This time, get it right.
[openssl.git] / ssl / s2_pkt.c
1 /* ssl/s2_pkt.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <stdio.h>
60 #include <errno.h>
61 #define USE_SOCKETS
62 #include "ssl_locl.h"
63
64 /* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_NO_CIPHER);
65  * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_NO_CERTIFICATE);
66  * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_CERTIFICATE);
67  * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
68  * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_UNKNOWN_REMOTE_ERROR_TYPE);
69  */
70
71 #ifndef NOPROTO
72 static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
73 static int do_ssl_write(SSL *s, const char *buf, unsigned int len);
74 static int write_pending(SSL *s, const char *buf, unsigned int len);
75 static int ssl_mt_error(int n);
76 #else
77 static int read_n();
78 static int do_ssl_write();
79 static int write_pending();
80 static int ssl_mt_error();
81 #endif
82
83 int ssl2_peek(s,buf,len)
84 SSL *s;
85 char *buf;
86 int len;
87         {
88         int ret;
89
90         ret=ssl2_read(s,buf,len);
91         if (ret > 0)
92                 {
93                 s->s2->ract_data_length+=ret;
94                 s->s2->ract_data-=ret;
95                 }
96         return(ret);
97         }
98
99 /* SSL_read -
100  * This routine will return 0 to len bytes, decrypted etc if required.
101  */
102 int ssl2_read(s, buf, len)
103 SSL *s;
104 char *buf;
105 int len;
106         {
107         int n;
108         unsigned char mac[MAX_MAC_SIZE];
109         unsigned char *p;
110         int i;
111         unsigned int mac_size=0;
112
113         if (SSL_in_init(s) && !s->in_handshake)
114                 {
115                 n=s->handshake_func(s);
116                 if (n < 0) return(n);
117                 if (n == 0)
118                         {
119                         SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
120                         return(-1);
121                         }
122                 }
123
124         clear_sys_error();
125         s->rwstate=SSL_NOTHING;
126         if (len <= 0) return(len);
127
128         if (s->s2->ract_data_length != 0) /* read from buffer */
129                 {
130                 if (len > s->s2->ract_data_length)
131                         n=s->s2->ract_data_length;
132                 else
133                         n=len;
134
135                 memcpy(buf,s->s2->ract_data,(unsigned int)n);
136                 s->s2->ract_data_length-=n;
137                 s->s2->ract_data+=n;
138                 if (s->s2->ract_data_length == 0)
139                         s->rstate=SSL_ST_READ_HEADER;
140                 return(n);
141                 }
142
143         if (s->rstate == SSL_ST_READ_HEADER)
144                 {
145                 if (s->first_packet)
146                         {
147                         n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
148                         if (n <= 0) return(n); /* error or non-blocking */
149                         s->first_packet=0;
150                         p=s->packet;
151                         if (!((p[0] & 0x80) && (
152                                 (p[2] == SSL2_MT_CLIENT_HELLO) ||
153                                 (p[2] == SSL2_MT_SERVER_HELLO))))
154                                 {
155                                 SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET);
156                                 return(-1);
157                                 }
158                         }
159                 else
160                         {
161                         n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
162                         if (n <= 0) return(n); /* error or non-blocking */
163                         }
164                 /* part read stuff */
165
166                 s->rstate=SSL_ST_READ_BODY;
167                 p=s->packet;
168                 /* Do header */
169                 /*s->s2->padding=0;*/
170                 s->s2->escape=0;
171                 s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]);
172                 if ((p[0] & TWO_BYTE_BIT))              /* Two byte header? */
173                         {
174                         s->s2->three_byte_header=0;
175                         s->s2->rlength&=TWO_BYTE_MASK;  
176                         }
177                 else
178                         {
179                         s->s2->three_byte_header=1;
180                         s->s2->rlength&=THREE_BYTE_MASK;
181
182                         /* security >s2->escape */
183                         s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0;
184                         }
185                 }
186
187         if (s->rstate == SSL_ST_READ_BODY)
188                 {
189                 n=s->s2->rlength+2+s->s2->three_byte_header;
190                 if (n > (int)s->packet_length)
191                         {
192                         n-=s->packet_length;
193                         i=read_n(s,(unsigned int)n,(unsigned int)n,1);
194                         if (i <= 0) return(i); /* ERROR */
195                         }
196
197                 p= &(s->packet[2]);
198                 s->rstate=SSL_ST_READ_HEADER;
199                 if (s->s2->three_byte_header)
200                         s->s2->padding= *(p++);
201                 else    s->s2->padding=0;
202
203                 /* Data portion */
204                 if (s->s2->clear_text)
205                         {
206                         s->s2->mac_data=p;
207                         s->s2->ract_data=p;
208                         s->s2->pad_data=NULL;
209                         }
210                 else
211                         {
212                         mac_size=EVP_MD_size(s->read_hash);
213                         s->s2->mac_data=p;
214                         s->s2->ract_data= &p[mac_size];
215                         s->s2->pad_data= &p[mac_size+
216                                 s->s2->rlength-s->s2->padding];
217                         }
218
219                 s->s2->ract_data_length=s->s2->rlength;
220                 /* added a check for length > max_size in case
221                  * encryption was not turned on yet due to an error */
222                 if ((!s->s2->clear_text) &&
223                         (s->s2->rlength >= mac_size))
224                         {
225                         ssl2_enc(s,0);
226                         s->s2->ract_data_length-=mac_size;
227                         ssl2_mac(s,mac,0);
228                         s->s2->ract_data_length-=s->s2->padding;
229                         if (    (memcmp(mac,s->s2->mac_data,
230                                 (unsigned int)mac_size) != 0) ||
231                                 (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
232                                 {
233                                 SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE);
234                                 return(-1);
235                                 }
236                         }
237                 INC32(s->s2->read_sequence); /* expect next number */
238                 /* s->s2->ract_data is now available for processing */
239
240                 /* If a 0 byte packet was sent, return 0, otherwise
241                  * we play havoc with people using select with
242                  * blocking sockets.  Let them handle a packet at a time,
243                  * they should really be using non-blocking sockets. */
244                 if (s->s2->ract_data_length == 0)
245                         return(0);
246                 return(ssl2_read(s,buf,len));
247                 }
248         else
249                 {
250                 SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE);
251                         return(-1);
252                 }
253         }
254
255 static int read_n(s, n, max, extend)
256 SSL *s;
257 unsigned int n;
258 unsigned int max;
259 unsigned int extend;
260         {
261         int i,off,newb;
262
263         /* if there is stuff still in the buffer from a previous read,
264          * and there is more than we want, take some. */
265         if (s->s2->rbuf_left >= (int)n)
266                 {
267                 if (extend)
268                         s->packet_length+=n;
269                 else
270                         {
271                         s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]);
272                         s->packet_length=n;
273                         }
274                 s->s2->rbuf_left-=n;
275                 s->s2->rbuf_offs+=n;
276                 return(n);
277                 }
278
279         if (!s->read_ahead) max=n;
280         if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2))
281                 max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2;
282         
283
284         /* Else we want more than we have.
285          * First, if there is some left or we want to extend */
286         off=0;
287         if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend))
288                 {
289                 newb=s->s2->rbuf_left;
290                 if (extend)
291                         {
292                         off=s->packet_length;
293                         if (s->packet != s->s2->rbuf)
294                                 memcpy(s->s2->rbuf,s->packet,
295                                         (unsigned int)newb+off);
296                         }
297                 else if (s->s2->rbuf_offs != 0)
298                         {
299                         memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]),
300                                 (unsigned int)newb);
301                         s->s2->rbuf_offs=0;
302                         }
303                 s->s2->rbuf_left=0;
304                 }
305         else
306                 newb=0;
307
308         /* off is the offset to start writing too.
309          * r->s2->rbuf_offs is the 'unread data', now 0. 
310          * newb is the number of new bytes so far
311          */
312         s->packet=s->s2->rbuf;
313         while (newb < (int)n)
314                 {
315                 clear_sys_error();
316                 if (s->rbio != NULL)
317                         {
318                         s->rwstate=SSL_READING;
319                         i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]),
320                                 max-newb);
321                         }
322                 else
323                         {
324                         SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET);
325                         i= -1;
326                         }
327 #ifdef PKT_DEBUG
328                 if (s->debug & 0x01) sleep(1);
329 #endif
330                 if (i <= 0)
331                         {
332                         s->s2->rbuf_left+=newb;
333                         return(i);
334                         }
335                 newb+=i;
336                 }
337
338         /* record unread data */
339         if (newb > (int)n)
340                 {
341                 s->s2->rbuf_offs=n+off;
342                 s->s2->rbuf_left=newb-n;
343                 }
344         else
345                 {
346                 s->s2->rbuf_offs=0;
347                 s->s2->rbuf_left=0;
348                 }
349         if (extend)
350                 s->packet_length+=n;
351         else
352                 s->packet_length=n;
353         s->rwstate=SSL_NOTHING;
354         return(n);
355         }
356
357 int ssl2_write(s, buf, len)
358 SSL *s;
359 const char *buf;
360 int len;
361         {
362         unsigned int n,tot;
363         int i;
364
365         if (SSL_in_init(s) && !s->in_handshake)
366                 {
367                 i=s->handshake_func(s);
368                 if (i < 0) return(i);
369                 if (i == 0)
370                         {
371                         SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
372                         return(-1);
373                         }
374                 }
375
376         if (s->error)
377                 {
378                 ssl2_write_error(s);
379                 if (s->error)
380                         return(-1);
381                 }
382
383         clear_sys_error();
384         s->rwstate=SSL_NOTHING;
385         if (len <= 0) return(len);
386
387         tot=s->s2->wnum;
388         s->s2->wnum=0;
389
390         n=(len-tot);
391         for (;;)
392                 {
393                 i=do_ssl_write(s,&(buf[tot]),n);
394                 if (i <= 0)
395                         {
396                         s->s2->wnum=tot;
397                         return(i);
398                         }
399                 if (i == (int)n) return(tot+i);
400
401                 n-=i;
402                 tot+=i;
403                 }
404         }
405
406 static int write_pending(s,buf,len)
407 SSL *s;
408 const char *buf;
409 unsigned int len;
410         {
411         int i;
412
413         /* s->s2->wpend_len != 0 MUST be true. */
414
415         /* check that they have given us the same buffer to
416          * write */
417         if ((s->s2->wpend_tot > (int)len) || (s->s2->wpend_buf != buf))
418                 {
419                 SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
420                 return(-1);
421                 }
422
423         for (;;)
424                 {
425                 clear_sys_error();
426                 if (s->wbio != NULL)
427                         {
428                         s->rwstate=SSL_WRITING;
429                         i=BIO_write(s->wbio,
430                                 (char *)&(s->s2->write_ptr[s->s2->wpend_off]),
431                                 (unsigned int)s->s2->wpend_len);
432                         }
433                 else
434                         {
435                         SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET);
436                         i= -1;
437                         }
438 #ifdef PKT_DEBUG
439                 if (s->debug & 0x01) sleep(1);
440 #endif
441                 if (i == s->s2->wpend_len)
442                         {
443                         s->s2->wpend_len=0;
444                         s->rwstate=SSL_NOTHING;
445                         return(s->s2->wpend_ret);
446                         }
447                 else if (i <= 0)
448                         return(i);
449                 s->s2->wpend_off+=i;
450                 s->s2->wpend_len-=i;
451                 }
452         }
453
454 static int do_ssl_write(s, buf, len)
455 SSL *s;
456 const char *buf;
457 unsigned int len;
458         {
459         unsigned int j,k,olen,p,mac_size,bs;
460         register unsigned char *pp;
461
462         olen=len;
463
464         /* first check if there is data from an encryption waiting to
465          * be sent - it must be sent because the other end is waiting.
466          * This will happen with non-blocking IO.  We print it and then
467          * return.
468          */
469         if (s->s2->wpend_len != 0) return(write_pending(s,buf,len));
470
471         /* set mac_size to mac size */
472         if (s->s2->clear_text)
473                 mac_size=0;
474         else
475                 mac_size=EVP_MD_size(s->write_hash);
476
477         /* lets set the pad p */
478         if (s->s2->clear_text)
479                 {
480                 if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
481                         len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
482                 p=0;
483                 s->s2->three_byte_header=0;
484                 /* len=len; */
485                 }
486         else
487                 {
488                 bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
489                 j=len+mac_size;
490                 if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
491                         (!s->s2->escape))
492                         {
493                         if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
494                                 j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
495                         /* set k to the max number of bytes with 2
496                          * byte header */
497                         k=j-(j%bs);
498                         /* how many data bytes? */
499                         len=k-mac_size; 
500                         s->s2->three_byte_header=0;
501                         p=0;
502                         }
503                 else if ((bs <= 1) && (!s->s2->escape))
504                         {
505                         /* len=len; */
506                         s->s2->three_byte_header=0;
507                         p=0;
508                         }
509                 else /* 3 byte header */
510                         {
511                         /*len=len; */
512                         p=(j%bs);
513                         p=(p == 0)?0:(bs-p);
514                         if (s->s2->escape)
515                                 s->s2->three_byte_header=1;
516                         else
517                                 s->s2->three_byte_header=(p == 0)?0:1;
518                         }
519                 }
520         /* mac_size is the number of MAC bytes
521          * len is the number of data bytes we are going to send
522          * p is the number of padding bytes
523          * if p == 0, it is a 2 byte header */
524
525         s->s2->wlength=len;
526         s->s2->padding=p;
527         s->s2->mac_data= &(s->s2->wbuf[3]);
528         s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
529         /* we copy the data into s->s2->wbuf */
530         memcpy(s->s2->wact_data,buf,len);
531 #ifdef PURIFY
532         if (p)
533                 memset(&(s->s2->wact_data[len]),0,p);
534 #endif
535
536         if (!s->s2->clear_text)
537                 {
538                 s->s2->wact_data_length=len+p;
539                 ssl2_mac(s,s->s2->mac_data,1);
540                 s->s2->wlength+=p+mac_size;
541                 ssl2_enc(s,1);
542                 }
543
544         /* package up the header */
545         s->s2->wpend_len=s->s2->wlength;
546         if (s->s2->three_byte_header) /* 3 byte header */
547                 {
548                 pp=s->s2->mac_data;
549                 pp-=3;
550                 pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8);
551                 if (s->s2->escape) pp[0]|=SEC_ESC_BIT;
552                 pp[1]=s->s2->wlength&0xff;
553                 pp[2]=s->s2->padding;
554                 s->s2->wpend_len+=3;
555                 }
556         else
557                 {
558                 pp=s->s2->mac_data;
559                 pp-=2;
560                 pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT;
561                 pp[1]=s->s2->wlength&0xff;
562                 s->s2->wpend_len+=2;
563                 }
564         s->s2->write_ptr=pp;
565         
566         INC32(s->s2->write_sequence); /* expect next number */
567
568         /* lets try to actually write the data */
569         s->s2->wpend_tot=olen;
570         s->s2->wpend_buf=(char *)buf;
571
572         s->s2->wpend_ret=len;
573
574         s->s2->wpend_off=0;
575         return(write_pending(s,buf,olen));
576         }
577
578 int ssl2_part_read(s,f,i)
579 SSL *s;
580 unsigned long f;
581 int i;
582         {
583         unsigned char *p;
584         int j;
585
586         /* check for error */
587         if ((s->init_num == 0) && (i >= 3))
588                 {
589                 p=(unsigned char *)s->init_buf->data;
590                 if (p[0] == SSL2_MT_ERROR)
591                         {
592                         j=(p[1]<<8)|p[2];
593                         SSLerr((int)f,ssl_mt_error(j));
594                         }
595                 }
596
597         if (i < 0)
598                 {
599                 /* ssl2_return_error(s); */
600                 /* for non-blocking io,
601                  * this is not fatal */
602                 return(i);
603                 }
604         else
605                 {
606                 s->init_num+=i;
607                 return(0);
608                 }
609         }
610
611 int ssl2_do_write(s)
612 SSL *s;
613         {
614         int ret;
615
616         ret=ssl2_write(s,(char *)&(s->init_buf->data[s->init_off]),
617                 s->init_num);
618         if (ret == s->init_num)
619                 return(1);
620         if (ret < 0)
621                 return(-1);
622         s->init_off+=ret;
623         s->init_num-=ret;
624         return(0);
625         }
626
627 static int ssl_mt_error(n)
628 int n;
629         {
630         int ret;
631
632         switch (n)
633                 {
634         case SSL2_PE_NO_CIPHER:
635                 ret=SSL_R_PEER_ERROR_NO_CIPHER;
636                 break;
637         case SSL2_PE_NO_CERTIFICATE:
638                 ret=SSL_R_PEER_ERROR_NO_CERTIFICATE;
639                 break;
640         case SSL2_PE_BAD_CERTIFICATE:
641                 ret=SSL_R_PEER_ERROR_CERTIFICATE;
642                 break;
643         case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE:
644                 ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE;
645                 break;
646         default:
647                 ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE;
648                 break;
649                 }
650         return(ret);
651         }