s2_pkt.c revision 63249
1/* ssl/s2_pkt.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 * 58 * $FreeBSD: head/crypto/openssl/ssl/s2_pkt.c 59194 2000-04-13 07:15:03Z kris $ 59 */ 60 61#include "ssl_locl.h" 62#ifndef NO_SSL2 63#include <stdio.h> 64#include <errno.h> 65#define USE_SOCKETS 66 67static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); 68static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len); 69static int write_pending(SSL *s, const unsigned char *buf, unsigned int len); 70static int ssl_mt_error(int n); 71int ssl2_peek(SSL *s, char *buf, int len) 72 { 73 int ret; 74 75 ret=ssl2_read(s,buf,len); 76 if (ret > 0) 77 { 78 s->s2->ract_data_length+=ret; 79 s->s2->ract_data-=ret; 80 } 81 return(ret); 82 } 83 84/* SSL_read - 85 * This routine will return 0 to len bytes, decrypted etc if required. 86 */ 87int ssl2_read(SSL *s, void *buf, int len) 88 { 89 int n; 90 unsigned char mac[MAX_MAC_SIZE]; 91 unsigned char *p; 92 int i; 93 unsigned int mac_size=0; 94 95ssl2_read_again: 96 if (SSL_in_init(s) && !s->in_handshake) 97 { 98 n=s->handshake_func(s); 99 if (n < 0) return(n); 100 if (n == 0) 101 { 102 SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE); 103 return(-1); 104 } 105 } 106 107 clear_sys_error(); 108 s->rwstate=SSL_NOTHING; 109 if (len <= 0) return(len); 110 111 if (s->s2->ract_data_length != 0) /* read from buffer */ 112 { 113 if (len > s->s2->ract_data_length) 114 n=s->s2->ract_data_length; 115 else 116 n=len; 117 118 memcpy(buf,s->s2->ract_data,(unsigned int)n); 119 s->s2->ract_data_length-=n; 120 s->s2->ract_data+=n; 121 if (s->s2->ract_data_length == 0) 122 s->rstate=SSL_ST_READ_HEADER; 123 return(n); 124 } 125 126 if (s->rstate == SSL_ST_READ_HEADER) 127 { 128 if (s->first_packet) 129 { 130 n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0); 131 if (n <= 0) return(n); /* error or non-blocking */ 132 s->first_packet=0; 133 p=s->packet; 134 if (!((p[0] & 0x80) && ( 135 (p[2] == SSL2_MT_CLIENT_HELLO) || 136 (p[2] == SSL2_MT_SERVER_HELLO)))) 137 { 138 SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET); 139 return(-1); 140 } 141 } 142 else 143 { 144 n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0); 145 if (n <= 0) return(n); /* error or non-blocking */ 146 } 147 /* part read stuff */ 148 149 s->rstate=SSL_ST_READ_BODY; 150 p=s->packet; 151 /* Do header */ 152 /*s->s2->padding=0;*/ 153 s->s2->escape=0; 154 s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]); 155 if ((p[0] & TWO_BYTE_BIT)) /* Two byte header? */ 156 { 157 s->s2->three_byte_header=0; 158 s->s2->rlength&=TWO_BYTE_MASK; 159 } 160 else 161 { 162 s->s2->three_byte_header=1; 163 s->s2->rlength&=THREE_BYTE_MASK; 164 165 /* security >s2->escape */ 166 s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0; 167 } 168 } 169 170 if (s->rstate == SSL_ST_READ_BODY) 171 { 172 n=s->s2->rlength+2+s->s2->three_byte_header; 173 if (n > (int)s->packet_length) 174 { 175 n-=s->packet_length; 176 i=read_n(s,(unsigned int)n,(unsigned int)n,1); 177 if (i <= 0) return(i); /* ERROR */ 178 } 179 180 p= &(s->packet[2]); 181 s->rstate=SSL_ST_READ_HEADER; 182 if (s->s2->three_byte_header) 183 s->s2->padding= *(p++); 184 else s->s2->padding=0; 185 186 /* Data portion */ 187 if (s->s2->clear_text) 188 { 189 s->s2->mac_data=p; 190 s->s2->ract_data=p; 191 s->s2->pad_data=NULL; 192 } 193 else 194 { 195 mac_size=EVP_MD_size(s->read_hash); 196 s->s2->mac_data=p; 197 s->s2->ract_data= &p[mac_size]; 198 s->s2->pad_data= &p[mac_size+ 199 s->s2->rlength-s->s2->padding]; 200 } 201 202 s->s2->ract_data_length=s->s2->rlength; 203 /* added a check for length > max_size in case 204 * encryption was not turned on yet due to an error */ 205 if ((!s->s2->clear_text) && 206 (s->s2->rlength >= mac_size)) 207 { 208 ssl2_enc(s,0); 209 s->s2->ract_data_length-=mac_size; 210 ssl2_mac(s,mac,0); 211 s->s2->ract_data_length-=s->s2->padding; 212 if ( (memcmp(mac,s->s2->mac_data, 213 (unsigned int)mac_size) != 0) || 214 (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0)) 215 { 216 SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE); 217 return(-1); 218 } 219 } 220 INC32(s->s2->read_sequence); /* expect next number */ 221 /* s->s2->ract_data is now available for processing */ 222 223#if 1 224 /* How should we react when a packet containing 0 225 * bytes is received? (Note that SSLeay/OpenSSL itself 226 * never sends such packets; see ssl2_write.) 227 * Returning 0 would be interpreted by the caller as 228 * indicating EOF, so it's not a good idea. 229 * Instead, we just continue reading. Note that using 230 * select() for blocking sockets *never* guarantees 231 * that the next SSL_read will not block -- the available 232 * data may contain incomplete packets, and except for SSL 2 233 * renegotiation can confuse things even more. */ 234 235 goto ssl2_read_again; /* This should really be 236 * "return ssl2_read(s,buf,len)", 237 * but that would allow for 238 * denial-of-service attacks if a 239 * C compiler is used that does not 240 * recognize end-recursion. */ 241#else 242 /* If a 0 byte packet was sent, return 0, otherwise 243 * we play havoc with people using select with 244 * blocking sockets. Let them handle a packet at a time, 245 * they should really be using non-blocking sockets. */ 246 if (s->s2->ract_data_length == 0) 247 return(0); 248 return(ssl2_read(s,buf,len)); 249#endif 250 } 251 else 252 { 253 SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE); 254 return(-1); 255 } 256 } 257 258static int read_n(SSL *s, unsigned int n, unsigned int max, 259 unsigned int extend) 260 { 261 int i,off,newb; 262 263 /* if there is stuff still in the buffer from a previous read, 264 * and there is more than we want, take some. */ 265 if (s->s2->rbuf_left >= (int)n) 266 { 267 if (extend) 268 s->packet_length+=n; 269 else 270 { 271 s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]); 272 s->packet_length=n; 273 } 274 s->s2->rbuf_left-=n; 275 s->s2->rbuf_offs+=n; 276 return(n); 277 } 278 279 if (!s->read_ahead) max=n; 280 if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) 281 max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2; 282 283 284 /* Else we want more than we have. 285 * First, if there is some left or we want to extend */ 286 off=0; 287 if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend)) 288 { 289 newb=s->s2->rbuf_left; 290 if (extend) 291 { 292 off=s->packet_length; 293 if (s->packet != s->s2->rbuf) 294 memcpy(s->s2->rbuf,s->packet, 295 (unsigned int)newb+off); 296 } 297 else if (s->s2->rbuf_offs != 0) 298 { 299 memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]), 300 (unsigned int)newb); 301 s->s2->rbuf_offs=0; 302 } 303 s->s2->rbuf_left=0; 304 } 305 else 306 newb=0; 307 308 /* off is the offset to start writing too. 309 * r->s2->rbuf_offs is the 'unread data', now 0. 310 * newb is the number of new bytes so far 311 */ 312 s->packet=s->s2->rbuf; 313 while (newb < (int)n) 314 { 315 clear_sys_error(); 316 if (s->rbio != NULL) 317 { 318 s->rwstate=SSL_READING; 319 i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]), 320 max-newb); 321 } 322 else 323 { 324 SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET); 325 i= -1; 326 } 327#ifdef PKT_DEBUG 328 if (s->debug & 0x01) sleep(1); 329#endif 330 if (i <= 0) 331 { 332 s->s2->rbuf_left+=newb; 333 return(i); 334 } 335 newb+=i; 336 } 337 338 /* record unread data */ 339 if (newb > (int)n) 340 { 341 s->s2->rbuf_offs=n+off; 342 s->s2->rbuf_left=newb-n; 343 } 344 else 345 { 346 s->s2->rbuf_offs=0; 347 s->s2->rbuf_left=0; 348 } 349 if (extend) 350 s->packet_length+=n; 351 else 352 s->packet_length=n; 353 s->rwstate=SSL_NOTHING; 354 return(n); 355 } 356 357int ssl2_write(SSL *s, const void *_buf, int len) 358 { 359 const unsigned char *buf=_buf; 360 unsigned int n,tot; 361 int i; 362 363 if (SSL_in_init(s) && !s->in_handshake) 364 { 365 i=s->handshake_func(s); 366 if (i < 0) return(i); 367 if (i == 0) 368 { 369 SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE); 370 return(-1); 371 } 372 } 373 374 if (s->error) 375 { 376 ssl2_write_error(s); 377 if (s->error) 378 return(-1); 379 } 380 381 clear_sys_error(); 382 s->rwstate=SSL_NOTHING; 383 if (len <= 0) return(len); 384 385 tot=s->s2->wnum; 386 s->s2->wnum=0; 387 388 n=(len-tot); 389 for (;;) 390 { 391 i=do_ssl_write(s,&(buf[tot]),n); 392 if (i <= 0) 393 { 394 s->s2->wnum=tot; 395 return(i); 396 } 397 if ((i == (int)n) || 398 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)) 399 { 400 return(tot+i); 401 } 402 403 n-=i; 404 tot+=i; 405 } 406 } 407 408static int write_pending(SSL *s, const unsigned char *buf, unsigned int len) 409 { 410 int i; 411 412 /* s->s2->wpend_len != 0 MUST be true. */ 413 414 /* check that they have given us the same buffer to 415 * write */ 416 if ((s->s2->wpend_tot > (int)len) || 417 ((s->s2->wpend_buf != buf) && 418 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))) 419 { 420 SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); 421 return(-1); 422 } 423 424 for (;;) 425 { 426 clear_sys_error(); 427 if (s->wbio != NULL) 428 { 429 s->rwstate=SSL_WRITING; 430 i=BIO_write(s->wbio, 431 (char *)&(s->s2->write_ptr[s->s2->wpend_off]), 432 (unsigned int)s->s2->wpend_len); 433 } 434 else 435 { 436 SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET); 437 i= -1; 438 } 439#ifdef PKT_DEBUG 440 if (s->debug & 0x01) sleep(1); 441#endif 442 if (i == s->s2->wpend_len) 443 { 444 s->s2->wpend_len=0; 445 s->rwstate=SSL_NOTHING; 446 return(s->s2->wpend_ret); 447 } 448 else if (i <= 0) 449 return(i); 450 s->s2->wpend_off+=i; 451 s->s2->wpend_len-=i; 452 } 453 } 454 455static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) 456 { 457 unsigned int j,k,olen,p,mac_size,bs; 458 register unsigned char *pp; 459 460 olen=len; 461 462 /* first check if there is data from an encryption waiting to 463 * be sent - it must be sent because the other end is waiting. 464 * This will happen with non-blocking IO. We print it and then 465 * return. 466 */ 467 if (s->s2->wpend_len != 0) return(write_pending(s,buf,len)); 468 469 /* set mac_size to mac size */ 470 if (s->s2->clear_text) 471 mac_size=0; 472 else 473 mac_size=EVP_MD_size(s->write_hash); 474 475 /* lets set the pad p */ 476 if (s->s2->clear_text) 477 { 478 if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) 479 len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER; 480 p=0; 481 s->s2->three_byte_header=0; 482 /* len=len; */ 483 } 484 else 485 { 486 bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx); 487 j=len+mac_size; 488 if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) && 489 (!s->s2->escape)) 490 { 491 if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) 492 j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER; 493 /* set k to the max number of bytes with 2 494 * byte header */ 495 k=j-(j%bs); 496 /* how many data bytes? */ 497 len=k-mac_size; 498 s->s2->three_byte_header=0; 499 p=0; 500 } 501 else if ((bs <= 1) && (!s->s2->escape)) 502 { 503 /* len=len; */ 504 s->s2->three_byte_header=0; 505 p=0; 506 } 507 else /* 3 byte header */ 508 { 509 /*len=len; */ 510 p=(j%bs); 511 p=(p == 0)?0:(bs-p); 512 if (s->s2->escape) 513 s->s2->three_byte_header=1; 514 else 515 s->s2->three_byte_header=(p == 0)?0:1; 516 } 517 } 518 /* mac_size is the number of MAC bytes 519 * len is the number of data bytes we are going to send 520 * p is the number of padding bytes 521 * if p == 0, it is a 2 byte header */ 522 523 s->s2->wlength=len; 524 s->s2->padding=p; 525 s->s2->mac_data= &(s->s2->wbuf[3]); 526 s->s2->wact_data= &(s->s2->wbuf[3+mac_size]); 527 /* we copy the data into s->s2->wbuf */ 528 memcpy(s->s2->wact_data,buf,len); 529#ifdef PURIFY 530 if (p) 531 memset(&(s->s2->wact_data[len]),0,p); 532#endif 533 534 if (!s->s2->clear_text) 535 { 536 s->s2->wact_data_length=len+p; 537 ssl2_mac(s,s->s2->mac_data,1); 538 s->s2->wlength+=p+mac_size; 539 ssl2_enc(s,1); 540 } 541 542 /* package up the header */ 543 s->s2->wpend_len=s->s2->wlength; 544 if (s->s2->three_byte_header) /* 3 byte header */ 545 { 546 pp=s->s2->mac_data; 547 pp-=3; 548 pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8); 549 if (s->s2->escape) pp[0]|=SEC_ESC_BIT; 550 pp[1]=s->s2->wlength&0xff; 551 pp[2]=s->s2->padding; 552 s->s2->wpend_len+=3; 553 } 554 else 555 { 556 pp=s->s2->mac_data; 557 pp-=2; 558 pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT; 559 pp[1]=s->s2->wlength&0xff; 560 s->s2->wpend_len+=2; 561 } 562 s->s2->write_ptr=pp; 563 564 INC32(s->s2->write_sequence); /* expect next number */ 565 566 /* lets try to actually write the data */ 567 s->s2->wpend_tot=olen; 568 s->s2->wpend_buf=buf; 569 570 s->s2->wpend_ret=len; 571 572 s->s2->wpend_off=0; 573 return(write_pending(s,buf,olen)); 574 } 575 576int ssl2_part_read(SSL *s, unsigned long f, int i) 577 { 578 unsigned char *p; 579 int j; 580 581 /* check for error */ 582 if ((s->init_num == 0) && (i >= 3)) 583 { 584 p=(unsigned char *)s->init_buf->data; 585 if (p[0] == SSL2_MT_ERROR) 586 { 587 j=(p[1]<<8)|p[2]; 588 SSLerr((int)f,ssl_mt_error(j)); 589 } 590 } 591 592 if (i < 0) 593 { 594 /* ssl2_return_error(s); */ 595 /* for non-blocking io, 596 * this is not fatal */ 597 return(i); 598 } 599 else 600 { 601 s->init_num+=i; 602 return(0); 603 } 604 } 605 606int ssl2_do_write(SSL *s) 607 { 608 int ret; 609 610 ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num); 611 if (ret == s->init_num) 612 return(1); 613 if (ret < 0) 614 return(-1); 615 s->init_off+=ret; 616 s->init_num-=ret; 617 return(0); 618 } 619 620static int ssl_mt_error(int n) 621 { 622 int ret; 623 624 switch (n) 625 { 626 case SSL2_PE_NO_CIPHER: 627 ret=SSL_R_PEER_ERROR_NO_CIPHER; 628 break; 629 case SSL2_PE_NO_CERTIFICATE: 630 ret=SSL_R_PEER_ERROR_NO_CERTIFICATE; 631 break; 632 case SSL2_PE_BAD_CERTIFICATE: 633 ret=SSL_R_PEER_ERROR_CERTIFICATE; 634 break; 635 case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE: 636 ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE; 637 break; 638 default: 639 ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE; 640 break; 641 } 642 return(ret); 643 } 644#else /* !NO_SSL2 */ 645 646# if PEDANTIC 647static void *dummy=&dummy; 648# endif 649 650#endif 651