s2_pkt.c revision 55949
1/* ssl/s2_pkt.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 * 58 * $FreeBSD: head/crypto/openssl/ssl/s2_pkt.c 55949 2000-01-14 05:24:08Z kris $ 59 */ 60 61#ifndef NO_SSL2 62 63#include <stdio.h> 64#include <errno.h> 65#define USE_SOCKETS 66#include "ssl_locl.h" 67 68static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); 69static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len); 70static int write_pending(SSL *s, const unsigned char *buf, unsigned int len); 71static int ssl_mt_error(int n); 72int ssl2_peek(SSL *s, char *buf, int len) 73 { 74 int ret; 75 76 ret=ssl2_read(s,buf,len); 77 if (ret > 0) 78 { 79 s->s2->ract_data_length+=ret; 80 s->s2->ract_data-=ret; 81 } 82 return(ret); 83 } 84 85/* SSL_read - 86 * This routine will return 0 to len bytes, decrypted etc if required. 87 */ 88int ssl2_read(SSL *s, void *buf, int len) 89 { 90 int n; 91 unsigned char mac[MAX_MAC_SIZE]; 92 unsigned char *p; 93 int i; 94 unsigned int mac_size=0; 95 96ssl2_read_again: 97 if (SSL_in_init(s) && !s->in_handshake) 98 { 99 n=s->handshake_func(s); 100 if (n < 0) return(n); 101 if (n == 0) 102 { 103 SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE); 104 return(-1); 105 } 106 } 107 108 clear_sys_error(); 109 s->rwstate=SSL_NOTHING; 110 if (len <= 0) return(len); 111 112 if (s->s2->ract_data_length != 0) /* read from buffer */ 113 { 114 if (len > s->s2->ract_data_length) 115 n=s->s2->ract_data_length; 116 else 117 n=len; 118 119 memcpy(buf,s->s2->ract_data,(unsigned int)n); 120 s->s2->ract_data_length-=n; 121 s->s2->ract_data+=n; 122 if (s->s2->ract_data_length == 0) 123 s->rstate=SSL_ST_READ_HEADER; 124 return(n); 125 } 126 127 if (s->rstate == SSL_ST_READ_HEADER) 128 { 129 if (s->first_packet) 130 { 131 n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0); 132 if (n <= 0) return(n); /* error or non-blocking */ 133 s->first_packet=0; 134 p=s->packet; 135 if (!((p[0] & 0x80) && ( 136 (p[2] == SSL2_MT_CLIENT_HELLO) || 137 (p[2] == SSL2_MT_SERVER_HELLO)))) 138 { 139 SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET); 140 return(-1); 141 } 142 } 143 else 144 { 145 n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0); 146 if (n <= 0) return(n); /* error or non-blocking */ 147 } 148 /* part read stuff */ 149 150 s->rstate=SSL_ST_READ_BODY; 151 p=s->packet; 152 /* Do header */ 153 /*s->s2->padding=0;*/ 154 s->s2->escape=0; 155 s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]); 156 if ((p[0] & TWO_BYTE_BIT)) /* Two byte header? */ 157 { 158 s->s2->three_byte_header=0; 159 s->s2->rlength&=TWO_BYTE_MASK; 160 } 161 else 162 { 163 s->s2->three_byte_header=1; 164 s->s2->rlength&=THREE_BYTE_MASK; 165 166 /* security >s2->escape */ 167 s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0; 168 } 169 } 170 171 if (s->rstate == SSL_ST_READ_BODY) 172 { 173 n=s->s2->rlength+2+s->s2->three_byte_header; 174 if (n > (int)s->packet_length) 175 { 176 n-=s->packet_length; 177 i=read_n(s,(unsigned int)n,(unsigned int)n,1); 178 if (i <= 0) return(i); /* ERROR */ 179 } 180 181 p= &(s->packet[2]); 182 s->rstate=SSL_ST_READ_HEADER; 183 if (s->s2->three_byte_header) 184 s->s2->padding= *(p++); 185 else s->s2->padding=0; 186 187 /* Data portion */ 188 if (s->s2->clear_text) 189 { 190 s->s2->mac_data=p; 191 s->s2->ract_data=p; 192 s->s2->pad_data=NULL; 193 } 194 else 195 { 196 mac_size=EVP_MD_size(s->read_hash); 197 s->s2->mac_data=p; 198 s->s2->ract_data= &p[mac_size]; 199 s->s2->pad_data= &p[mac_size+ 200 s->s2->rlength-s->s2->padding]; 201 } 202 203 s->s2->ract_data_length=s->s2->rlength; 204 /* added a check for length > max_size in case 205 * encryption was not turned on yet due to an error */ 206 if ((!s->s2->clear_text) && 207 (s->s2->rlength >= mac_size)) 208 { 209 ssl2_enc(s,0); 210 s->s2->ract_data_length-=mac_size; 211 ssl2_mac(s,mac,0); 212 s->s2->ract_data_length-=s->s2->padding; 213 if ( (memcmp(mac,s->s2->mac_data, 214 (unsigned int)mac_size) != 0) || 215 (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0)) 216 { 217 SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE); 218 return(-1); 219 } 220 } 221 INC32(s->s2->read_sequence); /* expect next number */ 222 /* s->s2->ract_data is now available for processing */ 223 224#if 1 225 /* How should we react when a packet containing 0 226 * bytes is received? (Note that SSLeay/OpenSSL itself 227 * never sends such packets; see ssl2_write.) 228 * Returning 0 would be interpreted by the caller as 229 * indicating EOF, so it's not a good idea. 230 * Instead, we just continue reading. Note that using 231 * select() for blocking sockets *never* guarantees 232 * that the next SSL_read will not block -- the available 233 * data may contain incomplete packets, and except for SSL 2 234 * renegotiation can confuse things even more. */ 235 236 goto ssl2_read_again; /* This should really be 237 * "return ssl2_read(s,buf,len)", 238 * but that would allow for 239 * denial-of-service attacks if a 240 * C compiler is used that does not 241 * recognize end-recursion. */ 242#else 243 /* If a 0 byte packet was sent, return 0, otherwise 244 * we play havoc with people using select with 245 * blocking sockets. Let them handle a packet at a time, 246 * they should really be using non-blocking sockets. */ 247 if (s->s2->ract_data_length == 0) 248 return(0); 249 return(ssl2_read(s,buf,len)); 250#endif 251 } 252 else 253 { 254 SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE); 255 return(-1); 256 } 257 } 258 259static int read_n(SSL *s, unsigned int n, unsigned int max, 260 unsigned int extend) 261 { 262 int i,off,newb; 263 264 /* if there is stuff still in the buffer from a previous read, 265 * and there is more than we want, take some. */ 266 if (s->s2->rbuf_left >= (int)n) 267 { 268 if (extend) 269 s->packet_length+=n; 270 else 271 { 272 s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]); 273 s->packet_length=n; 274 } 275 s->s2->rbuf_left-=n; 276 s->s2->rbuf_offs+=n; 277 return(n); 278 } 279 280 if (!s->read_ahead) max=n; 281 if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) 282 max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2; 283 284 285 /* Else we want more than we have. 286 * First, if there is some left or we want to extend */ 287 off=0; 288 if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend)) 289 { 290 newb=s->s2->rbuf_left; 291 if (extend) 292 { 293 off=s->packet_length; 294 if (s->packet != s->s2->rbuf) 295 memcpy(s->s2->rbuf,s->packet, 296 (unsigned int)newb+off); 297 } 298 else if (s->s2->rbuf_offs != 0) 299 { 300 memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]), 301 (unsigned int)newb); 302 s->s2->rbuf_offs=0; 303 } 304 s->s2->rbuf_left=0; 305 } 306 else 307 newb=0; 308 309 /* off is the offset to start writing too. 310 * r->s2->rbuf_offs is the 'unread data', now 0. 311 * newb is the number of new bytes so far 312 */ 313 s->packet=s->s2->rbuf; 314 while (newb < (int)n) 315 { 316 clear_sys_error(); 317 if (s->rbio != NULL) 318 { 319 s->rwstate=SSL_READING; 320 i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]), 321 max-newb); 322 } 323 else 324 { 325 SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET); 326 i= -1; 327 } 328#ifdef PKT_DEBUG 329 if (s->debug & 0x01) sleep(1); 330#endif 331 if (i <= 0) 332 { 333 s->s2->rbuf_left+=newb; 334 return(i); 335 } 336 newb+=i; 337 } 338 339 /* record unread data */ 340 if (newb > (int)n) 341 { 342 s->s2->rbuf_offs=n+off; 343 s->s2->rbuf_left=newb-n; 344 } 345 else 346 { 347 s->s2->rbuf_offs=0; 348 s->s2->rbuf_left=0; 349 } 350 if (extend) 351 s->packet_length+=n; 352 else 353 s->packet_length=n; 354 s->rwstate=SSL_NOTHING; 355 return(n); 356 } 357 358int ssl2_write(SSL *s, const void *_buf, int len) 359 { 360 const unsigned char *buf=_buf; 361 unsigned int n,tot; 362 int i; 363 364 if (SSL_in_init(s) && !s->in_handshake) 365 { 366 i=s->handshake_func(s); 367 if (i < 0) return(i); 368 if (i == 0) 369 { 370 SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE); 371 return(-1); 372 } 373 } 374 375 if (s->error) 376 { 377 ssl2_write_error(s); 378 if (s->error) 379 return(-1); 380 } 381 382 clear_sys_error(); 383 s->rwstate=SSL_NOTHING; 384 if (len <= 0) return(len); 385 386 tot=s->s2->wnum; 387 s->s2->wnum=0; 388 389 n=(len-tot); 390 for (;;) 391 { 392 i=do_ssl_write(s,&(buf[tot]),n); 393 if (i <= 0) 394 { 395 s->s2->wnum=tot; 396 return(i); 397 } 398 if ((i == (int)n) || 399 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)) 400 { 401 return(tot+i); 402 } 403 404 n-=i; 405 tot+=i; 406 } 407 } 408 409static int write_pending(SSL *s, const unsigned char *buf, unsigned int len) 410 { 411 int i; 412 413 /* s->s2->wpend_len != 0 MUST be true. */ 414 415 /* check that they have given us the same buffer to 416 * write */ 417 if ((s->s2->wpend_tot > (int)len) || 418 ((s->s2->wpend_buf != buf) && 419 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))) 420 { 421 SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); 422 return(-1); 423 } 424 425 for (;;) 426 { 427 clear_sys_error(); 428 if (s->wbio != NULL) 429 { 430 s->rwstate=SSL_WRITING; 431 i=BIO_write(s->wbio, 432 (char *)&(s->s2->write_ptr[s->s2->wpend_off]), 433 (unsigned int)s->s2->wpend_len); 434 } 435 else 436 { 437 SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET); 438 i= -1; 439 } 440#ifdef PKT_DEBUG 441 if (s->debug & 0x01) sleep(1); 442#endif 443 if (i == s->s2->wpend_len) 444 { 445 s->s2->wpend_len=0; 446 s->rwstate=SSL_NOTHING; 447 return(s->s2->wpend_ret); 448 } 449 else if (i <= 0) 450 return(i); 451 s->s2->wpend_off+=i; 452 s->s2->wpend_len-=i; 453 } 454 } 455 456static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) 457 { 458 unsigned int j,k,olen,p,mac_size,bs; 459 register unsigned char *pp; 460 461 olen=len; 462 463 /* first check if there is data from an encryption waiting to 464 * be sent - it must be sent because the other end is waiting. 465 * This will happen with non-blocking IO. We print it and then 466 * return. 467 */ 468 if (s->s2->wpend_len != 0) return(write_pending(s,buf,len)); 469 470 /* set mac_size to mac size */ 471 if (s->s2->clear_text) 472 mac_size=0; 473 else 474 mac_size=EVP_MD_size(s->write_hash); 475 476 /* lets set the pad p */ 477 if (s->s2->clear_text) 478 { 479 if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) 480 len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER; 481 p=0; 482 s->s2->three_byte_header=0; 483 /* len=len; */ 484 } 485 else 486 { 487 bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx); 488 j=len+mac_size; 489 if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) && 490 (!s->s2->escape)) 491 { 492 if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) 493 j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER; 494 /* set k to the max number of bytes with 2 495 * byte header */ 496 k=j-(j%bs); 497 /* how many data bytes? */ 498 len=k-mac_size; 499 s->s2->three_byte_header=0; 500 p=0; 501 } 502 else if ((bs <= 1) && (!s->s2->escape)) 503 { 504 /* len=len; */ 505 s->s2->three_byte_header=0; 506 p=0; 507 } 508 else /* 3 byte header */ 509 { 510 /*len=len; */ 511 p=(j%bs); 512 p=(p == 0)?0:(bs-p); 513 if (s->s2->escape) 514 s->s2->three_byte_header=1; 515 else 516 s->s2->three_byte_header=(p == 0)?0:1; 517 } 518 } 519 /* mac_size is the number of MAC bytes 520 * len is the number of data bytes we are going to send 521 * p is the number of padding bytes 522 * if p == 0, it is a 2 byte header */ 523 524 s->s2->wlength=len; 525 s->s2->padding=p; 526 s->s2->mac_data= &(s->s2->wbuf[3]); 527 s->s2->wact_data= &(s->s2->wbuf[3+mac_size]); 528 /* we copy the data into s->s2->wbuf */ 529 memcpy(s->s2->wact_data,buf,len); 530#ifdef PURIFY 531 if (p) 532 memset(&(s->s2->wact_data[len]),0,p); 533#endif 534 535 if (!s->s2->clear_text) 536 { 537 s->s2->wact_data_length=len+p; 538 ssl2_mac(s,s->s2->mac_data,1); 539 s->s2->wlength+=p+mac_size; 540 ssl2_enc(s,1); 541 } 542 543 /* package up the header */ 544 s->s2->wpend_len=s->s2->wlength; 545 if (s->s2->three_byte_header) /* 3 byte header */ 546 { 547 pp=s->s2->mac_data; 548 pp-=3; 549 pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8); 550 if (s->s2->escape) pp[0]|=SEC_ESC_BIT; 551 pp[1]=s->s2->wlength&0xff; 552 pp[2]=s->s2->padding; 553 s->s2->wpend_len+=3; 554 } 555 else 556 { 557 pp=s->s2->mac_data; 558 pp-=2; 559 pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT; 560 pp[1]=s->s2->wlength&0xff; 561 s->s2->wpend_len+=2; 562 } 563 s->s2->write_ptr=pp; 564 565 INC32(s->s2->write_sequence); /* expect next number */ 566 567 /* lets try to actually write the data */ 568 s->s2->wpend_tot=olen; 569 s->s2->wpend_buf=buf; 570 571 s->s2->wpend_ret=len; 572 573 s->s2->wpend_off=0; 574 return(write_pending(s,buf,olen)); 575 } 576 577int ssl2_part_read(SSL *s, unsigned long f, int i) 578 { 579 unsigned char *p; 580 int j; 581 582 /* check for error */ 583 if ((s->init_num == 0) && (i >= 3)) 584 { 585 p=(unsigned char *)s->init_buf->data; 586 if (p[0] == SSL2_MT_ERROR) 587 { 588 j=(p[1]<<8)|p[2]; 589 SSLerr((int)f,ssl_mt_error(j)); 590 } 591 } 592 593 if (i < 0) 594 { 595 /* ssl2_return_error(s); */ 596 /* for non-blocking io, 597 * this is not fatal */ 598 return(i); 599 } 600 else 601 { 602 s->init_num+=i; 603 return(0); 604 } 605 } 606 607int ssl2_do_write(SSL *s) 608 { 609 int ret; 610 611 ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num); 612 if (ret == s->init_num) 613 return(1); 614 if (ret < 0) 615 return(-1); 616 s->init_off+=ret; 617 s->init_num-=ret; 618 return(0); 619 } 620 621static int ssl_mt_error(int n) 622 { 623 int ret; 624 625 switch (n) 626 { 627 case SSL2_PE_NO_CIPHER: 628 ret=SSL_R_PEER_ERROR_NO_CIPHER; 629 break; 630 case SSL2_PE_NO_CERTIFICATE: 631 ret=SSL_R_PEER_ERROR_NO_CERTIFICATE; 632 break; 633 case SSL2_PE_BAD_CERTIFICATE: 634 ret=SSL_R_PEER_ERROR_CERTIFICATE; 635 break; 636 case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE: 637 ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE; 638 break; 639 default: 640 ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE; 641 break; 642 } 643 return(ret); 644 } 645 646#endif 647