sl@0: /* ssl/s2_pkt.c */ sl@0: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) sl@0: * All rights reserved. sl@0: * sl@0: * This package is an SSL implementation written sl@0: * by Eric Young (eay@cryptsoft.com). sl@0: * The implementation was written so as to conform with Netscapes SSL. sl@0: * sl@0: * This library is free for commercial and non-commercial use as long as sl@0: * the following conditions are aheared to. The following conditions sl@0: * apply to all code found in this distribution, be it the RC4, RSA, sl@0: * lhash, DES, etc., code; not just the SSL code. The SSL documentation sl@0: * included with this distribution is covered by the same copyright terms sl@0: * except that the holder is Tim Hudson (tjh@cryptsoft.com). sl@0: * sl@0: * Copyright remains Eric Young's, and as such any Copyright notices in sl@0: * the code are not to be removed. sl@0: * If this package is used in a product, Eric Young should be given attribution sl@0: * as the author of the parts of the library used. sl@0: * This can be in the form of a textual message at program startup or sl@0: * in documentation (online or textual) provided with the package. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * 1. Redistributions of source code must retain the copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in the sl@0: * documentation and/or other materials provided with the distribution. sl@0: * 3. All advertising materials mentioning features or use of this software sl@0: * must display the following acknowledgement: sl@0: * "This product includes cryptographic software written by sl@0: * Eric Young (eay@cryptsoft.com)" sl@0: * The word 'cryptographic' can be left out if the rouines from the library sl@0: * being used are not cryptographic related :-). sl@0: * 4. If you include any Windows specific code (or a derivative thereof) from sl@0: * the apps directory (application code) you must include an acknowledgement: sl@0: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND sl@0: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE sl@0: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE sl@0: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL sl@0: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS sl@0: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT sl@0: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY sl@0: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF sl@0: * SUCH DAMAGE. sl@0: * sl@0: * The licence and distribution terms for any publically available version or sl@0: * derivative of this code cannot be changed. i.e. this code cannot simply be sl@0: * copied and put under another distribution licence sl@0: * [including the GNU Public Licence.] sl@0: */ sl@0: /* ==================================================================== sl@0: * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * sl@0: * 1. Redistributions of source code must retain the above copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in sl@0: * the documentation and/or other materials provided with the sl@0: * distribution. sl@0: * sl@0: * 3. All advertising materials mentioning features or use of this sl@0: * software must display the following acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" sl@0: * sl@0: * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to sl@0: * endorse or promote products derived from this software without sl@0: * prior written permission. For written permission, please contact sl@0: * openssl-core@openssl.org. sl@0: * sl@0: * 5. Products derived from this software may not be called "OpenSSL" sl@0: * nor may "OpenSSL" appear in their names without prior written sl@0: * permission of the OpenSSL Project. sl@0: * sl@0: * 6. Redistributions of any form whatsoever must retain the following sl@0: * acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit (http://www.openssl.org/)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY sl@0: * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR sl@0: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR sl@0: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, sl@0: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT sl@0: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; sl@0: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, sl@0: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) sl@0: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED sl@0: * OF THE POSSIBILITY OF SUCH DAMAGE. sl@0: * ==================================================================== sl@0: * sl@0: * This product includes cryptographic software written by Eric Young sl@0: * (eay@cryptsoft.com). This product includes software written by Tim sl@0: * Hudson (tjh@cryptsoft.com). sl@0: * sl@0: */ sl@0: sl@0: #include "ssl_locl.h" sl@0: #ifndef OPENSSL_NO_SSL2 sl@0: #include sl@0: #include sl@0: #define USE_SOCKETS sl@0: sl@0: static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); sl@0: static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len); sl@0: static int write_pending(SSL *s, const unsigned char *buf, unsigned int len); sl@0: static int ssl_mt_error(int n); sl@0: sl@0: sl@0: /* SSL 2.0 imlementation for SSL_read/SSL_peek - sl@0: * This routine will return 0 to len bytes, decrypted etc if required. sl@0: */ sl@0: static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) sl@0: { sl@0: int n; sl@0: unsigned char mac[MAX_MAC_SIZE]; sl@0: unsigned char *p; sl@0: int i; sl@0: unsigned int mac_size; sl@0: sl@0: ssl2_read_again: sl@0: if (SSL_in_init(s) && !s->in_handshake) sl@0: { sl@0: n=s->handshake_func(s); sl@0: if (n < 0) return(n); sl@0: if (n == 0) sl@0: { sl@0: SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE); sl@0: return(-1); sl@0: } sl@0: } sl@0: sl@0: clear_sys_error(); sl@0: s->rwstate=SSL_NOTHING; sl@0: if (len <= 0) return(len); sl@0: sl@0: if (s->s2->ract_data_length != 0) /* read from buffer */ sl@0: { sl@0: if (len > s->s2->ract_data_length) sl@0: n=s->s2->ract_data_length; sl@0: else sl@0: n=len; sl@0: sl@0: memcpy(buf,s->s2->ract_data,(unsigned int)n); sl@0: if (!peek) sl@0: { sl@0: s->s2->ract_data_length-=n; sl@0: s->s2->ract_data+=n; sl@0: if (s->s2->ract_data_length == 0) sl@0: s->rstate=SSL_ST_READ_HEADER; sl@0: } sl@0: sl@0: return(n); sl@0: } sl@0: sl@0: /* s->s2->ract_data_length == 0 sl@0: * sl@0: * Fill the buffer, then goto ssl2_read_again. sl@0: */ sl@0: sl@0: if (s->rstate == SSL_ST_READ_HEADER) sl@0: { sl@0: if (s->first_packet) sl@0: { sl@0: n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0); sl@0: if (n <= 0) return(n); /* error or non-blocking */ sl@0: s->first_packet=0; sl@0: p=s->packet; sl@0: if (!((p[0] & 0x80) && ( sl@0: (p[2] == SSL2_MT_CLIENT_HELLO) || sl@0: (p[2] == SSL2_MT_SERVER_HELLO)))) sl@0: { sl@0: SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET); sl@0: return(-1); sl@0: } sl@0: } sl@0: else sl@0: { sl@0: n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0); sl@0: if (n <= 0) return(n); /* error or non-blocking */ sl@0: } sl@0: /* part read stuff */ sl@0: sl@0: s->rstate=SSL_ST_READ_BODY; sl@0: p=s->packet; sl@0: /* Do header */ sl@0: /*s->s2->padding=0;*/ sl@0: s->s2->escape=0; sl@0: s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]); sl@0: if ((p[0] & TWO_BYTE_BIT)) /* Two byte header? */ sl@0: { sl@0: s->s2->three_byte_header=0; sl@0: s->s2->rlength&=TWO_BYTE_MASK; sl@0: } sl@0: else sl@0: { sl@0: s->s2->three_byte_header=1; sl@0: s->s2->rlength&=THREE_BYTE_MASK; sl@0: sl@0: /* security >s2->escape */ sl@0: s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0; sl@0: } sl@0: } sl@0: sl@0: if (s->rstate == SSL_ST_READ_BODY) sl@0: { sl@0: n=s->s2->rlength+2+s->s2->three_byte_header; sl@0: if (n > (int)s->packet_length) sl@0: { sl@0: n-=s->packet_length; sl@0: i=read_n(s,(unsigned int)n,(unsigned int)n,1); sl@0: if (i <= 0) return(i); /* ERROR */ sl@0: } sl@0: sl@0: p= &(s->packet[2]); sl@0: s->rstate=SSL_ST_READ_HEADER; sl@0: if (s->s2->three_byte_header) sl@0: s->s2->padding= *(p++); sl@0: else s->s2->padding=0; sl@0: sl@0: /* Data portion */ sl@0: if (s->s2->clear_text) sl@0: { sl@0: mac_size = 0; sl@0: s->s2->mac_data=p; sl@0: s->s2->ract_data=p; sl@0: if (s->s2->padding) sl@0: { sl@0: SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING); sl@0: return(-1); sl@0: } sl@0: } sl@0: else sl@0: { sl@0: mac_size=EVP_MD_size(s->read_hash); sl@0: OPENSSL_assert(mac_size <= MAX_MAC_SIZE); sl@0: s->s2->mac_data=p; sl@0: s->s2->ract_data= &p[mac_size]; sl@0: if (s->s2->padding + mac_size > s->s2->rlength) sl@0: { sl@0: SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING); sl@0: return(-1); sl@0: } sl@0: } sl@0: sl@0: s->s2->ract_data_length=s->s2->rlength; sl@0: /* added a check for length > max_size in case sl@0: * encryption was not turned on yet due to an error */ sl@0: if ((!s->s2->clear_text) && sl@0: (s->s2->rlength >= mac_size)) sl@0: { sl@0: ssl2_enc(s,0); sl@0: s->s2->ract_data_length-=mac_size; sl@0: ssl2_mac(s,mac,0); sl@0: s->s2->ract_data_length-=s->s2->padding; sl@0: if ( (memcmp(mac,s->s2->mac_data, sl@0: (unsigned int)mac_size) != 0) || sl@0: (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0)) sl@0: { sl@0: SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE); sl@0: return(-1); sl@0: } sl@0: } sl@0: INC32(s->s2->read_sequence); /* expect next number */ sl@0: /* s->s2->ract_data is now available for processing */ sl@0: sl@0: /* Possibly the packet that we just read had 0 actual data bytes. sl@0: * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.) sl@0: * In this case, returning 0 would be interpreted by the caller sl@0: * as indicating EOF, so it's not a good idea. Instead, we just sl@0: * continue reading; thus ssl2_read_internal may have to process sl@0: * multiple packets before it can return. sl@0: * sl@0: * [Note that using select() for blocking sockets *never* guarantees sl@0: * that the next SSL_read will not block -- the available sl@0: * data may contain incomplete packets, and except for SSL 2, sl@0: * renegotiation can confuse things even more.] */ sl@0: sl@0: goto ssl2_read_again; /* This should really be sl@0: * "return ssl2_read(s,buf,len)", sl@0: * but that would allow for sl@0: * denial-of-service attacks if a sl@0: * C compiler is used that does not sl@0: * recognize end-recursion. */ sl@0: } sl@0: else sl@0: { sl@0: SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE); sl@0: return(-1); sl@0: } sl@0: } sl@0: sl@0: int ssl2_read(SSL *s, void *buf, int len) sl@0: { sl@0: return ssl2_read_internal(s, buf, len, 0); sl@0: } sl@0: sl@0: int ssl2_peek(SSL *s, void *buf, int len) sl@0: { sl@0: return ssl2_read_internal(s, buf, len, 1); sl@0: } sl@0: sl@0: static int read_n(SSL *s, unsigned int n, unsigned int max, sl@0: unsigned int extend) sl@0: { sl@0: int i,off,newb; sl@0: sl@0: /* if there is stuff still in the buffer from a previous read, sl@0: * and there is more than we want, take some. */ sl@0: if (s->s2->rbuf_left >= (int)n) sl@0: { sl@0: if (extend) sl@0: s->packet_length+=n; sl@0: else sl@0: { sl@0: s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]); sl@0: s->packet_length=n; sl@0: } sl@0: s->s2->rbuf_left-=n; sl@0: s->s2->rbuf_offs+=n; sl@0: return(n); sl@0: } sl@0: sl@0: if (!s->read_ahead) max=n; sl@0: if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) sl@0: max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2; sl@0: sl@0: sl@0: /* Else we want more than we have. sl@0: * First, if there is some left or we want to extend */ sl@0: off=0; sl@0: if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend)) sl@0: { sl@0: newb=s->s2->rbuf_left; sl@0: if (extend) sl@0: { sl@0: off=s->packet_length; sl@0: if (s->packet != s->s2->rbuf) sl@0: memcpy(s->s2->rbuf,s->packet, sl@0: (unsigned int)newb+off); sl@0: } sl@0: else if (s->s2->rbuf_offs != 0) sl@0: { sl@0: memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]), sl@0: (unsigned int)newb); sl@0: s->s2->rbuf_offs=0; sl@0: } sl@0: s->s2->rbuf_left=0; sl@0: } sl@0: else sl@0: newb=0; sl@0: sl@0: /* off is the offset to start writing too. sl@0: * r->s2->rbuf_offs is the 'unread data', now 0. sl@0: * newb is the number of new bytes so far sl@0: */ sl@0: s->packet=s->s2->rbuf; sl@0: while (newb < (int)n) sl@0: { sl@0: clear_sys_error(); sl@0: if (s->rbio != NULL) sl@0: { sl@0: s->rwstate=SSL_READING; sl@0: i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]), sl@0: max-newb); sl@0: } sl@0: else sl@0: { sl@0: SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET); sl@0: i= -1; sl@0: } sl@0: #ifdef PKT_DEBUG sl@0: if (s->debug & 0x01) sleep(1); sl@0: #endif sl@0: if (i <= 0) sl@0: { sl@0: s->s2->rbuf_left+=newb; sl@0: return(i); sl@0: } sl@0: newb+=i; sl@0: } sl@0: sl@0: /* record unread data */ sl@0: if (newb > (int)n) sl@0: { sl@0: s->s2->rbuf_offs=n+off; sl@0: s->s2->rbuf_left=newb-n; sl@0: } sl@0: else sl@0: { sl@0: s->s2->rbuf_offs=0; sl@0: s->s2->rbuf_left=0; sl@0: } sl@0: if (extend) sl@0: s->packet_length+=n; sl@0: else sl@0: s->packet_length=n; sl@0: s->rwstate=SSL_NOTHING; sl@0: return(n); sl@0: } sl@0: sl@0: int ssl2_write(SSL *s, const void *_buf, int len) sl@0: { sl@0: const unsigned char *buf=_buf; sl@0: unsigned int n,tot; sl@0: int i; sl@0: sl@0: if (SSL_in_init(s) && !s->in_handshake) sl@0: { sl@0: i=s->handshake_func(s); sl@0: if (i < 0) return(i); sl@0: if (i == 0) sl@0: { sl@0: SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE); sl@0: return(-1); sl@0: } sl@0: } sl@0: sl@0: if (s->error) sl@0: { sl@0: ssl2_write_error(s); sl@0: if (s->error) sl@0: return(-1); sl@0: } sl@0: sl@0: clear_sys_error(); sl@0: s->rwstate=SSL_NOTHING; sl@0: if (len <= 0) return(len); sl@0: sl@0: tot=s->s2->wnum; sl@0: s->s2->wnum=0; sl@0: sl@0: n=(len-tot); sl@0: for (;;) sl@0: { sl@0: i=do_ssl_write(s,&(buf[tot]),n); sl@0: if (i <= 0) sl@0: { sl@0: s->s2->wnum=tot; sl@0: return(i); sl@0: } sl@0: if ((i == (int)n) || sl@0: (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)) sl@0: { sl@0: return(tot+i); sl@0: } sl@0: sl@0: n-=i; sl@0: tot+=i; sl@0: } sl@0: } sl@0: sl@0: static int write_pending(SSL *s, const unsigned char *buf, unsigned int len) sl@0: { sl@0: int i; sl@0: sl@0: /* s->s2->wpend_len != 0 MUST be true. */ sl@0: sl@0: /* check that they have given us the same buffer to sl@0: * write */ sl@0: if ((s->s2->wpend_tot > (int)len) || sl@0: ((s->s2->wpend_buf != buf) && sl@0: !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))) sl@0: { sl@0: SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); sl@0: return(-1); sl@0: } sl@0: sl@0: for (;;) sl@0: { sl@0: clear_sys_error(); sl@0: if (s->wbio != NULL) sl@0: { sl@0: s->rwstate=SSL_WRITING; sl@0: i=BIO_write(s->wbio, sl@0: (char *)&(s->s2->write_ptr[s->s2->wpend_off]), sl@0: (unsigned int)s->s2->wpend_len); sl@0: } sl@0: else sl@0: { sl@0: SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET); sl@0: i= -1; sl@0: } sl@0: #ifdef PKT_DEBUG sl@0: if (s->debug & 0x01) sleep(1); sl@0: #endif sl@0: if (i == s->s2->wpend_len) sl@0: { sl@0: s->s2->wpend_len=0; sl@0: s->rwstate=SSL_NOTHING; sl@0: return(s->s2->wpend_ret); sl@0: } sl@0: else if (i <= 0) sl@0: return(i); sl@0: s->s2->wpend_off+=i; sl@0: s->s2->wpend_len-=i; sl@0: } sl@0: } sl@0: sl@0: static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) sl@0: { sl@0: unsigned int j,k,olen,p,mac_size,bs; sl@0: register unsigned char *pp; sl@0: sl@0: olen=len; sl@0: sl@0: /* first check if there is data from an encryption waiting to sl@0: * be sent - it must be sent because the other end is waiting. sl@0: * This will happen with non-blocking IO. We print it and then sl@0: * return. sl@0: */ sl@0: if (s->s2->wpend_len != 0) return(write_pending(s,buf,len)); sl@0: sl@0: /* set mac_size to mac size */ sl@0: if (s->s2->clear_text) sl@0: mac_size=0; sl@0: else sl@0: mac_size=EVP_MD_size(s->write_hash); sl@0: sl@0: /* lets set the pad p */ sl@0: if (s->s2->clear_text) sl@0: { sl@0: if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) sl@0: len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER; sl@0: p=0; sl@0: s->s2->three_byte_header=0; sl@0: /* len=len; */ sl@0: } sl@0: else sl@0: { sl@0: bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx); sl@0: j=len+mac_size; sl@0: /* Two-byte headers allow for a larger record length than sl@0: * three-byte headers, but we can't use them if we need sl@0: * padding or if we have to set the escape bit. */ sl@0: if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) && sl@0: (!s->s2->escape)) sl@0: { sl@0: if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) sl@0: j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER; sl@0: /* set k to the max number of bytes with 2 sl@0: * byte header */ sl@0: k=j-(j%bs); sl@0: /* how many data bytes? */ sl@0: len=k-mac_size; sl@0: s->s2->three_byte_header=0; sl@0: p=0; sl@0: } sl@0: else if ((bs <= 1) && (!s->s2->escape)) sl@0: { sl@0: /* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus sl@0: * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */ sl@0: s->s2->three_byte_header=0; sl@0: p=0; sl@0: } sl@0: else /* we may have to use a 3 byte header */ sl@0: { sl@0: /* If s->s2->escape is not set, then sl@0: * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus sl@0: * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */ sl@0: p=(j%bs); sl@0: p=(p == 0)?0:(bs-p); sl@0: if (s->s2->escape) sl@0: { sl@0: s->s2->three_byte_header=1; sl@0: if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) sl@0: j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER; sl@0: } sl@0: else sl@0: s->s2->three_byte_header=(p == 0)?0:1; sl@0: } sl@0: } sl@0: sl@0: /* Now sl@0: * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER sl@0: * holds, and if s->s2->three_byte_header is set, then even sl@0: * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER. sl@0: */ sl@0: sl@0: /* mac_size is the number of MAC bytes sl@0: * len is the number of data bytes we are going to send sl@0: * p is the number of padding bytes sl@0: * (if it is a two-byte header, then p == 0) */ sl@0: sl@0: s->s2->wlength=len; sl@0: s->s2->padding=p; sl@0: s->s2->mac_data= &(s->s2->wbuf[3]); sl@0: s->s2->wact_data= &(s->s2->wbuf[3+mac_size]); sl@0: /* we copy the data into s->s2->wbuf */ sl@0: memcpy(s->s2->wact_data,buf,len); sl@0: if (p) sl@0: memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */ sl@0: sl@0: if (!s->s2->clear_text) sl@0: { sl@0: s->s2->wact_data_length=len+p; sl@0: ssl2_mac(s,s->s2->mac_data,1); sl@0: s->s2->wlength+=p+mac_size; sl@0: ssl2_enc(s,1); sl@0: } sl@0: sl@0: /* package up the header */ sl@0: s->s2->wpend_len=s->s2->wlength; sl@0: if (s->s2->three_byte_header) /* 3 byte header */ sl@0: { sl@0: pp=s->s2->mac_data; sl@0: pp-=3; sl@0: pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8); sl@0: if (s->s2->escape) pp[0]|=SEC_ESC_BIT; sl@0: pp[1]=s->s2->wlength&0xff; sl@0: pp[2]=s->s2->padding; sl@0: s->s2->wpend_len+=3; sl@0: } sl@0: else sl@0: { sl@0: pp=s->s2->mac_data; sl@0: pp-=2; sl@0: pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT; sl@0: pp[1]=s->s2->wlength&0xff; sl@0: s->s2->wpend_len+=2; sl@0: } sl@0: s->s2->write_ptr=pp; sl@0: sl@0: INC32(s->s2->write_sequence); /* expect next number */ sl@0: sl@0: /* lets try to actually write the data */ sl@0: s->s2->wpend_tot=olen; sl@0: s->s2->wpend_buf=buf; sl@0: sl@0: s->s2->wpend_ret=len; sl@0: sl@0: s->s2->wpend_off=0; sl@0: return(write_pending(s,buf,olen)); sl@0: } sl@0: sl@0: int ssl2_part_read(SSL *s, unsigned long f, int i) sl@0: { sl@0: unsigned char *p; sl@0: int j; sl@0: sl@0: if (i < 0) sl@0: { sl@0: /* ssl2_return_error(s); */ sl@0: /* for non-blocking io, sl@0: * this is not necessarily fatal */ sl@0: return(i); sl@0: } sl@0: else sl@0: { sl@0: s->init_num+=i; sl@0: sl@0: /* Check for error. While there are recoverable errors, sl@0: * this function is not called when those must be expected; sl@0: * any error detected here is fatal. */ sl@0: if (s->init_num >= 3) sl@0: { sl@0: p=(unsigned char *)s->init_buf->data; sl@0: if (p[0] == SSL2_MT_ERROR) sl@0: { sl@0: j=(p[1]<<8)|p[2]; sl@0: SSLerr((int)f,ssl_mt_error(j)); sl@0: s->init_num -= 3; sl@0: if (s->init_num > 0) sl@0: memmove(p, p+3, s->init_num); sl@0: } sl@0: } sl@0: sl@0: /* If it's not an error message, we have some error anyway -- sl@0: * the message was shorter than expected. This too is treated sl@0: * as fatal (at least if SSL_get_error is asked for its opinion). */ sl@0: return(0); sl@0: } sl@0: } sl@0: sl@0: int ssl2_do_write(SSL *s) sl@0: { sl@0: int ret; sl@0: sl@0: ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num); sl@0: if (ret == s->init_num) sl@0: { sl@0: if (s->msg_callback) sl@0: s->msg_callback(1, s->version, 0, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); sl@0: return(1); sl@0: } sl@0: if (ret < 0) sl@0: return(-1); sl@0: s->init_off+=ret; sl@0: s->init_num-=ret; sl@0: return(0); sl@0: } sl@0: sl@0: static int ssl_mt_error(int n) sl@0: { sl@0: int ret; sl@0: sl@0: switch (n) sl@0: { sl@0: case SSL2_PE_NO_CIPHER: sl@0: ret=SSL_R_PEER_ERROR_NO_CIPHER; sl@0: break; sl@0: case SSL2_PE_NO_CERTIFICATE: sl@0: ret=SSL_R_PEER_ERROR_NO_CERTIFICATE; sl@0: break; sl@0: case SSL2_PE_BAD_CERTIFICATE: sl@0: ret=SSL_R_PEER_ERROR_CERTIFICATE; sl@0: break; sl@0: case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE: sl@0: ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE; sl@0: break; sl@0: default: sl@0: ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE; sl@0: break; sl@0: } sl@0: return(ret); sl@0: } sl@0: #else /* !OPENSSL_NO_SSL2 */ sl@0: sl@0: # if PEDANTIC sl@0: static void *dummy=&dummy; sl@0: # endif sl@0: sl@0: #endif