* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
#include <errno.h>
#define USE_SOCKETS
-#include "ssl_locl.h"
static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
static int ssl_mt_error(int n);
-int ssl2_peek(SSL *s, char *buf, int len)
- {
- int ret;
- ret=ssl2_read(s,buf,len);
- if (ret > 0)
- {
- s->s2->ract_data_length+=ret;
- s->s2->ract_data-=ret;
- }
- return(ret);
- }
-/* SSL_read -
+/* SSL 2.0 imlementation for SSL_read/SSL_peek -
* This routine will return 0 to len bytes, decrypted etc if required.
*/
-int ssl2_read(SSL *s, void *buf, int len)
+static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
{
int n;
unsigned char mac[MAX_MAC_SIZE];
int i;
unsigned int mac_size=0;
-ssl2_read_again:
+ ssl2_read_again:
if (SSL_in_init(s) && !s->in_handshake)
{
n=s->handshake_func(s);
if (n < 0) return(n);
if (n == 0)
{
- SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
return(-1);
}
}
n=len;
memcpy(buf,s->s2->ract_data,(unsigned int)n);
- s->s2->ract_data_length-=n;
- s->s2->ract_data+=n;
- if (s->s2->ract_data_length == 0)
- s->rstate=SSL_ST_READ_HEADER;
+ if (!peek)
+ {
+ s->s2->ract_data_length-=n;
+ s->s2->ract_data+=n;
+ if (s->s2->ract_data_length == 0)
+ s->rstate=SSL_ST_READ_HEADER;
+ }
+
return(n);
}
+ /* s->s2->ract_data_length == 0
+ *
+ * Fill the buffer, then goto ssl2_read_again.
+ */
+
if (s->rstate == SSL_ST_READ_HEADER)
{
if (s->first_packet)
(p[2] == SSL2_MT_CLIENT_HELLO) ||
(p[2] == SSL2_MT_SERVER_HELLO))))
{
- SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET);
+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
return(-1);
}
}
(unsigned int)mac_size) != 0) ||
(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
{
- SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE);
+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
return(-1);
}
}
INC32(s->s2->read_sequence); /* expect next number */
/* s->s2->ract_data is now available for processing */
-#if 1
- /* How should we react when a packet containing 0
- * bytes is received? (Note that SSLeay/OpenSSL itself
- * never sends such packets; see ssl2_write.)
- * Returning 0 would be interpreted by the caller as
- * indicating EOF, so it's not a good idea.
- * Instead, we just continue reading. Note that using
- * select() for blocking sockets *never* guarantees
+ /* Possibly the packet that we just read had 0 actual data bytes.
+ * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
+ * In this case, returning 0 would be interpreted by the caller
+ * as indicating EOF, so it's not a good idea. Instead, we just
+ * continue reading; thus ssl2_read_internal may have to process
+ * multiple packets before it can return.
+ *
+ * [Note that using select() for blocking sockets *never* guarantees
* that the next SSL_read will not block -- the available
- * data may contain incomplete packets, and except for SSL 2
- * renegotiation can confuse things even more. */
+ * data may contain incomplete packets, and except for SSL 2,
+ * renegotiation can confuse things even more.] */
goto ssl2_read_again; /* This should really be
- * "return ssl2_read(s,buf,len)",
- * but that would allow for
- * denial-of-service attacks if a
- * C compiler is used that does not
- * recognize end-recursion. */
-#else
- /* If a 0 byte packet was sent, return 0, otherwise
- * we play havoc with people using select with
- * blocking sockets. Let them handle a packet at a time,
- * they should really be using non-blocking sockets. */
- if (s->s2->ract_data_length == 0)
- return(0);
- return(ssl2_read(s,buf,len));
-#endif
+ * "return ssl2_read(s,buf,len)",
+ * but that would allow for
+ * denial-of-service attacks if a
+ * C compiler is used that does not
+ * recognize end-recursion. */
}
else
{
- SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE);
+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
return(-1);
}
}
+int ssl2_read(SSL *s, void *buf, int len)
+ {
+ return ssl2_read_internal(s, buf, len, 0);
+ }
+
+int ssl2_peek(SSL *s, char *buf, int len)
+ {
+ return ssl2_read_internal(s, buf, len, 1);
+ }
+
static int read_n(SSL *s, unsigned int n, unsigned int max,
unsigned int extend)
{
s->s2->wnum=tot;
return(i);
}
- if (i == (int)n) return(tot+i);
-
+ if ((i == (int)n) ||
+ (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))
+ {
+ return(tot+i);
+ }
+
n-=i;
tot+=i;
}
/* check that they have given us the same buffer to
* write */
- if ((s->s2->wpend_tot > (int)len) || (s->s2->wpend_buf != buf))
+ if ((s->s2->wpend_tot > (int)len) ||
+ ((s->s2->wpend_buf != buf) &&
+ !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)))
{
SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
return(-1);
{
bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
j=len+mac_size;
+ /* Two-byte headers allow for a larger record length than
+ * three-byte headers, but we can't use them if we need
+ * padding or if we have to set the escape bit. */
if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
(!s->s2->escape))
{
}
else if ((bs <= 1) && (!s->s2->escape))
{
- /* len=len; */
+ /* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
+ * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
s->s2->three_byte_header=0;
p=0;
}
- else /* 3 byte header */
+ else /* we may have to use a 3 byte header */
{
- /*len=len; */
+ /* If s->s2->escape is not set, then
+ * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
+ * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
p=(j%bs);
p=(p == 0)?0:(bs-p);
if (s->s2->escape)
+ {
s->s2->three_byte_header=1;
+ if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+ j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
+ }
else
s->s2->three_byte_header=(p == 0)?0:1;
}
}
+
+ /* Now
+ * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+ * holds, and if s->s2->three_byte_header is set, then even
+ * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
+ */
+
/* mac_size is the number of MAC bytes
* len is the number of data bytes we are going to send
* p is the number of padding bytes
- * if p == 0, it is a 2 byte header */
+ * (if it is a two-byte header, then p == 0) */
s->s2->wlength=len;
s->s2->padding=p;
}
return(ret);
}
+#else /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
projects / openssl.git / blobdiff