as fatal 671280304Sjkim * (at least if SSL_get_error is asked for its opinion). 672280304Sjkim */ 673280304Sjkim return (0); 674280304Sjkim } 675280304Sjkim} 67655714Skris 67755714Skrisint ssl2_do_write(SSL *s) 678280304Sjkim{ 679280304Sjkim int ret; 68055714Skris 681280304Sjkim ret = ssl2_write(s, &s->init_buf->data[s->init_off], s->init_num); 682280304Sjkim if (ret == s->init_num) { 683280304Sjkim if (s->msg_callback) 684280304Sjkim s->msg_callback(1, s->version, 0, s->init_buf->data, 685280304Sjkim (size_t)(s->init_off + s->init_num), s, 686280304Sjkim s->msg_callback_arg); 687280304Sjkim return (1); 688280304Sjkim } 689280304Sjkim if (ret < 0) 690280304Sjkim return (-1); 691280304Sjkim s->init_off += ret; 692280304Sjkim s->init_num -= ret; 693280304Sjkim return (0); 694280304Sjkim} 69555714Skris 69655714Skrisstatic int ssl_mt_error(int n) 697280304Sjkim{ 698280304Sjkim int ret; 69955714Skris 700280304Sjkim switch (n) { 701280304Sjkim case SSL2_PE_NO_CIPHER: 702280304Sjkim ret = SSL_R_PEER_ERROR_NO_CIPHER; 703280304Sjkim break; 704280304Sjkim case SSL2_PE_NO_CERTIFICATE: 705280304Sjkim ret = SSL_R_PEER_ERROR_NO_CERTIFICATE; 706280304Sjkim break; 707280304Sjkim case SSL2_PE_BAD_CERTIFICATE: 708280304Sjkim ret = SSL_R_PEER_ERROR_CERTIFICATE; 709280304Sjkim break; 710280304Sjkim case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE: 711280304Sjkim ret = SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE; 712280304Sjkim break; 713280304Sjkim default: 714280304Sjkim ret = SSL_R_UNKNOWN_REMOTE_ERROR_TYPE; 715280304Sjkim break; 716280304Sjkim } 717280304Sjkim return (ret); 718280304Sjkim} 719280304Sjkim#else /* !OPENSSL_NO_SSL2 */ 72055949Skris 72159194Skris# if PEDANTIC 722280304Sjkimstatic void *dummy = &dummy; 72359194Skris# endif 72459194Skris 72555949Skris#endif 726