diff options
Diffstat (limited to 'ssl/s3_pkt.c')
-rw-r--r-- | ssl/s3_pkt.c | 192 |
1 files changed, 115 insertions, 77 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 1ce30ff5a1..38063b50d5 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include <stdio.h> #include <errno.h> @@ -71,104 +124,91 @@ static int ssl3_get_record(SSL *s); static int do_compress(SSL *ssl); static int do_uncompress(SSL *ssl); static int do_change_cipher_spec(SSL *ssl); + static int ssl3_read_n(SSL *s, int n, int max, int extend) { + /* If extend == 0, obtain new n-byte packet; if extend == 1, increase + * packet by another n bytes. + * The packet will be in the sub-array of s->s3->rbuf.buf specified + * by s->packet and s->packet_length. + * (If s->read_ahead is set, 'max' bytes may be stored in rbuf + * [plus s->packet_length bytes if extend == 1].) + */ int i,off,newb; - /* if there is stuff still in the buffer from a previous read, - * and there is more than we want, take some. */ + if (!extend) + { + /* start with empty packet ... */ + if (s->s3->rbuf.left == 0) + s->s3->rbuf.offset = 0; + s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset; + s->packet_length = 0; + /* ... now we can act as if 'extend' was set */ + } + + /* if there is enough in the buffer from a previous read, take some */ if (s->s3->rbuf.left >= (int)n) { - if (extend) - s->packet_length+=n; - else - { - s->packet= &(s->s3->rbuf.buf[s->s3->rbuf.offset]); - s->packet_length=n; - } + s->packet_length+=n; s->s3->rbuf.left-=n; s->s3->rbuf.offset+=n; return(n); } /* else we need to read more data */ - if (!s->read_ahead) max=n; - if (max > SSL3_RT_MAX_PACKET_SIZE) - max=SSL3_RT_MAX_PACKET_SIZE; - - /* First check if there is some left or we want to extend */ - off=0; - if ( (s->s3->rbuf.left != 0) || - ((s->packet_length != 0) && extend)) - { - newb=s->s3->rbuf.left; - if (extend) - { - /* Copy bytes back to the front of the buffer - * Take the bytes already pointed to by 'packet' - * and take the extra ones on the end. */ - off=s->packet_length; - if (s->packet != s->s3->rbuf.buf) - memcpy(s->s3->rbuf.buf,s->packet,newb+off); - } - else if (s->s3->rbuf.offset != 0) - { /* so the data is not at the start of the buffer */ - memcpy(s->s3->rbuf.buf, - &(s->s3->rbuf.buf[s->s3->rbuf.offset]),newb); - s->s3->rbuf.offset=0; - } - - s->s3->rbuf.left=0; - } - else - newb=0; + if (!s->read_ahead) + max=n; - /* So we now have 'newb' bytes at the front of - * s->s3->rbuf.buf and need to read some more in on the end - * We start reading into the buffer at 's->s3->rbuf.offset' - */ - s->packet=s->s3->rbuf.buf; + { + /* avoid buffer overflow */ + int max_max = SSL3_RT_MAX_PACKET_SIZE - s->packet_length; + if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) + max_max += SSL3_RT_MAX_EXTRA; + if (max > max_max) + max = max_max; + } + off = s->packet_length; + newb = s->s3->rbuf.left; + /* Move any available bytes to front of buffer: + * 'off' bytes already pointed to by 'packet', + * 'newb' extra ones at the end */ + if (s->packet != s->s3->rbuf.buf) + { + /* off > 0 */ + memmove(s->s3->rbuf.buf, s->packet, off+newb); + s->packet = s->s3->rbuf.buf; + } + while (newb < n) { + /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need + * to read in more until we have off+n (up to off+max if possible) */ + clear_sys_error(); if (s->rbio != NULL) { s->rwstate=SSL_READING; - i=BIO_read(s->rbio, - (char *)&(s->s3->rbuf.buf[off+newb]), - max-newb); + i=BIO_read(s->rbio, &(s->s3->rbuf.buf[off+newb]), max-newb); } else { SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); - i= -1; + i = -1; } if (i <= 0) { - s->s3->rbuf.left+=newb; + s->s3->rbuf.left = newb; return(i); } newb+=i; } - /* record used data read */ - if (newb > n) - { - s->s3->rbuf.offset=n+off; - s->s3->rbuf.left=newb-n; - } - else - { - s->s3->rbuf.offset=0; - s->s3->rbuf.left=0; - } - - if (extend) - s->packet_length+=n; - else - s->packet_length+=n; + /* done reading, now the book-keeping */ + s->s3->rbuf.offset = off + n; + s->s3->rbuf.left = newb - n; + s->packet_length += n; return(n); } @@ -176,8 +216,8 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend) * It will return <= 0 if more data is needed, normally due to an error * or non-blocking IO. * When it finishes, one packet has been decoded and can be found in - * ssl->s3->rrec.type - is the type of record - * ssl->s3->rrec.data, - data + * ssl->s3->rrec.type - is the type of record + * ssl->s3->rrec.data, - data * ssl->s3->rrec.length, - number of bytes */ static int ssl3_get_record(SSL *s) @@ -262,7 +302,6 @@ again: if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH)) { i=rr->length; - /*-(s->packet_length-SSL3_RT_HEADER_LENGTH); */ n=ssl3_read_n(s,i,i,1); if (n <= 0) return(n); /* error or non-blocking io */ } @@ -645,7 +684,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len) void (*cb)()=NULL; BIO *bio; - if (s->s3->rbuf.buf == NULL) /* Not initialize yet */ + if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ if (!ssl3_setup_buffers(s)) return(-1); @@ -662,10 +701,10 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len) start: s->rwstate=SSL_NOTHING; - /* s->s3->rrec.type - is the type of record - * s->s3->rrec.data, - data - * s->s3->rrec.off, - ofset into 'data' for next read - * s->s3->rrec.length, - number of bytes. */ + /* s->s3->rrec.type - is the type of record + * s->s3->rrec.data, - data + * s->s3->rrec.off, - offset into 'data' for next read + * s->s3->rrec.length, - number of bytes. */ rr= &(s->s3->rrec); /* get new packet */ @@ -692,16 +731,16 @@ start: return(0); } - /* Check for an incoming 'Client Request' message */ + /* Check for an incoming 'Hello Request' message from client */ if ((rr->type == SSL3_RT_HANDSHAKE) && (rr->length == 4) && - (rr->data[0] == SSL3_MT_CLIENT_REQUEST) && + (rr->data[0] == SSL3_MT_HELLO_REQUEST) && (s->session != NULL) && (s->session->cipher != NULL)) { if ((rr->data[1] != 0) || (rr->data[2] != 0) || (rr->data[3] != 0)) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CLIENT_REQUEST); + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST); goto err; } @@ -1038,4 +1077,3 @@ int ssl3_dispatch_alert(SSL *s) } return(i); } - |