summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_pkt.c
diff options
context:
space:
mode:
authorryker <>1998-10-05 20:13:14 +0000
committerryker <>1998-10-05 20:13:14 +0000
commitaeeae06a79815dc190061534d47236cec09f9e32 (patch)
tree851692b9c2f9c04f077666855641900f19fdb217 /src/lib/libssl/s3_pkt.c
parenta4f79641824cbf9f60ca9d1168d1fcc46717a82a (diff)
downloadopenbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.gz
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.bz2
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.zip
Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
-rw-r--r--src/lib/libssl/s3_pkt.c1061
1 files changed, 1061 insertions, 0 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
new file mode 100644
index 0000000000..2385080347
--- /dev/null
+++ b/src/lib/libssl/s3_pkt.c
@@ -0,0 +1,1061 @@
1/* ssl/s3_pkt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <errno.h>
61#define USE_SOCKETS
62#include "evp.h"
63#include "buffer.h"
64#include "ssl_locl.h"
65
66/* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER);
67 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE);
68 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE);
69 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
70 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE);
71 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE);
72 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_RECORD_MAC);
73 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE);
74 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE);
75 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_NO_CERTIFICATE);
76 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_CERTIFICATE);
77 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE);
78 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED);
79 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED);
80 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN);
81 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER);
82 */
83
84#ifndef NOPROTO
85static int do_ssl3_write(SSL *s, int type, char *buf, unsigned int len);
86static int ssl3_write_pending(SSL *s, int type, char *buf, unsigned int len);
87static int ssl3_get_record(SSL *s);
88static int do_compress(SSL *ssl);
89static int do_uncompress(SSL *ssl);
90static int do_change_cipher_spec(SSL *ssl);
91#else
92static int do_ssl3_write();
93static int ssl3_write_pending();
94static int ssl3_get_record();
95static int do_compress();
96static int do_uncompress();
97static int do_change_cipher_spec();
98#endif
99
100static int ssl3_read_n(s,n,max,extend)
101SSL *s;
102int n;
103int max;
104int extend;
105 {
106 int i,off,newb;
107
108 /* if there is stuff still in the buffer from a previous read,
109 * and there is more than we want, take some. */
110 if (s->s3->rbuf.left >= (int)n)
111 {
112 if (extend)
113 s->packet_length+=n;
114 else
115 {
116 s->packet= &(s->s3->rbuf.buf[s->s3->rbuf.offset]);
117 s->packet_length=n;
118 }
119 s->s3->rbuf.left-=n;
120 s->s3->rbuf.offset+=n;
121 return(n);
122 }
123
124 /* else we need to read more data */
125 if (!s->read_ahead) max=n;
126 if (max > SSL3_RT_MAX_PACKET_SIZE)
127 max=SSL3_RT_MAX_PACKET_SIZE;
128
129 /* First check if there is some left or we want to extend */
130 off=0;
131 if ( (s->s3->rbuf.left != 0) ||
132 ((s->packet_length != 0) && extend))
133 {
134 newb=s->s3->rbuf.left;
135 if (extend)
136 {
137 /* Copy bytes back to the front of the buffer
138 * Take the bytes already pointed to by 'packet'
139 * and take the extra ones on the end. */
140 off=s->packet_length;
141 if (s->packet != s->s3->rbuf.buf)
142 memcpy(s->s3->rbuf.buf,s->packet,newb+off);
143 }
144 else if (s->s3->rbuf.offset != 0)
145 { /* so the data is not at the start of the buffer */
146 memcpy(s->s3->rbuf.buf,
147 &(s->s3->rbuf.buf[s->s3->rbuf.offset]),newb);
148 s->s3->rbuf.offset=0;
149 }
150
151 s->s3->rbuf.left=0;
152 }
153 else
154 newb=0;
155
156 /* So we now have 'newb' bytes at the front of
157 * s->s3->rbuf.buf and need to read some more in on the end
158 * We start reading into the buffer at 's->s3->rbuf.offset'
159 */
160 s->packet=s->s3->rbuf.buf;
161
162 while (newb < n)
163 {
164 clear_sys_error();
165 if (s->rbio != NULL)
166 {
167 s->rwstate=SSL_READING;
168 i=BIO_read(s->rbio,
169 (char *)&(s->s3->rbuf.buf[off+newb]),
170 max-newb);
171 }
172 else
173 {
174 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
175 i= -1;
176 }
177
178 if (i <= 0)
179 {
180 s->s3->rbuf.left+=newb;
181 return(i);
182 }
183 newb+=i;
184 }
185
186 /* record used data read */
187 if (newb > n)
188 {
189 s->s3->rbuf.offset=n+off;
190 s->s3->rbuf.left=newb-n;
191 }
192 else
193 {
194 s->s3->rbuf.offset=0;
195 s->s3->rbuf.left=0;
196 }
197
198 if (extend)
199 s->packet_length+=n;
200 else
201 s->packet_length+=n;
202 return(n);
203 }
204
205/* Call this to get a new input record.
206 * It will return <= 0 if more data is needed, normally due to an error
207 * or non-blocking IO.
208 * When it finishes, one packet has been decoded and can be found in
209 * ssl->s3->rrec.type - is the type of record
210 * ssl->s3->rrec.data, - data
211 * ssl->s3->rrec.length, - number of bytes
212 */
213static int ssl3_get_record(s)
214SSL *s;
215 {
216 char tmp_buf[512];
217 int ssl_major,ssl_minor,al;
218 int n,i,ret= -1;
219 SSL3_BUFFER *rb;
220 SSL3_RECORD *rr;
221 SSL_SESSION *sess;
222 unsigned char *p;
223 unsigned char md[EVP_MAX_MD_SIZE];
224 short version;
225 unsigned int mac_size;
226 int clear=0,extra;
227
228 rr= &(s->s3->rrec);
229 rb= &(s->s3->rbuf);
230 sess=s->session;
231
232 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
233 extra=SSL3_RT_MAX_EXTRA;
234 else
235 extra=0;
236
237again:
238 /* check if we have the header */
239 if ( (s->rstate != SSL_ST_READ_BODY) ||
240 (s->packet_length < SSL3_RT_HEADER_LENGTH))
241 {
242 n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH,
243 SSL3_RT_MAX_PACKET_SIZE,0);
244 if (n <= 0) return(n); /* error or non-blocking */
245 s->rstate=SSL_ST_READ_BODY;
246
247 p=s->packet;
248
249 /* Pull apart the header into the SSL3_RECORD */
250 rr->type= *(p++);
251 ssl_major= *(p++);
252 ssl_minor= *(p++);
253 version=(ssl_major<<8)|ssl_minor;
254 n2s(p,rr->length);
255
256 /* Lets check version */
257 if (s->first_packet)
258 {
259 s->first_packet=0;
260 }
261 else
262 {
263 if (version != s->version)
264 {
265 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
266 /* Send back error using their
267 * version number :-) */
268 s->version=version;
269 al=SSL_AD_PROTOCOL_VERSION;
270 goto f_err;
271 }
272 }
273
274 if ((version>>8) != SSL3_VERSION_MAJOR)
275 {
276 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
277 goto err;
278 }
279
280 if (rr->length >
281 (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
282 {
283 al=SSL_AD_RECORD_OVERFLOW;
284 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
285 goto f_err;
286 }
287
288 s->rstate=SSL_ST_READ_BODY;
289 }
290
291 /* get and decode the data */
292 if (s->rstate == SSL_ST_READ_BODY)
293 {
294 if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH))
295 {
296 i=rr->length;
297 /*-(s->packet_length-SSL3_RT_HEADER_LENGTH); */
298 n=ssl3_read_n(s,i,i,1);
299 if (n <= 0) return(n); /* error or non-blocking io */
300 }
301 s->rstate=SSL_ST_READ_HEADER;
302 }
303
304 /* At this point, we have the data in s->packet and there should be
305 * s->packet_length bytes, we must not 'overrun' this buffer :-)
306 * One of the following functions will copy the data from the
307 * s->packet buffer */
308
309 rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
310
311 /* ok, we can now read from 's->packet' data into 'rr'
312 * rr->input points at rr->length bytes, which
313 * need to be copied into rr->data by either
314 * the decryption or by the decompression
315 * When the data is 'copied' into the rr->data buffer,
316 * rr->input will be pointed at the new buffer */
317
318 /* Set the state for the following operations */
319 s->rstate=SSL_ST_READ_HEADER;
320
321 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
322 * rr->length bytes of encrypted compressed stuff. */
323
324 /* check is not needed I belive */
325 if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
326 {
327 al=SSL_AD_RECORD_OVERFLOW;
328 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
329 goto f_err;
330 }
331
332 /* decrypt in place in 'rr->input' */
333 rr->data=rr->input;
334 memcpy(tmp_buf,rr->input,(rr->length > 512)?512:rr->length);
335
336 if (!s->method->ssl3_enc->enc(s,0))
337 {
338 al=SSL_AD_DECRYPT_ERROR;
339 goto f_err;
340 }
341#ifdef TLS_DEBUG
342printf("dec %d\n",rr->length);
343{ int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
344printf("\n");
345#endif
346 /* r->length is now the compressed data plus mac */
347 if ( (sess == NULL) ||
348 (s->enc_read_ctx == NULL) ||
349 (s->read_hash == NULL))
350 clear=1;
351
352 if (!clear)
353 {
354 mac_size=EVP_MD_size(s->read_hash);
355
356 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
357 {
358 al=SSL_AD_RECORD_OVERFLOW;
359 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
360 goto f_err;
361 }
362 /* check MAC for rr->input' */
363 if (rr->length < mac_size)
364 {
365 al=SSL_AD_DECODE_ERROR;
366 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
367 goto f_err;
368 }
369 rr->length-=mac_size;
370 i=s->method->ssl3_enc->mac(s,md,0);
371 if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
372 {
373 al=SSL_AD_BAD_RECORD_MAC;
374 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE);
375 ret= -1;
376 goto f_err;
377 }
378 }
379
380 /* r->length is now just compressed */
381 if ((sess != NULL) && (sess->read_compression != NULL))
382 {
383 if (rr->length >
384 (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
385 {
386 al=SSL_AD_RECORD_OVERFLOW;
387 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
388 goto f_err;
389 }
390 if (!do_uncompress(s))
391 {
392 al=SSL_AD_DECOMPRESSION_FAILURE;
393 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
394 goto f_err;
395 }
396 }
397
398 if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra)
399 {
400 al=SSL_AD_RECORD_OVERFLOW;
401 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
402 goto f_err;
403 }
404
405 rr->off=0;
406 /* So at this point the following is true
407 * ssl->s3->rrec.type is the type of record
408 * ssl->s3->rrec.length == number of bytes in record
409 * ssl->s3->rrec.off == offset to first valid byte
410 * ssl->s3->rrec.data == where to take bytes from, increment
411 * after use :-).
412 */
413
414 /* we have pulled in a full packet so zero things */
415 s->packet_length=0;
416
417 /* just read a 0 length packet */
418 if (rr->length == 0) goto again;
419
420 return(1);
421f_err:
422 ssl3_send_alert(s,SSL3_AL_FATAL,al);
423err:
424 return(ret);
425 }
426
427static int do_uncompress(ssl)
428SSL *ssl;
429 {
430 return(1);
431 }
432
433static int do_compress(ssl)
434SSL *ssl;
435 {
436 return(1);
437 }
438
439/* Call this to write data
440 * It will return <= 0 if not all data has been sent or non-blocking IO.
441 */
442int ssl3_write_bytes(s,type,buf,len)
443SSL *s;
444int type;
445char *buf;
446int len;
447 {
448 unsigned int tot,n,nw;
449 int i;
450
451 s->rwstate=SSL_NOTHING;
452 tot=s->s3->wnum;
453 s->s3->wnum=0;
454
455 if (SSL_in_init(s) && !s->in_handshake)
456 {
457 i=s->handshake_func(s);
458 if (i < 0) return(i);
459 if (i == 0)
460 {
461 SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
462 return(-1);
463 }
464 }
465
466 n=(len-tot);
467 for (;;)
468 {
469 if (n > SSL3_RT_MAX_PLAIN_LENGTH)
470 nw=SSL3_RT_MAX_PLAIN_LENGTH;
471 else
472 nw=n;
473
474 i=do_ssl3_write(s,type,&(buf[tot]),nw);
475 if (i <= 0)
476 {
477 s->s3->wnum=tot;
478 return(i);
479 }
480
481 if (type == SSL3_RT_HANDSHAKE)
482 ssl3_finish_mac(s,(unsigned char *)&(buf[tot]),i);
483
484 if (i == (int)n) return(tot+i);
485
486 n-=i;
487 tot+=i;
488 }
489 }
490
491static int do_ssl3_write(s,type,buf,len)
492SSL *s;
493int type;
494char *buf;
495unsigned int len;
496 {
497 unsigned char *p,*plen;
498 int i,mac_size,clear=0;
499 SSL3_RECORD *wr;
500 SSL3_BUFFER *wb;
501 SSL_SESSION *sess;
502
503 /* first check is there is a SSL3_RECORD still being written
504 * out. This will happen with non blocking IO */
505 if (s->s3->wbuf.left != 0)
506 return(ssl3_write_pending(s,type,buf,len));
507
508 /* If we have an alert to send, lets send it */
509 if (s->s3->alert_dispatch)
510 {
511 i=ssl3_dispatch_alert(s);
512 if (i <= 0)
513 return(i);
514 /* if it went, fall through and send more stuff */
515 }
516
517 if (len <= 0) return(len);
518
519 wr= &(s->s3->wrec);
520 wb= &(s->s3->wbuf);
521 sess=s->session;
522
523 if ( (sess == NULL) ||
524 (s->enc_write_ctx == NULL) ||
525 (s->write_hash == NULL))
526 clear=1;
527
528 if (clear)
529 mac_size=0;
530 else
531 mac_size=EVP_MD_size(s->write_hash);
532
533 p=wb->buf;
534
535 /* write the header */
536 *(p++)=type&0xff;
537 wr->type=type;
538
539 *(p++)=(s->version>>8);
540 *(p++)=s->version&0xff;
541
542 /* record where we are to write out packet length */
543 plen=p;
544 p+=2;
545
546 /* lets setup the record stuff. */
547 wr->data=p;
548 wr->length=(int)len;
549 wr->input=(unsigned char *)buf;
550
551 /* we now 'read' from wr->input, wr->length bytes into
552 * wr->data */
553
554 /* first we compress */
555 if ((sess != NULL) && (sess->write_compression != NULL))
556 {
557 if (!do_compress(s))
558 {
559 SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
560 goto err;
561 }
562 }
563 else
564 {
565 memcpy(wr->data,wr->input,wr->length);
566 wr->input=wr->data;
567 }
568
569 /* we should still have the output to wr->data and the input
570 * from wr->input. Length should be wr->length.
571 * wr->data still points in the wb->buf */
572
573 if (mac_size != 0)
574 {
575 s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
576 wr->length+=mac_size;
577 wr->input=p;
578 wr->data=p;
579 }
580
581 /* ssl3_enc can only have an error on read */
582 s->method->ssl3_enc->enc(s,1);
583
584 /* record length after mac and block padding */
585 s2n(wr->length,plen);
586
587 /* we should now have
588 * wr->data pointing to the encrypted data, which is
589 * wr->length long */
590 wr->type=type; /* not needed but helps for debugging */
591 wr->length+=SSL3_RT_HEADER_LENGTH;
592
593 /* Now lets setup wb */
594 wb->left=wr->length;
595 wb->offset=0;
596
597 s->s3->wpend_tot=len;
598 s->s3->wpend_buf=buf;
599 s->s3->wpend_type=type;
600 s->s3->wpend_ret=len;
601
602 /* we now just need to write the buffer */
603 return(ssl3_write_pending(s,type,buf,len));
604err:
605 return(-1);
606 }
607
608/* if s->s3->wbuf.left != 0, we need to call this */
609static int ssl3_write_pending(s,type,buf,len)
610SSL *s;
611int type;
612char *buf;
613unsigned int len;
614 {
615 int i;
616
617/* XXXX */
618 if ((s->s3->wpend_tot > (int)len) || (s->s3->wpend_buf != buf)
619 || (s->s3->wpend_type != type))
620 {
621 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
622 return(-1);
623 }
624
625 for (;;)
626 {
627 clear_sys_error();
628 if (s->wbio != NULL)
629 {
630 s->rwstate=SSL_WRITING;
631 i=BIO_write(s->wbio,
632 (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
633 (unsigned int)s->s3->wbuf.left);
634 }
635 else
636 {
637 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
638 i= -1;
639 }
640 if (i == s->s3->wbuf.left)
641 {
642 s->s3->wbuf.left=0;
643 s->rwstate=SSL_NOTHING;
644 return(s->s3->wpend_ret);
645 }
646 else if (i <= 0)
647 return(i);
648 s->s3->wbuf.offset+=i;
649 s->s3->wbuf.left-=i;
650 }
651 }
652
653int ssl3_read_bytes(s,type,buf,len)
654SSL *s;
655int type;
656char *buf;
657int len;
658 {
659 int al,i,j,n,ret;
660 SSL3_RECORD *rr;
661 void (*cb)()=NULL;
662 BIO *bio;
663
664 if (s->s3->rbuf.buf == NULL) /* Not initalised yet */
665 if (!ssl3_setup_buffers(s))
666 return(-1);
667
668 if (!s->in_handshake && SSL_in_init(s))
669 {
670 i=s->handshake_func(s);
671 if (i < 0) return(i);
672 if (i == 0)
673 {
674 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
675 return(-1);
676 }
677 }
678start:
679 s->rwstate=SSL_NOTHING;
680
681 /* s->s3->rrec.type - is the type of record
682 * s->s3->rrec.data, - data
683 * s->s3->rrec.off, - ofset into 'data' for next read
684 * s->s3->rrec.length, - number of bytes. */
685 rr= &(s->s3->rrec);
686
687 /* get new packet */
688 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
689 {
690 ret=ssl3_get_record(s);
691 if (ret <= 0) return(ret);
692 }
693
694 /* we now have a packet which can be read and processed */
695
696 if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE))
697 {
698 al=SSL_AD_UNEXPECTED_MESSAGE;
699 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
700 goto err;
701 }
702
703 /* If the other end has shutdown, throw anything we read away */
704 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
705 {
706 rr->length=0;
707 s->rwstate=SSL_NOTHING;
708 return(0);
709 }
710
711 /* Check for an incoming 'Client Request' message */
712 if ((rr->type == SSL3_RT_HANDSHAKE) && (rr->length == 4) &&
713 (rr->data[0] == SSL3_MT_CLIENT_REQUEST) &&
714 (s->session != NULL) && (s->session->cipher != NULL))
715 {
716 if ((rr->data[1] != 0) || (rr->data[2] != 0) ||
717 (rr->data[3] != 0))
718 {
719 al=SSL_AD_DECODE_ERROR;
720 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CLIENT_REQUEST);
721 goto err;
722 }
723
724 if (SSL_is_init_finished(s) &&
725 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
726 !s->s3->renegotiate)
727 {
728 ssl3_renegotiate(s);
729 if (ssl3_renegotiate_check(s))
730 {
731 n=s->handshake_func(s);
732 if (n < 0) return(n);
733 if (n == 0)
734 {
735 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
736 return(-1);
737 }
738 }
739 }
740 rr->length=0;
741/* ZZZ */ goto start;
742 }
743
744 /* if it is not the type we want, or we have shutdown and want
745 * the peer shutdown */
746 if ((rr->type != type) || (s->shutdown & SSL_SENT_SHUTDOWN))
747 {
748 if (rr->type == SSL3_RT_ALERT)
749 {
750 if ((rr->length != 2) || (rr->off != 0))
751 {
752 al=SSL_AD_DECODE_ERROR;
753 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_ALERT_RECORD);
754 goto f_err;
755 }
756
757 i=rr->data[0];
758 n=rr->data[1];
759
760 /* clear from buffer */
761 rr->length=0;
762
763 if (s->info_callback != NULL)
764 cb=s->info_callback;
765 else if (s->ctx->info_callback != NULL)
766 cb=s->ctx->info_callback;
767
768 if (cb != NULL)
769 {
770 j=(i<<8)|n;
771 cb(s,SSL_CB_READ_ALERT,j);
772 }
773
774 if (i == 1)
775 {
776 s->s3->warn_alert=n;
777 if (n == SSL_AD_CLOSE_NOTIFY)
778 {
779 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
780 return(0);
781 }
782 }
783 else if (i == 2)
784 {
785 char tmp[16];
786
787 s->rwstate=SSL_NOTHING;
788 s->s3->fatal_alert=n;
789 SSLerr(SSL_F_SSL3_READ_BYTES,1000+n);
790 sprintf(tmp,"%d",n);
791 ERR_add_error_data(2,"SSL alert number ",tmp);
792 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
793 SSL_CTX_remove_session(s->ctx,s->session);
794 return(0);
795 }
796 else
797 {
798 al=SSL_AD_ILLEGAL_PARAMETER;
799 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
800 goto f_err;
801 }
802
803 rr->length=0;
804 goto start;
805 }
806
807 if (s->shutdown & SSL_SENT_SHUTDOWN)
808 {
809 s->rwstate=SSL_NOTHING;
810 rr->length=0;
811 return(0);
812 }
813
814 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
815 {
816 if ( (rr->length != 1) || (rr->off != 0) ||
817 (rr->data[0] != SSL3_MT_CCS))
818 {
819 i=SSL_AD_ILLEGAL_PARAMETER;
820 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
821 goto err;
822 }
823
824 rr->length=0;
825 s->s3->change_cipher_spec=1;
826 if (!do_change_cipher_spec(s))
827 goto err;
828 else
829 goto start;
830 }
831
832 /* else we have a handshake */
833 if ((rr->type == SSL3_RT_HANDSHAKE) &&
834 !s->in_handshake)
835 {
836 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
837 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
838 {
839 s->state=SSL_ST_BEFORE;
840 s->new_session=1;
841 }
842 n=s->handshake_func(s);
843 if (n < 0) return(n);
844 if (n == 0)
845 {
846 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
847 return(-1);
848 }
849
850 /* In the case where we try to read application data
851 * the first time, but we trigger an SSL handshake, we
852 * return -1 with the retry option set. I do this
853 * otherwise renegotiation can cause nasty problems
854 * in the non-blocking world */
855
856 s->rwstate=SSL_READING;
857 bio=SSL_get_rbio(s);
858 BIO_clear_retry_flags(bio);
859 BIO_set_retry_read(bio);
860 return(-1);
861 }
862
863 switch (rr->type)
864 {
865 default:
866#ifndef NO_TLS
867 /* TLS just ignores unknown message types */
868 if (s->version == TLS1_VERSION)
869 {
870 goto start;
871 }
872#endif
873 case SSL3_RT_CHANGE_CIPHER_SPEC:
874 case SSL3_RT_ALERT:
875 case SSL3_RT_HANDSHAKE:
876 al=SSL_AD_UNEXPECTED_MESSAGE;
877 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
878 goto f_err;
879 case SSL3_RT_APPLICATION_DATA:
880 /* At this point, we were expecting something else,
881 * but have application data. What we do is set the
882 * error, and return -1. On the way out, if the
883 * library was running inside ssl3_read() and it makes
884 * sense to read application data at this point, we
885 * will indulge it. This will mostly happen during
886 * session renegotiation.
887 */
888 if (s->s3->in_read_app_data &&
889 (s->s3->total_renegotiations != 0) &&
890 ((
891 (s->state & SSL_ST_CONNECT) &&
892 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
893 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
894 ) || (
895 (s->state & SSL_ST_ACCEPT) &&
896 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
897 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
898 )
899 ))
900 {
901 s->s3->in_read_app_data=0;
902 return(-1);
903 }
904 else
905 {
906 al=SSL_AD_UNEXPECTED_MESSAGE;
907 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
908 goto f_err;
909 }
910 }
911 }
912
913 /* make sure that we are not getting application data when we
914 * are doing a handshake for the first time */
915 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
916 (s->enc_read_ctx == NULL))
917 {
918 al=SSL_AD_UNEXPECTED_MESSAGE;
919 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
920 goto f_err;
921 }
922
923 if (len <= 0) return(len);
924
925 if ((unsigned int)len > rr->length)
926 n=rr->length;
927 else
928 n=len;
929
930 memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
931 rr->length-=n;
932 rr->off+=n;
933 if (rr->length <= 0)
934 {
935 s->rstate=SSL_ST_READ_HEADER;
936 rr->off=0;
937 }
938
939 if (type == SSL3_RT_HANDSHAKE)
940 ssl3_finish_mac(s,(unsigned char *)buf,n);
941 return(n);
942f_err:
943 ssl3_send_alert(s,SSL3_AL_FATAL,al);
944err:
945 return(-1);
946 }
947
948static int do_change_cipher_spec(s)
949SSL *s;
950 {
951 int i;
952 unsigned char *sender;
953 int slen;
954
955 if (s->state & SSL_ST_ACCEPT)
956 i=SSL3_CHANGE_CIPHER_SERVER_READ;
957 else
958 i=SSL3_CHANGE_CIPHER_CLIENT_READ;
959
960 if (s->s3->tmp.key_block == NULL)
961 {
962 s->session->cipher=s->s3->tmp.new_cipher;
963 if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
964 }
965
966 if (!s->method->ssl3_enc->change_cipher_state(s,i))
967 return(0);
968
969 /* we have to record the message digest at
970 * this point so we can get it before we read
971 * the finished message */
972 if (s->state & SSL_ST_CONNECT)
973 {
974 sender=s->method->ssl3_enc->server_finished;
975 slen=s->method->ssl3_enc->server_finished_len;
976 }
977 else
978 {
979 sender=s->method->ssl3_enc->client_finished;
980 slen=s->method->ssl3_enc->client_finished_len;
981 }
982
983 s->method->ssl3_enc->final_finish_mac(s,
984 &(s->s3->finish_dgst1),
985 &(s->s3->finish_dgst2),
986 sender,slen,&(s->s3->tmp.finish_md[0]));
987
988 return(1);
989 }
990
991int ssl3_do_write(s,type)
992SSL *s;
993int type;
994 {
995 int ret;
996
997 ret=ssl3_write_bytes(s,type,(char *)
998 &(s->init_buf->data[s->init_off]),s->init_num);
999 if (ret == s->init_num)
1000 return(1);
1001 if (ret < 0) return(-1);
1002 s->init_off+=ret;
1003 s->init_num-=ret;
1004 return(0);
1005 }
1006
1007void ssl3_send_alert(s,level,desc)
1008SSL *s;
1009int level;
1010int desc;
1011 {
1012 /* Map tls/ssl alert value to correct one */
1013 desc=s->method->ssl3_enc->alert_value(desc);
1014 if (desc < 0) return;
1015 /* If a fatal one, remove from cache */
1016 if ((level == 2) && (s->session != NULL))
1017 SSL_CTX_remove_session(s->ctx,s->session);
1018
1019 s->s3->alert_dispatch=1;
1020 s->s3->send_alert[0]=level;
1021 s->s3->send_alert[1]=desc;
1022 if (s->s3->wbuf.left == 0) /* data still being written out */
1023 ssl3_dispatch_alert(s);
1024 /* else data is still being written out, we will get written
1025 * some time in the future */
1026 }
1027
1028int ssl3_dispatch_alert(s)
1029SSL *s;
1030 {
1031 int i,j;
1032 void (*cb)()=NULL;
1033
1034 s->s3->alert_dispatch=0;
1035 i=do_ssl3_write(s,SSL3_RT_ALERT,&(s->s3->send_alert[0]),2);
1036 if (i <= 0)
1037 {
1038 s->s3->alert_dispatch=1;
1039 }
1040 else
1041 {
1042 /* If it is important, send it now. If the message
1043 * does not get sent due to non-blocking IO, we will
1044 * not worry too much. */
1045 if (s->s3->send_alert[0] == SSL3_AL_FATAL)
1046 BIO_flush(s->wbio);
1047
1048 if (s->info_callback != NULL)
1049 cb=s->info_callback;
1050 else if (s->ctx->info_callback != NULL)
1051 cb=s->ctx->info_callback;
1052
1053 if (cb != NULL)
1054 {
1055 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1056 cb(s,SSL_CB_WRITE_ALERT,j);
1057 }
1058 }
1059 return(i);
1060 }
1061
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 08:33:51 +0000