1: /* ssl/s2_pkt.c */
    2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
    3:  * All rights reserved.
    4:  *
    5:  * This package is an SSL implementation written
    6:  * by Eric Young (eay@cryptsoft.com).
    7:  * The implementation was written so as to conform with Netscapes SSL.
    8:  * 
    9:  * This library is free for commercial and non-commercial use as long as
   10:  * the following conditions are aheared to.  The following conditions
   11:  * apply to all code found in this distribution, be it the RC4, RSA,
   12:  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   13:  * included with this distribution is covered by the same copyright terms
   14:  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
   15:  * 
   16:  * Copyright remains Eric Young's, and as such any Copyright notices in
   17:  * the code are not to be removed.
   18:  * If this package is used in a product, Eric Young should be given attribution
   19:  * as the author of the parts of the library used.
   20:  * This can be in the form of a textual message at program startup or
   21:  * in documentation (online or textual) provided with the package.
   22:  * 
   23:  * Redistribution and use in source and binary forms, with or without
   24:  * modification, are permitted provided that the following conditions
   25:  * are met:
   26:  * 1. Redistributions of source code must retain the copyright
   27:  *    notice, this list of conditions and the following disclaimer.
   28:  * 2. Redistributions in binary form must reproduce the above copyright
   29:  *    notice, this list of conditions and the following disclaimer in the
   30:  *    documentation and/or other materials provided with the distribution.
   31:  * 3. All advertising materials mentioning features or use of this software
   32:  *    must display the following acknowledgement:
   33:  *    "This product includes cryptographic software written by
   34:  *     Eric Young (eay@cryptsoft.com)"
   35:  *    The word 'cryptographic' can be left out if the rouines from the library
   36:  *    being used are not cryptographic related :-).
   37:  * 4. If you include any Windows specific code (or a derivative thereof) from 
   38:  *    the apps directory (application code) you must include an acknowledgement:
   39:  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
   40:  * 
   41:  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   42:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   43:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   44:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   45:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   46:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   47:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   48:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   49:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   50:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   51:  * SUCH DAMAGE.
   52:  * 
   53:  * The licence and distribution terms for any publically available version or
   54:  * derivative of this code cannot be changed.  i.e. this code cannot simply be
   55:  * copied and put under another distribution licence
   56:  * [including the GNU Public Licence.]
   57:  */
   58: /* ====================================================================
   59:  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
   60:  *
   61:  * Redistribution and use in source and binary forms, with or without
   62:  * modification, are permitted provided that the following conditions
   63:  * are met:
   64:  *
   65:  * 1. Redistributions of source code must retain the above copyright
   66:  *    notice, this list of conditions and the following disclaimer. 
   67:  *
   68:  * 2. Redistributions in binary form must reproduce the above copyright
   69:  *    notice, this list of conditions and the following disclaimer in
   70:  *    the documentation and/or other materials provided with the
   71:  *    distribution.
   72:  *
   73:  * 3. All advertising materials mentioning features or use of this
   74:  *    software must display the following acknowledgment:
   75:  *    "This product includes software developed by the OpenSSL Project
   76:  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
   77:  *
   78:  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
   79:  *    endorse or promote products derived from this software without
   80:  *    prior written permission. For written permission, please contact
   81:  *    openssl-core@openssl.org.
   82:  *
   83:  * 5. Products derived from this software may not be called "OpenSSL"
   84:  *    nor may "OpenSSL" appear in their names without prior written
   85:  *    permission of the OpenSSL Project.
   86:  *
   87:  * 6. Redistributions of any form whatsoever must retain the following
   88:  *    acknowledgment:
   89:  *    "This product includes software developed by the OpenSSL Project
   90:  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
   91:  *
   92:  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
   93:  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   94:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   95:  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
   96:  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   97:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   98:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   99:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101:  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102:  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103:  * OF THE POSSIBILITY OF SUCH DAMAGE.
  104:  * ====================================================================
  105:  *
  106:  * This product includes cryptographic software written by Eric Young
  107:  * (eay@cryptsoft.com).  This product includes software written by Tim
  108:  * Hudson (tjh@cryptsoft.com).
  109:  *
  110:  */
  111: 
  112: #include "ssl_locl.h"
  113: #ifndef OPENSSL_NO_SSL2
  114: #include <stdio.h>
  115: #include <errno.h>
  116: #define USE_SOCKETS
  117: 
  118: static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
  119: static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
  120: static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
  121: static int ssl_mt_error(int n);
  122: 
  123: 
  124: /* SSL 2.0 imlementation for SSL_read/SSL_peek -
  125:  * This routine will return 0 to len bytes, decrypted etc if required.
  126:  */
  127: static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
  128:         {
  129:         int n;
  130:         unsigned char mac[MAX_MAC_SIZE];
  131:         unsigned char *p;
  132:         int i;
  133:         unsigned int mac_size;
  134: 
  135:  ssl2_read_again:
  136:         if (SSL_in_init(s) && !s->in_handshake)
  137:                 {
  138:                 n=s->handshake_func(s);
  139:                 if (n < 0) return(n);
  140:                 if (n == 0)
  141:                         {
  142:                         SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
  143:                         return(-1);
  144:                         }
  145:                 }
  146: 
  147:         clear_sys_error();
  148:         s->rwstate=SSL_NOTHING;
  149:         if (len <= 0) return(len);
  150: 
  151:         if (s->s2->ract_data_length != 0) /* read from buffer */
  152:                 {
  153:                 if (len > s->s2->ract_data_length)
  154:                         n=s->s2->ract_data_length;
  155:                 else
  156:                         n=len;
  157: 
  158:                 memcpy(buf,s->s2->ract_data,(unsigned int)n);
  159:                 if (!peek)
  160:                         {
  161:                         s->s2->ract_data_length-=n;
  162:                         s->s2->ract_data+=n;
  163:                         if (s->s2->ract_data_length == 0)
  164:                                 s->rstate=SSL_ST_READ_HEADER;
  165:                         }
  166: 
  167:                 return(n);
  168:                 }
  169: 
  170:         /* s->s2->ract_data_length == 0
  171:          * 
  172:          * Fill the buffer, then goto ssl2_read_again.
  173:          */
  174: 
  175:         if (s->rstate == SSL_ST_READ_HEADER)
  176:                 {
  177:                 if (s->first_packet)
  178:                         {
  179:                         n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
  180:                         if (n <= 0) return(n); /* error or non-blocking */
  181:                         s->first_packet=0;
  182:                         p=s->packet;
  183:                         if (!((p[0] & 0x80) && (
  184:                                 (p[2] == SSL2_MT_CLIENT_HELLO) ||
  185:                                 (p[2] == SSL2_MT_SERVER_HELLO))))
  186:                                 {
  187:                                 SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
  188:                                 return(-1);
  189:                                 }
  190:                         }
  191:                 else
  192:                         {
  193:                         n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
  194:                         if (n <= 0) return(n); /* error or non-blocking */
  195:                         }
  196:                 /* part read stuff */
  197: 
  198:                 s->rstate=SSL_ST_READ_BODY;
  199:                 p=s->packet;
  200:                 /* Do header */
  201:                 /*s->s2->padding=0;*/
  202:                 s->s2->escape=0;
  203:                 s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]);
  204:                 if ((p[0] & TWO_BYTE_BIT))            /* Two byte header? */
  205:                         {
  206:                         s->s2->three_byte_header=0;
  207:                         s->s2->rlength&=TWO_BYTE_MASK;       
  208:                         }
  209:                 else
  210:                         {
  211:                         s->s2->three_byte_header=1;
  212:                         s->s2->rlength&=THREE_BYTE_MASK;
  213: 
  214:                         /* security >s2->escape */
  215:                         s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0;
  216:                         }
  217:                 }
  218: 
  219:         if (s->rstate == SSL_ST_READ_BODY)
  220:                 {
  221:                 n=s->s2->rlength+2+s->s2->three_byte_header;
  222:                 if (n > (int)s->packet_length)
  223:                         {
  224:                         n-=s->packet_length;
  225:                         i=read_n(s,(unsigned int)n,(unsigned int)n,1);
  226:                         if (i <= 0) return(i); /* ERROR */
  227:                         }
  228: 
  229:                 p= &(s->packet[2]);
  230:                 s->rstate=SSL_ST_READ_HEADER;
  231:                 if (s->s2->three_byte_header)
  232:                         s->s2->padding= *(p++);
  233:                 else  s->s2->padding=0;
  234: 
  235:                 /* Data portion */
  236:                 if (s->s2->clear_text)
  237:                         {
  238:                         mac_size = 0;
  239:                         s->s2->mac_data=p;
  240:                         s->s2->ract_data=p;
  241:                         if (s->s2->padding)
  242:                                 {
  243:                                 SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
  244:                                 return(-1);
  245:                                 }
  246:                         }
  247:                 else
  248:                         {
  249:                         mac_size=EVP_MD_size(s->read_hash);
  250:                         OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
  251:                         s->s2->mac_data=p;
  252:                         s->s2->ract_data= &p[mac_size];
  253:                         if (s->s2->padding + mac_size > s->s2->rlength)
  254:                                 {
  255:                                 SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
  256:                                 return(-1);
  257:                                 }
  258:                         }
  259: 
  260:                 s->s2->ract_data_length=s->s2->rlength;
  261:                 /* added a check for length > max_size in case
  262:                  * encryption was not turned on yet due to an error */
  263:                 if ((!s->s2->clear_text) &&
  264:                         (s->s2->rlength >= mac_size))
  265:                         {
  266:                         ssl2_enc(s,0);
  267:                         s->s2->ract_data_length-=mac_size;
  268:                         ssl2_mac(s,mac,0);
  269:                         s->s2->ract_data_length-=s->s2->padding;
  270:                         if ( (memcmp(mac,s->s2->mac_data,
  271:                                 (unsigned int)mac_size) != 0) ||
  272:                                 (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
  273:                                 {
  274:                                 SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
  275:                                 return(-1);
  276:                                 }
  277:                         }
  278:                 INC32(s->s2->read_sequence); /* expect next number */
  279:                 /* s->s2->ract_data is now available for processing */
  280: 
  281:                 /* Possibly the packet that we just read had 0 actual data bytes.
  282:                  * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
  283:                  * In this case, returning 0 would be interpreted by the caller
  284:                  * as indicating EOF, so it's not a good idea.  Instead, we just
  285:                  * continue reading; thus ssl2_read_internal may have to process
  286:                  * multiple packets before it can return.
  287:                  *
  288:                  * [Note that using select() for blocking sockets *never* guarantees
  289:                  * that the next SSL_read will not block -- the available
  290:                  * data may contain incomplete packets, and except for SSL 2,
  291:                  * renegotiation can confuse things even more.] */
  292: 
  293:                 goto ssl2_read_again; /* This should really be
  294:                                        * "return ssl2_read(s,buf,len)",
  295:                                        * but that would allow for
  296:                                        * denial-of-service attacks if a
  297:                                        * C compiler is used that does not
  298:                                        * recognize end-recursion. */
  299:                 }
  300:         else
  301:                 {
  302:                 SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
  303:                         return(-1);
  304:                 }
  305:         }
  306: 
  307: int ssl2_read(SSL *s, void *buf, int len)
  308:         {
  309:         return ssl2_read_internal(s, buf, len, 0);
  310:         }
  311: 
  312: int ssl2_peek(SSL *s, void *buf, int len)
  313:         {
  314:         return ssl2_read_internal(s, buf, len, 1);
  315:         }
  316: 
  317: static int read_n(SSL *s, unsigned int n, unsigned int max,
  318:              unsigned int extend)
  319:         {
  320:         int i,off,newb;
  321: 
  322:         /* if there is stuff still in the buffer from a previous read,
  323:          * and there is more than we want, take some. */
  324:         if (s->s2->rbuf_left >= (int)n)
  325:                 {
  326:                 if (extend)
  327:                         s->packet_length+=n;
  328:                 else
  329:                         {
  330:                         s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]);
  331:                         s->packet_length=n;
  332:                         }
  333:                 s->s2->rbuf_left-=n;
  334:                 s->s2->rbuf_offs+=n;
  335:                 return(n);
  336:                 }
  337: 
  338:         if (!s->read_ahead) max=n;
  339:         if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2))
  340:                 max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2;
  341:         
  342: 
  343:         /* Else we want more than we have.
  344:          * First, if there is some left or we want to extend */
  345:         off=0;
  346:         if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend))
  347:                 {
  348:                 newb=s->s2->rbuf_left;
  349:                 if (extend)
  350:                         {
  351:                         off=s->packet_length;
  352:                         if (s->packet != s->s2->rbuf)
  353:                                 memcpy(s->s2->rbuf,s->packet,
  354:                                         (unsigned int)newb+off);
  355:                         }
  356:                 else if (s->s2->rbuf_offs != 0)
  357:                         {
  358:                         memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]),
  359:                                 (unsigned int)newb);
  360:                         s->s2->rbuf_offs=0;
  361:                         }
  362:                 s->s2->rbuf_left=0;
  363:                 }
  364:         else
  365:                 newb=0;
  366: 
  367:         /* off is the offset to start writing too.
  368:          * r->s2->rbuf_offs is the 'unread data', now 0. 
  369:          * newb is the number of new bytes so far
  370:          */
  371:         s->packet=s->s2->rbuf;
  372:         while (newb < (int)n)
  373:                 {
  374:                 clear_sys_error();
  375:                 if (s->rbio != NULL)
  376:                         {
  377:                         s->rwstate=SSL_READING;
  378:                         i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]),
  379:                                 max-newb);
  380:                         }
  381:                 else
  382:                         {
  383:                         SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET);
  384:                         i= -1;
  385:                         }
  386: #ifdef PKT_DEBUG
  387:                 if (s->debug & 0x01) sleep(1);
  388: #endif
  389:                 if (i <= 0)
  390:                         {
  391:                         s->s2->rbuf_left+=newb;
  392:                         return(i);
  393:                         }
  394:                 newb+=i;
  395:                 }
  396: 
  397:         /* record unread data */
  398:         if (newb > (int)n)
  399:                 {
  400:                 s->s2->rbuf_offs=n+off;
  401:                 s->s2->rbuf_left=newb-n;
  402:                 }
  403:         else
  404:                 {
  405:                 s->s2->rbuf_offs=0;
  406:                 s->s2->rbuf_left=0;
  407:                 }
  408:         if (extend)
  409:                 s->packet_length+=n;
  410:         else
  411:                 s->packet_length=n;
  412:         s->rwstate=SSL_NOTHING;
  413:         return(n);
  414:         }
  415: 
  416: int ssl2_write(SSL *s, const void *_buf, int len)
  417:         {
  418:         const unsigned char *buf=_buf;
  419:         unsigned int n,tot;
  420:         int i;
  421: 
  422:         if (SSL_in_init(s) && !s->in_handshake)
  423:                 {
  424:                 i=s->handshake_func(s);
  425:                 if (i < 0) return(i);
  426:                 if (i == 0)
  427:                         {
  428:                         SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
  429:                         return(-1);
  430:                         }
  431:                 }
  432: 
  433:         if (s->error)
  434:                 {
  435:                 ssl2_write_error(s);
  436:                 if (s->error)
  437:                         return(-1);
  438:                 }
  439: 
  440:         clear_sys_error();
  441:         s->rwstate=SSL_NOTHING;
  442:         if (len <= 0) return(len);
  443: 
  444:         tot=s->s2->wnum;
  445:         s->s2->wnum=0;
  446: 
  447:         n=(len-tot);
  448:         for (;;)
  449:                 {
  450:                 i=do_ssl_write(s,&(buf[tot]),n);
  451:                 if (i <= 0)
  452:                         {
  453:                         s->s2->wnum=tot;
  454:                         return(i);
  455:                         }
  456:                 if ((i == (int)n) ||
  457:                         (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))
  458:                         {
  459:                         return(tot+i);
  460:                         }
  461:                 
  462:                 n-=i;
  463:                 tot+=i;
  464:                 }
  465:         }
  466: 
  467: static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
  468:         {
  469:         int i;
  470: 
  471:         /* s->s2->wpend_len != 0 MUST be true. */
  472: 
  473:         /* check that they have given us the same buffer to
  474:          * write */
  475:         if ((s->s2->wpend_tot > (int)len) ||
  476:                 ((s->s2->wpend_buf != buf) &&
  477:                  !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)))
  478:                 {
  479:                 SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
  480:                 return(-1);
  481:                 }
  482: 
  483:         for (;;)
  484:                 {
  485:                 clear_sys_error();
  486:                 if (s->wbio != NULL)
  487:                         {
  488:                         s->rwstate=SSL_WRITING;
  489:                         i=BIO_write(s->wbio,
  490:                                 (char *)&(s->s2->write_ptr[s->s2->wpend_off]),
  491:                                 (unsigned int)s->s2->wpend_len);
  492:                         }
  493:                 else
  494:                         {
  495:                         SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET);
  496:                         i= -1;
  497:                         }
  498: #ifdef PKT_DEBUG
  499:                 if (s->debug & 0x01) sleep(1);
  500: #endif
  501:                 if (i == s->s2->wpend_len)
  502:                         {
  503:                         s->s2->wpend_len=0;
  504:                         s->rwstate=SSL_NOTHING;
  505:                         return(s->s2->wpend_ret);
  506:                         }
  507:                 else if (i <= 0)
  508:                         return(i);
  509:                 s->s2->wpend_off+=i;
  510:                 s->s2->wpend_len-=i;
  511:                 }
  512:         }
  513: 
  514: static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
  515:         {
  516:         unsigned int j,k,olen,p,mac_size,bs;
  517:         register unsigned char *pp;
  518: 
  519:         olen=len;
  520: 
  521:         /* first check if there is data from an encryption waiting to
  522:          * be sent - it must be sent because the other end is waiting.
  523:          * This will happen with non-blocking IO.  We print it and then
  524:          * return.
  525:          */
  526:         if (s->s2->wpend_len != 0) return(write_pending(s,buf,len));
  527: 
  528:         /* set mac_size to mac size */
  529:         if (s->s2->clear_text)
  530:                 mac_size=0;
  531:         else
  532:                 mac_size=EVP_MD_size(s->write_hash);
  533: 
  534:         /* lets set the pad p */
  535:         if (s->s2->clear_text)
  536:                 {
  537:                 if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
  538:                         len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
  539:                 p=0;
  540:                 s->s2->three_byte_header=0;
  541:                 /* len=len; */
  542:                 }
  543:         else
  544:                 {
  545:                 bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
  546:                 j=len+mac_size;
  547:                 /* Two-byte headers allow for a larger record length than
  548:                  * three-byte headers, but we can't use them if we need
  549:                  * padding or if we have to set the escape bit. */
  550:                 if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
  551:                         (!s->s2->escape))
  552:                         {
  553:                         if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
  554:                                 j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
  555:                         /* set k to the max number of bytes with 2
  556:                          * byte header */
  557:                         k=j-(j%bs);
  558:                         /* how many data bytes? */
  559:                         len=k-mac_size;