Modified mbed TLS headers for AES functionality only to reduce build size
Dependents: BLE_Gateway_Linker_fix BLE_Gateway
Fork of mbedtls by
source/ssl_tls.c@1:24750b9ad5ef, 2016-01-22 (annotated)
- Committer:
- Christopher Haster
- Date:
- Fri Jan 22 16:44:49 2016 -0600
- Revision:
- 1:24750b9ad5ef
Initial move of mbedtls to mercurial
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
Christopher Haster |
1:24750b9ad5ef | 1 | /* |
Christopher Haster |
1:24750b9ad5ef | 2 | * SSLv3/TLSv1 shared functions |
Christopher Haster |
1:24750b9ad5ef | 3 | * |
Christopher Haster |
1:24750b9ad5ef | 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
Christopher Haster |
1:24750b9ad5ef | 5 | * SPDX-License-Identifier: Apache-2.0 |
Christopher Haster |
1:24750b9ad5ef | 6 | * |
Christopher Haster |
1:24750b9ad5ef | 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
Christopher Haster |
1:24750b9ad5ef | 8 | * not use this file except in compliance with the License. |
Christopher Haster |
1:24750b9ad5ef | 9 | * You may obtain a copy of the License at |
Christopher Haster |
1:24750b9ad5ef | 10 | * |
Christopher Haster |
1:24750b9ad5ef | 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
Christopher Haster |
1:24750b9ad5ef | 12 | * |
Christopher Haster |
1:24750b9ad5ef | 13 | * Unless required by applicable law or agreed to in writing, software |
Christopher Haster |
1:24750b9ad5ef | 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
Christopher Haster |
1:24750b9ad5ef | 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
Christopher Haster |
1:24750b9ad5ef | 16 | * See the License for the specific language governing permissions and |
Christopher Haster |
1:24750b9ad5ef | 17 | * limitations under the License. |
Christopher Haster |
1:24750b9ad5ef | 18 | * |
Christopher Haster |
1:24750b9ad5ef | 19 | * This file is part of mbed TLS (https://tls.mbed.org) |
Christopher Haster |
1:24750b9ad5ef | 20 | */ |
Christopher Haster |
1:24750b9ad5ef | 21 | /* |
Christopher Haster |
1:24750b9ad5ef | 22 | * The SSL 3.0 specification was drafted by Netscape in 1996, |
Christopher Haster |
1:24750b9ad5ef | 23 | * and became an IETF standard in 1999. |
Christopher Haster |
1:24750b9ad5ef | 24 | * |
Christopher Haster |
1:24750b9ad5ef | 25 | * http://wp.netscape.com/eng/ssl3/ |
Christopher Haster |
1:24750b9ad5ef | 26 | * http://www.ietf.org/rfc/rfc2246.txt |
Christopher Haster |
1:24750b9ad5ef | 27 | * http://www.ietf.org/rfc/rfc4346.txt |
Christopher Haster |
1:24750b9ad5ef | 28 | */ |
Christopher Haster |
1:24750b9ad5ef | 29 | |
Christopher Haster |
1:24750b9ad5ef | 30 | #if !defined(MBEDTLS_CONFIG_FILE) |
Christopher Haster |
1:24750b9ad5ef | 31 | #include "mbedtls/config.h" |
Christopher Haster |
1:24750b9ad5ef | 32 | #else |
Christopher Haster |
1:24750b9ad5ef | 33 | #include MBEDTLS_CONFIG_FILE |
Christopher Haster |
1:24750b9ad5ef | 34 | #endif |
Christopher Haster |
1:24750b9ad5ef | 35 | |
Christopher Haster |
1:24750b9ad5ef | 36 | #if defined(MBEDTLS_SSL_TLS_C) |
Christopher Haster |
1:24750b9ad5ef | 37 | |
Christopher Haster |
1:24750b9ad5ef | 38 | #include "mbedtls/debug.h" |
Christopher Haster |
1:24750b9ad5ef | 39 | #include "mbedtls/ssl.h" |
Christopher Haster |
1:24750b9ad5ef | 40 | #include "mbedtls/ssl_internal.h" |
Christopher Haster |
1:24750b9ad5ef | 41 | |
Christopher Haster |
1:24750b9ad5ef | 42 | #include <string.h> |
Christopher Haster |
1:24750b9ad5ef | 43 | |
Christopher Haster |
1:24750b9ad5ef | 44 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ |
Christopher Haster |
1:24750b9ad5ef | 45 | defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
Christopher Haster |
1:24750b9ad5ef | 46 | #include "mbedtls/oid.h" |
Christopher Haster |
1:24750b9ad5ef | 47 | #endif |
Christopher Haster |
1:24750b9ad5ef | 48 | |
Christopher Haster |
1:24750b9ad5ef | 49 | #if defined(MBEDTLS_PLATFORM_C) |
Christopher Haster |
1:24750b9ad5ef | 50 | #include "mbedtls/platform.h" |
Christopher Haster |
1:24750b9ad5ef | 51 | #else |
Christopher Haster |
1:24750b9ad5ef | 52 | #include <stdlib.h> |
Christopher Haster |
1:24750b9ad5ef | 53 | #define mbedtls_calloc calloc |
Christopher Haster |
1:24750b9ad5ef | 54 | #define mbedtls_free free |
Christopher Haster |
1:24750b9ad5ef | 55 | #endif |
Christopher Haster |
1:24750b9ad5ef | 56 | |
Christopher Haster |
1:24750b9ad5ef | 57 | /* Implementation that should never be optimized out by the compiler */ |
Christopher Haster |
1:24750b9ad5ef | 58 | static void mbedtls_zeroize( void *v, size_t n ) { |
Christopher Haster |
1:24750b9ad5ef | 59 | volatile unsigned char *p = v; while( n-- ) *p++ = 0; |
Christopher Haster |
1:24750b9ad5ef | 60 | } |
Christopher Haster |
1:24750b9ad5ef | 61 | |
Christopher Haster |
1:24750b9ad5ef | 62 | /* Length of the "epoch" field in the record header */ |
Christopher Haster |
1:24750b9ad5ef | 63 | static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 64 | { |
Christopher Haster |
1:24750b9ad5ef | 65 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 66 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 67 | return( 2 ); |
Christopher Haster |
1:24750b9ad5ef | 68 | #else |
Christopher Haster |
1:24750b9ad5ef | 69 | ((void) ssl); |
Christopher Haster |
1:24750b9ad5ef | 70 | #endif |
Christopher Haster |
1:24750b9ad5ef | 71 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 72 | } |
Christopher Haster |
1:24750b9ad5ef | 73 | |
Christopher Haster |
1:24750b9ad5ef | 74 | /* |
Christopher Haster |
1:24750b9ad5ef | 75 | * Start a timer. |
Christopher Haster |
1:24750b9ad5ef | 76 | * Passing millisecs = 0 cancels a running timer. |
Christopher Haster |
1:24750b9ad5ef | 77 | */ |
Christopher Haster |
1:24750b9ad5ef | 78 | static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ) |
Christopher Haster |
1:24750b9ad5ef | 79 | { |
Christopher Haster |
1:24750b9ad5ef | 80 | if( ssl->f_set_timer == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 81 | return; |
Christopher Haster |
1:24750b9ad5ef | 82 | |
Christopher Haster |
1:24750b9ad5ef | 83 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) ); |
Christopher Haster |
1:24750b9ad5ef | 84 | ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs ); |
Christopher Haster |
1:24750b9ad5ef | 85 | } |
Christopher Haster |
1:24750b9ad5ef | 86 | |
Christopher Haster |
1:24750b9ad5ef | 87 | /* |
Christopher Haster |
1:24750b9ad5ef | 88 | * Return -1 is timer is expired, 0 if it isn't. |
Christopher Haster |
1:24750b9ad5ef | 89 | */ |
Christopher Haster |
1:24750b9ad5ef | 90 | static int ssl_check_timer( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 91 | { |
Christopher Haster |
1:24750b9ad5ef | 92 | if( ssl->f_get_timer == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 93 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 94 | |
Christopher Haster |
1:24750b9ad5ef | 95 | if( ssl->f_get_timer( ssl->p_timer ) == 2 ) |
Christopher Haster |
1:24750b9ad5ef | 96 | { |
Christopher Haster |
1:24750b9ad5ef | 97 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) ); |
Christopher Haster |
1:24750b9ad5ef | 98 | return( -1 ); |
Christopher Haster |
1:24750b9ad5ef | 99 | } |
Christopher Haster |
1:24750b9ad5ef | 100 | |
Christopher Haster |
1:24750b9ad5ef | 101 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 102 | } |
Christopher Haster |
1:24750b9ad5ef | 103 | |
Christopher Haster |
1:24750b9ad5ef | 104 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 105 | /* |
Christopher Haster |
1:24750b9ad5ef | 106 | * Double the retransmit timeout value, within the allowed range, |
Christopher Haster |
1:24750b9ad5ef | 107 | * returning -1 if the maximum value has already been reached. |
Christopher Haster |
1:24750b9ad5ef | 108 | */ |
Christopher Haster |
1:24750b9ad5ef | 109 | static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 110 | { |
Christopher Haster |
1:24750b9ad5ef | 111 | uint32_t new_timeout; |
Christopher Haster |
1:24750b9ad5ef | 112 | |
Christopher Haster |
1:24750b9ad5ef | 113 | if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max ) |
Christopher Haster |
1:24750b9ad5ef | 114 | return( -1 ); |
Christopher Haster |
1:24750b9ad5ef | 115 | |
Christopher Haster |
1:24750b9ad5ef | 116 | new_timeout = 2 * ssl->handshake->retransmit_timeout; |
Christopher Haster |
1:24750b9ad5ef | 117 | |
Christopher Haster |
1:24750b9ad5ef | 118 | /* Avoid arithmetic overflow and range overflow */ |
Christopher Haster |
1:24750b9ad5ef | 119 | if( new_timeout < ssl->handshake->retransmit_timeout || |
Christopher Haster |
1:24750b9ad5ef | 120 | new_timeout > ssl->conf->hs_timeout_max ) |
Christopher Haster |
1:24750b9ad5ef | 121 | { |
Christopher Haster |
1:24750b9ad5ef | 122 | new_timeout = ssl->conf->hs_timeout_max; |
Christopher Haster |
1:24750b9ad5ef | 123 | } |
Christopher Haster |
1:24750b9ad5ef | 124 | |
Christopher Haster |
1:24750b9ad5ef | 125 | ssl->handshake->retransmit_timeout = new_timeout; |
Christopher Haster |
1:24750b9ad5ef | 126 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", |
Christopher Haster |
1:24750b9ad5ef | 127 | ssl->handshake->retransmit_timeout ) ); |
Christopher Haster |
1:24750b9ad5ef | 128 | |
Christopher Haster |
1:24750b9ad5ef | 129 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 130 | } |
Christopher Haster |
1:24750b9ad5ef | 131 | |
Christopher Haster |
1:24750b9ad5ef | 132 | static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 133 | { |
Christopher Haster |
1:24750b9ad5ef | 134 | ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; |
Christopher Haster |
1:24750b9ad5ef | 135 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", |
Christopher Haster |
1:24750b9ad5ef | 136 | ssl->handshake->retransmit_timeout ) ); |
Christopher Haster |
1:24750b9ad5ef | 137 | } |
Christopher Haster |
1:24750b9ad5ef | 138 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
Christopher Haster |
1:24750b9ad5ef | 139 | |
Christopher Haster |
1:24750b9ad5ef | 140 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
Christopher Haster |
1:24750b9ad5ef | 141 | /* |
Christopher Haster |
1:24750b9ad5ef | 142 | * Convert max_fragment_length codes to length. |
Christopher Haster |
1:24750b9ad5ef | 143 | * RFC 6066 says: |
Christopher Haster |
1:24750b9ad5ef | 144 | * enum{ |
Christopher Haster |
1:24750b9ad5ef | 145 | * 2^9(1), 2^10(2), 2^11(3), 2^12(4), (255) |
Christopher Haster |
1:24750b9ad5ef | 146 | * } MaxFragmentLength; |
Christopher Haster |
1:24750b9ad5ef | 147 | * and we add 0 -> extension unused |
Christopher Haster |
1:24750b9ad5ef | 148 | */ |
Christopher Haster |
1:24750b9ad5ef | 149 | static unsigned int mfl_code_to_length[MBEDTLS_SSL_MAX_FRAG_LEN_INVALID] = |
Christopher Haster |
1:24750b9ad5ef | 150 | { |
Christopher Haster |
1:24750b9ad5ef | 151 | MBEDTLS_SSL_MAX_CONTENT_LEN, /* MBEDTLS_SSL_MAX_FRAG_LEN_NONE */ |
Christopher Haster |
1:24750b9ad5ef | 152 | 512, /* MBEDTLS_SSL_MAX_FRAG_LEN_512 */ |
Christopher Haster |
1:24750b9ad5ef | 153 | 1024, /* MBEDTLS_SSL_MAX_FRAG_LEN_1024 */ |
Christopher Haster |
1:24750b9ad5ef | 154 | 2048, /* MBEDTLS_SSL_MAX_FRAG_LEN_2048 */ |
Christopher Haster |
1:24750b9ad5ef | 155 | 4096, /* MBEDTLS_SSL_MAX_FRAG_LEN_4096 */ |
Christopher Haster |
1:24750b9ad5ef | 156 | }; |
Christopher Haster |
1:24750b9ad5ef | 157 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
Christopher Haster |
1:24750b9ad5ef | 158 | |
Christopher Haster |
1:24750b9ad5ef | 159 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 160 | static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session *src ) |
Christopher Haster |
1:24750b9ad5ef | 161 | { |
Christopher Haster |
1:24750b9ad5ef | 162 | mbedtls_ssl_session_free( dst ); |
Christopher Haster |
1:24750b9ad5ef | 163 | memcpy( dst, src, sizeof( mbedtls_ssl_session ) ); |
Christopher Haster |
1:24750b9ad5ef | 164 | |
Christopher Haster |
1:24750b9ad5ef | 165 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 166 | if( src->peer_cert != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 167 | { |
Christopher Haster |
1:24750b9ad5ef | 168 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 169 | |
Christopher Haster |
1:24750b9ad5ef | 170 | dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) ); |
Christopher Haster |
1:24750b9ad5ef | 171 | if( dst->peer_cert == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 172 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 173 | |
Christopher Haster |
1:24750b9ad5ef | 174 | mbedtls_x509_crt_init( dst->peer_cert ); |
Christopher Haster |
1:24750b9ad5ef | 175 | |
Christopher Haster |
1:24750b9ad5ef | 176 | if( ( ret = mbedtls_x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p, |
Christopher Haster |
1:24750b9ad5ef | 177 | src->peer_cert->raw.len ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 178 | { |
Christopher Haster |
1:24750b9ad5ef | 179 | mbedtls_free( dst->peer_cert ); |
Christopher Haster |
1:24750b9ad5ef | 180 | dst->peer_cert = NULL; |
Christopher Haster |
1:24750b9ad5ef | 181 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 182 | } |
Christopher Haster |
1:24750b9ad5ef | 183 | } |
Christopher Haster |
1:24750b9ad5ef | 184 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Christopher Haster |
1:24750b9ad5ef | 185 | |
Christopher Haster |
1:24750b9ad5ef | 186 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 187 | if( src->ticket != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 188 | { |
Christopher Haster |
1:24750b9ad5ef | 189 | dst->ticket = mbedtls_calloc( 1, src->ticket_len ); |
Christopher Haster |
1:24750b9ad5ef | 190 | if( dst->ticket == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 191 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 192 | |
Christopher Haster |
1:24750b9ad5ef | 193 | memcpy( dst->ticket, src->ticket, src->ticket_len ); |
Christopher Haster |
1:24750b9ad5ef | 194 | } |
Christopher Haster |
1:24750b9ad5ef | 195 | #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ |
Christopher Haster |
1:24750b9ad5ef | 196 | |
Christopher Haster |
1:24750b9ad5ef | 197 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 198 | } |
Christopher Haster |
1:24750b9ad5ef | 199 | #endif /* MBEDTLS_SSL_CLI_C */ |
Christopher Haster |
1:24750b9ad5ef | 200 | |
Christopher Haster |
1:24750b9ad5ef | 201 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
Christopher Haster |
1:24750b9ad5ef | 202 | int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 203 | const unsigned char *key_enc, const unsigned char *key_dec, |
Christopher Haster |
1:24750b9ad5ef | 204 | size_t keylen, |
Christopher Haster |
1:24750b9ad5ef | 205 | const unsigned char *iv_enc, const unsigned char *iv_dec, |
Christopher Haster |
1:24750b9ad5ef | 206 | size_t ivlen, |
Christopher Haster |
1:24750b9ad5ef | 207 | const unsigned char *mac_enc, const unsigned char *mac_dec, |
Christopher Haster |
1:24750b9ad5ef | 208 | size_t maclen ) = NULL; |
Christopher Haster |
1:24750b9ad5ef | 209 | int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL; |
Christopher Haster |
1:24750b9ad5ef | 210 | int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL; |
Christopher Haster |
1:24750b9ad5ef | 211 | int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL; |
Christopher Haster |
1:24750b9ad5ef | 212 | int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL; |
Christopher Haster |
1:24750b9ad5ef | 213 | int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL; |
Christopher Haster |
1:24750b9ad5ef | 214 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
Christopher Haster |
1:24750b9ad5ef | 215 | |
Christopher Haster |
1:24750b9ad5ef | 216 | /* |
Christopher Haster |
1:24750b9ad5ef | 217 | * Key material generation |
Christopher Haster |
1:24750b9ad5ef | 218 | */ |
Christopher Haster |
1:24750b9ad5ef | 219 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 220 | static int ssl3_prf( const unsigned char *secret, size_t slen, |
Christopher Haster |
1:24750b9ad5ef | 221 | const char *label, |
Christopher Haster |
1:24750b9ad5ef | 222 | const unsigned char *random, size_t rlen, |
Christopher Haster |
1:24750b9ad5ef | 223 | unsigned char *dstbuf, size_t dlen ) |
Christopher Haster |
1:24750b9ad5ef | 224 | { |
Christopher Haster |
1:24750b9ad5ef | 225 | size_t i; |
Christopher Haster |
1:24750b9ad5ef | 226 | mbedtls_md5_context md5; |
Christopher Haster |
1:24750b9ad5ef | 227 | mbedtls_sha1_context sha1; |
Christopher Haster |
1:24750b9ad5ef | 228 | unsigned char padding[16]; |
Christopher Haster |
1:24750b9ad5ef | 229 | unsigned char sha1sum[20]; |
Christopher Haster |
1:24750b9ad5ef | 230 | ((void)label); |
Christopher Haster |
1:24750b9ad5ef | 231 | |
Christopher Haster |
1:24750b9ad5ef | 232 | mbedtls_md5_init( &md5 ); |
Christopher Haster |
1:24750b9ad5ef | 233 | mbedtls_sha1_init( &sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 234 | |
Christopher Haster |
1:24750b9ad5ef | 235 | /* |
Christopher Haster |
1:24750b9ad5ef | 236 | * SSLv3: |
Christopher Haster |
1:24750b9ad5ef | 237 | * block = |
Christopher Haster |
1:24750b9ad5ef | 238 | * MD5( secret + SHA1( 'A' + secret + random ) ) + |
Christopher Haster |
1:24750b9ad5ef | 239 | * MD5( secret + SHA1( 'BB' + secret + random ) ) + |
Christopher Haster |
1:24750b9ad5ef | 240 | * MD5( secret + SHA1( 'CCC' + secret + random ) ) + |
Christopher Haster |
1:24750b9ad5ef | 241 | * ... |
Christopher Haster |
1:24750b9ad5ef | 242 | */ |
Christopher Haster |
1:24750b9ad5ef | 243 | for( i = 0; i < dlen / 16; i++ ) |
Christopher Haster |
1:24750b9ad5ef | 244 | { |
Christopher Haster |
1:24750b9ad5ef | 245 | memset( padding, (unsigned char) ('A' + i), 1 + i ); |
Christopher Haster |
1:24750b9ad5ef | 246 | |
Christopher Haster |
1:24750b9ad5ef | 247 | mbedtls_sha1_starts( &sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 248 | mbedtls_sha1_update( &sha1, padding, 1 + i ); |
Christopher Haster |
1:24750b9ad5ef | 249 | mbedtls_sha1_update( &sha1, secret, slen ); |
Christopher Haster |
1:24750b9ad5ef | 250 | mbedtls_sha1_update( &sha1, random, rlen ); |
Christopher Haster |
1:24750b9ad5ef | 251 | mbedtls_sha1_finish( &sha1, sha1sum ); |
Christopher Haster |
1:24750b9ad5ef | 252 | |
Christopher Haster |
1:24750b9ad5ef | 253 | mbedtls_md5_starts( &md5 ); |
Christopher Haster |
1:24750b9ad5ef | 254 | mbedtls_md5_update( &md5, secret, slen ); |
Christopher Haster |
1:24750b9ad5ef | 255 | mbedtls_md5_update( &md5, sha1sum, 20 ); |
Christopher Haster |
1:24750b9ad5ef | 256 | mbedtls_md5_finish( &md5, dstbuf + i * 16 ); |
Christopher Haster |
1:24750b9ad5ef | 257 | } |
Christopher Haster |
1:24750b9ad5ef | 258 | |
Christopher Haster |
1:24750b9ad5ef | 259 | mbedtls_md5_free( &md5 ); |
Christopher Haster |
1:24750b9ad5ef | 260 | mbedtls_sha1_free( &sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 261 | |
Christopher Haster |
1:24750b9ad5ef | 262 | mbedtls_zeroize( padding, sizeof( padding ) ); |
Christopher Haster |
1:24750b9ad5ef | 263 | mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); |
Christopher Haster |
1:24750b9ad5ef | 264 | |
Christopher Haster |
1:24750b9ad5ef | 265 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 266 | } |
Christopher Haster |
1:24750b9ad5ef | 267 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Christopher Haster |
1:24750b9ad5ef | 268 | |
Christopher Haster |
1:24750b9ad5ef | 269 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 270 | static int tls1_prf( const unsigned char *secret, size_t slen, |
Christopher Haster |
1:24750b9ad5ef | 271 | const char *label, |
Christopher Haster |
1:24750b9ad5ef | 272 | const unsigned char *random, size_t rlen, |
Christopher Haster |
1:24750b9ad5ef | 273 | unsigned char *dstbuf, size_t dlen ) |
Christopher Haster |
1:24750b9ad5ef | 274 | { |
Christopher Haster |
1:24750b9ad5ef | 275 | size_t nb, hs; |
Christopher Haster |
1:24750b9ad5ef | 276 | size_t i, j, k; |
Christopher Haster |
1:24750b9ad5ef | 277 | const unsigned char *S1, *S2; |
Christopher Haster |
1:24750b9ad5ef | 278 | unsigned char tmp[128]; |
Christopher Haster |
1:24750b9ad5ef | 279 | unsigned char h_i[20]; |
Christopher Haster |
1:24750b9ad5ef | 280 | const mbedtls_md_info_t *md_info; |
Christopher Haster |
1:24750b9ad5ef | 281 | mbedtls_md_context_t md_ctx; |
Christopher Haster |
1:24750b9ad5ef | 282 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 283 | |
Christopher Haster |
1:24750b9ad5ef | 284 | mbedtls_md_init( &md_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 285 | |
Christopher Haster |
1:24750b9ad5ef | 286 | if( sizeof( tmp ) < 20 + strlen( label ) + rlen ) |
Christopher Haster |
1:24750b9ad5ef | 287 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 288 | |
Christopher Haster |
1:24750b9ad5ef | 289 | hs = ( slen + 1 ) / 2; |
Christopher Haster |
1:24750b9ad5ef | 290 | S1 = secret; |
Christopher Haster |
1:24750b9ad5ef | 291 | S2 = secret + slen - hs; |
Christopher Haster |
1:24750b9ad5ef | 292 | |
Christopher Haster |
1:24750b9ad5ef | 293 | nb = strlen( label ); |
Christopher Haster |
1:24750b9ad5ef | 294 | memcpy( tmp + 20, label, nb ); |
Christopher Haster |
1:24750b9ad5ef | 295 | memcpy( tmp + 20 + nb, random, rlen ); |
Christopher Haster |
1:24750b9ad5ef | 296 | nb += rlen; |
Christopher Haster |
1:24750b9ad5ef | 297 | |
Christopher Haster |
1:24750b9ad5ef | 298 | /* |
Christopher Haster |
1:24750b9ad5ef | 299 | * First compute P_md5(secret,label+random)[0..dlen] |
Christopher Haster |
1:24750b9ad5ef | 300 | */ |
Christopher Haster |
1:24750b9ad5ef | 301 | if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 302 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 303 | |
Christopher Haster |
1:24750b9ad5ef | 304 | if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 305 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 306 | |
Christopher Haster |
1:24750b9ad5ef | 307 | mbedtls_md_hmac_starts( &md_ctx, S1, hs ); |
Christopher Haster |
1:24750b9ad5ef | 308 | mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); |
Christopher Haster |
1:24750b9ad5ef | 309 | mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); |
Christopher Haster |
1:24750b9ad5ef | 310 | |
Christopher Haster |
1:24750b9ad5ef | 311 | for( i = 0; i < dlen; i += 16 ) |
Christopher Haster |
1:24750b9ad5ef | 312 | { |
Christopher Haster |
1:24750b9ad5ef | 313 | mbedtls_md_hmac_reset ( &md_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 314 | mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb ); |
Christopher Haster |
1:24750b9ad5ef | 315 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
Christopher Haster |
1:24750b9ad5ef | 316 | |
Christopher Haster |
1:24750b9ad5ef | 317 | mbedtls_md_hmac_reset ( &md_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 318 | mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 ); |
Christopher Haster |
1:24750b9ad5ef | 319 | mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); |
Christopher Haster |
1:24750b9ad5ef | 320 | |
Christopher Haster |
1:24750b9ad5ef | 321 | k = ( i + 16 > dlen ) ? dlen % 16 : 16; |
Christopher Haster |
1:24750b9ad5ef | 322 | |
Christopher Haster |
1:24750b9ad5ef | 323 | for( j = 0; j < k; j++ ) |
Christopher Haster |
1:24750b9ad5ef | 324 | dstbuf[i + j] = h_i[j]; |
Christopher Haster |
1:24750b9ad5ef | 325 | } |
Christopher Haster |
1:24750b9ad5ef | 326 | |
Christopher Haster |
1:24750b9ad5ef | 327 | mbedtls_md_free( &md_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 328 | |
Christopher Haster |
1:24750b9ad5ef | 329 | /* |
Christopher Haster |
1:24750b9ad5ef | 330 | * XOR out with P_sha1(secret,label+random)[0..dlen] |
Christopher Haster |
1:24750b9ad5ef | 331 | */ |
Christopher Haster |
1:24750b9ad5ef | 332 | if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 333 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 334 | |
Christopher Haster |
1:24750b9ad5ef | 335 | if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 336 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 337 | |
Christopher Haster |
1:24750b9ad5ef | 338 | mbedtls_md_hmac_starts( &md_ctx, S2, hs ); |
Christopher Haster |
1:24750b9ad5ef | 339 | mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); |
Christopher Haster |
1:24750b9ad5ef | 340 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
Christopher Haster |
1:24750b9ad5ef | 341 | |
Christopher Haster |
1:24750b9ad5ef | 342 | for( i = 0; i < dlen; i += 20 ) |
Christopher Haster |
1:24750b9ad5ef | 343 | { |
Christopher Haster |
1:24750b9ad5ef | 344 | mbedtls_md_hmac_reset ( &md_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 345 | mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb ); |
Christopher Haster |
1:24750b9ad5ef | 346 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
Christopher Haster |
1:24750b9ad5ef | 347 | |
Christopher Haster |
1:24750b9ad5ef | 348 | mbedtls_md_hmac_reset ( &md_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 349 | mbedtls_md_hmac_update( &md_ctx, tmp, 20 ); |
Christopher Haster |
1:24750b9ad5ef | 350 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
Christopher Haster |
1:24750b9ad5ef | 351 | |
Christopher Haster |
1:24750b9ad5ef | 352 | k = ( i + 20 > dlen ) ? dlen % 20 : 20; |
Christopher Haster |
1:24750b9ad5ef | 353 | |
Christopher Haster |
1:24750b9ad5ef | 354 | for( j = 0; j < k; j++ ) |
Christopher Haster |
1:24750b9ad5ef | 355 | dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] ); |
Christopher Haster |
1:24750b9ad5ef | 356 | } |
Christopher Haster |
1:24750b9ad5ef | 357 | |
Christopher Haster |
1:24750b9ad5ef | 358 | mbedtls_md_free( &md_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 359 | |
Christopher Haster |
1:24750b9ad5ef | 360 | mbedtls_zeroize( tmp, sizeof( tmp ) ); |
Christopher Haster |
1:24750b9ad5ef | 361 | mbedtls_zeroize( h_i, sizeof( h_i ) ); |
Christopher Haster |
1:24750b9ad5ef | 362 | |
Christopher Haster |
1:24750b9ad5ef | 363 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 364 | } |
Christopher Haster |
1:24750b9ad5ef | 365 | #endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */ |
Christopher Haster |
1:24750b9ad5ef | 366 | |
Christopher Haster |
1:24750b9ad5ef | 367 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 368 | static int tls_prf_generic( mbedtls_md_type_t md_type, |
Christopher Haster |
1:24750b9ad5ef | 369 | const unsigned char *secret, size_t slen, |
Christopher Haster |
1:24750b9ad5ef | 370 | const char *label, |
Christopher Haster |
1:24750b9ad5ef | 371 | const unsigned char *random, size_t rlen, |
Christopher Haster |
1:24750b9ad5ef | 372 | unsigned char *dstbuf, size_t dlen ) |
Christopher Haster |
1:24750b9ad5ef | 373 | { |
Christopher Haster |
1:24750b9ad5ef | 374 | size_t nb; |
Christopher Haster |
1:24750b9ad5ef | 375 | size_t i, j, k, md_len; |
Christopher Haster |
1:24750b9ad5ef | 376 | unsigned char tmp[128]; |
Christopher Haster |
1:24750b9ad5ef | 377 | unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; |
Christopher Haster |
1:24750b9ad5ef | 378 | const mbedtls_md_info_t *md_info; |
Christopher Haster |
1:24750b9ad5ef | 379 | mbedtls_md_context_t md_ctx; |
Christopher Haster |
1:24750b9ad5ef | 380 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 381 | |
Christopher Haster |
1:24750b9ad5ef | 382 | mbedtls_md_init( &md_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 383 | |
Christopher Haster |
1:24750b9ad5ef | 384 | if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 385 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 386 | |
Christopher Haster |
1:24750b9ad5ef | 387 | md_len = mbedtls_md_get_size( md_info ); |
Christopher Haster |
1:24750b9ad5ef | 388 | |
Christopher Haster |
1:24750b9ad5ef | 389 | if( sizeof( tmp ) < md_len + strlen( label ) + rlen ) |
Christopher Haster |
1:24750b9ad5ef | 390 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 391 | |
Christopher Haster |
1:24750b9ad5ef | 392 | nb = strlen( label ); |
Christopher Haster |
1:24750b9ad5ef | 393 | memcpy( tmp + md_len, label, nb ); |
Christopher Haster |
1:24750b9ad5ef | 394 | memcpy( tmp + md_len + nb, random, rlen ); |
Christopher Haster |
1:24750b9ad5ef | 395 | nb += rlen; |
Christopher Haster |
1:24750b9ad5ef | 396 | |
Christopher Haster |
1:24750b9ad5ef | 397 | /* |
Christopher Haster |
1:24750b9ad5ef | 398 | * Compute P_<hash>(secret, label + random)[0..dlen] |
Christopher Haster |
1:24750b9ad5ef | 399 | */ |
Christopher Haster |
1:24750b9ad5ef | 400 | if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 401 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 402 | |
Christopher Haster |
1:24750b9ad5ef | 403 | mbedtls_md_hmac_starts( &md_ctx, secret, slen ); |
Christopher Haster |
1:24750b9ad5ef | 404 | mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb ); |
Christopher Haster |
1:24750b9ad5ef | 405 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
Christopher Haster |
1:24750b9ad5ef | 406 | |
Christopher Haster |
1:24750b9ad5ef | 407 | for( i = 0; i < dlen; i += md_len ) |
Christopher Haster |
1:24750b9ad5ef | 408 | { |
Christopher Haster |
1:24750b9ad5ef | 409 | mbedtls_md_hmac_reset ( &md_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 410 | mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb ); |
Christopher Haster |
1:24750b9ad5ef | 411 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
Christopher Haster |
1:24750b9ad5ef | 412 | |
Christopher Haster |
1:24750b9ad5ef | 413 | mbedtls_md_hmac_reset ( &md_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 414 | mbedtls_md_hmac_update( &md_ctx, tmp, md_len ); |
Christopher Haster |
1:24750b9ad5ef | 415 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
Christopher Haster |
1:24750b9ad5ef | 416 | |
Christopher Haster |
1:24750b9ad5ef | 417 | k = ( i + md_len > dlen ) ? dlen % md_len : md_len; |
Christopher Haster |
1:24750b9ad5ef | 418 | |
Christopher Haster |
1:24750b9ad5ef | 419 | for( j = 0; j < k; j++ ) |
Christopher Haster |
1:24750b9ad5ef | 420 | dstbuf[i + j] = h_i[j]; |
Christopher Haster |
1:24750b9ad5ef | 421 | } |
Christopher Haster |
1:24750b9ad5ef | 422 | |
Christopher Haster |
1:24750b9ad5ef | 423 | mbedtls_md_free( &md_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 424 | |
Christopher Haster |
1:24750b9ad5ef | 425 | mbedtls_zeroize( tmp, sizeof( tmp ) ); |
Christopher Haster |
1:24750b9ad5ef | 426 | mbedtls_zeroize( h_i, sizeof( h_i ) ); |
Christopher Haster |
1:24750b9ad5ef | 427 | |
Christopher Haster |
1:24750b9ad5ef | 428 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 429 | } |
Christopher Haster |
1:24750b9ad5ef | 430 | |
Christopher Haster |
1:24750b9ad5ef | 431 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 432 | static int tls_prf_sha256( const unsigned char *secret, size_t slen, |
Christopher Haster |
1:24750b9ad5ef | 433 | const char *label, |
Christopher Haster |
1:24750b9ad5ef | 434 | const unsigned char *random, size_t rlen, |
Christopher Haster |
1:24750b9ad5ef | 435 | unsigned char *dstbuf, size_t dlen ) |
Christopher Haster |
1:24750b9ad5ef | 436 | { |
Christopher Haster |
1:24750b9ad5ef | 437 | return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen, |
Christopher Haster |
1:24750b9ad5ef | 438 | label, random, rlen, dstbuf, dlen ) ); |
Christopher Haster |
1:24750b9ad5ef | 439 | } |
Christopher Haster |
1:24750b9ad5ef | 440 | #endif /* MBEDTLS_SHA256_C */ |
Christopher Haster |
1:24750b9ad5ef | 441 | |
Christopher Haster |
1:24750b9ad5ef | 442 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 443 | static int tls_prf_sha384( const unsigned char *secret, size_t slen, |
Christopher Haster |
1:24750b9ad5ef | 444 | const char *label, |
Christopher Haster |
1:24750b9ad5ef | 445 | const unsigned char *random, size_t rlen, |
Christopher Haster |
1:24750b9ad5ef | 446 | unsigned char *dstbuf, size_t dlen ) |
Christopher Haster |
1:24750b9ad5ef | 447 | { |
Christopher Haster |
1:24750b9ad5ef | 448 | return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen, |
Christopher Haster |
1:24750b9ad5ef | 449 | label, random, rlen, dstbuf, dlen ) ); |
Christopher Haster |
1:24750b9ad5ef | 450 | } |
Christopher Haster |
1:24750b9ad5ef | 451 | #endif /* MBEDTLS_SHA512_C */ |
Christopher Haster |
1:24750b9ad5ef | 452 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 453 | |
Christopher Haster |
1:24750b9ad5ef | 454 | static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); |
Christopher Haster |
1:24750b9ad5ef | 455 | |
Christopher Haster |
1:24750b9ad5ef | 456 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
Christopher Haster |
1:24750b9ad5ef | 457 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 458 | static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t ); |
Christopher Haster |
1:24750b9ad5ef | 459 | #endif |
Christopher Haster |
1:24750b9ad5ef | 460 | |
Christopher Haster |
1:24750b9ad5ef | 461 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 462 | static void ssl_calc_verify_ssl( mbedtls_ssl_context *, unsigned char * ); |
Christopher Haster |
1:24750b9ad5ef | 463 | static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int ); |
Christopher Haster |
1:24750b9ad5ef | 464 | #endif |
Christopher Haster |
1:24750b9ad5ef | 465 | |
Christopher Haster |
1:24750b9ad5ef | 466 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 467 | static void ssl_calc_verify_tls( mbedtls_ssl_context *, unsigned char * ); |
Christopher Haster |
1:24750b9ad5ef | 468 | static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int ); |
Christopher Haster |
1:24750b9ad5ef | 469 | #endif |
Christopher Haster |
1:24750b9ad5ef | 470 | |
Christopher Haster |
1:24750b9ad5ef | 471 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 472 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 473 | static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); |
Christopher Haster |
1:24750b9ad5ef | 474 | static void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *,unsigned char * ); |
Christopher Haster |
1:24750b9ad5ef | 475 | static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); |
Christopher Haster |
1:24750b9ad5ef | 476 | #endif |
Christopher Haster |
1:24750b9ad5ef | 477 | |
Christopher Haster |
1:24750b9ad5ef | 478 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 479 | static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); |
Christopher Haster |
1:24750b9ad5ef | 480 | static void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *, unsigned char * ); |
Christopher Haster |
1:24750b9ad5ef | 481 | static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); |
Christopher Haster |
1:24750b9ad5ef | 482 | #endif |
Christopher Haster |
1:24750b9ad5ef | 483 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 484 | |
Christopher Haster |
1:24750b9ad5ef | 485 | int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 486 | { |
Christopher Haster |
1:24750b9ad5ef | 487 | int ret = 0; |
Christopher Haster |
1:24750b9ad5ef | 488 | unsigned char tmp[64]; |
Christopher Haster |
1:24750b9ad5ef | 489 | unsigned char keyblk[256]; |
Christopher Haster |
1:24750b9ad5ef | 490 | unsigned char *key1; |
Christopher Haster |
1:24750b9ad5ef | 491 | unsigned char *key2; |
Christopher Haster |
1:24750b9ad5ef | 492 | unsigned char *mac_enc; |
Christopher Haster |
1:24750b9ad5ef | 493 | unsigned char *mac_dec; |
Christopher Haster |
1:24750b9ad5ef | 494 | size_t iv_copy_len; |
Christopher Haster |
1:24750b9ad5ef | 495 | const mbedtls_cipher_info_t *cipher_info; |
Christopher Haster |
1:24750b9ad5ef | 496 | const mbedtls_md_info_t *md_info; |
Christopher Haster |
1:24750b9ad5ef | 497 | |
Christopher Haster |
1:24750b9ad5ef | 498 | mbedtls_ssl_session *session = ssl->session_negotiate; |
Christopher Haster |
1:24750b9ad5ef | 499 | mbedtls_ssl_transform *transform = ssl->transform_negotiate; |
Christopher Haster |
1:24750b9ad5ef | 500 | mbedtls_ssl_handshake_params *handshake = ssl->handshake; |
Christopher Haster |
1:24750b9ad5ef | 501 | |
Christopher Haster |
1:24750b9ad5ef | 502 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); |
Christopher Haster |
1:24750b9ad5ef | 503 | |
Christopher Haster |
1:24750b9ad5ef | 504 | cipher_info = mbedtls_cipher_info_from_type( transform->ciphersuite_info->cipher ); |
Christopher Haster |
1:24750b9ad5ef | 505 | if( cipher_info == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 506 | { |
Christopher Haster |
1:24750b9ad5ef | 507 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found", |
Christopher Haster |
1:24750b9ad5ef | 508 | transform->ciphersuite_info->cipher ) ); |
Christopher Haster |
1:24750b9ad5ef | 509 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 510 | } |
Christopher Haster |
1:24750b9ad5ef | 511 | |
Christopher Haster |
1:24750b9ad5ef | 512 | md_info = mbedtls_md_info_from_type( transform->ciphersuite_info->mac ); |
Christopher Haster |
1:24750b9ad5ef | 513 | if( md_info == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 514 | { |
Christopher Haster |
1:24750b9ad5ef | 515 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found", |
Christopher Haster |
1:24750b9ad5ef | 516 | transform->ciphersuite_info->mac ) ); |
Christopher Haster |
1:24750b9ad5ef | 517 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 518 | } |
Christopher Haster |
1:24750b9ad5ef | 519 | |
Christopher Haster |
1:24750b9ad5ef | 520 | /* |
Christopher Haster |
1:24750b9ad5ef | 521 | * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions |
Christopher Haster |
1:24750b9ad5ef | 522 | */ |
Christopher Haster |
1:24750b9ad5ef | 523 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 524 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
Christopher Haster |
1:24750b9ad5ef | 525 | { |
Christopher Haster |
1:24750b9ad5ef | 526 | handshake->tls_prf = ssl3_prf; |
Christopher Haster |
1:24750b9ad5ef | 527 | handshake->calc_verify = ssl_calc_verify_ssl; |
Christopher Haster |
1:24750b9ad5ef | 528 | handshake->calc_finished = ssl_calc_finished_ssl; |
Christopher Haster |
1:24750b9ad5ef | 529 | } |
Christopher Haster |
1:24750b9ad5ef | 530 | else |
Christopher Haster |
1:24750b9ad5ef | 531 | #endif |
Christopher Haster |
1:24750b9ad5ef | 532 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 533 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) |
Christopher Haster |
1:24750b9ad5ef | 534 | { |
Christopher Haster |
1:24750b9ad5ef | 535 | handshake->tls_prf = tls1_prf; |
Christopher Haster |
1:24750b9ad5ef | 536 | handshake->calc_verify = ssl_calc_verify_tls; |
Christopher Haster |
1:24750b9ad5ef | 537 | handshake->calc_finished = ssl_calc_finished_tls; |
Christopher Haster |
1:24750b9ad5ef | 538 | } |
Christopher Haster |
1:24750b9ad5ef | 539 | else |
Christopher Haster |
1:24750b9ad5ef | 540 | #endif |
Christopher Haster |
1:24750b9ad5ef | 541 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 542 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 543 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && |
Christopher Haster |
1:24750b9ad5ef | 544 | transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) |
Christopher Haster |
1:24750b9ad5ef | 545 | { |
Christopher Haster |
1:24750b9ad5ef | 546 | handshake->tls_prf = tls_prf_sha384; |
Christopher Haster |
1:24750b9ad5ef | 547 | handshake->calc_verify = ssl_calc_verify_tls_sha384; |
Christopher Haster |
1:24750b9ad5ef | 548 | handshake->calc_finished = ssl_calc_finished_tls_sha384; |
Christopher Haster |
1:24750b9ad5ef | 549 | } |
Christopher Haster |
1:24750b9ad5ef | 550 | else |
Christopher Haster |
1:24750b9ad5ef | 551 | #endif |
Christopher Haster |
1:24750b9ad5ef | 552 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 553 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
Christopher Haster |
1:24750b9ad5ef | 554 | { |
Christopher Haster |
1:24750b9ad5ef | 555 | handshake->tls_prf = tls_prf_sha256; |
Christopher Haster |
1:24750b9ad5ef | 556 | handshake->calc_verify = ssl_calc_verify_tls_sha256; |
Christopher Haster |
1:24750b9ad5ef | 557 | handshake->calc_finished = ssl_calc_finished_tls_sha256; |
Christopher Haster |
1:24750b9ad5ef | 558 | } |
Christopher Haster |
1:24750b9ad5ef | 559 | else |
Christopher Haster |
1:24750b9ad5ef | 560 | #endif |
Christopher Haster |
1:24750b9ad5ef | 561 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 562 | { |
Christopher Haster |
1:24750b9ad5ef | 563 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 564 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 565 | } |
Christopher Haster |
1:24750b9ad5ef | 566 | |
Christopher Haster |
1:24750b9ad5ef | 567 | /* |
Christopher Haster |
1:24750b9ad5ef | 568 | * SSLv3: |
Christopher Haster |
1:24750b9ad5ef | 569 | * master = |
Christopher Haster |
1:24750b9ad5ef | 570 | * MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) + |
Christopher Haster |
1:24750b9ad5ef | 571 | * MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) + |
Christopher Haster |
1:24750b9ad5ef | 572 | * MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) ) |
Christopher Haster |
1:24750b9ad5ef | 573 | * |
Christopher Haster |
1:24750b9ad5ef | 574 | * TLSv1+: |
Christopher Haster |
1:24750b9ad5ef | 575 | * master = PRF( premaster, "master secret", randbytes )[0..47] |
Christopher Haster |
1:24750b9ad5ef | 576 | */ |
Christopher Haster |
1:24750b9ad5ef | 577 | if( handshake->resume == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 578 | { |
Christopher Haster |
1:24750b9ad5ef | 579 | MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster, |
Christopher Haster |
1:24750b9ad5ef | 580 | handshake->pmslen ); |
Christopher Haster |
1:24750b9ad5ef | 581 | |
Christopher Haster |
1:24750b9ad5ef | 582 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
Christopher Haster |
1:24750b9ad5ef | 583 | if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) |
Christopher Haster |
1:24750b9ad5ef | 584 | { |
Christopher Haster |
1:24750b9ad5ef | 585 | unsigned char session_hash[48]; |
Christopher Haster |
1:24750b9ad5ef | 586 | size_t hash_len; |
Christopher Haster |
1:24750b9ad5ef | 587 | |
Christopher Haster |
1:24750b9ad5ef | 588 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using extended master secret" ) ); |
Christopher Haster |
1:24750b9ad5ef | 589 | |
Christopher Haster |
1:24750b9ad5ef | 590 | ssl->handshake->calc_verify( ssl, session_hash ); |
Christopher Haster |
1:24750b9ad5ef | 591 | |
Christopher Haster |
1:24750b9ad5ef | 592 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 593 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
Christopher Haster |
1:24750b9ad5ef | 594 | { |
Christopher Haster |
1:24750b9ad5ef | 595 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 596 | if( ssl->transform_negotiate->ciphersuite_info->mac == |
Christopher Haster |
1:24750b9ad5ef | 597 | MBEDTLS_MD_SHA384 ) |
Christopher Haster |
1:24750b9ad5ef | 598 | { |
Christopher Haster |
1:24750b9ad5ef | 599 | hash_len = 48; |
Christopher Haster |
1:24750b9ad5ef | 600 | } |
Christopher Haster |
1:24750b9ad5ef | 601 | else |
Christopher Haster |
1:24750b9ad5ef | 602 | #endif |
Christopher Haster |
1:24750b9ad5ef | 603 | hash_len = 32; |
Christopher Haster |
1:24750b9ad5ef | 604 | } |
Christopher Haster |
1:24750b9ad5ef | 605 | else |
Christopher Haster |
1:24750b9ad5ef | 606 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 607 | hash_len = 36; |
Christopher Haster |
1:24750b9ad5ef | 608 | |
Christopher Haster |
1:24750b9ad5ef | 609 | MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len ); |
Christopher Haster |
1:24750b9ad5ef | 610 | |
Christopher Haster |
1:24750b9ad5ef | 611 | ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, |
Christopher Haster |
1:24750b9ad5ef | 612 | "extended master secret", |
Christopher Haster |
1:24750b9ad5ef | 613 | session_hash, hash_len, |
Christopher Haster |
1:24750b9ad5ef | 614 | session->master, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 615 | if( ret != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 616 | { |
Christopher Haster |
1:24750b9ad5ef | 617 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
Christopher Haster |
1:24750b9ad5ef | 618 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 619 | } |
Christopher Haster |
1:24750b9ad5ef | 620 | |
Christopher Haster |
1:24750b9ad5ef | 621 | } |
Christopher Haster |
1:24750b9ad5ef | 622 | else |
Christopher Haster |
1:24750b9ad5ef | 623 | #endif |
Christopher Haster |
1:24750b9ad5ef | 624 | ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, |
Christopher Haster |
1:24750b9ad5ef | 625 | "master secret", |
Christopher Haster |
1:24750b9ad5ef | 626 | handshake->randbytes, 64, |
Christopher Haster |
1:24750b9ad5ef | 627 | session->master, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 628 | if( ret != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 629 | { |
Christopher Haster |
1:24750b9ad5ef | 630 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
Christopher Haster |
1:24750b9ad5ef | 631 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 632 | } |
Christopher Haster |
1:24750b9ad5ef | 633 | |
Christopher Haster |
1:24750b9ad5ef | 634 | mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) ); |
Christopher Haster |
1:24750b9ad5ef | 635 | } |
Christopher Haster |
1:24750b9ad5ef | 636 | else |
Christopher Haster |
1:24750b9ad5ef | 637 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); |
Christopher Haster |
1:24750b9ad5ef | 638 | |
Christopher Haster |
1:24750b9ad5ef | 639 | /* |
Christopher Haster |
1:24750b9ad5ef | 640 | * Swap the client and server random values. |
Christopher Haster |
1:24750b9ad5ef | 641 | */ |
Christopher Haster |
1:24750b9ad5ef | 642 | memcpy( tmp, handshake->randbytes, 64 ); |
Christopher Haster |
1:24750b9ad5ef | 643 | memcpy( handshake->randbytes, tmp + 32, 32 ); |
Christopher Haster |
1:24750b9ad5ef | 644 | memcpy( handshake->randbytes + 32, tmp, 32 ); |
Christopher Haster |
1:24750b9ad5ef | 645 | mbedtls_zeroize( tmp, sizeof( tmp ) ); |
Christopher Haster |
1:24750b9ad5ef | 646 | |
Christopher Haster |
1:24750b9ad5ef | 647 | /* |
Christopher Haster |
1:24750b9ad5ef | 648 | * SSLv3: |
Christopher Haster |
1:24750b9ad5ef | 649 | * key block = |
Christopher Haster |
1:24750b9ad5ef | 650 | * MD5( master + SHA1( 'A' + master + randbytes ) ) + |
Christopher Haster |
1:24750b9ad5ef | 651 | * MD5( master + SHA1( 'BB' + master + randbytes ) ) + |
Christopher Haster |
1:24750b9ad5ef | 652 | * MD5( master + SHA1( 'CCC' + master + randbytes ) ) + |
Christopher Haster |
1:24750b9ad5ef | 653 | * MD5( master + SHA1( 'DDDD' + master + randbytes ) ) + |
Christopher Haster |
1:24750b9ad5ef | 654 | * ... |
Christopher Haster |
1:24750b9ad5ef | 655 | * |
Christopher Haster |
1:24750b9ad5ef | 656 | * TLSv1: |
Christopher Haster |
1:24750b9ad5ef | 657 | * key block = PRF( master, "key expansion", randbytes ) |
Christopher Haster |
1:24750b9ad5ef | 658 | */ |
Christopher Haster |
1:24750b9ad5ef | 659 | ret = handshake->tls_prf( session->master, 48, "key expansion", |
Christopher Haster |
1:24750b9ad5ef | 660 | handshake->randbytes, 64, keyblk, 256 ); |
Christopher Haster |
1:24750b9ad5ef | 661 | if( ret != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 662 | { |
Christopher Haster |
1:24750b9ad5ef | 663 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
Christopher Haster |
1:24750b9ad5ef | 664 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 665 | } |
Christopher Haster |
1:24750b9ad5ef | 666 | |
Christopher Haster |
1:24750b9ad5ef | 667 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", |
Christopher Haster |
1:24750b9ad5ef | 668 | mbedtls_ssl_get_ciphersuite_name( session->ciphersuite ) ) ); |
Christopher Haster |
1:24750b9ad5ef | 669 | MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", session->master, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 670 | MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 ); |
Christopher Haster |
1:24750b9ad5ef | 671 | MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); |
Christopher Haster |
1:24750b9ad5ef | 672 | |
Christopher Haster |
1:24750b9ad5ef | 673 | mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) ); |
Christopher Haster |
1:24750b9ad5ef | 674 | |
Christopher Haster |
1:24750b9ad5ef | 675 | /* |
Christopher Haster |
1:24750b9ad5ef | 676 | * Determine the appropriate key, IV and MAC length. |
Christopher Haster |
1:24750b9ad5ef | 677 | */ |
Christopher Haster |
1:24750b9ad5ef | 678 | |
Christopher Haster |
1:24750b9ad5ef | 679 | transform->keylen = cipher_info->key_bitlen / 8; |
Christopher Haster |
1:24750b9ad5ef | 680 | |
Christopher Haster |
1:24750b9ad5ef | 681 | if( cipher_info->mode == MBEDTLS_MODE_GCM || |
Christopher Haster |
1:24750b9ad5ef | 682 | cipher_info->mode == MBEDTLS_MODE_CCM ) |
Christopher Haster |
1:24750b9ad5ef | 683 | { |
Christopher Haster |
1:24750b9ad5ef | 684 | transform->maclen = 0; |
Christopher Haster |
1:24750b9ad5ef | 685 | |
Christopher Haster |
1:24750b9ad5ef | 686 | transform->ivlen = 12; |
Christopher Haster |
1:24750b9ad5ef | 687 | transform->fixed_ivlen = 4; |
Christopher Haster |
1:24750b9ad5ef | 688 | |
Christopher Haster |
1:24750b9ad5ef | 689 | /* Minimum length is expicit IV + tag */ |
Christopher Haster |
1:24750b9ad5ef | 690 | transform->minlen = transform->ivlen - transform->fixed_ivlen |
Christopher Haster |
1:24750b9ad5ef | 691 | + ( transform->ciphersuite_info->flags & |
Christopher Haster |
1:24750b9ad5ef | 692 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16 ); |
Christopher Haster |
1:24750b9ad5ef | 693 | } |
Christopher Haster |
1:24750b9ad5ef | 694 | else |
Christopher Haster |
1:24750b9ad5ef | 695 | { |
Christopher Haster |
1:24750b9ad5ef | 696 | /* Initialize HMAC contexts */ |
Christopher Haster |
1:24750b9ad5ef | 697 | if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 || |
Christopher Haster |
1:24750b9ad5ef | 698 | ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 699 | { |
Christopher Haster |
1:24750b9ad5ef | 700 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); |
Christopher Haster |
1:24750b9ad5ef | 701 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 702 | } |
Christopher Haster |
1:24750b9ad5ef | 703 | |
Christopher Haster |
1:24750b9ad5ef | 704 | /* Get MAC length */ |
Christopher Haster |
1:24750b9ad5ef | 705 | transform->maclen = mbedtls_md_get_size( md_info ); |
Christopher Haster |
1:24750b9ad5ef | 706 | |
Christopher Haster |
1:24750b9ad5ef | 707 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
Christopher Haster |
1:24750b9ad5ef | 708 | /* |
Christopher Haster |
1:24750b9ad5ef | 709 | * If HMAC is to be truncated, we shall keep the leftmost bytes, |
Christopher Haster |
1:24750b9ad5ef | 710 | * (rfc 6066 page 13 or rfc 2104 section 4), |
Christopher Haster |
1:24750b9ad5ef | 711 | * so we only need to adjust the length here. |
Christopher Haster |
1:24750b9ad5ef | 712 | */ |
Christopher Haster |
1:24750b9ad5ef | 713 | if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) |
Christopher Haster |
1:24750b9ad5ef | 714 | transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN; |
Christopher Haster |
1:24750b9ad5ef | 715 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
Christopher Haster |
1:24750b9ad5ef | 716 | |
Christopher Haster |
1:24750b9ad5ef | 717 | /* IV length */ |
Christopher Haster |
1:24750b9ad5ef | 718 | transform->ivlen = cipher_info->iv_size; |
Christopher Haster |
1:24750b9ad5ef | 719 | |
Christopher Haster |
1:24750b9ad5ef | 720 | /* Minimum length */ |
Christopher Haster |
1:24750b9ad5ef | 721 | if( cipher_info->mode == MBEDTLS_MODE_STREAM ) |
Christopher Haster |
1:24750b9ad5ef | 722 | transform->minlen = transform->maclen; |
Christopher Haster |
1:24750b9ad5ef | 723 | else |
Christopher Haster |
1:24750b9ad5ef | 724 | { |
Christopher Haster |
1:24750b9ad5ef | 725 | /* |
Christopher Haster |
1:24750b9ad5ef | 726 | * GenericBlockCipher: |
Christopher Haster |
1:24750b9ad5ef | 727 | * 1. if EtM is in use: one block plus MAC |
Christopher Haster |
1:24750b9ad5ef | 728 | * otherwise: * first multiple of blocklen greater than maclen |
Christopher Haster |
1:24750b9ad5ef | 729 | * 2. IV except for SSL3 and TLS 1.0 |
Christopher Haster |
1:24750b9ad5ef | 730 | */ |
Christopher Haster |
1:24750b9ad5ef | 731 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
Christopher Haster |
1:24750b9ad5ef | 732 | if( session->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) |
Christopher Haster |
1:24750b9ad5ef | 733 | { |
Christopher Haster |
1:24750b9ad5ef | 734 | transform->minlen = transform->maclen |
Christopher Haster |
1:24750b9ad5ef | 735 | + cipher_info->block_size; |
Christopher Haster |
1:24750b9ad5ef | 736 | } |
Christopher Haster |
1:24750b9ad5ef | 737 | else |
Christopher Haster |
1:24750b9ad5ef | 738 | #endif |
Christopher Haster |
1:24750b9ad5ef | 739 | { |
Christopher Haster |
1:24750b9ad5ef | 740 | transform->minlen = transform->maclen |
Christopher Haster |
1:24750b9ad5ef | 741 | + cipher_info->block_size |
Christopher Haster |
1:24750b9ad5ef | 742 | - transform->maclen % cipher_info->block_size; |
Christopher Haster |
1:24750b9ad5ef | 743 | } |
Christopher Haster |
1:24750b9ad5ef | 744 | |
Christopher Haster |
1:24750b9ad5ef | 745 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
Christopher Haster |
1:24750b9ad5ef | 746 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || |
Christopher Haster |
1:24750b9ad5ef | 747 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 ) |
Christopher Haster |
1:24750b9ad5ef | 748 | ; /* No need to adjust minlen */ |
Christopher Haster |
1:24750b9ad5ef | 749 | else |
Christopher Haster |
1:24750b9ad5ef | 750 | #endif |
Christopher Haster |
1:24750b9ad5ef | 751 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 752 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 || |
Christopher Haster |
1:24750b9ad5ef | 753 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
Christopher Haster |
1:24750b9ad5ef | 754 | { |
Christopher Haster |
1:24750b9ad5ef | 755 | transform->minlen += transform->ivlen; |
Christopher Haster |
1:24750b9ad5ef | 756 | } |
Christopher Haster |
1:24750b9ad5ef | 757 | else |
Christopher Haster |
1:24750b9ad5ef | 758 | #endif |
Christopher Haster |
1:24750b9ad5ef | 759 | { |
Christopher Haster |
1:24750b9ad5ef | 760 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 761 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 762 | } |
Christopher Haster |
1:24750b9ad5ef | 763 | } |
Christopher Haster |
1:24750b9ad5ef | 764 | } |
Christopher Haster |
1:24750b9ad5ef | 765 | |
Christopher Haster |
1:24750b9ad5ef | 766 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d", |
Christopher Haster |
1:24750b9ad5ef | 767 | transform->keylen, transform->minlen, transform->ivlen, |
Christopher Haster |
1:24750b9ad5ef | 768 | transform->maclen ) ); |
Christopher Haster |
1:24750b9ad5ef | 769 | |
Christopher Haster |
1:24750b9ad5ef | 770 | /* |
Christopher Haster |
1:24750b9ad5ef | 771 | * Finally setup the cipher contexts, IVs and MAC secrets. |
Christopher Haster |
1:24750b9ad5ef | 772 | */ |
Christopher Haster |
1:24750b9ad5ef | 773 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 774 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
Christopher Haster |
1:24750b9ad5ef | 775 | { |
Christopher Haster |
1:24750b9ad5ef | 776 | key1 = keyblk + transform->maclen * 2; |
Christopher Haster |
1:24750b9ad5ef | 777 | key2 = keyblk + transform->maclen * 2 + transform->keylen; |
Christopher Haster |
1:24750b9ad5ef | 778 | |
Christopher Haster |
1:24750b9ad5ef | 779 | mac_enc = keyblk; |
Christopher Haster |
1:24750b9ad5ef | 780 | mac_dec = keyblk + transform->maclen; |
Christopher Haster |
1:24750b9ad5ef | 781 | |
Christopher Haster |
1:24750b9ad5ef | 782 | /* |
Christopher Haster |
1:24750b9ad5ef | 783 | * This is not used in TLS v1.1. |
Christopher Haster |
1:24750b9ad5ef | 784 | */ |
Christopher Haster |
1:24750b9ad5ef | 785 | iv_copy_len = ( transform->fixed_ivlen ) ? |
Christopher Haster |
1:24750b9ad5ef | 786 | transform->fixed_ivlen : transform->ivlen; |
Christopher Haster |
1:24750b9ad5ef | 787 | memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len ); |
Christopher Haster |
1:24750b9ad5ef | 788 | memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len, |
Christopher Haster |
1:24750b9ad5ef | 789 | iv_copy_len ); |
Christopher Haster |
1:24750b9ad5ef | 790 | } |
Christopher Haster |
1:24750b9ad5ef | 791 | else |
Christopher Haster |
1:24750b9ad5ef | 792 | #endif /* MBEDTLS_SSL_CLI_C */ |
Christopher Haster |
1:24750b9ad5ef | 793 | #if defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 794 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
Christopher Haster |
1:24750b9ad5ef | 795 | { |
Christopher Haster |
1:24750b9ad5ef | 796 | key1 = keyblk + transform->maclen * 2 + transform->keylen; |
Christopher Haster |
1:24750b9ad5ef | 797 | key2 = keyblk + transform->maclen * 2; |
Christopher Haster |
1:24750b9ad5ef | 798 | |
Christopher Haster |
1:24750b9ad5ef | 799 | mac_enc = keyblk + transform->maclen; |
Christopher Haster |
1:24750b9ad5ef | 800 | mac_dec = keyblk; |
Christopher Haster |
1:24750b9ad5ef | 801 | |
Christopher Haster |
1:24750b9ad5ef | 802 | /* |
Christopher Haster |
1:24750b9ad5ef | 803 | * This is not used in TLS v1.1. |
Christopher Haster |
1:24750b9ad5ef | 804 | */ |
Christopher Haster |
1:24750b9ad5ef | 805 | iv_copy_len = ( transform->fixed_ivlen ) ? |
Christopher Haster |
1:24750b9ad5ef | 806 | transform->fixed_ivlen : transform->ivlen; |
Christopher Haster |
1:24750b9ad5ef | 807 | memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len ); |
Christopher Haster |
1:24750b9ad5ef | 808 | memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len, |
Christopher Haster |
1:24750b9ad5ef | 809 | iv_copy_len ); |
Christopher Haster |
1:24750b9ad5ef | 810 | } |
Christopher Haster |
1:24750b9ad5ef | 811 | else |
Christopher Haster |
1:24750b9ad5ef | 812 | #endif /* MBEDTLS_SSL_SRV_C */ |
Christopher Haster |
1:24750b9ad5ef | 813 | { |
Christopher Haster |
1:24750b9ad5ef | 814 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 815 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 816 | } |
Christopher Haster |
1:24750b9ad5ef | 817 | |
Christopher Haster |
1:24750b9ad5ef | 818 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 819 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
Christopher Haster |
1:24750b9ad5ef | 820 | { |
Christopher Haster |
1:24750b9ad5ef | 821 | if( transform->maclen > sizeof transform->mac_enc ) |
Christopher Haster |
1:24750b9ad5ef | 822 | { |
Christopher Haster |
1:24750b9ad5ef | 823 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 824 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 825 | } |
Christopher Haster |
1:24750b9ad5ef | 826 | |
Christopher Haster |
1:24750b9ad5ef | 827 | memcpy( transform->mac_enc, mac_enc, transform->maclen ); |
Christopher Haster |
1:24750b9ad5ef | 828 | memcpy( transform->mac_dec, mac_dec, transform->maclen ); |
Christopher Haster |
1:24750b9ad5ef | 829 | } |
Christopher Haster |
1:24750b9ad5ef | 830 | else |
Christopher Haster |
1:24750b9ad5ef | 831 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Christopher Haster |
1:24750b9ad5ef | 832 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
Christopher Haster |
1:24750b9ad5ef | 833 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 834 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
Christopher Haster |
1:24750b9ad5ef | 835 | { |
Christopher Haster |
1:24750b9ad5ef | 836 | mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen ); |
Christopher Haster |
1:24750b9ad5ef | 837 | mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen ); |
Christopher Haster |
1:24750b9ad5ef | 838 | } |
Christopher Haster |
1:24750b9ad5ef | 839 | else |
Christopher Haster |
1:24750b9ad5ef | 840 | #endif |
Christopher Haster |
1:24750b9ad5ef | 841 | { |
Christopher Haster |
1:24750b9ad5ef | 842 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 843 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 844 | } |
Christopher Haster |
1:24750b9ad5ef | 845 | |
Christopher Haster |
1:24750b9ad5ef | 846 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
Christopher Haster |
1:24750b9ad5ef | 847 | if( mbedtls_ssl_hw_record_init != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 848 | { |
Christopher Haster |
1:24750b9ad5ef | 849 | int ret = 0; |
Christopher Haster |
1:24750b9ad5ef | 850 | |
Christopher Haster |
1:24750b9ad5ef | 851 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) ); |
Christopher Haster |
1:24750b9ad5ef | 852 | |
Christopher Haster |
1:24750b9ad5ef | 853 | if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen, |
Christopher Haster |
1:24750b9ad5ef | 854 | transform->iv_enc, transform->iv_dec, |
Christopher Haster |
1:24750b9ad5ef | 855 | iv_copy_len, |
Christopher Haster |
1:24750b9ad5ef | 856 | mac_enc, mac_dec, |
Christopher Haster |
1:24750b9ad5ef | 857 | transform->maclen ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 858 | { |
Christopher Haster |
1:24750b9ad5ef | 859 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret ); |
Christopher Haster |
1:24750b9ad5ef | 860 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 861 | } |
Christopher Haster |
1:24750b9ad5ef | 862 | } |
Christopher Haster |
1:24750b9ad5ef | 863 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
Christopher Haster |
1:24750b9ad5ef | 864 | |
Christopher Haster |
1:24750b9ad5ef | 865 | #if defined(MBEDTLS_SSL_EXPORT_KEYS) |
Christopher Haster |
1:24750b9ad5ef | 866 | if( ssl->conf->f_export_keys != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 867 | { |
Christopher Haster |
1:24750b9ad5ef | 868 | ssl->conf->f_export_keys( ssl->conf->p_export_keys, |
Christopher Haster |
1:24750b9ad5ef | 869 | session->master, keyblk, |
Christopher Haster |
1:24750b9ad5ef | 870 | transform->maclen, transform->keylen, |
Christopher Haster |
1:24750b9ad5ef | 871 | iv_copy_len ); |
Christopher Haster |
1:24750b9ad5ef | 872 | } |
Christopher Haster |
1:24750b9ad5ef | 873 | #endif |
Christopher Haster |
1:24750b9ad5ef | 874 | |
Christopher Haster |
1:24750b9ad5ef | 875 | if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, |
Christopher Haster |
1:24750b9ad5ef | 876 | cipher_info ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 877 | { |
Christopher Haster |
1:24750b9ad5ef | 878 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); |
Christopher Haster |
1:24750b9ad5ef | 879 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 880 | } |
Christopher Haster |
1:24750b9ad5ef | 881 | |
Christopher Haster |
1:24750b9ad5ef | 882 | if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, |
Christopher Haster |
1:24750b9ad5ef | 883 | cipher_info ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 884 | { |
Christopher Haster |
1:24750b9ad5ef | 885 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); |
Christopher Haster |
1:24750b9ad5ef | 886 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 887 | } |
Christopher Haster |
1:24750b9ad5ef | 888 | |
Christopher Haster |
1:24750b9ad5ef | 889 | if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, |
Christopher Haster |
1:24750b9ad5ef | 890 | cipher_info->key_bitlen, |
Christopher Haster |
1:24750b9ad5ef | 891 | MBEDTLS_ENCRYPT ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 892 | { |
Christopher Haster |
1:24750b9ad5ef | 893 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); |
Christopher Haster |
1:24750b9ad5ef | 894 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 895 | } |
Christopher Haster |
1:24750b9ad5ef | 896 | |
Christopher Haster |
1:24750b9ad5ef | 897 | if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, |
Christopher Haster |
1:24750b9ad5ef | 898 | cipher_info->key_bitlen, |
Christopher Haster |
1:24750b9ad5ef | 899 | MBEDTLS_DECRYPT ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 900 | { |
Christopher Haster |
1:24750b9ad5ef | 901 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); |
Christopher Haster |
1:24750b9ad5ef | 902 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 903 | } |
Christopher Haster |
1:24750b9ad5ef | 904 | |
Christopher Haster |
1:24750b9ad5ef | 905 | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
Christopher Haster |
1:24750b9ad5ef | 906 | if( cipher_info->mode == MBEDTLS_MODE_CBC ) |
Christopher Haster |
1:24750b9ad5ef | 907 | { |
Christopher Haster |
1:24750b9ad5ef | 908 | if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc, |
Christopher Haster |
1:24750b9ad5ef | 909 | MBEDTLS_PADDING_NONE ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 910 | { |
Christopher Haster |
1:24750b9ad5ef | 911 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); |
Christopher Haster |
1:24750b9ad5ef | 912 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 913 | } |
Christopher Haster |
1:24750b9ad5ef | 914 | |
Christopher Haster |
1:24750b9ad5ef | 915 | if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec, |
Christopher Haster |
1:24750b9ad5ef | 916 | MBEDTLS_PADDING_NONE ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 917 | { |
Christopher Haster |
1:24750b9ad5ef | 918 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); |
Christopher Haster |
1:24750b9ad5ef | 919 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 920 | } |
Christopher Haster |
1:24750b9ad5ef | 921 | } |
Christopher Haster |
1:24750b9ad5ef | 922 | #endif /* MBEDTLS_CIPHER_MODE_CBC */ |
Christopher Haster |
1:24750b9ad5ef | 923 | |
Christopher Haster |
1:24750b9ad5ef | 924 | mbedtls_zeroize( keyblk, sizeof( keyblk ) ); |
Christopher Haster |
1:24750b9ad5ef | 925 | |
Christopher Haster |
1:24750b9ad5ef | 926 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
Christopher Haster |
1:24750b9ad5ef | 927 | // Initialize compression |
Christopher Haster |
1:24750b9ad5ef | 928 | // |
Christopher Haster |
1:24750b9ad5ef | 929 | if( session->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
Christopher Haster |
1:24750b9ad5ef | 930 | { |
Christopher Haster |
1:24750b9ad5ef | 931 | if( ssl->compress_buf == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 932 | { |
Christopher Haster |
1:24750b9ad5ef | 933 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) ); |
Christopher Haster |
1:24750b9ad5ef | 934 | ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_BUFFER_LEN ); |
Christopher Haster |
1:24750b9ad5ef | 935 | if( ssl->compress_buf == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 936 | { |
Christopher Haster |
1:24750b9ad5ef | 937 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", |
Christopher Haster |
1:24750b9ad5ef | 938 | MBEDTLS_SSL_BUFFER_LEN ) ); |
Christopher Haster |
1:24750b9ad5ef | 939 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 940 | } |
Christopher Haster |
1:24750b9ad5ef | 941 | } |
Christopher Haster |
1:24750b9ad5ef | 942 | |
Christopher Haster |
1:24750b9ad5ef | 943 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) ); |
Christopher Haster |
1:24750b9ad5ef | 944 | |
Christopher Haster |
1:24750b9ad5ef | 945 | memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) ); |
Christopher Haster |
1:24750b9ad5ef | 946 | memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) ); |
Christopher Haster |
1:24750b9ad5ef | 947 | |
Christopher Haster |
1:24750b9ad5ef | 948 | if( deflateInit( &transform->ctx_deflate, |
Christopher Haster |
1:24750b9ad5ef | 949 | Z_DEFAULT_COMPRESSION ) != Z_OK || |
Christopher Haster |
1:24750b9ad5ef | 950 | inflateInit( &transform->ctx_inflate ) != Z_OK ) |
Christopher Haster |
1:24750b9ad5ef | 951 | { |
Christopher Haster |
1:24750b9ad5ef | 952 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) ); |
Christopher Haster |
1:24750b9ad5ef | 953 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 954 | } |
Christopher Haster |
1:24750b9ad5ef | 955 | } |
Christopher Haster |
1:24750b9ad5ef | 956 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
Christopher Haster |
1:24750b9ad5ef | 957 | |
Christopher Haster |
1:24750b9ad5ef | 958 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); |
Christopher Haster |
1:24750b9ad5ef | 959 | |
Christopher Haster |
1:24750b9ad5ef | 960 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 961 | } |
Christopher Haster |
1:24750b9ad5ef | 962 | |
Christopher Haster |
1:24750b9ad5ef | 963 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 964 | void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] ) |
Christopher Haster |
1:24750b9ad5ef | 965 | { |
Christopher Haster |
1:24750b9ad5ef | 966 | mbedtls_md5_context md5; |
Christopher Haster |
1:24750b9ad5ef | 967 | mbedtls_sha1_context sha1; |
Christopher Haster |
1:24750b9ad5ef | 968 | unsigned char pad_1[48]; |
Christopher Haster |
1:24750b9ad5ef | 969 | unsigned char pad_2[48]; |
Christopher Haster |
1:24750b9ad5ef | 970 | |
Christopher Haster |
1:24750b9ad5ef | 971 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) ); |
Christopher Haster |
1:24750b9ad5ef | 972 | |
Christopher Haster |
1:24750b9ad5ef | 973 | mbedtls_md5_init( &md5 ); |
Christopher Haster |
1:24750b9ad5ef | 974 | mbedtls_sha1_init( &sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 975 | |
Christopher Haster |
1:24750b9ad5ef | 976 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
Christopher Haster |
1:24750b9ad5ef | 977 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 978 | |
Christopher Haster |
1:24750b9ad5ef | 979 | memset( pad_1, 0x36, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 980 | memset( pad_2, 0x5C, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 981 | |
Christopher Haster |
1:24750b9ad5ef | 982 | mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 983 | mbedtls_md5_update( &md5, pad_1, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 984 | mbedtls_md5_finish( &md5, hash ); |
Christopher Haster |
1:24750b9ad5ef | 985 | |
Christopher Haster |
1:24750b9ad5ef | 986 | mbedtls_md5_starts( &md5 ); |
Christopher Haster |
1:24750b9ad5ef | 987 | mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 988 | mbedtls_md5_update( &md5, pad_2, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 989 | mbedtls_md5_update( &md5, hash, 16 ); |
Christopher Haster |
1:24750b9ad5ef | 990 | mbedtls_md5_finish( &md5, hash ); |
Christopher Haster |
1:24750b9ad5ef | 991 | |
Christopher Haster |
1:24750b9ad5ef | 992 | mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 993 | mbedtls_sha1_update( &sha1, pad_1, 40 ); |
Christopher Haster |
1:24750b9ad5ef | 994 | mbedtls_sha1_finish( &sha1, hash + 16 ); |
Christopher Haster |
1:24750b9ad5ef | 995 | |
Christopher Haster |
1:24750b9ad5ef | 996 | mbedtls_sha1_starts( &sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 997 | mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 998 | mbedtls_sha1_update( &sha1, pad_2, 40 ); |
Christopher Haster |
1:24750b9ad5ef | 999 | mbedtls_sha1_update( &sha1, hash + 16, 20 ); |
Christopher Haster |
1:24750b9ad5ef | 1000 | mbedtls_sha1_finish( &sha1, hash + 16 ); |
Christopher Haster |
1:24750b9ad5ef | 1001 | |
Christopher Haster |
1:24750b9ad5ef | 1002 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); |
Christopher Haster |
1:24750b9ad5ef | 1003 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1004 | |
Christopher Haster |
1:24750b9ad5ef | 1005 | mbedtls_md5_free( &md5 ); |
Christopher Haster |
1:24750b9ad5ef | 1006 | mbedtls_sha1_free( &sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 1007 | |
Christopher Haster |
1:24750b9ad5ef | 1008 | return; |
Christopher Haster |
1:24750b9ad5ef | 1009 | } |
Christopher Haster |
1:24750b9ad5ef | 1010 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Christopher Haster |
1:24750b9ad5ef | 1011 | |
Christopher Haster |
1:24750b9ad5ef | 1012 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 1013 | void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] ) |
Christopher Haster |
1:24750b9ad5ef | 1014 | { |
Christopher Haster |
1:24750b9ad5ef | 1015 | mbedtls_md5_context md5; |
Christopher Haster |
1:24750b9ad5ef | 1016 | mbedtls_sha1_context sha1; |
Christopher Haster |
1:24750b9ad5ef | 1017 | |
Christopher Haster |
1:24750b9ad5ef | 1018 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1019 | |
Christopher Haster |
1:24750b9ad5ef | 1020 | mbedtls_md5_init( &md5 ); |
Christopher Haster |
1:24750b9ad5ef | 1021 | mbedtls_sha1_init( &sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 1022 | |
Christopher Haster |
1:24750b9ad5ef | 1023 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
Christopher Haster |
1:24750b9ad5ef | 1024 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 1025 | |
Christopher Haster |
1:24750b9ad5ef | 1026 | mbedtls_md5_finish( &md5, hash ); |
Christopher Haster |
1:24750b9ad5ef | 1027 | mbedtls_sha1_finish( &sha1, hash + 16 ); |
Christopher Haster |
1:24750b9ad5ef | 1028 | |
Christopher Haster |
1:24750b9ad5ef | 1029 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); |
Christopher Haster |
1:24750b9ad5ef | 1030 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1031 | |
Christopher Haster |
1:24750b9ad5ef | 1032 | mbedtls_md5_free( &md5 ); |
Christopher Haster |
1:24750b9ad5ef | 1033 | mbedtls_sha1_free( &sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 1034 | |
Christopher Haster |
1:24750b9ad5ef | 1035 | return; |
Christopher Haster |
1:24750b9ad5ef | 1036 | } |
Christopher Haster |
1:24750b9ad5ef | 1037 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
Christopher Haster |
1:24750b9ad5ef | 1038 | |
Christopher Haster |
1:24750b9ad5ef | 1039 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 1040 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 1041 | void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] ) |
Christopher Haster |
1:24750b9ad5ef | 1042 | { |
Christopher Haster |
1:24750b9ad5ef | 1043 | mbedtls_sha256_context sha256; |
Christopher Haster |
1:24750b9ad5ef | 1044 | |
Christopher Haster |
1:24750b9ad5ef | 1045 | mbedtls_sha256_init( &sha256 ); |
Christopher Haster |
1:24750b9ad5ef | 1046 | |
Christopher Haster |
1:24750b9ad5ef | 1047 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1048 | |
Christopher Haster |
1:24750b9ad5ef | 1049 | mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); |
Christopher Haster |
1:24750b9ad5ef | 1050 | mbedtls_sha256_finish( &sha256, hash ); |
Christopher Haster |
1:24750b9ad5ef | 1051 | |
Christopher Haster |
1:24750b9ad5ef | 1052 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 ); |
Christopher Haster |
1:24750b9ad5ef | 1053 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1054 | |
Christopher Haster |
1:24750b9ad5ef | 1055 | mbedtls_sha256_free( &sha256 ); |
Christopher Haster |
1:24750b9ad5ef | 1056 | |
Christopher Haster |
1:24750b9ad5ef | 1057 | return; |
Christopher Haster |
1:24750b9ad5ef | 1058 | } |
Christopher Haster |
1:24750b9ad5ef | 1059 | #endif /* MBEDTLS_SHA256_C */ |
Christopher Haster |
1:24750b9ad5ef | 1060 | |
Christopher Haster |
1:24750b9ad5ef | 1061 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 1062 | void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] ) |
Christopher Haster |
1:24750b9ad5ef | 1063 | { |
Christopher Haster |
1:24750b9ad5ef | 1064 | mbedtls_sha512_context sha512; |
Christopher Haster |
1:24750b9ad5ef | 1065 | |
Christopher Haster |
1:24750b9ad5ef | 1066 | mbedtls_sha512_init( &sha512 ); |
Christopher Haster |
1:24750b9ad5ef | 1067 | |
Christopher Haster |
1:24750b9ad5ef | 1068 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1069 | |
Christopher Haster |
1:24750b9ad5ef | 1070 | mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); |
Christopher Haster |
1:24750b9ad5ef | 1071 | mbedtls_sha512_finish( &sha512, hash ); |
Christopher Haster |
1:24750b9ad5ef | 1072 | |
Christopher Haster |
1:24750b9ad5ef | 1073 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 1074 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1075 | |
Christopher Haster |
1:24750b9ad5ef | 1076 | mbedtls_sha512_free( &sha512 ); |
Christopher Haster |
1:24750b9ad5ef | 1077 | |
Christopher Haster |
1:24750b9ad5ef | 1078 | return; |
Christopher Haster |
1:24750b9ad5ef | 1079 | } |
Christopher Haster |
1:24750b9ad5ef | 1080 | #endif /* MBEDTLS_SHA512_C */ |
Christopher Haster |
1:24750b9ad5ef | 1081 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 1082 | |
Christopher Haster |
1:24750b9ad5ef | 1083 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 1084 | int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) |
Christopher Haster |
1:24750b9ad5ef | 1085 | { |
Christopher Haster |
1:24750b9ad5ef | 1086 | unsigned char *p = ssl->handshake->premaster; |
Christopher Haster |
1:24750b9ad5ef | 1087 | unsigned char *end = p + sizeof( ssl->handshake->premaster ); |
Christopher Haster |
1:24750b9ad5ef | 1088 | const unsigned char *psk = ssl->conf->psk; |
Christopher Haster |
1:24750b9ad5ef | 1089 | size_t psk_len = ssl->conf->psk_len; |
Christopher Haster |
1:24750b9ad5ef | 1090 | |
Christopher Haster |
1:24750b9ad5ef | 1091 | /* If the psk callback was called, use its result */ |
Christopher Haster |
1:24750b9ad5ef | 1092 | if( ssl->handshake->psk != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 1093 | { |
Christopher Haster |
1:24750b9ad5ef | 1094 | psk = ssl->handshake->psk; |
Christopher Haster |
1:24750b9ad5ef | 1095 | psk_len = ssl->handshake->psk_len; |
Christopher Haster |
1:24750b9ad5ef | 1096 | } |
Christopher Haster |
1:24750b9ad5ef | 1097 | |
Christopher Haster |
1:24750b9ad5ef | 1098 | /* |
Christopher Haster |
1:24750b9ad5ef | 1099 | * PMS = struct { |
Christopher Haster |
1:24750b9ad5ef | 1100 | * opaque other_secret<0..2^16-1>; |
Christopher Haster |
1:24750b9ad5ef | 1101 | * opaque psk<0..2^16-1>; |
Christopher Haster |
1:24750b9ad5ef | 1102 | * }; |
Christopher Haster |
1:24750b9ad5ef | 1103 | * with "other_secret" depending on the particular key exchange |
Christopher Haster |
1:24750b9ad5ef | 1104 | */ |
Christopher Haster |
1:24750b9ad5ef | 1105 | #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 1106 | if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK ) |
Christopher Haster |
1:24750b9ad5ef | 1107 | { |
Christopher Haster |
1:24750b9ad5ef | 1108 | if( end - p < 2 ) |
Christopher Haster |
1:24750b9ad5ef | 1109 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 1110 | |
Christopher Haster |
1:24750b9ad5ef | 1111 | *(p++) = (unsigned char)( psk_len >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1112 | *(p++) = (unsigned char)( psk_len ); |
Christopher Haster |
1:24750b9ad5ef | 1113 | |
Christopher Haster |
1:24750b9ad5ef | 1114 | if( end < p || (size_t)( end - p ) < psk_len ) |
Christopher Haster |
1:24750b9ad5ef | 1115 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 1116 | |
Christopher Haster |
1:24750b9ad5ef | 1117 | memset( p, 0, psk_len ); |
Christopher Haster |
1:24750b9ad5ef | 1118 | p += psk_len; |
Christopher Haster |
1:24750b9ad5ef | 1119 | } |
Christopher Haster |
1:24750b9ad5ef | 1120 | else |
Christopher Haster |
1:24750b9ad5ef | 1121 | #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ |
Christopher Haster |
1:24750b9ad5ef | 1122 | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 1123 | if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) |
Christopher Haster |
1:24750b9ad5ef | 1124 | { |
Christopher Haster |
1:24750b9ad5ef | 1125 | /* |
Christopher Haster |
1:24750b9ad5ef | 1126 | * other_secret already set by the ClientKeyExchange message, |
Christopher Haster |
1:24750b9ad5ef | 1127 | * and is 48 bytes long |
Christopher Haster |
1:24750b9ad5ef | 1128 | */ |
Christopher Haster |
1:24750b9ad5ef | 1129 | *p++ = 0; |
Christopher Haster |
1:24750b9ad5ef | 1130 | *p++ = 48; |
Christopher Haster |
1:24750b9ad5ef | 1131 | p += 48; |
Christopher Haster |
1:24750b9ad5ef | 1132 | } |
Christopher Haster |
1:24750b9ad5ef | 1133 | else |
Christopher Haster |
1:24750b9ad5ef | 1134 | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ |
Christopher Haster |
1:24750b9ad5ef | 1135 | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 1136 | if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) |
Christopher Haster |
1:24750b9ad5ef | 1137 | { |
Christopher Haster |
1:24750b9ad5ef | 1138 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 1139 | size_t len; |
Christopher Haster |
1:24750b9ad5ef | 1140 | |
Christopher Haster |
1:24750b9ad5ef | 1141 | /* Write length only when we know the actual value */ |
Christopher Haster |
1:24750b9ad5ef | 1142 | if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, |
Christopher Haster |
1:24750b9ad5ef | 1143 | p + 2, end - ( p + 2 ), &len, |
Christopher Haster |
1:24750b9ad5ef | 1144 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1145 | { |
Christopher Haster |
1:24750b9ad5ef | 1146 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); |
Christopher Haster |
1:24750b9ad5ef | 1147 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 1148 | } |
Christopher Haster |
1:24750b9ad5ef | 1149 | *(p++) = (unsigned char)( len >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1150 | *(p++) = (unsigned char)( len ); |
Christopher Haster |
1:24750b9ad5ef | 1151 | p += len; |
Christopher Haster |
1:24750b9ad5ef | 1152 | |
Christopher Haster |
1:24750b9ad5ef | 1153 | MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); |
Christopher Haster |
1:24750b9ad5ef | 1154 | } |
Christopher Haster |
1:24750b9ad5ef | 1155 | else |
Christopher Haster |
1:24750b9ad5ef | 1156 | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ |
Christopher Haster |
1:24750b9ad5ef | 1157 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 1158 | if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) |
Christopher Haster |
1:24750b9ad5ef | 1159 | { |
Christopher Haster |
1:24750b9ad5ef | 1160 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 1161 | size_t zlen; |
Christopher Haster |
1:24750b9ad5ef | 1162 | |
Christopher Haster |
1:24750b9ad5ef | 1163 | if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, |
Christopher Haster |
1:24750b9ad5ef | 1164 | p + 2, end - ( p + 2 ), |
Christopher Haster |
1:24750b9ad5ef | 1165 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1166 | { |
Christopher Haster |
1:24750b9ad5ef | 1167 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); |
Christopher Haster |
1:24750b9ad5ef | 1168 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 1169 | } |
Christopher Haster |
1:24750b9ad5ef | 1170 | |
Christopher Haster |
1:24750b9ad5ef | 1171 | *(p++) = (unsigned char)( zlen >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1172 | *(p++) = (unsigned char)( zlen ); |
Christopher Haster |
1:24750b9ad5ef | 1173 | p += zlen; |
Christopher Haster |
1:24750b9ad5ef | 1174 | |
Christopher Haster |
1:24750b9ad5ef | 1175 | MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); |
Christopher Haster |
1:24750b9ad5ef | 1176 | } |
Christopher Haster |
1:24750b9ad5ef | 1177 | else |
Christopher Haster |
1:24750b9ad5ef | 1178 | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ |
Christopher Haster |
1:24750b9ad5ef | 1179 | { |
Christopher Haster |
1:24750b9ad5ef | 1180 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1181 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1182 | } |
Christopher Haster |
1:24750b9ad5ef | 1183 | |
Christopher Haster |
1:24750b9ad5ef | 1184 | /* opaque psk<0..2^16-1>; */ |
Christopher Haster |
1:24750b9ad5ef | 1185 | if( end - p < 2 ) |
Christopher Haster |
1:24750b9ad5ef | 1186 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 1187 | |
Christopher Haster |
1:24750b9ad5ef | 1188 | *(p++) = (unsigned char)( psk_len >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1189 | *(p++) = (unsigned char)( psk_len ); |
Christopher Haster |
1:24750b9ad5ef | 1190 | |
Christopher Haster |
1:24750b9ad5ef | 1191 | if( end < p || (size_t)( end - p ) < psk_len ) |
Christopher Haster |
1:24750b9ad5ef | 1192 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 1193 | |
Christopher Haster |
1:24750b9ad5ef | 1194 | memcpy( p, psk, psk_len ); |
Christopher Haster |
1:24750b9ad5ef | 1195 | p += psk_len; |
Christopher Haster |
1:24750b9ad5ef | 1196 | |
Christopher Haster |
1:24750b9ad5ef | 1197 | ssl->handshake->pmslen = p - ssl->handshake->premaster; |
Christopher Haster |
1:24750b9ad5ef | 1198 | |
Christopher Haster |
1:24750b9ad5ef | 1199 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 1200 | } |
Christopher Haster |
1:24750b9ad5ef | 1201 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
Christopher Haster |
1:24750b9ad5ef | 1202 | |
Christopher Haster |
1:24750b9ad5ef | 1203 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 1204 | /* |
Christopher Haster |
1:24750b9ad5ef | 1205 | * SSLv3.0 MAC functions |
Christopher Haster |
1:24750b9ad5ef | 1206 | */ |
Christopher Haster |
1:24750b9ad5ef | 1207 | static void ssl_mac( mbedtls_md_context_t *md_ctx, unsigned char *secret, |
Christopher Haster |
1:24750b9ad5ef | 1208 | unsigned char *buf, size_t len, |
Christopher Haster |
1:24750b9ad5ef | 1209 | unsigned char *ctr, int type ) |
Christopher Haster |
1:24750b9ad5ef | 1210 | { |
Christopher Haster |
1:24750b9ad5ef | 1211 | unsigned char header[11]; |
Christopher Haster |
1:24750b9ad5ef | 1212 | unsigned char padding[48]; |
Christopher Haster |
1:24750b9ad5ef | 1213 | int padlen; |
Christopher Haster |
1:24750b9ad5ef | 1214 | int md_size = mbedtls_md_get_size( md_ctx->md_info ); |
Christopher Haster |
1:24750b9ad5ef | 1215 | int md_type = mbedtls_md_get_type( md_ctx->md_info ); |
Christopher Haster |
1:24750b9ad5ef | 1216 | |
Christopher Haster |
1:24750b9ad5ef | 1217 | /* Only MD5 and SHA-1 supported */ |
Christopher Haster |
1:24750b9ad5ef | 1218 | if( md_type == MBEDTLS_MD_MD5 ) |
Christopher Haster |
1:24750b9ad5ef | 1219 | padlen = 48; |
Christopher Haster |
1:24750b9ad5ef | 1220 | else |
Christopher Haster |
1:24750b9ad5ef | 1221 | padlen = 40; |
Christopher Haster |
1:24750b9ad5ef | 1222 | |
Christopher Haster |
1:24750b9ad5ef | 1223 | memcpy( header, ctr, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1224 | header[ 8] = (unsigned char) type; |
Christopher Haster |
1:24750b9ad5ef | 1225 | header[ 9] = (unsigned char)( len >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1226 | header[10] = (unsigned char)( len ); |
Christopher Haster |
1:24750b9ad5ef | 1227 | |
Christopher Haster |
1:24750b9ad5ef | 1228 | memset( padding, 0x36, padlen ); |
Christopher Haster |
1:24750b9ad5ef | 1229 | mbedtls_md_starts( md_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 1230 | mbedtls_md_update( md_ctx, secret, md_size ); |
Christopher Haster |
1:24750b9ad5ef | 1231 | mbedtls_md_update( md_ctx, padding, padlen ); |
Christopher Haster |
1:24750b9ad5ef | 1232 | mbedtls_md_update( md_ctx, header, 11 ); |
Christopher Haster |
1:24750b9ad5ef | 1233 | mbedtls_md_update( md_ctx, buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 1234 | mbedtls_md_finish( md_ctx, buf + len ); |
Christopher Haster |
1:24750b9ad5ef | 1235 | |
Christopher Haster |
1:24750b9ad5ef | 1236 | memset( padding, 0x5C, padlen ); |
Christopher Haster |
1:24750b9ad5ef | 1237 | mbedtls_md_starts( md_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 1238 | mbedtls_md_update( md_ctx, secret, md_size ); |
Christopher Haster |
1:24750b9ad5ef | 1239 | mbedtls_md_update( md_ctx, padding, padlen ); |
Christopher Haster |
1:24750b9ad5ef | 1240 | mbedtls_md_update( md_ctx, buf + len, md_size ); |
Christopher Haster |
1:24750b9ad5ef | 1241 | mbedtls_md_finish( md_ctx, buf + len ); |
Christopher Haster |
1:24750b9ad5ef | 1242 | } |
Christopher Haster |
1:24750b9ad5ef | 1243 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Christopher Haster |
1:24750b9ad5ef | 1244 | |
Christopher Haster |
1:24750b9ad5ef | 1245 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ |
Christopher Haster |
1:24750b9ad5ef | 1246 | ( defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
Christopher Haster |
1:24750b9ad5ef | 1247 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) ) |
Christopher Haster |
1:24750b9ad5ef | 1248 | #define SSL_SOME_MODES_USE_MAC |
Christopher Haster |
1:24750b9ad5ef | 1249 | #endif |
Christopher Haster |
1:24750b9ad5ef | 1250 | |
Christopher Haster |
1:24750b9ad5ef | 1251 | /* |
Christopher Haster |
1:24750b9ad5ef | 1252 | * Encryption/decryption functions |
Christopher Haster |
1:24750b9ad5ef | 1253 | */ |
Christopher Haster |
1:24750b9ad5ef | 1254 | static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 1255 | { |
Christopher Haster |
1:24750b9ad5ef | 1256 | mbedtls_cipher_mode_t mode; |
Christopher Haster |
1:24750b9ad5ef | 1257 | int auth_done = 0; |
Christopher Haster |
1:24750b9ad5ef | 1258 | |
Christopher Haster |
1:24750b9ad5ef | 1259 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1260 | |
Christopher Haster |
1:24750b9ad5ef | 1261 | if( ssl->session_out == NULL || ssl->transform_out == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 1262 | { |
Christopher Haster |
1:24750b9ad5ef | 1263 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1264 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1265 | } |
Christopher Haster |
1:24750b9ad5ef | 1266 | |
Christopher Haster |
1:24750b9ad5ef | 1267 | mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ); |
Christopher Haster |
1:24750b9ad5ef | 1268 | |
Christopher Haster |
1:24750b9ad5ef | 1269 | MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload", |
Christopher Haster |
1:24750b9ad5ef | 1270 | ssl->out_msg, ssl->out_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 1271 | |
Christopher Haster |
1:24750b9ad5ef | 1272 | /* |
Christopher Haster |
1:24750b9ad5ef | 1273 | * Add MAC before if needed |
Christopher Haster |
1:24750b9ad5ef | 1274 | */ |
Christopher Haster |
1:24750b9ad5ef | 1275 | #if defined(SSL_SOME_MODES_USE_MAC) |
Christopher Haster |
1:24750b9ad5ef | 1276 | if( mode == MBEDTLS_MODE_STREAM || |
Christopher Haster |
1:24750b9ad5ef | 1277 | ( mode == MBEDTLS_MODE_CBC |
Christopher Haster |
1:24750b9ad5ef | 1278 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
Christopher Haster |
1:24750b9ad5ef | 1279 | && ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED |
Christopher Haster |
1:24750b9ad5ef | 1280 | #endif |
Christopher Haster |
1:24750b9ad5ef | 1281 | ) ) |
Christopher Haster |
1:24750b9ad5ef | 1282 | { |
Christopher Haster |
1:24750b9ad5ef | 1283 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 1284 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
Christopher Haster |
1:24750b9ad5ef | 1285 | { |
Christopher Haster |
1:24750b9ad5ef | 1286 | ssl_mac( &ssl->transform_out->md_ctx_enc, |
Christopher Haster |
1:24750b9ad5ef | 1287 | ssl->transform_out->mac_enc, |
Christopher Haster |
1:24750b9ad5ef | 1288 | ssl->out_msg, ssl->out_msglen, |
Christopher Haster |
1:24750b9ad5ef | 1289 | ssl->out_ctr, ssl->out_msgtype ); |
Christopher Haster |
1:24750b9ad5ef | 1290 | } |
Christopher Haster |
1:24750b9ad5ef | 1291 | else |
Christopher Haster |
1:24750b9ad5ef | 1292 | #endif |
Christopher Haster |
1:24750b9ad5ef | 1293 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
Christopher Haster |
1:24750b9ad5ef | 1294 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 1295 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
Christopher Haster |
1:24750b9ad5ef | 1296 | { |
Christopher Haster |
1:24750b9ad5ef | 1297 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1298 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 ); |
Christopher Haster |
1:24750b9ad5ef | 1299 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 ); |
Christopher Haster |
1:24750b9ad5ef | 1300 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, |
Christopher Haster |
1:24750b9ad5ef | 1301 | ssl->out_msg, ssl->out_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 1302 | mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, |
Christopher Haster |
1:24750b9ad5ef | 1303 | ssl->out_msg + ssl->out_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 1304 | mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); |
Christopher Haster |
1:24750b9ad5ef | 1305 | } |
Christopher Haster |
1:24750b9ad5ef | 1306 | else |
Christopher Haster |
1:24750b9ad5ef | 1307 | #endif |
Christopher Haster |
1:24750b9ad5ef | 1308 | { |
Christopher Haster |
1:24750b9ad5ef | 1309 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1310 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1311 | } |
Christopher Haster |
1:24750b9ad5ef | 1312 | |
Christopher Haster |
1:24750b9ad5ef | 1313 | MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", |
Christopher Haster |
1:24750b9ad5ef | 1314 | ssl->out_msg + ssl->out_msglen, |
Christopher Haster |
1:24750b9ad5ef | 1315 | ssl->transform_out->maclen ); |
Christopher Haster |
1:24750b9ad5ef | 1316 | |
Christopher Haster |
1:24750b9ad5ef | 1317 | ssl->out_msglen += ssl->transform_out->maclen; |
Christopher Haster |
1:24750b9ad5ef | 1318 | auth_done++; |
Christopher Haster |
1:24750b9ad5ef | 1319 | } |
Christopher Haster |
1:24750b9ad5ef | 1320 | #endif /* AEAD not the only option */ |
Christopher Haster |
1:24750b9ad5ef | 1321 | |
Christopher Haster |
1:24750b9ad5ef | 1322 | /* |
Christopher Haster |
1:24750b9ad5ef | 1323 | * Encrypt |
Christopher Haster |
1:24750b9ad5ef | 1324 | */ |
Christopher Haster |
1:24750b9ad5ef | 1325 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) |
Christopher Haster |
1:24750b9ad5ef | 1326 | if( mode == MBEDTLS_MODE_STREAM ) |
Christopher Haster |
1:24750b9ad5ef | 1327 | { |
Christopher Haster |
1:24750b9ad5ef | 1328 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 1329 | size_t olen = 0; |
Christopher Haster |
1:24750b9ad5ef | 1330 | |
Christopher Haster |
1:24750b9ad5ef | 1331 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
Christopher Haster |
1:24750b9ad5ef | 1332 | "including %d bytes of padding", |
Christopher Haster |
1:24750b9ad5ef | 1333 | ssl->out_msglen, 0 ) ); |
Christopher Haster |
1:24750b9ad5ef | 1334 | |
Christopher Haster |
1:24750b9ad5ef | 1335 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, |
Christopher Haster |
1:24750b9ad5ef | 1336 | ssl->transform_out->iv_enc, |
Christopher Haster |
1:24750b9ad5ef | 1337 | ssl->transform_out->ivlen, |
Christopher Haster |
1:24750b9ad5ef | 1338 | ssl->out_msg, ssl->out_msglen, |
Christopher Haster |
1:24750b9ad5ef | 1339 | ssl->out_msg, &olen ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1340 | { |
Christopher Haster |
1:24750b9ad5ef | 1341 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
Christopher Haster |
1:24750b9ad5ef | 1342 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 1343 | } |
Christopher Haster |
1:24750b9ad5ef | 1344 | |
Christopher Haster |
1:24750b9ad5ef | 1345 | if( ssl->out_msglen != olen ) |
Christopher Haster |
1:24750b9ad5ef | 1346 | { |
Christopher Haster |
1:24750b9ad5ef | 1347 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1348 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1349 | } |
Christopher Haster |
1:24750b9ad5ef | 1350 | } |
Christopher Haster |
1:24750b9ad5ef | 1351 | else |
Christopher Haster |
1:24750b9ad5ef | 1352 | #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ |
Christopher Haster |
1:24750b9ad5ef | 1353 | #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) |
Christopher Haster |
1:24750b9ad5ef | 1354 | if( mode == MBEDTLS_MODE_GCM || |
Christopher Haster |
1:24750b9ad5ef | 1355 | mode == MBEDTLS_MODE_CCM ) |
Christopher Haster |
1:24750b9ad5ef | 1356 | { |
Christopher Haster |
1:24750b9ad5ef | 1357 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 1358 | size_t enc_msglen, olen; |
Christopher Haster |
1:24750b9ad5ef | 1359 | unsigned char *enc_msg; |
Christopher Haster |
1:24750b9ad5ef | 1360 | unsigned char add_data[13]; |
Christopher Haster |
1:24750b9ad5ef | 1361 | unsigned char taglen = ssl->transform_out->ciphersuite_info->flags & |
Christopher Haster |
1:24750b9ad5ef | 1362 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; |
Christopher Haster |
1:24750b9ad5ef | 1363 | |
Christopher Haster |
1:24750b9ad5ef | 1364 | memcpy( add_data, ssl->out_ctr, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1365 | add_data[8] = ssl->out_msgtype; |
Christopher Haster |
1:24750b9ad5ef | 1366 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
Christopher Haster |
1:24750b9ad5ef | 1367 | ssl->conf->transport, add_data + 9 ); |
Christopher Haster |
1:24750b9ad5ef | 1368 | add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF; |
Christopher Haster |
1:24750b9ad5ef | 1369 | add_data[12] = ssl->out_msglen & 0xFF; |
Christopher Haster |
1:24750b9ad5ef | 1370 | |
Christopher Haster |
1:24750b9ad5ef | 1371 | MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", |
Christopher Haster |
1:24750b9ad5ef | 1372 | add_data, 13 ); |
Christopher Haster |
1:24750b9ad5ef | 1373 | |
Christopher Haster |
1:24750b9ad5ef | 1374 | /* |
Christopher Haster |
1:24750b9ad5ef | 1375 | * Generate IV |
Christopher Haster |
1:24750b9ad5ef | 1376 | */ |
Christopher Haster |
1:24750b9ad5ef | 1377 | #if defined(MBEDTLS_SSL_AEAD_RANDOM_IV) |
Christopher Haster |
1:24750b9ad5ef | 1378 | ret = ssl->conf->f_rng( ssl->conf->p_rng, |
Christopher Haster |
1:24750b9ad5ef | 1379 | ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, |
Christopher Haster |
1:24750b9ad5ef | 1380 | ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); |
Christopher Haster |
1:24750b9ad5ef | 1381 | if( ret != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1382 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 1383 | |
Christopher Haster |
1:24750b9ad5ef | 1384 | memcpy( ssl->out_iv, |
Christopher Haster |
1:24750b9ad5ef | 1385 | ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, |
Christopher Haster |
1:24750b9ad5ef | 1386 | ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); |
Christopher Haster |
1:24750b9ad5ef | 1387 | #else |
Christopher Haster |
1:24750b9ad5ef | 1388 | if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 ) |
Christopher Haster |
1:24750b9ad5ef | 1389 | { |
Christopher Haster |
1:24750b9ad5ef | 1390 | /* Reminder if we ever add an AEAD mode with a different size */ |
Christopher Haster |
1:24750b9ad5ef | 1391 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1392 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1393 | } |
Christopher Haster |
1:24750b9ad5ef | 1394 | |
Christopher Haster |
1:24750b9ad5ef | 1395 | memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, |
Christopher Haster |
1:24750b9ad5ef | 1396 | ssl->out_ctr, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1397 | memcpy( ssl->out_iv, ssl->out_ctr, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1398 | #endif |
Christopher Haster |
1:24750b9ad5ef | 1399 | |
Christopher Haster |
1:24750b9ad5ef | 1400 | MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv, |
Christopher Haster |
1:24750b9ad5ef | 1401 | ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); |
Christopher Haster |
1:24750b9ad5ef | 1402 | |
Christopher Haster |
1:24750b9ad5ef | 1403 | /* |
Christopher Haster |
1:24750b9ad5ef | 1404 | * Fix pointer positions and message length with added IV |
Christopher Haster |
1:24750b9ad5ef | 1405 | */ |
Christopher Haster |
1:24750b9ad5ef | 1406 | enc_msg = ssl->out_msg; |
Christopher Haster |
1:24750b9ad5ef | 1407 | enc_msglen = ssl->out_msglen; |
Christopher Haster |
1:24750b9ad5ef | 1408 | ssl->out_msglen += ssl->transform_out->ivlen - |
Christopher Haster |
1:24750b9ad5ef | 1409 | ssl->transform_out->fixed_ivlen; |
Christopher Haster |
1:24750b9ad5ef | 1410 | |
Christopher Haster |
1:24750b9ad5ef | 1411 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
Christopher Haster |
1:24750b9ad5ef | 1412 | "including %d bytes of padding", |
Christopher Haster |
1:24750b9ad5ef | 1413 | ssl->out_msglen, 0 ) ); |
Christopher Haster |
1:24750b9ad5ef | 1414 | |
Christopher Haster |
1:24750b9ad5ef | 1415 | /* |
Christopher Haster |
1:24750b9ad5ef | 1416 | * Encrypt and authenticate |
Christopher Haster |
1:24750b9ad5ef | 1417 | */ |
Christopher Haster |
1:24750b9ad5ef | 1418 | if( ( ret = mbedtls_cipher_auth_encrypt( &ssl->transform_out->cipher_ctx_enc, |
Christopher Haster |
1:24750b9ad5ef | 1419 | ssl->transform_out->iv_enc, |
Christopher Haster |
1:24750b9ad5ef | 1420 | ssl->transform_out->ivlen, |
Christopher Haster |
1:24750b9ad5ef | 1421 | add_data, 13, |
Christopher Haster |
1:24750b9ad5ef | 1422 | enc_msg, enc_msglen, |
Christopher Haster |
1:24750b9ad5ef | 1423 | enc_msg, &olen, |
Christopher Haster |
1:24750b9ad5ef | 1424 | enc_msg + enc_msglen, taglen ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1425 | { |
Christopher Haster |
1:24750b9ad5ef | 1426 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret ); |
Christopher Haster |
1:24750b9ad5ef | 1427 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 1428 | } |
Christopher Haster |
1:24750b9ad5ef | 1429 | |
Christopher Haster |
1:24750b9ad5ef | 1430 | if( olen != enc_msglen ) |
Christopher Haster |
1:24750b9ad5ef | 1431 | { |
Christopher Haster |
1:24750b9ad5ef | 1432 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1433 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1434 | } |
Christopher Haster |
1:24750b9ad5ef | 1435 | |
Christopher Haster |
1:24750b9ad5ef | 1436 | ssl->out_msglen += taglen; |
Christopher Haster |
1:24750b9ad5ef | 1437 | auth_done++; |
Christopher Haster |
1:24750b9ad5ef | 1438 | |
Christopher Haster |
1:24750b9ad5ef | 1439 | MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen ); |
Christopher Haster |
1:24750b9ad5ef | 1440 | } |
Christopher Haster |
1:24750b9ad5ef | 1441 | else |
Christopher Haster |
1:24750b9ad5ef | 1442 | #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ |
Christopher Haster |
1:24750b9ad5ef | 1443 | #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
Christopher Haster |
1:24750b9ad5ef | 1444 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) |
Christopher Haster |
1:24750b9ad5ef | 1445 | if( mode == MBEDTLS_MODE_CBC ) |
Christopher Haster |
1:24750b9ad5ef | 1446 | { |
Christopher Haster |
1:24750b9ad5ef | 1447 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 1448 | unsigned char *enc_msg; |
Christopher Haster |
1:24750b9ad5ef | 1449 | size_t enc_msglen, padlen, olen = 0, i; |
Christopher Haster |
1:24750b9ad5ef | 1450 | |
Christopher Haster |
1:24750b9ad5ef | 1451 | padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) % |
Christopher Haster |
1:24750b9ad5ef | 1452 | ssl->transform_out->ivlen; |
Christopher Haster |
1:24750b9ad5ef | 1453 | if( padlen == ssl->transform_out->ivlen ) |
Christopher Haster |
1:24750b9ad5ef | 1454 | padlen = 0; |
Christopher Haster |
1:24750b9ad5ef | 1455 | |
Christopher Haster |
1:24750b9ad5ef | 1456 | for( i = 0; i <= padlen; i++ ) |
Christopher Haster |
1:24750b9ad5ef | 1457 | ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen; |
Christopher Haster |
1:24750b9ad5ef | 1458 | |
Christopher Haster |
1:24750b9ad5ef | 1459 | ssl->out_msglen += padlen + 1; |
Christopher Haster |
1:24750b9ad5ef | 1460 | |
Christopher Haster |
1:24750b9ad5ef | 1461 | enc_msglen = ssl->out_msglen; |
Christopher Haster |
1:24750b9ad5ef | 1462 | enc_msg = ssl->out_msg; |
Christopher Haster |
1:24750b9ad5ef | 1463 | |
Christopher Haster |
1:24750b9ad5ef | 1464 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 1465 | /* |
Christopher Haster |
1:24750b9ad5ef | 1466 | * Prepend per-record IV for block cipher in TLS v1.1 and up as per |
Christopher Haster |
1:24750b9ad5ef | 1467 | * Method 1 (6.2.3.2. in RFC4346 and RFC5246) |
Christopher Haster |
1:24750b9ad5ef | 1468 | */ |
Christopher Haster |
1:24750b9ad5ef | 1469 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
Christopher Haster |
1:24750b9ad5ef | 1470 | { |
Christopher Haster |
1:24750b9ad5ef | 1471 | /* |
Christopher Haster |
1:24750b9ad5ef | 1472 | * Generate IV |
Christopher Haster |
1:24750b9ad5ef | 1473 | */ |
Christopher Haster |
1:24750b9ad5ef | 1474 | ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc, |
Christopher Haster |
1:24750b9ad5ef | 1475 | ssl->transform_out->ivlen ); |
Christopher Haster |
1:24750b9ad5ef | 1476 | if( ret != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1477 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 1478 | |
Christopher Haster |
1:24750b9ad5ef | 1479 | memcpy( ssl->out_iv, ssl->transform_out->iv_enc, |
Christopher Haster |
1:24750b9ad5ef | 1480 | ssl->transform_out->ivlen ); |
Christopher Haster |
1:24750b9ad5ef | 1481 | |
Christopher Haster |
1:24750b9ad5ef | 1482 | /* |
Christopher Haster |
1:24750b9ad5ef | 1483 | * Fix pointer positions and message length with added IV |
Christopher Haster |
1:24750b9ad5ef | 1484 | */ |
Christopher Haster |
1:24750b9ad5ef | 1485 | enc_msg = ssl->out_msg; |
Christopher Haster |
1:24750b9ad5ef | 1486 | enc_msglen = ssl->out_msglen; |
Christopher Haster |
1:24750b9ad5ef | 1487 | ssl->out_msglen += ssl->transform_out->ivlen; |
Christopher Haster |
1:24750b9ad5ef | 1488 | } |
Christopher Haster |
1:24750b9ad5ef | 1489 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 1490 | |
Christopher Haster |
1:24750b9ad5ef | 1491 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
Christopher Haster |
1:24750b9ad5ef | 1492 | "including %d bytes of IV and %d bytes of padding", |
Christopher Haster |
1:24750b9ad5ef | 1493 | ssl->out_msglen, ssl->transform_out->ivlen, |
Christopher Haster |
1:24750b9ad5ef | 1494 | padlen + 1 ) ); |
Christopher Haster |
1:24750b9ad5ef | 1495 | |
Christopher Haster |
1:24750b9ad5ef | 1496 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, |
Christopher Haster |
1:24750b9ad5ef | 1497 | ssl->transform_out->iv_enc, |
Christopher Haster |
1:24750b9ad5ef | 1498 | ssl->transform_out->ivlen, |
Christopher Haster |
1:24750b9ad5ef | 1499 | enc_msg, enc_msglen, |
Christopher Haster |
1:24750b9ad5ef | 1500 | enc_msg, &olen ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1501 | { |
Christopher Haster |
1:24750b9ad5ef | 1502 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
Christopher Haster |
1:24750b9ad5ef | 1503 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 1504 | } |
Christopher Haster |
1:24750b9ad5ef | 1505 | |
Christopher Haster |
1:24750b9ad5ef | 1506 | if( enc_msglen != olen ) |
Christopher Haster |
1:24750b9ad5ef | 1507 | { |
Christopher Haster |
1:24750b9ad5ef | 1508 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1509 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1510 | } |
Christopher Haster |
1:24750b9ad5ef | 1511 | |
Christopher Haster |
1:24750b9ad5ef | 1512 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
Christopher Haster |
1:24750b9ad5ef | 1513 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) |
Christopher Haster |
1:24750b9ad5ef | 1514 | { |
Christopher Haster |
1:24750b9ad5ef | 1515 | /* |
Christopher Haster |
1:24750b9ad5ef | 1516 | * Save IV in SSL3 and TLS1 |
Christopher Haster |
1:24750b9ad5ef | 1517 | */ |
Christopher Haster |
1:24750b9ad5ef | 1518 | memcpy( ssl->transform_out->iv_enc, |
Christopher Haster |
1:24750b9ad5ef | 1519 | ssl->transform_out->cipher_ctx_enc.iv, |
Christopher Haster |
1:24750b9ad5ef | 1520 | ssl->transform_out->ivlen ); |
Christopher Haster |
1:24750b9ad5ef | 1521 | } |
Christopher Haster |
1:24750b9ad5ef | 1522 | #endif |
Christopher Haster |
1:24750b9ad5ef | 1523 | |
Christopher Haster |
1:24750b9ad5ef | 1524 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
Christopher Haster |
1:24750b9ad5ef | 1525 | if( auth_done == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1526 | { |
Christopher Haster |
1:24750b9ad5ef | 1527 | /* |
Christopher Haster |
1:24750b9ad5ef | 1528 | * MAC(MAC_write_key, seq_num + |
Christopher Haster |
1:24750b9ad5ef | 1529 | * TLSCipherText.type + |
Christopher Haster |
1:24750b9ad5ef | 1530 | * TLSCipherText.version + |
Christopher Haster |
1:24750b9ad5ef | 1531 | * length_of( (IV +) ENC(...) ) + |
Christopher Haster |
1:24750b9ad5ef | 1532 | * IV + // except for TLS 1.0 |
Christopher Haster |
1:24750b9ad5ef | 1533 | * ENC(content + padding + padding_length)); |
Christopher Haster |
1:24750b9ad5ef | 1534 | */ |
Christopher Haster |
1:24750b9ad5ef | 1535 | unsigned char pseudo_hdr[13]; |
Christopher Haster |
1:24750b9ad5ef | 1536 | |
Christopher Haster |
1:24750b9ad5ef | 1537 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1538 | |
Christopher Haster |
1:24750b9ad5ef | 1539 | memcpy( pseudo_hdr + 0, ssl->out_ctr, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1540 | memcpy( pseudo_hdr + 8, ssl->out_hdr, 3 ); |
Christopher Haster |
1:24750b9ad5ef | 1541 | pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF ); |
Christopher Haster |
1:24750b9ad5ef | 1542 | pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen ) & 0xFF ); |
Christopher Haster |
1:24750b9ad5ef | 1543 | |
Christopher Haster |
1:24750b9ad5ef | 1544 | MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 ); |
Christopher Haster |
1:24750b9ad5ef | 1545 | |
Christopher Haster |
1:24750b9ad5ef | 1546 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 ); |
Christopher Haster |
1:24750b9ad5ef | 1547 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, |
Christopher Haster |
1:24750b9ad5ef | 1548 | ssl->out_iv, ssl->out_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 1549 | mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, |
Christopher Haster |
1:24750b9ad5ef | 1550 | ssl->out_iv + ssl->out_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 1551 | mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); |
Christopher Haster |
1:24750b9ad5ef | 1552 | |
Christopher Haster |
1:24750b9ad5ef | 1553 | ssl->out_msglen += ssl->transform_out->maclen; |
Christopher Haster |
1:24750b9ad5ef | 1554 | auth_done++; |
Christopher Haster |
1:24750b9ad5ef | 1555 | } |
Christopher Haster |
1:24750b9ad5ef | 1556 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
Christopher Haster |
1:24750b9ad5ef | 1557 | } |
Christopher Haster |
1:24750b9ad5ef | 1558 | else |
Christopher Haster |
1:24750b9ad5ef | 1559 | #endif /* MBEDTLS_CIPHER_MODE_CBC && |
Christopher Haster |
1:24750b9ad5ef | 1560 | ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ |
Christopher Haster |
1:24750b9ad5ef | 1561 | { |
Christopher Haster |
1:24750b9ad5ef | 1562 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1563 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1564 | } |
Christopher Haster |
1:24750b9ad5ef | 1565 | |
Christopher Haster |
1:24750b9ad5ef | 1566 | /* Make extra sure authentication was performed, exactly once */ |
Christopher Haster |
1:24750b9ad5ef | 1567 | if( auth_done != 1 ) |
Christopher Haster |
1:24750b9ad5ef | 1568 | { |
Christopher Haster |
1:24750b9ad5ef | 1569 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1570 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1571 | } |
Christopher Haster |
1:24750b9ad5ef | 1572 | |
Christopher Haster |
1:24750b9ad5ef | 1573 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1574 | |
Christopher Haster |
1:24750b9ad5ef | 1575 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 1576 | } |
Christopher Haster |
1:24750b9ad5ef | 1577 | |
Christopher Haster |
1:24750b9ad5ef | 1578 | #define SSL_MAX_MAC_SIZE 48 |
Christopher Haster |
1:24750b9ad5ef | 1579 | |
Christopher Haster |
1:24750b9ad5ef | 1580 | static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 1581 | { |
Christopher Haster |
1:24750b9ad5ef | 1582 | size_t i; |
Christopher Haster |
1:24750b9ad5ef | 1583 | mbedtls_cipher_mode_t mode; |
Christopher Haster |
1:24750b9ad5ef | 1584 | int auth_done = 0; |
Christopher Haster |
1:24750b9ad5ef | 1585 | #if defined(SSL_SOME_MODES_USE_MAC) |
Christopher Haster |
1:24750b9ad5ef | 1586 | size_t padlen = 0, correct = 1; |
Christopher Haster |
1:24750b9ad5ef | 1587 | #endif |
Christopher Haster |
1:24750b9ad5ef | 1588 | |
Christopher Haster |
1:24750b9ad5ef | 1589 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1590 | |
Christopher Haster |
1:24750b9ad5ef | 1591 | if( ssl->session_in == NULL || ssl->transform_in == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 1592 | { |
Christopher Haster |
1:24750b9ad5ef | 1593 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1594 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1595 | } |
Christopher Haster |
1:24750b9ad5ef | 1596 | |
Christopher Haster |
1:24750b9ad5ef | 1597 | mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec ); |
Christopher Haster |
1:24750b9ad5ef | 1598 | |
Christopher Haster |
1:24750b9ad5ef | 1599 | if( ssl->in_msglen < ssl->transform_in->minlen ) |
Christopher Haster |
1:24750b9ad5ef | 1600 | { |
Christopher Haster |
1:24750b9ad5ef | 1601 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)", |
Christopher Haster |
1:24750b9ad5ef | 1602 | ssl->in_msglen, ssl->transform_in->minlen ) ); |
Christopher Haster |
1:24750b9ad5ef | 1603 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
Christopher Haster |
1:24750b9ad5ef | 1604 | } |
Christopher Haster |
1:24750b9ad5ef | 1605 | |
Christopher Haster |
1:24750b9ad5ef | 1606 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) |
Christopher Haster |
1:24750b9ad5ef | 1607 | if( mode == MBEDTLS_MODE_STREAM ) |
Christopher Haster |
1:24750b9ad5ef | 1608 | { |
Christopher Haster |
1:24750b9ad5ef | 1609 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 1610 | size_t olen = 0; |
Christopher Haster |
1:24750b9ad5ef | 1611 | |
Christopher Haster |
1:24750b9ad5ef | 1612 | padlen = 0; |
Christopher Haster |
1:24750b9ad5ef | 1613 | |
Christopher Haster |
1:24750b9ad5ef | 1614 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, |
Christopher Haster |
1:24750b9ad5ef | 1615 | ssl->transform_in->iv_dec, |
Christopher Haster |
1:24750b9ad5ef | 1616 | ssl->transform_in->ivlen, |
Christopher Haster |
1:24750b9ad5ef | 1617 | ssl->in_msg, ssl->in_msglen, |
Christopher Haster |
1:24750b9ad5ef | 1618 | ssl->in_msg, &olen ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1619 | { |
Christopher Haster |
1:24750b9ad5ef | 1620 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
Christopher Haster |
1:24750b9ad5ef | 1621 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 1622 | } |
Christopher Haster |
1:24750b9ad5ef | 1623 | |
Christopher Haster |
1:24750b9ad5ef | 1624 | if( ssl->in_msglen != olen ) |
Christopher Haster |
1:24750b9ad5ef | 1625 | { |
Christopher Haster |
1:24750b9ad5ef | 1626 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1627 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1628 | } |
Christopher Haster |
1:24750b9ad5ef | 1629 | } |
Christopher Haster |
1:24750b9ad5ef | 1630 | else |
Christopher Haster |
1:24750b9ad5ef | 1631 | #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ |
Christopher Haster |
1:24750b9ad5ef | 1632 | #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) |
Christopher Haster |
1:24750b9ad5ef | 1633 | if( mode == MBEDTLS_MODE_GCM || |
Christopher Haster |
1:24750b9ad5ef | 1634 | mode == MBEDTLS_MODE_CCM ) |
Christopher Haster |
1:24750b9ad5ef | 1635 | { |
Christopher Haster |
1:24750b9ad5ef | 1636 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 1637 | size_t dec_msglen, olen; |
Christopher Haster |
1:24750b9ad5ef | 1638 | unsigned char *dec_msg; |
Christopher Haster |
1:24750b9ad5ef | 1639 | unsigned char *dec_msg_result; |
Christopher Haster |
1:24750b9ad5ef | 1640 | unsigned char add_data[13]; |
Christopher Haster |
1:24750b9ad5ef | 1641 | unsigned char taglen = ssl->transform_in->ciphersuite_info->flags & |
Christopher Haster |
1:24750b9ad5ef | 1642 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; |
Christopher Haster |
1:24750b9ad5ef | 1643 | size_t explicit_iv_len = ssl->transform_in->ivlen - |
Christopher Haster |
1:24750b9ad5ef | 1644 | ssl->transform_in->fixed_ivlen; |
Christopher Haster |
1:24750b9ad5ef | 1645 | |
Christopher Haster |
1:24750b9ad5ef | 1646 | if( ssl->in_msglen < explicit_iv_len + taglen ) |
Christopher Haster |
1:24750b9ad5ef | 1647 | { |
Christopher Haster |
1:24750b9ad5ef | 1648 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) " |
Christopher Haster |
1:24750b9ad5ef | 1649 | "+ taglen (%d)", ssl->in_msglen, |
Christopher Haster |
1:24750b9ad5ef | 1650 | explicit_iv_len, taglen ) ); |
Christopher Haster |
1:24750b9ad5ef | 1651 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
Christopher Haster |
1:24750b9ad5ef | 1652 | } |
Christopher Haster |
1:24750b9ad5ef | 1653 | dec_msglen = ssl->in_msglen - explicit_iv_len - taglen; |
Christopher Haster |
1:24750b9ad5ef | 1654 | |
Christopher Haster |
1:24750b9ad5ef | 1655 | dec_msg = ssl->in_msg; |
Christopher Haster |
1:24750b9ad5ef | 1656 | dec_msg_result = ssl->in_msg; |
Christopher Haster |
1:24750b9ad5ef | 1657 | ssl->in_msglen = dec_msglen; |
Christopher Haster |
1:24750b9ad5ef | 1658 | |
Christopher Haster |
1:24750b9ad5ef | 1659 | memcpy( add_data, ssl->in_ctr, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1660 | add_data[8] = ssl->in_msgtype; |
Christopher Haster |
1:24750b9ad5ef | 1661 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
Christopher Haster |
1:24750b9ad5ef | 1662 | ssl->conf->transport, add_data + 9 ); |
Christopher Haster |
1:24750b9ad5ef | 1663 | add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF; |
Christopher Haster |
1:24750b9ad5ef | 1664 | add_data[12] = ssl->in_msglen & 0xFF; |
Christopher Haster |
1:24750b9ad5ef | 1665 | |
Christopher Haster |
1:24750b9ad5ef | 1666 | MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", |
Christopher Haster |
1:24750b9ad5ef | 1667 | add_data, 13 ); |
Christopher Haster |
1:24750b9ad5ef | 1668 | |
Christopher Haster |
1:24750b9ad5ef | 1669 | memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen, |
Christopher Haster |
1:24750b9ad5ef | 1670 | ssl->in_iv, |
Christopher Haster |
1:24750b9ad5ef | 1671 | ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen ); |
Christopher Haster |
1:24750b9ad5ef | 1672 | |
Christopher Haster |
1:24750b9ad5ef | 1673 | MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec, |
Christopher Haster |
1:24750b9ad5ef | 1674 | ssl->transform_in->ivlen ); |
Christopher Haster |
1:24750b9ad5ef | 1675 | MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen ); |
Christopher Haster |
1:24750b9ad5ef | 1676 | |
Christopher Haster |
1:24750b9ad5ef | 1677 | /* |
Christopher Haster |
1:24750b9ad5ef | 1678 | * Decrypt and authenticate |
Christopher Haster |
1:24750b9ad5ef | 1679 | */ |
Christopher Haster |
1:24750b9ad5ef | 1680 | if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec, |
Christopher Haster |
1:24750b9ad5ef | 1681 | ssl->transform_in->iv_dec, |
Christopher Haster |
1:24750b9ad5ef | 1682 | ssl->transform_in->ivlen, |
Christopher Haster |
1:24750b9ad5ef | 1683 | add_data, 13, |
Christopher Haster |
1:24750b9ad5ef | 1684 | dec_msg, dec_msglen, |
Christopher Haster |
1:24750b9ad5ef | 1685 | dec_msg_result, &olen, |
Christopher Haster |
1:24750b9ad5ef | 1686 | dec_msg + dec_msglen, taglen ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1687 | { |
Christopher Haster |
1:24750b9ad5ef | 1688 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret ); |
Christopher Haster |
1:24750b9ad5ef | 1689 | |
Christopher Haster |
1:24750b9ad5ef | 1690 | if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ) |
Christopher Haster |
1:24750b9ad5ef | 1691 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
Christopher Haster |
1:24750b9ad5ef | 1692 | |
Christopher Haster |
1:24750b9ad5ef | 1693 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 1694 | } |
Christopher Haster |
1:24750b9ad5ef | 1695 | auth_done++; |
Christopher Haster |
1:24750b9ad5ef | 1696 | |
Christopher Haster |
1:24750b9ad5ef | 1697 | if( olen != dec_msglen ) |
Christopher Haster |
1:24750b9ad5ef | 1698 | { |
Christopher Haster |
1:24750b9ad5ef | 1699 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1700 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1701 | } |
Christopher Haster |
1:24750b9ad5ef | 1702 | } |
Christopher Haster |
1:24750b9ad5ef | 1703 | else |
Christopher Haster |
1:24750b9ad5ef | 1704 | #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ |
Christopher Haster |
1:24750b9ad5ef | 1705 | #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
Christopher Haster |
1:24750b9ad5ef | 1706 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) |
Christopher Haster |
1:24750b9ad5ef | 1707 | if( mode == MBEDTLS_MODE_CBC ) |
Christopher Haster |
1:24750b9ad5ef | 1708 | { |
Christopher Haster |
1:24750b9ad5ef | 1709 | /* |
Christopher Haster |
1:24750b9ad5ef | 1710 | * Decrypt and check the padding |
Christopher Haster |
1:24750b9ad5ef | 1711 | */ |
Christopher Haster |
1:24750b9ad5ef | 1712 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 1713 | unsigned char *dec_msg; |
Christopher Haster |
1:24750b9ad5ef | 1714 | unsigned char *dec_msg_result; |
Christopher Haster |
1:24750b9ad5ef | 1715 | size_t dec_msglen; |
Christopher Haster |
1:24750b9ad5ef | 1716 | size_t minlen = 0; |
Christopher Haster |
1:24750b9ad5ef | 1717 | size_t olen = 0; |
Christopher Haster |
1:24750b9ad5ef | 1718 | |
Christopher Haster |
1:24750b9ad5ef | 1719 | /* |
Christopher Haster |
1:24750b9ad5ef | 1720 | * Check immediate ciphertext sanity |
Christopher Haster |
1:24750b9ad5ef | 1721 | */ |
Christopher Haster |
1:24750b9ad5ef | 1722 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 1723 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
Christopher Haster |
1:24750b9ad5ef | 1724 | minlen += ssl->transform_in->ivlen; |
Christopher Haster |
1:24750b9ad5ef | 1725 | #endif |
Christopher Haster |
1:24750b9ad5ef | 1726 | |
Christopher Haster |
1:24750b9ad5ef | 1727 | if( ssl->in_msglen < minlen + ssl->transform_in->ivlen || |
Christopher Haster |
1:24750b9ad5ef | 1728 | ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 ) |
Christopher Haster |
1:24750b9ad5ef | 1729 | { |
Christopher Haster |
1:24750b9ad5ef | 1730 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) " |
Christopher Haster |
1:24750b9ad5ef | 1731 | "+ 1 ) ( + expl IV )", ssl->in_msglen, |
Christopher Haster |
1:24750b9ad5ef | 1732 | ssl->transform_in->ivlen, |
Christopher Haster |
1:24750b9ad5ef | 1733 | ssl->transform_in->maclen ) ); |
Christopher Haster |
1:24750b9ad5ef | 1734 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
Christopher Haster |
1:24750b9ad5ef | 1735 | } |
Christopher Haster |
1:24750b9ad5ef | 1736 | |
Christopher Haster |
1:24750b9ad5ef | 1737 | dec_msglen = ssl->in_msglen; |
Christopher Haster |
1:24750b9ad5ef | 1738 | dec_msg = ssl->in_msg; |
Christopher Haster |
1:24750b9ad5ef | 1739 | dec_msg_result = ssl->in_msg; |
Christopher Haster |
1:24750b9ad5ef | 1740 | |
Christopher Haster |
1:24750b9ad5ef | 1741 | /* |
Christopher Haster |
1:24750b9ad5ef | 1742 | * Authenticate before decrypt if enabled |
Christopher Haster |
1:24750b9ad5ef | 1743 | */ |
Christopher Haster |
1:24750b9ad5ef | 1744 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
Christopher Haster |
1:24750b9ad5ef | 1745 | if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) |
Christopher Haster |
1:24750b9ad5ef | 1746 | { |
Christopher Haster |
1:24750b9ad5ef | 1747 | unsigned char computed_mac[SSL_MAX_MAC_SIZE]; |
Christopher Haster |
1:24750b9ad5ef | 1748 | unsigned char pseudo_hdr[13]; |
Christopher Haster |
1:24750b9ad5ef | 1749 | |
Christopher Haster |
1:24750b9ad5ef | 1750 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1751 | |
Christopher Haster |
1:24750b9ad5ef | 1752 | dec_msglen -= ssl->transform_in->maclen; |
Christopher Haster |
1:24750b9ad5ef | 1753 | ssl->in_msglen -= ssl->transform_in->maclen; |
Christopher Haster |
1:24750b9ad5ef | 1754 | |
Christopher Haster |
1:24750b9ad5ef | 1755 | memcpy( pseudo_hdr + 0, ssl->in_ctr, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1756 | memcpy( pseudo_hdr + 8, ssl->in_hdr, 3 ); |
Christopher Haster |
1:24750b9ad5ef | 1757 | pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF ); |
Christopher Haster |
1:24750b9ad5ef | 1758 | pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen ) & 0xFF ); |
Christopher Haster |
1:24750b9ad5ef | 1759 | |
Christopher Haster |
1:24750b9ad5ef | 1760 | MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 ); |
Christopher Haster |
1:24750b9ad5ef | 1761 | |
Christopher Haster |
1:24750b9ad5ef | 1762 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 ); |
Christopher Haster |
1:24750b9ad5ef | 1763 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, |
Christopher Haster |
1:24750b9ad5ef | 1764 | ssl->in_iv, ssl->in_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 1765 | mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, computed_mac ); |
Christopher Haster |
1:24750b9ad5ef | 1766 | mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); |
Christopher Haster |
1:24750b9ad5ef | 1767 | |
Christopher Haster |
1:24750b9ad5ef | 1768 | MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen, |
Christopher Haster |
1:24750b9ad5ef | 1769 | ssl->transform_in->maclen ); |
Christopher Haster |
1:24750b9ad5ef | 1770 | MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", computed_mac, |
Christopher Haster |
1:24750b9ad5ef | 1771 | ssl->transform_in->maclen ); |
Christopher Haster |
1:24750b9ad5ef | 1772 | |
Christopher Haster |
1:24750b9ad5ef | 1773 | if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, computed_mac, |
Christopher Haster |
1:24750b9ad5ef | 1774 | ssl->transform_in->maclen ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1775 | { |
Christopher Haster |
1:24750b9ad5ef | 1776 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1777 | |
Christopher Haster |
1:24750b9ad5ef | 1778 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
Christopher Haster |
1:24750b9ad5ef | 1779 | } |
Christopher Haster |
1:24750b9ad5ef | 1780 | auth_done++; |
Christopher Haster |
1:24750b9ad5ef | 1781 | } |
Christopher Haster |
1:24750b9ad5ef | 1782 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
Christopher Haster |
1:24750b9ad5ef | 1783 | |
Christopher Haster |
1:24750b9ad5ef | 1784 | /* |
Christopher Haster |
1:24750b9ad5ef | 1785 | * Check length sanity |
Christopher Haster |
1:24750b9ad5ef | 1786 | */ |
Christopher Haster |
1:24750b9ad5ef | 1787 | if( ssl->in_msglen % ssl->transform_in->ivlen != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1788 | { |
Christopher Haster |
1:24750b9ad5ef | 1789 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0", |
Christopher Haster |
1:24750b9ad5ef | 1790 | ssl->in_msglen, ssl->transform_in->ivlen ) ); |
Christopher Haster |
1:24750b9ad5ef | 1791 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
Christopher Haster |
1:24750b9ad5ef | 1792 | } |
Christopher Haster |
1:24750b9ad5ef | 1793 | |
Christopher Haster |
1:24750b9ad5ef | 1794 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 1795 | /* |
Christopher Haster |
1:24750b9ad5ef | 1796 | * Initialize for prepended IV for block cipher in TLS v1.1 and up |
Christopher Haster |
1:24750b9ad5ef | 1797 | */ |
Christopher Haster |
1:24750b9ad5ef | 1798 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
Christopher Haster |
1:24750b9ad5ef | 1799 | { |
Christopher Haster |
1:24750b9ad5ef | 1800 | dec_msglen -= ssl->transform_in->ivlen; |
Christopher Haster |
1:24750b9ad5ef | 1801 | ssl->in_msglen -= ssl->transform_in->ivlen; |
Christopher Haster |
1:24750b9ad5ef | 1802 | |
Christopher Haster |
1:24750b9ad5ef | 1803 | for( i = 0; i < ssl->transform_in->ivlen; i++ ) |
Christopher Haster |
1:24750b9ad5ef | 1804 | ssl->transform_in->iv_dec[i] = ssl->in_iv[i]; |
Christopher Haster |
1:24750b9ad5ef | 1805 | } |
Christopher Haster |
1:24750b9ad5ef | 1806 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 1807 | |
Christopher Haster |
1:24750b9ad5ef | 1808 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, |
Christopher Haster |
1:24750b9ad5ef | 1809 | ssl->transform_in->iv_dec, |
Christopher Haster |
1:24750b9ad5ef | 1810 | ssl->transform_in->ivlen, |
Christopher Haster |
1:24750b9ad5ef | 1811 | dec_msg, dec_msglen, |
Christopher Haster |
1:24750b9ad5ef | 1812 | dec_msg_result, &olen ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1813 | { |
Christopher Haster |
1:24750b9ad5ef | 1814 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
Christopher Haster |
1:24750b9ad5ef | 1815 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 1816 | } |
Christopher Haster |
1:24750b9ad5ef | 1817 | |
Christopher Haster |
1:24750b9ad5ef | 1818 | if( dec_msglen != olen ) |
Christopher Haster |
1:24750b9ad5ef | 1819 | { |
Christopher Haster |
1:24750b9ad5ef | 1820 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1821 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1822 | } |
Christopher Haster |
1:24750b9ad5ef | 1823 | |
Christopher Haster |
1:24750b9ad5ef | 1824 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
Christopher Haster |
1:24750b9ad5ef | 1825 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) |
Christopher Haster |
1:24750b9ad5ef | 1826 | { |
Christopher Haster |
1:24750b9ad5ef | 1827 | /* |
Christopher Haster |
1:24750b9ad5ef | 1828 | * Save IV in SSL3 and TLS1 |
Christopher Haster |
1:24750b9ad5ef | 1829 | */ |
Christopher Haster |
1:24750b9ad5ef | 1830 | memcpy( ssl->transform_in->iv_dec, |
Christopher Haster |
1:24750b9ad5ef | 1831 | ssl->transform_in->cipher_ctx_dec.iv, |
Christopher Haster |
1:24750b9ad5ef | 1832 | ssl->transform_in->ivlen ); |
Christopher Haster |
1:24750b9ad5ef | 1833 | } |
Christopher Haster |
1:24750b9ad5ef | 1834 | #endif |
Christopher Haster |
1:24750b9ad5ef | 1835 | |
Christopher Haster |
1:24750b9ad5ef | 1836 | padlen = 1 + ssl->in_msg[ssl->in_msglen - 1]; |
Christopher Haster |
1:24750b9ad5ef | 1837 | |
Christopher Haster |
1:24750b9ad5ef | 1838 | if( ssl->in_msglen < ssl->transform_in->maclen + padlen && |
Christopher Haster |
1:24750b9ad5ef | 1839 | auth_done == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1840 | { |
Christopher Haster |
1:24750b9ad5ef | 1841 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
Christopher Haster |
1:24750b9ad5ef | 1842 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)", |
Christopher Haster |
1:24750b9ad5ef | 1843 | ssl->in_msglen, ssl->transform_in->maclen, padlen ) ); |
Christopher Haster |
1:24750b9ad5ef | 1844 | #endif |
Christopher Haster |
1:24750b9ad5ef | 1845 | padlen = 0; |
Christopher Haster |
1:24750b9ad5ef | 1846 | correct = 0; |
Christopher Haster |
1:24750b9ad5ef | 1847 | } |
Christopher Haster |
1:24750b9ad5ef | 1848 | |
Christopher Haster |
1:24750b9ad5ef | 1849 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 1850 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
Christopher Haster |
1:24750b9ad5ef | 1851 | { |
Christopher Haster |
1:24750b9ad5ef | 1852 | if( padlen > ssl->transform_in->ivlen ) |
Christopher Haster |
1:24750b9ad5ef | 1853 | { |
Christopher Haster |
1:24750b9ad5ef | 1854 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
Christopher Haster |
1:24750b9ad5ef | 1855 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, " |
Christopher Haster |
1:24750b9ad5ef | 1856 | "should be no more than %d", |
Christopher Haster |
1:24750b9ad5ef | 1857 | padlen, ssl->transform_in->ivlen ) ); |
Christopher Haster |
1:24750b9ad5ef | 1858 | #endif |
Christopher Haster |
1:24750b9ad5ef | 1859 | correct = 0; |
Christopher Haster |
1:24750b9ad5ef | 1860 | } |
Christopher Haster |
1:24750b9ad5ef | 1861 | } |
Christopher Haster |
1:24750b9ad5ef | 1862 | else |
Christopher Haster |
1:24750b9ad5ef | 1863 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Christopher Haster |
1:24750b9ad5ef | 1864 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
Christopher Haster |
1:24750b9ad5ef | 1865 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 1866 | if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) |
Christopher Haster |
1:24750b9ad5ef | 1867 | { |
Christopher Haster |
1:24750b9ad5ef | 1868 | /* |
Christopher Haster |
1:24750b9ad5ef | 1869 | * TLSv1+: always check the padding up to the first failure |
Christopher Haster |
1:24750b9ad5ef | 1870 | * and fake check up to 256 bytes of padding |
Christopher Haster |
1:24750b9ad5ef | 1871 | */ |
Christopher Haster |
1:24750b9ad5ef | 1872 | size_t pad_count = 0, real_count = 1; |
Christopher Haster |
1:24750b9ad5ef | 1873 | size_t padding_idx = ssl->in_msglen - padlen - 1; |
Christopher Haster |
1:24750b9ad5ef | 1874 | |
Christopher Haster |
1:24750b9ad5ef | 1875 | /* |
Christopher Haster |
1:24750b9ad5ef | 1876 | * Padding is guaranteed to be incorrect if: |
Christopher Haster |
1:24750b9ad5ef | 1877 | * 1. padlen >= ssl->in_msglen |
Christopher Haster |
1:24750b9ad5ef | 1878 | * |
Christopher Haster |
1:24750b9ad5ef | 1879 | * 2. padding_idx >= MBEDTLS_SSL_MAX_CONTENT_LEN + |
Christopher Haster |
1:24750b9ad5ef | 1880 | * ssl->transform_in->maclen |
Christopher Haster |
1:24750b9ad5ef | 1881 | * |
Christopher Haster |
1:24750b9ad5ef | 1882 | * In both cases we reset padding_idx to a safe value (0) to |
Christopher Haster |
1:24750b9ad5ef | 1883 | * prevent out-of-buffer reads. |
Christopher Haster |
1:24750b9ad5ef | 1884 | */ |
Christopher Haster |
1:24750b9ad5ef | 1885 | correct &= ( ssl->in_msglen >= padlen + 1 ); |
Christopher Haster |
1:24750b9ad5ef | 1886 | correct &= ( padding_idx < MBEDTLS_SSL_MAX_CONTENT_LEN + |
Christopher Haster |
1:24750b9ad5ef | 1887 | ssl->transform_in->maclen ); |
Christopher Haster |
1:24750b9ad5ef | 1888 | |
Christopher Haster |
1:24750b9ad5ef | 1889 | padding_idx *= correct; |
Christopher Haster |
1:24750b9ad5ef | 1890 | |
Christopher Haster |
1:24750b9ad5ef | 1891 | for( i = 1; i <= 256; i++ ) |
Christopher Haster |
1:24750b9ad5ef | 1892 | { |
Christopher Haster |
1:24750b9ad5ef | 1893 | real_count &= ( i <= padlen ); |
Christopher Haster |
1:24750b9ad5ef | 1894 | pad_count += real_count * |
Christopher Haster |
1:24750b9ad5ef | 1895 | ( ssl->in_msg[padding_idx + i] == padlen - 1 ); |
Christopher Haster |
1:24750b9ad5ef | 1896 | } |
Christopher Haster |
1:24750b9ad5ef | 1897 | |
Christopher Haster |
1:24750b9ad5ef | 1898 | correct &= ( pad_count == padlen ); /* Only 1 on correct padding */ |
Christopher Haster |
1:24750b9ad5ef | 1899 | |
Christopher Haster |
1:24750b9ad5ef | 1900 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
Christopher Haster |
1:24750b9ad5ef | 1901 | if( padlen > 0 && correct == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1902 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1903 | #endif |
Christopher Haster |
1:24750b9ad5ef | 1904 | padlen &= correct * 0x1FF; |
Christopher Haster |
1:24750b9ad5ef | 1905 | } |
Christopher Haster |
1:24750b9ad5ef | 1906 | else |
Christopher Haster |
1:24750b9ad5ef | 1907 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
Christopher Haster |
1:24750b9ad5ef | 1908 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 1909 | { |
Christopher Haster |
1:24750b9ad5ef | 1910 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1911 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1912 | } |
Christopher Haster |
1:24750b9ad5ef | 1913 | |
Christopher Haster |
1:24750b9ad5ef | 1914 | ssl->in_msglen -= padlen; |
Christopher Haster |
1:24750b9ad5ef | 1915 | } |
Christopher Haster |
1:24750b9ad5ef | 1916 | else |
Christopher Haster |
1:24750b9ad5ef | 1917 | #endif /* MBEDTLS_CIPHER_MODE_CBC && |
Christopher Haster |
1:24750b9ad5ef | 1918 | ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ |
Christopher Haster |
1:24750b9ad5ef | 1919 | { |
Christopher Haster |
1:24750b9ad5ef | 1920 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1921 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1922 | } |
Christopher Haster |
1:24750b9ad5ef | 1923 | |
Christopher Haster |
1:24750b9ad5ef | 1924 | MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption", |
Christopher Haster |
1:24750b9ad5ef | 1925 | ssl->in_msg, ssl->in_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 1926 | |
Christopher Haster |
1:24750b9ad5ef | 1927 | /* |
Christopher Haster |
1:24750b9ad5ef | 1928 | * Authenticate if not done yet. |
Christopher Haster |
1:24750b9ad5ef | 1929 | * Compute the MAC regardless of the padding result (RFC4346, CBCTIME). |
Christopher Haster |
1:24750b9ad5ef | 1930 | */ |
Christopher Haster |
1:24750b9ad5ef | 1931 | #if defined(SSL_SOME_MODES_USE_MAC) |
Christopher Haster |
1:24750b9ad5ef | 1932 | if( auth_done == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 1933 | { |
Christopher Haster |
1:24750b9ad5ef | 1934 | unsigned char tmp[SSL_MAX_MAC_SIZE]; |
Christopher Haster |
1:24750b9ad5ef | 1935 | |
Christopher Haster |
1:24750b9ad5ef | 1936 | ssl->in_msglen -= ssl->transform_in->maclen; |
Christopher Haster |
1:24750b9ad5ef | 1937 | |
Christopher Haster |
1:24750b9ad5ef | 1938 | ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1939 | ssl->in_len[1] = (unsigned char)( ssl->in_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 1940 | |
Christopher Haster |
1:24750b9ad5ef | 1941 | memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen ); |
Christopher Haster |
1:24750b9ad5ef | 1942 | |
Christopher Haster |
1:24750b9ad5ef | 1943 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 1944 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
Christopher Haster |
1:24750b9ad5ef | 1945 | { |
Christopher Haster |
1:24750b9ad5ef | 1946 | ssl_mac( &ssl->transform_in->md_ctx_dec, |
Christopher Haster |
1:24750b9ad5ef | 1947 | ssl->transform_in->mac_dec, |
Christopher Haster |
1:24750b9ad5ef | 1948 | ssl->in_msg, ssl->in_msglen, |
Christopher Haster |
1:24750b9ad5ef | 1949 | ssl->in_ctr, ssl->in_msgtype ); |
Christopher Haster |
1:24750b9ad5ef | 1950 | } |
Christopher Haster |
1:24750b9ad5ef | 1951 | else |
Christopher Haster |
1:24750b9ad5ef | 1952 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Christopher Haster |
1:24750b9ad5ef | 1953 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
Christopher Haster |
1:24750b9ad5ef | 1954 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 1955 | if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) |
Christopher Haster |
1:24750b9ad5ef | 1956 | { |
Christopher Haster |
1:24750b9ad5ef | 1957 | /* |
Christopher Haster |
1:24750b9ad5ef | 1958 | * Process MAC and always update for padlen afterwards to make |
Christopher Haster |
1:24750b9ad5ef | 1959 | * total time independent of padlen |
Christopher Haster |
1:24750b9ad5ef | 1960 | * |
Christopher Haster |
1:24750b9ad5ef | 1961 | * extra_run compensates MAC check for padlen |
Christopher Haster |
1:24750b9ad5ef | 1962 | * |
Christopher Haster |
1:24750b9ad5ef | 1963 | * Known timing attacks: |
Christopher Haster |
1:24750b9ad5ef | 1964 | * - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf) |
Christopher Haster |
1:24750b9ad5ef | 1965 | * |
Christopher Haster |
1:24750b9ad5ef | 1966 | * We use ( ( Lx + 8 ) / 64 ) to handle 'negative Lx' values |
Christopher Haster |
1:24750b9ad5ef | 1967 | * correctly. (We round down instead of up, so -56 is the correct |
Christopher Haster |
1:24750b9ad5ef | 1968 | * value for our calculations instead of -55) |
Christopher Haster |
1:24750b9ad5ef | 1969 | */ |
Christopher Haster |
1:24750b9ad5ef | 1970 | size_t j, extra_run = 0; |
Christopher Haster |
1:24750b9ad5ef | 1971 | extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 - |
Christopher Haster |
1:24750b9ad5ef | 1972 | ( 13 + ssl->in_msglen + 8 ) / 64; |
Christopher Haster |
1:24750b9ad5ef | 1973 | |
Christopher Haster |
1:24750b9ad5ef | 1974 | extra_run &= correct * 0xFF; |
Christopher Haster |
1:24750b9ad5ef | 1975 | |
Christopher Haster |
1:24750b9ad5ef | 1976 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 1977 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 ); |
Christopher Haster |
1:24750b9ad5ef | 1978 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 ); |
Christopher Haster |
1:24750b9ad5ef | 1979 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, |
Christopher Haster |
1:24750b9ad5ef | 1980 | ssl->in_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 1981 | mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, |
Christopher Haster |
1:24750b9ad5ef | 1982 | ssl->in_msg + ssl->in_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 1983 | /* Call mbedtls_md_process at least once due to cache attacks */ |
Christopher Haster |
1:24750b9ad5ef | 1984 | for( j = 0; j < extra_run + 1; j++ ) |
Christopher Haster |
1:24750b9ad5ef | 1985 | mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); |
Christopher Haster |
1:24750b9ad5ef | 1986 | |
Christopher Haster |
1:24750b9ad5ef | 1987 | mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); |
Christopher Haster |
1:24750b9ad5ef | 1988 | } |
Christopher Haster |
1:24750b9ad5ef | 1989 | else |
Christopher Haster |
1:24750b9ad5ef | 1990 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
Christopher Haster |
1:24750b9ad5ef | 1991 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 1992 | { |
Christopher Haster |
1:24750b9ad5ef | 1993 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 1994 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 1995 | } |
Christopher Haster |
1:24750b9ad5ef | 1996 | |
Christopher Haster |
1:24750b9ad5ef | 1997 | MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen ); |
Christopher Haster |
1:24750b9ad5ef | 1998 | MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen, |
Christopher Haster |
1:24750b9ad5ef | 1999 | ssl->transform_in->maclen ); |
Christopher Haster |
1:24750b9ad5ef | 2000 | |
Christopher Haster |
1:24750b9ad5ef | 2001 | if( mbedtls_ssl_safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen, |
Christopher Haster |
1:24750b9ad5ef | 2002 | ssl->transform_in->maclen ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2003 | { |
Christopher Haster |
1:24750b9ad5ef | 2004 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
Christopher Haster |
1:24750b9ad5ef | 2005 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2006 | #endif |
Christopher Haster |
1:24750b9ad5ef | 2007 | correct = 0; |
Christopher Haster |
1:24750b9ad5ef | 2008 | } |
Christopher Haster |
1:24750b9ad5ef | 2009 | auth_done++; |
Christopher Haster |
1:24750b9ad5ef | 2010 | |
Christopher Haster |
1:24750b9ad5ef | 2011 | /* |
Christopher Haster |
1:24750b9ad5ef | 2012 | * Finally check the correct flag |
Christopher Haster |
1:24750b9ad5ef | 2013 | */ |
Christopher Haster |
1:24750b9ad5ef | 2014 | if( correct == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2015 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
Christopher Haster |
1:24750b9ad5ef | 2016 | } |
Christopher Haster |
1:24750b9ad5ef | 2017 | #endif /* SSL_SOME_MODES_USE_MAC */ |
Christopher Haster |
1:24750b9ad5ef | 2018 | |
Christopher Haster |
1:24750b9ad5ef | 2019 | /* Make extra sure authentication was performed, exactly once */ |
Christopher Haster |
1:24750b9ad5ef | 2020 | if( auth_done != 1 ) |
Christopher Haster |
1:24750b9ad5ef | 2021 | { |
Christopher Haster |
1:24750b9ad5ef | 2022 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2023 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 2024 | } |
Christopher Haster |
1:24750b9ad5ef | 2025 | |
Christopher Haster |
1:24750b9ad5ef | 2026 | if( ssl->in_msglen == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2027 | { |
Christopher Haster |
1:24750b9ad5ef | 2028 | ssl->nb_zero++; |
Christopher Haster |
1:24750b9ad5ef | 2029 | |
Christopher Haster |
1:24750b9ad5ef | 2030 | /* |
Christopher Haster |
1:24750b9ad5ef | 2031 | * Three or more empty messages may be a DoS attack |
Christopher Haster |
1:24750b9ad5ef | 2032 | * (excessive CPU consumption). |
Christopher Haster |
1:24750b9ad5ef | 2033 | */ |
Christopher Haster |
1:24750b9ad5ef | 2034 | if( ssl->nb_zero > 3 ) |
Christopher Haster |
1:24750b9ad5ef | 2035 | { |
Christopher Haster |
1:24750b9ad5ef | 2036 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty " |
Christopher Haster |
1:24750b9ad5ef | 2037 | "messages, possible DoS attack" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2038 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
Christopher Haster |
1:24750b9ad5ef | 2039 | } |
Christopher Haster |
1:24750b9ad5ef | 2040 | } |
Christopher Haster |
1:24750b9ad5ef | 2041 | else |
Christopher Haster |
1:24750b9ad5ef | 2042 | ssl->nb_zero = 0; |
Christopher Haster |
1:24750b9ad5ef | 2043 | |
Christopher Haster |
1:24750b9ad5ef | 2044 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 2045 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 2046 | { |
Christopher Haster |
1:24750b9ad5ef | 2047 | ; /* in_ctr read from peer, not maintained internally */ |
Christopher Haster |
1:24750b9ad5ef | 2048 | } |
Christopher Haster |
1:24750b9ad5ef | 2049 | else |
Christopher Haster |
1:24750b9ad5ef | 2050 | #endif |
Christopher Haster |
1:24750b9ad5ef | 2051 | { |
Christopher Haster |
1:24750b9ad5ef | 2052 | for( i = 8; i > ssl_ep_len( ssl ); i-- ) |
Christopher Haster |
1:24750b9ad5ef | 2053 | if( ++ssl->in_ctr[i - 1] != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2054 | break; |
Christopher Haster |
1:24750b9ad5ef | 2055 | |
Christopher Haster |
1:24750b9ad5ef | 2056 | /* The loop goes to its end iff the counter is wrapping */ |
Christopher Haster |
1:24750b9ad5ef | 2057 | if( i == ssl_ep_len( ssl ) ) |
Christopher Haster |
1:24750b9ad5ef | 2058 | { |
Christopher Haster |
1:24750b9ad5ef | 2059 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2060 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
Christopher Haster |
1:24750b9ad5ef | 2061 | } |
Christopher Haster |
1:24750b9ad5ef | 2062 | } |
Christopher Haster |
1:24750b9ad5ef | 2063 | |
Christopher Haster |
1:24750b9ad5ef | 2064 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2065 | |
Christopher Haster |
1:24750b9ad5ef | 2066 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2067 | } |
Christopher Haster |
1:24750b9ad5ef | 2068 | |
Christopher Haster |
1:24750b9ad5ef | 2069 | #undef MAC_NONE |
Christopher Haster |
1:24750b9ad5ef | 2070 | #undef MAC_PLAINTEXT |
Christopher Haster |
1:24750b9ad5ef | 2071 | #undef MAC_CIPHERTEXT |
Christopher Haster |
1:24750b9ad5ef | 2072 | |
Christopher Haster |
1:24750b9ad5ef | 2073 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
Christopher Haster |
1:24750b9ad5ef | 2074 | /* |
Christopher Haster |
1:24750b9ad5ef | 2075 | * Compression/decompression functions |
Christopher Haster |
1:24750b9ad5ef | 2076 | */ |
Christopher Haster |
1:24750b9ad5ef | 2077 | static int ssl_compress_buf( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 2078 | { |
Christopher Haster |
1:24750b9ad5ef | 2079 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 2080 | unsigned char *msg_post = ssl->out_msg; |
Christopher Haster |
1:24750b9ad5ef | 2081 | size_t len_pre = ssl->out_msglen; |
Christopher Haster |
1:24750b9ad5ef | 2082 | unsigned char *msg_pre = ssl->compress_buf; |
Christopher Haster |
1:24750b9ad5ef | 2083 | |
Christopher Haster |
1:24750b9ad5ef | 2084 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> compress buf" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2085 | |
Christopher Haster |
1:24750b9ad5ef | 2086 | if( len_pre == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2087 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2088 | |
Christopher Haster |
1:24750b9ad5ef | 2089 | memcpy( msg_pre, ssl->out_msg, len_pre ); |
Christopher Haster |
1:24750b9ad5ef | 2090 | |
Christopher Haster |
1:24750b9ad5ef | 2091 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ", |
Christopher Haster |
1:24750b9ad5ef | 2092 | ssl->out_msglen ) ); |
Christopher Haster |
1:24750b9ad5ef | 2093 | |
Christopher Haster |
1:24750b9ad5ef | 2094 | MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload", |
Christopher Haster |
1:24750b9ad5ef | 2095 | ssl->out_msg, ssl->out_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 2096 | |
Christopher Haster |
1:24750b9ad5ef | 2097 | ssl->transform_out->ctx_deflate.next_in = msg_pre; |
Christopher Haster |
1:24750b9ad5ef | 2098 | ssl->transform_out->ctx_deflate.avail_in = len_pre; |
Christopher Haster |
1:24750b9ad5ef | 2099 | ssl->transform_out->ctx_deflate.next_out = msg_post; |
Christopher Haster |
1:24750b9ad5ef | 2100 | ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN; |
Christopher Haster |
1:24750b9ad5ef | 2101 | |
Christopher Haster |
1:24750b9ad5ef | 2102 | ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH ); |
Christopher Haster |
1:24750b9ad5ef | 2103 | if( ret != Z_OK ) |
Christopher Haster |
1:24750b9ad5ef | 2104 | { |
Christopher Haster |
1:24750b9ad5ef | 2105 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) ); |
Christopher Haster |
1:24750b9ad5ef | 2106 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 2107 | } |
Christopher Haster |
1:24750b9ad5ef | 2108 | |
Christopher Haster |
1:24750b9ad5ef | 2109 | ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN - |
Christopher Haster |
1:24750b9ad5ef | 2110 | ssl->transform_out->ctx_deflate.avail_out; |
Christopher Haster |
1:24750b9ad5ef | 2111 | |
Christopher Haster |
1:24750b9ad5ef | 2112 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ", |
Christopher Haster |
1:24750b9ad5ef | 2113 | ssl->out_msglen ) ); |
Christopher Haster |
1:24750b9ad5ef | 2114 | |
Christopher Haster |
1:24750b9ad5ef | 2115 | MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload", |
Christopher Haster |
1:24750b9ad5ef | 2116 | ssl->out_msg, ssl->out_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 2117 | |
Christopher Haster |
1:24750b9ad5ef | 2118 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= compress buf" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2119 | |
Christopher Haster |
1:24750b9ad5ef | 2120 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2121 | } |
Christopher Haster |
1:24750b9ad5ef | 2122 | |
Christopher Haster |
1:24750b9ad5ef | 2123 | static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 2124 | { |
Christopher Haster |
1:24750b9ad5ef | 2125 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 2126 | unsigned char *msg_post = ssl->in_msg; |
Christopher Haster |
1:24750b9ad5ef | 2127 | size_t len_pre = ssl->in_msglen; |
Christopher Haster |
1:24750b9ad5ef | 2128 | unsigned char *msg_pre = ssl->compress_buf; |
Christopher Haster |
1:24750b9ad5ef | 2129 | |
Christopher Haster |
1:24750b9ad5ef | 2130 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2131 | |
Christopher Haster |
1:24750b9ad5ef | 2132 | if( len_pre == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2133 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2134 | |
Christopher Haster |
1:24750b9ad5ef | 2135 | memcpy( msg_pre, ssl->in_msg, len_pre ); |
Christopher Haster |
1:24750b9ad5ef | 2136 | |
Christopher Haster |
1:24750b9ad5ef | 2137 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ", |
Christopher Haster |
1:24750b9ad5ef | 2138 | ssl->in_msglen ) ); |
Christopher Haster |
1:24750b9ad5ef | 2139 | |
Christopher Haster |
1:24750b9ad5ef | 2140 | MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload", |
Christopher Haster |
1:24750b9ad5ef | 2141 | ssl->in_msg, ssl->in_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 2142 | |
Christopher Haster |
1:24750b9ad5ef | 2143 | ssl->transform_in->ctx_inflate.next_in = msg_pre; |
Christopher Haster |
1:24750b9ad5ef | 2144 | ssl->transform_in->ctx_inflate.avail_in = len_pre; |
Christopher Haster |
1:24750b9ad5ef | 2145 | ssl->transform_in->ctx_inflate.next_out = msg_post; |
Christopher Haster |
1:24750b9ad5ef | 2146 | ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_MAX_CONTENT_LEN; |
Christopher Haster |
1:24750b9ad5ef | 2147 | |
Christopher Haster |
1:24750b9ad5ef | 2148 | ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); |
Christopher Haster |
1:24750b9ad5ef | 2149 | if( ret != Z_OK ) |
Christopher Haster |
1:24750b9ad5ef | 2150 | { |
Christopher Haster |
1:24750b9ad5ef | 2151 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) ); |
Christopher Haster |
1:24750b9ad5ef | 2152 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 2153 | } |
Christopher Haster |
1:24750b9ad5ef | 2154 | |
Christopher Haster |
1:24750b9ad5ef | 2155 | ssl->in_msglen = MBEDTLS_SSL_MAX_CONTENT_LEN - |
Christopher Haster |
1:24750b9ad5ef | 2156 | ssl->transform_in->ctx_inflate.avail_out; |
Christopher Haster |
1:24750b9ad5ef | 2157 | |
Christopher Haster |
1:24750b9ad5ef | 2158 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", |
Christopher Haster |
1:24750b9ad5ef | 2159 | ssl->in_msglen ) ); |
Christopher Haster |
1:24750b9ad5ef | 2160 | |
Christopher Haster |
1:24750b9ad5ef | 2161 | MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload", |
Christopher Haster |
1:24750b9ad5ef | 2162 | ssl->in_msg, ssl->in_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 2163 | |
Christopher Haster |
1:24750b9ad5ef | 2164 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2165 | |
Christopher Haster |
1:24750b9ad5ef | 2166 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2167 | } |
Christopher Haster |
1:24750b9ad5ef | 2168 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
Christopher Haster |
1:24750b9ad5ef | 2169 | |
Christopher Haster |
1:24750b9ad5ef | 2170 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 2171 | static int ssl_write_hello_request( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 2172 | |
Christopher Haster |
1:24750b9ad5ef | 2173 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 2174 | static int ssl_resend_hello_request( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 2175 | { |
Christopher Haster |
1:24750b9ad5ef | 2176 | /* If renegotiation is not enforced, retransmit until we would reach max |
Christopher Haster |
1:24750b9ad5ef | 2177 | * timeout if we were using the usual handshake doubling scheme */ |
Christopher Haster |
1:24750b9ad5ef | 2178 | if( ssl->conf->renego_max_records < 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2179 | { |
Christopher Haster |
1:24750b9ad5ef | 2180 | uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; |
Christopher Haster |
1:24750b9ad5ef | 2181 | unsigned char doublings = 1; |
Christopher Haster |
1:24750b9ad5ef | 2182 | |
Christopher Haster |
1:24750b9ad5ef | 2183 | while( ratio != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2184 | { |
Christopher Haster |
1:24750b9ad5ef | 2185 | ++doublings; |
Christopher Haster |
1:24750b9ad5ef | 2186 | ratio >>= 1; |
Christopher Haster |
1:24750b9ad5ef | 2187 | } |
Christopher Haster |
1:24750b9ad5ef | 2188 | |
Christopher Haster |
1:24750b9ad5ef | 2189 | if( ++ssl->renego_records_seen > doublings ) |
Christopher Haster |
1:24750b9ad5ef | 2190 | { |
Christopher Haster |
1:24750b9ad5ef | 2191 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2192 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2193 | } |
Christopher Haster |
1:24750b9ad5ef | 2194 | } |
Christopher Haster |
1:24750b9ad5ef | 2195 | |
Christopher Haster |
1:24750b9ad5ef | 2196 | return( ssl_write_hello_request( ssl ) ); |
Christopher Haster |
1:24750b9ad5ef | 2197 | } |
Christopher Haster |
1:24750b9ad5ef | 2198 | #endif |
Christopher Haster |
1:24750b9ad5ef | 2199 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
Christopher Haster |
1:24750b9ad5ef | 2200 | |
Christopher Haster |
1:24750b9ad5ef | 2201 | /* |
Christopher Haster |
1:24750b9ad5ef | 2202 | * Fill the input message buffer by appending data to it. |
Christopher Haster |
1:24750b9ad5ef | 2203 | * The amount of data already fetched is in ssl->in_left. |
Christopher Haster |
1:24750b9ad5ef | 2204 | * |
Christopher Haster |
1:24750b9ad5ef | 2205 | * If we return 0, is it guaranteed that (at least) nb_want bytes are |
Christopher Haster |
1:24750b9ad5ef | 2206 | * available (from this read and/or a previous one). Otherwise, an error code |
Christopher Haster |
1:24750b9ad5ef | 2207 | * is returned (possibly EOF or WANT_READ). |
Christopher Haster |
1:24750b9ad5ef | 2208 | * |
Christopher Haster |
1:24750b9ad5ef | 2209 | * With stream transport (TLS) on success ssl->in_left == nb_want, but |
Christopher Haster |
1:24750b9ad5ef | 2210 | * with datagram transport (DTLS) on success ssl->in_left >= nb_want, |
Christopher Haster |
1:24750b9ad5ef | 2211 | * since we always read a whole datagram at once. |
Christopher Haster |
1:24750b9ad5ef | 2212 | * |
Christopher Haster |
1:24750b9ad5ef | 2213 | * For DTLS, it is up to the caller to set ssl->next_record_offset when |
Christopher Haster |
1:24750b9ad5ef | 2214 | * they're done reading a record. |
Christopher Haster |
1:24750b9ad5ef | 2215 | */ |
Christopher Haster |
1:24750b9ad5ef | 2216 | int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) |
Christopher Haster |
1:24750b9ad5ef | 2217 | { |
Christopher Haster |
1:24750b9ad5ef | 2218 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 2219 | size_t len; |
Christopher Haster |
1:24750b9ad5ef | 2220 | |
Christopher Haster |
1:24750b9ad5ef | 2221 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2222 | |
Christopher Haster |
1:24750b9ad5ef | 2223 | if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2224 | { |
Christopher Haster |
1:24750b9ad5ef | 2225 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " |
Christopher Haster |
1:24750b9ad5ef | 2226 | "or mbedtls_ssl_set_bio()" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2227 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 2228 | } |
Christopher Haster |
1:24750b9ad5ef | 2229 | |
Christopher Haster |
1:24750b9ad5ef | 2230 | if( nb_want > MBEDTLS_SSL_BUFFER_LEN - (size_t)( ssl->in_hdr - ssl->in_buf ) ) |
Christopher Haster |
1:24750b9ad5ef | 2231 | { |
Christopher Haster |
1:24750b9ad5ef | 2232 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2233 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 2234 | } |
Christopher Haster |
1:24750b9ad5ef | 2235 | |
Christopher Haster |
1:24750b9ad5ef | 2236 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 2237 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 2238 | { |
Christopher Haster |
1:24750b9ad5ef | 2239 | uint32_t timeout; |
Christopher Haster |
1:24750b9ad5ef | 2240 | |
Christopher Haster |
1:24750b9ad5ef | 2241 | /* Just to be sure */ |
Christopher Haster |
1:24750b9ad5ef | 2242 | if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2243 | { |
Christopher Haster |
1:24750b9ad5ef | 2244 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use " |
Christopher Haster |
1:24750b9ad5ef | 2245 | "mbedtls_ssl_set_timer_cb() for DTLS" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2246 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 2247 | } |
Christopher Haster |
1:24750b9ad5ef | 2248 | |
Christopher Haster |
1:24750b9ad5ef | 2249 | /* |
Christopher Haster |
1:24750b9ad5ef | 2250 | * The point is, we need to always read a full datagram at once, so we |
Christopher Haster |
1:24750b9ad5ef | 2251 | * sometimes read more then requested, and handle the additional data. |
Christopher Haster |
1:24750b9ad5ef | 2252 | * It could be the rest of the current record (while fetching the |
Christopher Haster |
1:24750b9ad5ef | 2253 | * header) and/or some other records in the same datagram. |
Christopher Haster |
1:24750b9ad5ef | 2254 | */ |
Christopher Haster |
1:24750b9ad5ef | 2255 | |
Christopher Haster |
1:24750b9ad5ef | 2256 | /* |
Christopher Haster |
1:24750b9ad5ef | 2257 | * Move to the next record in the already read datagram if applicable |
Christopher Haster |
1:24750b9ad5ef | 2258 | */ |
Christopher Haster |
1:24750b9ad5ef | 2259 | if( ssl->next_record_offset != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2260 | { |
Christopher Haster |
1:24750b9ad5ef | 2261 | if( ssl->in_left < ssl->next_record_offset ) |
Christopher Haster |
1:24750b9ad5ef | 2262 | { |
Christopher Haster |
1:24750b9ad5ef | 2263 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2264 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 2265 | } |
Christopher Haster |
1:24750b9ad5ef | 2266 | |
Christopher Haster |
1:24750b9ad5ef | 2267 | ssl->in_left -= ssl->next_record_offset; |
Christopher Haster |
1:24750b9ad5ef | 2268 | |
Christopher Haster |
1:24750b9ad5ef | 2269 | if( ssl->in_left != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2270 | { |
Christopher Haster |
1:24750b9ad5ef | 2271 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d", |
Christopher Haster |
1:24750b9ad5ef | 2272 | ssl->next_record_offset ) ); |
Christopher Haster |
1:24750b9ad5ef | 2273 | memmove( ssl->in_hdr, |
Christopher Haster |
1:24750b9ad5ef | 2274 | ssl->in_hdr + ssl->next_record_offset, |
Christopher Haster |
1:24750b9ad5ef | 2275 | ssl->in_left ); |
Christopher Haster |
1:24750b9ad5ef | 2276 | } |
Christopher Haster |
1:24750b9ad5ef | 2277 | |
Christopher Haster |
1:24750b9ad5ef | 2278 | ssl->next_record_offset = 0; |
Christopher Haster |
1:24750b9ad5ef | 2279 | } |
Christopher Haster |
1:24750b9ad5ef | 2280 | |
Christopher Haster |
1:24750b9ad5ef | 2281 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
Christopher Haster |
1:24750b9ad5ef | 2282 | ssl->in_left, nb_want ) ); |
Christopher Haster |
1:24750b9ad5ef | 2283 | |
Christopher Haster |
1:24750b9ad5ef | 2284 | /* |
Christopher Haster |
1:24750b9ad5ef | 2285 | * Done if we already have enough data. |
Christopher Haster |
1:24750b9ad5ef | 2286 | */ |
Christopher Haster |
1:24750b9ad5ef | 2287 | if( nb_want <= ssl->in_left) |
Christopher Haster |
1:24750b9ad5ef | 2288 | { |
Christopher Haster |
1:24750b9ad5ef | 2289 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2290 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2291 | } |
Christopher Haster |
1:24750b9ad5ef | 2292 | |
Christopher Haster |
1:24750b9ad5ef | 2293 | /* |
Christopher Haster |
1:24750b9ad5ef | 2294 | * A record can't be split accross datagrams. If we need to read but |
Christopher Haster |
1:24750b9ad5ef | 2295 | * are not at the beginning of a new record, the caller did something |
Christopher Haster |
1:24750b9ad5ef | 2296 | * wrong. |
Christopher Haster |
1:24750b9ad5ef | 2297 | */ |
Christopher Haster |
1:24750b9ad5ef | 2298 | if( ssl->in_left != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2299 | { |
Christopher Haster |
1:24750b9ad5ef | 2300 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2301 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 2302 | } |
Christopher Haster |
1:24750b9ad5ef | 2303 | |
Christopher Haster |
1:24750b9ad5ef | 2304 | /* |
Christopher Haster |
1:24750b9ad5ef | 2305 | * Don't even try to read if time's out already. |
Christopher Haster |
1:24750b9ad5ef | 2306 | * This avoids by-passing the timer when repeatedly receiving messages |
Christopher Haster |
1:24750b9ad5ef | 2307 | * that will end up being dropped. |
Christopher Haster |
1:24750b9ad5ef | 2308 | */ |
Christopher Haster |
1:24750b9ad5ef | 2309 | if( ssl_check_timer( ssl ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2310 | ret = MBEDTLS_ERR_SSL_TIMEOUT; |
Christopher Haster |
1:24750b9ad5ef | 2311 | else |
Christopher Haster |
1:24750b9ad5ef | 2312 | { |
Christopher Haster |
1:24750b9ad5ef | 2313 | len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf ); |
Christopher Haster |
1:24750b9ad5ef | 2314 | |
Christopher Haster |
1:24750b9ad5ef | 2315 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
Christopher Haster |
1:24750b9ad5ef | 2316 | timeout = ssl->handshake->retransmit_timeout; |
Christopher Haster |
1:24750b9ad5ef | 2317 | else |
Christopher Haster |
1:24750b9ad5ef | 2318 | timeout = ssl->conf->read_timeout; |
Christopher Haster |
1:24750b9ad5ef | 2319 | |
Christopher Haster |
1:24750b9ad5ef | 2320 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) ); |
Christopher Haster |
1:24750b9ad5ef | 2321 | |
Christopher Haster |
1:24750b9ad5ef | 2322 | if( ssl->f_recv_timeout != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2323 | ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len, |
Christopher Haster |
1:24750b9ad5ef | 2324 | timeout ); |
Christopher Haster |
1:24750b9ad5ef | 2325 | else |
Christopher Haster |
1:24750b9ad5ef | 2326 | ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len ); |
Christopher Haster |
1:24750b9ad5ef | 2327 | |
Christopher Haster |
1:24750b9ad5ef | 2328 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); |
Christopher Haster |
1:24750b9ad5ef | 2329 | |
Christopher Haster |
1:24750b9ad5ef | 2330 | if( ret == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2331 | return( MBEDTLS_ERR_SSL_CONN_EOF ); |
Christopher Haster |
1:24750b9ad5ef | 2332 | } |
Christopher Haster |
1:24750b9ad5ef | 2333 | |
Christopher Haster |
1:24750b9ad5ef | 2334 | if( ret == MBEDTLS_ERR_SSL_TIMEOUT ) |
Christopher Haster |
1:24750b9ad5ef | 2335 | { |
Christopher Haster |
1:24750b9ad5ef | 2336 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2337 | ssl_set_timer( ssl, 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2338 | |
Christopher Haster |
1:24750b9ad5ef | 2339 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
Christopher Haster |
1:24750b9ad5ef | 2340 | { |
Christopher Haster |
1:24750b9ad5ef | 2341 | if( ssl_double_retransmit_timeout( ssl ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2342 | { |
Christopher Haster |
1:24750b9ad5ef | 2343 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2344 | return( MBEDTLS_ERR_SSL_TIMEOUT ); |
Christopher Haster |
1:24750b9ad5ef | 2345 | } |
Christopher Haster |
1:24750b9ad5ef | 2346 | |
Christopher Haster |
1:24750b9ad5ef | 2347 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2348 | { |
Christopher Haster |
1:24750b9ad5ef | 2349 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
Christopher Haster |
1:24750b9ad5ef | 2350 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 2351 | } |
Christopher Haster |
1:24750b9ad5ef | 2352 | |
Christopher Haster |
1:24750b9ad5ef | 2353 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
Christopher Haster |
1:24750b9ad5ef | 2354 | } |
Christopher Haster |
1:24750b9ad5ef | 2355 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 2356 | else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
Christopher Haster |
1:24750b9ad5ef | 2357 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
Christopher Haster |
1:24750b9ad5ef | 2358 | { |
Christopher Haster |
1:24750b9ad5ef | 2359 | if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2360 | { |
Christopher Haster |
1:24750b9ad5ef | 2361 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret ); |
Christopher Haster |
1:24750b9ad5ef | 2362 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 2363 | } |
Christopher Haster |
1:24750b9ad5ef | 2364 | |
Christopher Haster |
1:24750b9ad5ef | 2365 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
Christopher Haster |
1:24750b9ad5ef | 2366 | } |
Christopher Haster |
1:24750b9ad5ef | 2367 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
Christopher Haster |
1:24750b9ad5ef | 2368 | } |
Christopher Haster |
1:24750b9ad5ef | 2369 | |
Christopher Haster |
1:24750b9ad5ef | 2370 | if( ret < 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2371 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 2372 | |
Christopher Haster |
1:24750b9ad5ef | 2373 | ssl->in_left = ret; |
Christopher Haster |
1:24750b9ad5ef | 2374 | } |
Christopher Haster |
1:24750b9ad5ef | 2375 | else |
Christopher Haster |
1:24750b9ad5ef | 2376 | #endif |
Christopher Haster |
1:24750b9ad5ef | 2377 | { |
Christopher Haster |
1:24750b9ad5ef | 2378 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
Christopher Haster |
1:24750b9ad5ef | 2379 | ssl->in_left, nb_want ) ); |
Christopher Haster |
1:24750b9ad5ef | 2380 | |
Christopher Haster |
1:24750b9ad5ef | 2381 | while( ssl->in_left < nb_want ) |
Christopher Haster |
1:24750b9ad5ef | 2382 | { |
Christopher Haster |
1:24750b9ad5ef | 2383 | len = nb_want - ssl->in_left; |
Christopher Haster |
1:24750b9ad5ef | 2384 | |
Christopher Haster |
1:24750b9ad5ef | 2385 | if( ssl_check_timer( ssl ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2386 | ret = MBEDTLS_ERR_SSL_TIMEOUT; |
Christopher Haster |
1:24750b9ad5ef | 2387 | else |
Christopher Haster |
1:24750b9ad5ef | 2388 | { |
Christopher Haster |
1:24750b9ad5ef | 2389 | if( ssl->f_recv_timeout != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2390 | { |
Christopher Haster |
1:24750b9ad5ef | 2391 | ret = ssl->f_recv_timeout( ssl->p_bio, |
Christopher Haster |
1:24750b9ad5ef | 2392 | ssl->in_hdr + ssl->in_left, len, |
Christopher Haster |
1:24750b9ad5ef | 2393 | ssl->conf->read_timeout ); |
Christopher Haster |
1:24750b9ad5ef | 2394 | } |
Christopher Haster |
1:24750b9ad5ef | 2395 | else |
Christopher Haster |
1:24750b9ad5ef | 2396 | { |
Christopher Haster |
1:24750b9ad5ef | 2397 | ret = ssl->f_recv( ssl->p_bio, |
Christopher Haster |
1:24750b9ad5ef | 2398 | ssl->in_hdr + ssl->in_left, len ); |
Christopher Haster |
1:24750b9ad5ef | 2399 | } |
Christopher Haster |
1:24750b9ad5ef | 2400 | } |
Christopher Haster |
1:24750b9ad5ef | 2401 | |
Christopher Haster |
1:24750b9ad5ef | 2402 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
Christopher Haster |
1:24750b9ad5ef | 2403 | ssl->in_left, nb_want ) ); |
Christopher Haster |
1:24750b9ad5ef | 2404 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); |
Christopher Haster |
1:24750b9ad5ef | 2405 | |
Christopher Haster |
1:24750b9ad5ef | 2406 | if( ret == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2407 | return( MBEDTLS_ERR_SSL_CONN_EOF ); |
Christopher Haster |
1:24750b9ad5ef | 2408 | |
Christopher Haster |
1:24750b9ad5ef | 2409 | if( ret < 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2410 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 2411 | |
Christopher Haster |
1:24750b9ad5ef | 2412 | ssl->in_left += ret; |
Christopher Haster |
1:24750b9ad5ef | 2413 | } |
Christopher Haster |
1:24750b9ad5ef | 2414 | } |
Christopher Haster |
1:24750b9ad5ef | 2415 | |
Christopher Haster |
1:24750b9ad5ef | 2416 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2417 | |
Christopher Haster |
1:24750b9ad5ef | 2418 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2419 | } |
Christopher Haster |
1:24750b9ad5ef | 2420 | |
Christopher Haster |
1:24750b9ad5ef | 2421 | /* |
Christopher Haster |
1:24750b9ad5ef | 2422 | * Flush any data not yet written |
Christopher Haster |
1:24750b9ad5ef | 2423 | */ |
Christopher Haster |
1:24750b9ad5ef | 2424 | int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 2425 | { |
Christopher Haster |
1:24750b9ad5ef | 2426 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 2427 | unsigned char *buf, i; |
Christopher Haster |
1:24750b9ad5ef | 2428 | |
Christopher Haster |
1:24750b9ad5ef | 2429 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2430 | |
Christopher Haster |
1:24750b9ad5ef | 2431 | if( ssl->f_send == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2432 | { |
Christopher Haster |
1:24750b9ad5ef | 2433 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " |
Christopher Haster |
1:24750b9ad5ef | 2434 | "or mbedtls_ssl_set_bio()" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2435 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 2436 | } |
Christopher Haster |
1:24750b9ad5ef | 2437 | |
Christopher Haster |
1:24750b9ad5ef | 2438 | /* Avoid incrementing counter if data is flushed */ |
Christopher Haster |
1:24750b9ad5ef | 2439 | if( ssl->out_left == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2440 | { |
Christopher Haster |
1:24750b9ad5ef | 2441 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2442 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2443 | } |
Christopher Haster |
1:24750b9ad5ef | 2444 | |
Christopher Haster |
1:24750b9ad5ef | 2445 | while( ssl->out_left > 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2446 | { |
Christopher Haster |
1:24750b9ad5ef | 2447 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d", |
Christopher Haster |
1:24750b9ad5ef | 2448 | mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) ); |
Christopher Haster |
1:24750b9ad5ef | 2449 | |
Christopher Haster |
1:24750b9ad5ef | 2450 | buf = ssl->out_hdr + mbedtls_ssl_hdr_len( ssl ) + |
Christopher Haster |
1:24750b9ad5ef | 2451 | ssl->out_msglen - ssl->out_left; |
Christopher Haster |
1:24750b9ad5ef | 2452 | ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left ); |
Christopher Haster |
1:24750b9ad5ef | 2453 | |
Christopher Haster |
1:24750b9ad5ef | 2454 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret ); |
Christopher Haster |
1:24750b9ad5ef | 2455 | |
Christopher Haster |
1:24750b9ad5ef | 2456 | if( ret <= 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2457 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 2458 | |
Christopher Haster |
1:24750b9ad5ef | 2459 | ssl->out_left -= ret; |
Christopher Haster |
1:24750b9ad5ef | 2460 | } |
Christopher Haster |
1:24750b9ad5ef | 2461 | |
Christopher Haster |
1:24750b9ad5ef | 2462 | for( i = 8; i > ssl_ep_len( ssl ); i-- ) |
Christopher Haster |
1:24750b9ad5ef | 2463 | if( ++ssl->out_ctr[i - 1] != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2464 | break; |
Christopher Haster |
1:24750b9ad5ef | 2465 | |
Christopher Haster |
1:24750b9ad5ef | 2466 | /* The loop goes to its end iff the counter is wrapping */ |
Christopher Haster |
1:24750b9ad5ef | 2467 | if( i == ssl_ep_len( ssl ) ) |
Christopher Haster |
1:24750b9ad5ef | 2468 | { |
Christopher Haster |
1:24750b9ad5ef | 2469 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2470 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
Christopher Haster |
1:24750b9ad5ef | 2471 | } |
Christopher Haster |
1:24750b9ad5ef | 2472 | |
Christopher Haster |
1:24750b9ad5ef | 2473 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2474 | |
Christopher Haster |
1:24750b9ad5ef | 2475 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2476 | } |
Christopher Haster |
1:24750b9ad5ef | 2477 | |
Christopher Haster |
1:24750b9ad5ef | 2478 | /* |
Christopher Haster |
1:24750b9ad5ef | 2479 | * Functions to handle the DTLS retransmission state machine |
Christopher Haster |
1:24750b9ad5ef | 2480 | */ |
Christopher Haster |
1:24750b9ad5ef | 2481 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 2482 | /* |
Christopher Haster |
1:24750b9ad5ef | 2483 | * Append current handshake message to current outgoing flight |
Christopher Haster |
1:24750b9ad5ef | 2484 | */ |
Christopher Haster |
1:24750b9ad5ef | 2485 | static int ssl_flight_append( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 2486 | { |
Christopher Haster |
1:24750b9ad5ef | 2487 | mbedtls_ssl_flight_item *msg; |
Christopher Haster |
1:24750b9ad5ef | 2488 | |
Christopher Haster |
1:24750b9ad5ef | 2489 | /* Allocate space for current message */ |
Christopher Haster |
1:24750b9ad5ef | 2490 | if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2491 | { |
Christopher Haster |
1:24750b9ad5ef | 2492 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", |
Christopher Haster |
1:24750b9ad5ef | 2493 | sizeof( mbedtls_ssl_flight_item ) ) ); |
Christopher Haster |
1:24750b9ad5ef | 2494 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 2495 | } |
Christopher Haster |
1:24750b9ad5ef | 2496 | |
Christopher Haster |
1:24750b9ad5ef | 2497 | if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2498 | { |
Christopher Haster |
1:24750b9ad5ef | 2499 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) ); |
Christopher Haster |
1:24750b9ad5ef | 2500 | mbedtls_free( msg ); |
Christopher Haster |
1:24750b9ad5ef | 2501 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 2502 | } |
Christopher Haster |
1:24750b9ad5ef | 2503 | |
Christopher Haster |
1:24750b9ad5ef | 2504 | /* Copy current handshake message with headers */ |
Christopher Haster |
1:24750b9ad5ef | 2505 | memcpy( msg->p, ssl->out_msg, ssl->out_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 2506 | msg->len = ssl->out_msglen; |
Christopher Haster |
1:24750b9ad5ef | 2507 | msg->type = ssl->out_msgtype; |
Christopher Haster |
1:24750b9ad5ef | 2508 | msg->next = NULL; |
Christopher Haster |
1:24750b9ad5ef | 2509 | |
Christopher Haster |
1:24750b9ad5ef | 2510 | /* Append to the current flight */ |
Christopher Haster |
1:24750b9ad5ef | 2511 | if( ssl->handshake->flight == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2512 | ssl->handshake->flight = msg; |
Christopher Haster |
1:24750b9ad5ef | 2513 | else |
Christopher Haster |
1:24750b9ad5ef | 2514 | { |
Christopher Haster |
1:24750b9ad5ef | 2515 | mbedtls_ssl_flight_item *cur = ssl->handshake->flight; |
Christopher Haster |
1:24750b9ad5ef | 2516 | while( cur->next != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2517 | cur = cur->next; |
Christopher Haster |
1:24750b9ad5ef | 2518 | cur->next = msg; |
Christopher Haster |
1:24750b9ad5ef | 2519 | } |
Christopher Haster |
1:24750b9ad5ef | 2520 | |
Christopher Haster |
1:24750b9ad5ef | 2521 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2522 | } |
Christopher Haster |
1:24750b9ad5ef | 2523 | |
Christopher Haster |
1:24750b9ad5ef | 2524 | /* |
Christopher Haster |
1:24750b9ad5ef | 2525 | * Free the current flight of handshake messages |
Christopher Haster |
1:24750b9ad5ef | 2526 | */ |
Christopher Haster |
1:24750b9ad5ef | 2527 | static void ssl_flight_free( mbedtls_ssl_flight_item *flight ) |
Christopher Haster |
1:24750b9ad5ef | 2528 | { |
Christopher Haster |
1:24750b9ad5ef | 2529 | mbedtls_ssl_flight_item *cur = flight; |
Christopher Haster |
1:24750b9ad5ef | 2530 | mbedtls_ssl_flight_item *next; |
Christopher Haster |
1:24750b9ad5ef | 2531 | |
Christopher Haster |
1:24750b9ad5ef | 2532 | while( cur != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2533 | { |
Christopher Haster |
1:24750b9ad5ef | 2534 | next = cur->next; |
Christopher Haster |
1:24750b9ad5ef | 2535 | |
Christopher Haster |
1:24750b9ad5ef | 2536 | mbedtls_free( cur->p ); |
Christopher Haster |
1:24750b9ad5ef | 2537 | mbedtls_free( cur ); |
Christopher Haster |
1:24750b9ad5ef | 2538 | |
Christopher Haster |
1:24750b9ad5ef | 2539 | cur = next; |
Christopher Haster |
1:24750b9ad5ef | 2540 | } |
Christopher Haster |
1:24750b9ad5ef | 2541 | } |
Christopher Haster |
1:24750b9ad5ef | 2542 | |
Christopher Haster |
1:24750b9ad5ef | 2543 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
Christopher Haster |
1:24750b9ad5ef | 2544 | static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 2545 | #endif |
Christopher Haster |
1:24750b9ad5ef | 2546 | |
Christopher Haster |
1:24750b9ad5ef | 2547 | /* |
Christopher Haster |
1:24750b9ad5ef | 2548 | * Swap transform_out and out_ctr with the alternative ones |
Christopher Haster |
1:24750b9ad5ef | 2549 | */ |
Christopher Haster |
1:24750b9ad5ef | 2550 | static void ssl_swap_epochs( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 2551 | { |
Christopher Haster |
1:24750b9ad5ef | 2552 | mbedtls_ssl_transform *tmp_transform; |
Christopher Haster |
1:24750b9ad5ef | 2553 | unsigned char tmp_out_ctr[8]; |
Christopher Haster |
1:24750b9ad5ef | 2554 | |
Christopher Haster |
1:24750b9ad5ef | 2555 | if( ssl->transform_out == ssl->handshake->alt_transform_out ) |
Christopher Haster |
1:24750b9ad5ef | 2556 | { |
Christopher Haster |
1:24750b9ad5ef | 2557 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2558 | return; |
Christopher Haster |
1:24750b9ad5ef | 2559 | } |
Christopher Haster |
1:24750b9ad5ef | 2560 | |
Christopher Haster |
1:24750b9ad5ef | 2561 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2562 | |
Christopher Haster |
1:24750b9ad5ef | 2563 | /* Swap transforms */ |
Christopher Haster |
1:24750b9ad5ef | 2564 | tmp_transform = ssl->transform_out; |
Christopher Haster |
1:24750b9ad5ef | 2565 | ssl->transform_out = ssl->handshake->alt_transform_out; |
Christopher Haster |
1:24750b9ad5ef | 2566 | ssl->handshake->alt_transform_out = tmp_transform; |
Christopher Haster |
1:24750b9ad5ef | 2567 | |
Christopher Haster |
1:24750b9ad5ef | 2568 | /* Swap epoch + sequence_number */ |
Christopher Haster |
1:24750b9ad5ef | 2569 | memcpy( tmp_out_ctr, ssl->out_ctr, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 2570 | memcpy( ssl->out_ctr, ssl->handshake->alt_out_ctr, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 2571 | memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 2572 | |
Christopher Haster |
1:24750b9ad5ef | 2573 | /* Adjust to the newly activated transform */ |
Christopher Haster |
1:24750b9ad5ef | 2574 | if( ssl->transform_out != NULL && |
Christopher Haster |
1:24750b9ad5ef | 2575 | ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
Christopher Haster |
1:24750b9ad5ef | 2576 | { |
Christopher Haster |
1:24750b9ad5ef | 2577 | ssl->out_msg = ssl->out_iv + ssl->transform_out->ivlen - |
Christopher Haster |
1:24750b9ad5ef | 2578 | ssl->transform_out->fixed_ivlen; |
Christopher Haster |
1:24750b9ad5ef | 2579 | } |
Christopher Haster |
1:24750b9ad5ef | 2580 | else |
Christopher Haster |
1:24750b9ad5ef | 2581 | ssl->out_msg = ssl->out_iv; |
Christopher Haster |
1:24750b9ad5ef | 2582 | |
Christopher Haster |
1:24750b9ad5ef | 2583 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
Christopher Haster |
1:24750b9ad5ef | 2584 | if( mbedtls_ssl_hw_record_activate != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2585 | { |
Christopher Haster |
1:24750b9ad5ef | 2586 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2587 | { |
Christopher Haster |
1:24750b9ad5ef | 2588 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
Christopher Haster |
1:24750b9ad5ef | 2589 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 2590 | } |
Christopher Haster |
1:24750b9ad5ef | 2591 | } |
Christopher Haster |
1:24750b9ad5ef | 2592 | #endif |
Christopher Haster |
1:24750b9ad5ef | 2593 | } |
Christopher Haster |
1:24750b9ad5ef | 2594 | |
Christopher Haster |
1:24750b9ad5ef | 2595 | /* |
Christopher Haster |
1:24750b9ad5ef | 2596 | * Retransmit the current flight of messages. |
Christopher Haster |
1:24750b9ad5ef | 2597 | * |
Christopher Haster |
1:24750b9ad5ef | 2598 | * Need to remember the current message in case flush_output returns |
Christopher Haster |
1:24750b9ad5ef | 2599 | * WANT_WRITE, causing us to exit this function and come back later. |
Christopher Haster |
1:24750b9ad5ef | 2600 | * This function must be called until state is no longer SENDING. |
Christopher Haster |
1:24750b9ad5ef | 2601 | */ |
Christopher Haster |
1:24750b9ad5ef | 2602 | int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 2603 | { |
Christopher Haster |
1:24750b9ad5ef | 2604 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2605 | |
Christopher Haster |
1:24750b9ad5ef | 2606 | if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) |
Christopher Haster |
1:24750b9ad5ef | 2607 | { |
Christopher Haster |
1:24750b9ad5ef | 2608 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise resending" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2609 | |
Christopher Haster |
1:24750b9ad5ef | 2610 | ssl->handshake->cur_msg = ssl->handshake->flight; |
Christopher Haster |
1:24750b9ad5ef | 2611 | ssl_swap_epochs( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 2612 | |
Christopher Haster |
1:24750b9ad5ef | 2613 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; |
Christopher Haster |
1:24750b9ad5ef | 2614 | } |
Christopher Haster |
1:24750b9ad5ef | 2615 | |
Christopher Haster |
1:24750b9ad5ef | 2616 | while( ssl->handshake->cur_msg != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2617 | { |
Christopher Haster |
1:24750b9ad5ef | 2618 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 2619 | mbedtls_ssl_flight_item *cur = ssl->handshake->cur_msg; |
Christopher Haster |
1:24750b9ad5ef | 2620 | |
Christopher Haster |
1:24750b9ad5ef | 2621 | /* Swap epochs before sending Finished: we can't do it after |
Christopher Haster |
1:24750b9ad5ef | 2622 | * sending ChangeCipherSpec, in case write returns WANT_READ. |
Christopher Haster |
1:24750b9ad5ef | 2623 | * Must be done before copying, may change out_msg pointer */ |
Christopher Haster |
1:24750b9ad5ef | 2624 | if( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE && |
Christopher Haster |
1:24750b9ad5ef | 2625 | cur->p[0] == MBEDTLS_SSL_HS_FINISHED ) |
Christopher Haster |
1:24750b9ad5ef | 2626 | { |
Christopher Haster |
1:24750b9ad5ef | 2627 | ssl_swap_epochs( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 2628 | } |
Christopher Haster |
1:24750b9ad5ef | 2629 | |
Christopher Haster |
1:24750b9ad5ef | 2630 | memcpy( ssl->out_msg, cur->p, cur->len ); |
Christopher Haster |
1:24750b9ad5ef | 2631 | ssl->out_msglen = cur->len; |
Christopher Haster |
1:24750b9ad5ef | 2632 | ssl->out_msgtype = cur->type; |
Christopher Haster |
1:24750b9ad5ef | 2633 | |
Christopher Haster |
1:24750b9ad5ef | 2634 | ssl->handshake->cur_msg = cur->next; |
Christopher Haster |
1:24750b9ad5ef | 2635 | |
Christopher Haster |
1:24750b9ad5ef | 2636 | MBEDTLS_SSL_DEBUG_BUF( 3, "resent handshake message header", ssl->out_msg, 12 ); |
Christopher Haster |
1:24750b9ad5ef | 2637 | |
Christopher Haster |
1:24750b9ad5ef | 2638 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2639 | { |
Christopher Haster |
1:24750b9ad5ef | 2640 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
Christopher Haster |
1:24750b9ad5ef | 2641 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 2642 | } |
Christopher Haster |
1:24750b9ad5ef | 2643 | } |
Christopher Haster |
1:24750b9ad5ef | 2644 | |
Christopher Haster |
1:24750b9ad5ef | 2645 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
Christopher Haster |
1:24750b9ad5ef | 2646 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
Christopher Haster |
1:24750b9ad5ef | 2647 | else |
Christopher Haster |
1:24750b9ad5ef | 2648 | { |
Christopher Haster |
1:24750b9ad5ef | 2649 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
Christopher Haster |
1:24750b9ad5ef | 2650 | ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); |
Christopher Haster |
1:24750b9ad5ef | 2651 | } |
Christopher Haster |
1:24750b9ad5ef | 2652 | |
Christopher Haster |
1:24750b9ad5ef | 2653 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2654 | |
Christopher Haster |
1:24750b9ad5ef | 2655 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2656 | } |
Christopher Haster |
1:24750b9ad5ef | 2657 | |
Christopher Haster |
1:24750b9ad5ef | 2658 | /* |
Christopher Haster |
1:24750b9ad5ef | 2659 | * To be called when the last message of an incoming flight is received. |
Christopher Haster |
1:24750b9ad5ef | 2660 | */ |
Christopher Haster |
1:24750b9ad5ef | 2661 | void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 2662 | { |
Christopher Haster |
1:24750b9ad5ef | 2663 | /* We won't need to resend that one any more */ |
Christopher Haster |
1:24750b9ad5ef | 2664 | ssl_flight_free( ssl->handshake->flight ); |
Christopher Haster |
1:24750b9ad5ef | 2665 | ssl->handshake->flight = NULL; |
Christopher Haster |
1:24750b9ad5ef | 2666 | ssl->handshake->cur_msg = NULL; |
Christopher Haster |
1:24750b9ad5ef | 2667 | |
Christopher Haster |
1:24750b9ad5ef | 2668 | /* The next incoming flight will start with this msg_seq */ |
Christopher Haster |
1:24750b9ad5ef | 2669 | ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq; |
Christopher Haster |
1:24750b9ad5ef | 2670 | |
Christopher Haster |
1:24750b9ad5ef | 2671 | /* Cancel timer */ |
Christopher Haster |
1:24750b9ad5ef | 2672 | ssl_set_timer( ssl, 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2673 | |
Christopher Haster |
1:24750b9ad5ef | 2674 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
Christopher Haster |
1:24750b9ad5ef | 2675 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
Christopher Haster |
1:24750b9ad5ef | 2676 | { |
Christopher Haster |
1:24750b9ad5ef | 2677 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
Christopher Haster |
1:24750b9ad5ef | 2678 | } |
Christopher Haster |
1:24750b9ad5ef | 2679 | else |
Christopher Haster |
1:24750b9ad5ef | 2680 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; |
Christopher Haster |
1:24750b9ad5ef | 2681 | } |
Christopher Haster |
1:24750b9ad5ef | 2682 | |
Christopher Haster |
1:24750b9ad5ef | 2683 | /* |
Christopher Haster |
1:24750b9ad5ef | 2684 | * To be called when the last message of an outgoing flight is send. |
Christopher Haster |
1:24750b9ad5ef | 2685 | */ |
Christopher Haster |
1:24750b9ad5ef | 2686 | void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 2687 | { |
Christopher Haster |
1:24750b9ad5ef | 2688 | ssl_reset_retransmit_timeout( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 2689 | ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); |
Christopher Haster |
1:24750b9ad5ef | 2690 | |
Christopher Haster |
1:24750b9ad5ef | 2691 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
Christopher Haster |
1:24750b9ad5ef | 2692 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
Christopher Haster |
1:24750b9ad5ef | 2693 | { |
Christopher Haster |
1:24750b9ad5ef | 2694 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
Christopher Haster |
1:24750b9ad5ef | 2695 | } |
Christopher Haster |
1:24750b9ad5ef | 2696 | else |
Christopher Haster |
1:24750b9ad5ef | 2697 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
Christopher Haster |
1:24750b9ad5ef | 2698 | } |
Christopher Haster |
1:24750b9ad5ef | 2699 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
Christopher Haster |
1:24750b9ad5ef | 2700 | |
Christopher Haster |
1:24750b9ad5ef | 2701 | /* |
Christopher Haster |
1:24750b9ad5ef | 2702 | * Record layer functions |
Christopher Haster |
1:24750b9ad5ef | 2703 | */ |
Christopher Haster |
1:24750b9ad5ef | 2704 | |
Christopher Haster |
1:24750b9ad5ef | 2705 | /* |
Christopher Haster |
1:24750b9ad5ef | 2706 | * Write current record. |
Christopher Haster |
1:24750b9ad5ef | 2707 | * Uses ssl->out_msgtype, ssl->out_msglen and bytes at ssl->out_msg. |
Christopher Haster |
1:24750b9ad5ef | 2708 | */ |
Christopher Haster |
1:24750b9ad5ef | 2709 | int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 2710 | { |
Christopher Haster |
1:24750b9ad5ef | 2711 | int ret, done = 0; |
Christopher Haster |
1:24750b9ad5ef | 2712 | size_t len = ssl->out_msglen; |
Christopher Haster |
1:24750b9ad5ef | 2713 | |
Christopher Haster |
1:24750b9ad5ef | 2714 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2715 | |
Christopher Haster |
1:24750b9ad5ef | 2716 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 2717 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
Christopher Haster |
1:24750b9ad5ef | 2718 | ssl->handshake != NULL && |
Christopher Haster |
1:24750b9ad5ef | 2719 | ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) |
Christopher Haster |
1:24750b9ad5ef | 2720 | { |
Christopher Haster |
1:24750b9ad5ef | 2721 | ; /* Skip special handshake treatment when resending */ |
Christopher Haster |
1:24750b9ad5ef | 2722 | } |
Christopher Haster |
1:24750b9ad5ef | 2723 | else |
Christopher Haster |
1:24750b9ad5ef | 2724 | #endif |
Christopher Haster |
1:24750b9ad5ef | 2725 | if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
Christopher Haster |
1:24750b9ad5ef | 2726 | { |
Christopher Haster |
1:24750b9ad5ef | 2727 | if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST && |
Christopher Haster |
1:24750b9ad5ef | 2728 | ssl->handshake == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2729 | { |
Christopher Haster |
1:24750b9ad5ef | 2730 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2731 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 2732 | } |
Christopher Haster |
1:24750b9ad5ef | 2733 | |
Christopher Haster |
1:24750b9ad5ef | 2734 | ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 ); |
Christopher Haster |
1:24750b9ad5ef | 2735 | ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 2736 | ssl->out_msg[3] = (unsigned char)( ( len - 4 ) ); |
Christopher Haster |
1:24750b9ad5ef | 2737 | |
Christopher Haster |
1:24750b9ad5ef | 2738 | /* |
Christopher Haster |
1:24750b9ad5ef | 2739 | * DTLS has additional fields in the Handshake layer, |
Christopher Haster |
1:24750b9ad5ef | 2740 | * between the length field and the actual payload: |
Christopher Haster |
1:24750b9ad5ef | 2741 | * uint16 message_seq; |
Christopher Haster |
1:24750b9ad5ef | 2742 | * uint24 fragment_offset; |
Christopher Haster |
1:24750b9ad5ef | 2743 | * uint24 fragment_length; |
Christopher Haster |
1:24750b9ad5ef | 2744 | */ |
Christopher Haster |
1:24750b9ad5ef | 2745 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 2746 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 2747 | { |
Christopher Haster |
1:24750b9ad5ef | 2748 | /* Make room for the additional DTLS fields */ |
Christopher Haster |
1:24750b9ad5ef | 2749 | memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 ); |
Christopher Haster |
1:24750b9ad5ef | 2750 | ssl->out_msglen += 8; |
Christopher Haster |
1:24750b9ad5ef | 2751 | len += 8; |
Christopher Haster |
1:24750b9ad5ef | 2752 | |
Christopher Haster |
1:24750b9ad5ef | 2753 | /* Write message_seq and update it, except for HelloRequest */ |
Christopher Haster |
1:24750b9ad5ef | 2754 | if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ) |
Christopher Haster |
1:24750b9ad5ef | 2755 | { |
Christopher Haster |
1:24750b9ad5ef | 2756 | ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; |
Christopher Haster |
1:24750b9ad5ef | 2757 | ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; |
Christopher Haster |
1:24750b9ad5ef | 2758 | ++( ssl->handshake->out_msg_seq ); |
Christopher Haster |
1:24750b9ad5ef | 2759 | } |
Christopher Haster |
1:24750b9ad5ef | 2760 | else |
Christopher Haster |
1:24750b9ad5ef | 2761 | { |
Christopher Haster |
1:24750b9ad5ef | 2762 | ssl->out_msg[4] = 0; |
Christopher Haster |
1:24750b9ad5ef | 2763 | ssl->out_msg[5] = 0; |
Christopher Haster |
1:24750b9ad5ef | 2764 | } |
Christopher Haster |
1:24750b9ad5ef | 2765 | |
Christopher Haster |
1:24750b9ad5ef | 2766 | /* We don't fragment, so frag_offset = 0 and frag_len = len */ |
Christopher Haster |
1:24750b9ad5ef | 2767 | memset( ssl->out_msg + 6, 0x00, 3 ); |
Christopher Haster |
1:24750b9ad5ef | 2768 | memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 ); |
Christopher Haster |
1:24750b9ad5ef | 2769 | } |
Christopher Haster |
1:24750b9ad5ef | 2770 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
Christopher Haster |
1:24750b9ad5ef | 2771 | |
Christopher Haster |
1:24750b9ad5ef | 2772 | if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ) |
Christopher Haster |
1:24750b9ad5ef | 2773 | ssl->handshake->update_checksum( ssl, ssl->out_msg, len ); |
Christopher Haster |
1:24750b9ad5ef | 2774 | } |
Christopher Haster |
1:24750b9ad5ef | 2775 | |
Christopher Haster |
1:24750b9ad5ef | 2776 | /* Save handshake and CCS messages for resending */ |
Christopher Haster |
1:24750b9ad5ef | 2777 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 2778 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
Christopher Haster |
1:24750b9ad5ef | 2779 | ssl->handshake != NULL && |
Christopher Haster |
1:24750b9ad5ef | 2780 | ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING && |
Christopher Haster |
1:24750b9ad5ef | 2781 | ( ssl->out_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC || |
Christopher Haster |
1:24750b9ad5ef | 2782 | ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) ) |
Christopher Haster |
1:24750b9ad5ef | 2783 | { |
Christopher Haster |
1:24750b9ad5ef | 2784 | if( ( ret = ssl_flight_append( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2785 | { |
Christopher Haster |
1:24750b9ad5ef | 2786 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret ); |
Christopher Haster |
1:24750b9ad5ef | 2787 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 2788 | } |
Christopher Haster |
1:24750b9ad5ef | 2789 | } |
Christopher Haster |
1:24750b9ad5ef | 2790 | #endif |
Christopher Haster |
1:24750b9ad5ef | 2791 | |
Christopher Haster |
1:24750b9ad5ef | 2792 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
Christopher Haster |
1:24750b9ad5ef | 2793 | if( ssl->transform_out != NULL && |
Christopher Haster |
1:24750b9ad5ef | 2794 | ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
Christopher Haster |
1:24750b9ad5ef | 2795 | { |
Christopher Haster |
1:24750b9ad5ef | 2796 | if( ( ret = ssl_compress_buf( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2797 | { |
Christopher Haster |
1:24750b9ad5ef | 2798 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compress_buf", ret ); |
Christopher Haster |
1:24750b9ad5ef | 2799 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 2800 | } |
Christopher Haster |
1:24750b9ad5ef | 2801 | |
Christopher Haster |
1:24750b9ad5ef | 2802 | len = ssl->out_msglen; |
Christopher Haster |
1:24750b9ad5ef | 2803 | } |
Christopher Haster |
1:24750b9ad5ef | 2804 | #endif /*MBEDTLS_ZLIB_SUPPORT */ |
Christopher Haster |
1:24750b9ad5ef | 2805 | |
Christopher Haster |
1:24750b9ad5ef | 2806 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
Christopher Haster |
1:24750b9ad5ef | 2807 | if( mbedtls_ssl_hw_record_write != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2808 | { |
Christopher Haster |
1:24750b9ad5ef | 2809 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_write()" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2810 | |
Christopher Haster |
1:24750b9ad5ef | 2811 | ret = mbedtls_ssl_hw_record_write( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 2812 | if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) |
Christopher Haster |
1:24750b9ad5ef | 2813 | { |
Christopher Haster |
1:24750b9ad5ef | 2814 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_write", ret ); |
Christopher Haster |
1:24750b9ad5ef | 2815 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 2816 | } |
Christopher Haster |
1:24750b9ad5ef | 2817 | |
Christopher Haster |
1:24750b9ad5ef | 2818 | if( ret == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2819 | done = 1; |
Christopher Haster |
1:24750b9ad5ef | 2820 | } |
Christopher Haster |
1:24750b9ad5ef | 2821 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
Christopher Haster |
1:24750b9ad5ef | 2822 | if( !done ) |
Christopher Haster |
1:24750b9ad5ef | 2823 | { |
Christopher Haster |
1:24750b9ad5ef | 2824 | ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; |
Christopher Haster |
1:24750b9ad5ef | 2825 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
Christopher Haster |
1:24750b9ad5ef | 2826 | ssl->conf->transport, ssl->out_hdr + 1 ); |
Christopher Haster |
1:24750b9ad5ef | 2827 | |
Christopher Haster |
1:24750b9ad5ef | 2828 | ssl->out_len[0] = (unsigned char)( len >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 2829 | ssl->out_len[1] = (unsigned char)( len ); |
Christopher Haster |
1:24750b9ad5ef | 2830 | |
Christopher Haster |
1:24750b9ad5ef | 2831 | if( ssl->transform_out != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2832 | { |
Christopher Haster |
1:24750b9ad5ef | 2833 | if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2834 | { |
Christopher Haster |
1:24750b9ad5ef | 2835 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); |
Christopher Haster |
1:24750b9ad5ef | 2836 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 2837 | } |
Christopher Haster |
1:24750b9ad5ef | 2838 | |
Christopher Haster |
1:24750b9ad5ef | 2839 | len = ssl->out_msglen; |
Christopher Haster |
1:24750b9ad5ef | 2840 | ssl->out_len[0] = (unsigned char)( len >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 2841 | ssl->out_len[1] = (unsigned char)( len ); |
Christopher Haster |
1:24750b9ad5ef | 2842 | } |
Christopher Haster |
1:24750b9ad5ef | 2843 | |
Christopher Haster |
1:24750b9ad5ef | 2844 | ssl->out_left = mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen; |
Christopher Haster |
1:24750b9ad5ef | 2845 | |
Christopher Haster |
1:24750b9ad5ef | 2846 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, " |
Christopher Haster |
1:24750b9ad5ef | 2847 | "version = [%d:%d], msglen = %d", |
Christopher Haster |
1:24750b9ad5ef | 2848 | ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], |
Christopher Haster |
1:24750b9ad5ef | 2849 | ( ssl->out_len[0] << 8 ) | ssl->out_len[1] ) ); |
Christopher Haster |
1:24750b9ad5ef | 2850 | |
Christopher Haster |
1:24750b9ad5ef | 2851 | MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network", |
Christopher Haster |
1:24750b9ad5ef | 2852 | ssl->out_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 2853 | } |
Christopher Haster |
1:24750b9ad5ef | 2854 | |
Christopher Haster |
1:24750b9ad5ef | 2855 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2856 | { |
Christopher Haster |
1:24750b9ad5ef | 2857 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); |
Christopher Haster |
1:24750b9ad5ef | 2858 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 2859 | } |
Christopher Haster |
1:24750b9ad5ef | 2860 | |
Christopher Haster |
1:24750b9ad5ef | 2861 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2862 | |
Christopher Haster |
1:24750b9ad5ef | 2863 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2864 | } |
Christopher Haster |
1:24750b9ad5ef | 2865 | |
Christopher Haster |
1:24750b9ad5ef | 2866 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 2867 | /* |
Christopher Haster |
1:24750b9ad5ef | 2868 | * Mark bits in bitmask (used for DTLS HS reassembly) |
Christopher Haster |
1:24750b9ad5ef | 2869 | */ |
Christopher Haster |
1:24750b9ad5ef | 2870 | static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len ) |
Christopher Haster |
1:24750b9ad5ef | 2871 | { |
Christopher Haster |
1:24750b9ad5ef | 2872 | unsigned int start_bits, end_bits; |
Christopher Haster |
1:24750b9ad5ef | 2873 | |
Christopher Haster |
1:24750b9ad5ef | 2874 | start_bits = 8 - ( offset % 8 ); |
Christopher Haster |
1:24750b9ad5ef | 2875 | if( start_bits != 8 ) |
Christopher Haster |
1:24750b9ad5ef | 2876 | { |
Christopher Haster |
1:24750b9ad5ef | 2877 | size_t first_byte_idx = offset / 8; |
Christopher Haster |
1:24750b9ad5ef | 2878 | |
Christopher Haster |
1:24750b9ad5ef | 2879 | /* Special case */ |
Christopher Haster |
1:24750b9ad5ef | 2880 | if( len <= start_bits ) |
Christopher Haster |
1:24750b9ad5ef | 2881 | { |
Christopher Haster |
1:24750b9ad5ef | 2882 | for( ; len != 0; len-- ) |
Christopher Haster |
1:24750b9ad5ef | 2883 | mask[first_byte_idx] |= 1 << ( start_bits - len ); |
Christopher Haster |
1:24750b9ad5ef | 2884 | |
Christopher Haster |
1:24750b9ad5ef | 2885 | /* Avoid potential issues with offset or len becoming invalid */ |
Christopher Haster |
1:24750b9ad5ef | 2886 | return; |
Christopher Haster |
1:24750b9ad5ef | 2887 | } |
Christopher Haster |
1:24750b9ad5ef | 2888 | |
Christopher Haster |
1:24750b9ad5ef | 2889 | offset += start_bits; /* Now offset % 8 == 0 */ |
Christopher Haster |
1:24750b9ad5ef | 2890 | len -= start_bits; |
Christopher Haster |
1:24750b9ad5ef | 2891 | |
Christopher Haster |
1:24750b9ad5ef | 2892 | for( ; start_bits != 0; start_bits-- ) |
Christopher Haster |
1:24750b9ad5ef | 2893 | mask[first_byte_idx] |= 1 << ( start_bits - 1 ); |
Christopher Haster |
1:24750b9ad5ef | 2894 | } |
Christopher Haster |
1:24750b9ad5ef | 2895 | |
Christopher Haster |
1:24750b9ad5ef | 2896 | end_bits = len % 8; |
Christopher Haster |
1:24750b9ad5ef | 2897 | if( end_bits != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2898 | { |
Christopher Haster |
1:24750b9ad5ef | 2899 | size_t last_byte_idx = ( offset + len ) / 8; |
Christopher Haster |
1:24750b9ad5ef | 2900 | |
Christopher Haster |
1:24750b9ad5ef | 2901 | len -= end_bits; /* Now len % 8 == 0 */ |
Christopher Haster |
1:24750b9ad5ef | 2902 | |
Christopher Haster |
1:24750b9ad5ef | 2903 | for( ; end_bits != 0; end_bits-- ) |
Christopher Haster |
1:24750b9ad5ef | 2904 | mask[last_byte_idx] |= 1 << ( 8 - end_bits ); |
Christopher Haster |
1:24750b9ad5ef | 2905 | } |
Christopher Haster |
1:24750b9ad5ef | 2906 | |
Christopher Haster |
1:24750b9ad5ef | 2907 | memset( mask + offset / 8, 0xFF, len / 8 ); |
Christopher Haster |
1:24750b9ad5ef | 2908 | } |
Christopher Haster |
1:24750b9ad5ef | 2909 | |
Christopher Haster |
1:24750b9ad5ef | 2910 | /* |
Christopher Haster |
1:24750b9ad5ef | 2911 | * Check that bitmask is full |
Christopher Haster |
1:24750b9ad5ef | 2912 | */ |
Christopher Haster |
1:24750b9ad5ef | 2913 | static int ssl_bitmask_check( unsigned char *mask, size_t len ) |
Christopher Haster |
1:24750b9ad5ef | 2914 | { |
Christopher Haster |
1:24750b9ad5ef | 2915 | size_t i; |
Christopher Haster |
1:24750b9ad5ef | 2916 | |
Christopher Haster |
1:24750b9ad5ef | 2917 | for( i = 0; i < len / 8; i++ ) |
Christopher Haster |
1:24750b9ad5ef | 2918 | if( mask[i] != 0xFF ) |
Christopher Haster |
1:24750b9ad5ef | 2919 | return( -1 ); |
Christopher Haster |
1:24750b9ad5ef | 2920 | |
Christopher Haster |
1:24750b9ad5ef | 2921 | for( i = 0; i < len % 8; i++ ) |
Christopher Haster |
1:24750b9ad5ef | 2922 | if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2923 | return( -1 ); |
Christopher Haster |
1:24750b9ad5ef | 2924 | |
Christopher Haster |
1:24750b9ad5ef | 2925 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2926 | } |
Christopher Haster |
1:24750b9ad5ef | 2927 | |
Christopher Haster |
1:24750b9ad5ef | 2928 | /* |
Christopher Haster |
1:24750b9ad5ef | 2929 | * Reassemble fragmented DTLS handshake messages. |
Christopher Haster |
1:24750b9ad5ef | 2930 | * |
Christopher Haster |
1:24750b9ad5ef | 2931 | * Use a temporary buffer for reassembly, divided in two parts: |
Christopher Haster |
1:24750b9ad5ef | 2932 | * - the first holds the reassembled message (including handshake header), |
Christopher Haster |
1:24750b9ad5ef | 2933 | * - the second holds a bitmask indicating which parts of the message |
Christopher Haster |
1:24750b9ad5ef | 2934 | * (excluding headers) have been received so far. |
Christopher Haster |
1:24750b9ad5ef | 2935 | */ |
Christopher Haster |
1:24750b9ad5ef | 2936 | static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 2937 | { |
Christopher Haster |
1:24750b9ad5ef | 2938 | unsigned char *msg, *bitmask; |
Christopher Haster |
1:24750b9ad5ef | 2939 | size_t frag_len, frag_off; |
Christopher Haster |
1:24750b9ad5ef | 2940 | size_t msg_len = ssl->in_hslen - 12; /* Without headers */ |
Christopher Haster |
1:24750b9ad5ef | 2941 | |
Christopher Haster |
1:24750b9ad5ef | 2942 | if( ssl->handshake == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2943 | { |
Christopher Haster |
1:24750b9ad5ef | 2944 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "not supported outside handshake (for now)" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2945 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
Christopher Haster |
1:24750b9ad5ef | 2946 | } |
Christopher Haster |
1:24750b9ad5ef | 2947 | |
Christopher Haster |
1:24750b9ad5ef | 2948 | /* |
Christopher Haster |
1:24750b9ad5ef | 2949 | * For first fragment, check size and allocate buffer |
Christopher Haster |
1:24750b9ad5ef | 2950 | */ |
Christopher Haster |
1:24750b9ad5ef | 2951 | if( ssl->handshake->hs_msg == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2952 | { |
Christopher Haster |
1:24750b9ad5ef | 2953 | size_t alloc_len; |
Christopher Haster |
1:24750b9ad5ef | 2954 | |
Christopher Haster |
1:24750b9ad5ef | 2955 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d", |
Christopher Haster |
1:24750b9ad5ef | 2956 | msg_len ) ); |
Christopher Haster |
1:24750b9ad5ef | 2957 | |
Christopher Haster |
1:24750b9ad5ef | 2958 | if( ssl->in_hslen > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
Christopher Haster |
1:24750b9ad5ef | 2959 | { |
Christopher Haster |
1:24750b9ad5ef | 2960 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too large" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2961 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
Christopher Haster |
1:24750b9ad5ef | 2962 | } |
Christopher Haster |
1:24750b9ad5ef | 2963 | |
Christopher Haster |
1:24750b9ad5ef | 2964 | /* The bitmask needs one bit per byte of message excluding header */ |
Christopher Haster |
1:24750b9ad5ef | 2965 | alloc_len = 12 + msg_len + msg_len / 8 + ( msg_len % 8 != 0 ); |
Christopher Haster |
1:24750b9ad5ef | 2966 | |
Christopher Haster |
1:24750b9ad5ef | 2967 | ssl->handshake->hs_msg = mbedtls_calloc( 1, alloc_len ); |
Christopher Haster |
1:24750b9ad5ef | 2968 | if( ssl->handshake->hs_msg == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 2969 | { |
Christopher Haster |
1:24750b9ad5ef | 2970 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", alloc_len ) ); |
Christopher Haster |
1:24750b9ad5ef | 2971 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 2972 | } |
Christopher Haster |
1:24750b9ad5ef | 2973 | |
Christopher Haster |
1:24750b9ad5ef | 2974 | /* Prepare final header: copy msg_type, length and message_seq, |
Christopher Haster |
1:24750b9ad5ef | 2975 | * then add standardised fragment_offset and fragment_length */ |
Christopher Haster |
1:24750b9ad5ef | 2976 | memcpy( ssl->handshake->hs_msg, ssl->in_msg, 6 ); |
Christopher Haster |
1:24750b9ad5ef | 2977 | memset( ssl->handshake->hs_msg + 6, 0, 3 ); |
Christopher Haster |
1:24750b9ad5ef | 2978 | memcpy( ssl->handshake->hs_msg + 9, |
Christopher Haster |
1:24750b9ad5ef | 2979 | ssl->handshake->hs_msg + 1, 3 ); |
Christopher Haster |
1:24750b9ad5ef | 2980 | } |
Christopher Haster |
1:24750b9ad5ef | 2981 | else |
Christopher Haster |
1:24750b9ad5ef | 2982 | { |
Christopher Haster |
1:24750b9ad5ef | 2983 | /* Make sure msg_type and length are consistent */ |
Christopher Haster |
1:24750b9ad5ef | 2984 | if( memcmp( ssl->handshake->hs_msg, ssl->in_msg, 4 ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 2985 | { |
Christopher Haster |
1:24750b9ad5ef | 2986 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment header mismatch" ) ); |
Christopher Haster |
1:24750b9ad5ef | 2987 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 2988 | } |
Christopher Haster |
1:24750b9ad5ef | 2989 | } |
Christopher Haster |
1:24750b9ad5ef | 2990 | |
Christopher Haster |
1:24750b9ad5ef | 2991 | msg = ssl->handshake->hs_msg + 12; |
Christopher Haster |
1:24750b9ad5ef | 2992 | bitmask = msg + msg_len; |
Christopher Haster |
1:24750b9ad5ef | 2993 | |
Christopher Haster |
1:24750b9ad5ef | 2994 | /* |
Christopher Haster |
1:24750b9ad5ef | 2995 | * Check and copy current fragment |
Christopher Haster |
1:24750b9ad5ef | 2996 | */ |
Christopher Haster |
1:24750b9ad5ef | 2997 | frag_off = ( ssl->in_msg[6] << 16 ) | |
Christopher Haster |
1:24750b9ad5ef | 2998 | ( ssl->in_msg[7] << 8 ) | |
Christopher Haster |
1:24750b9ad5ef | 2999 | ssl->in_msg[8]; |
Christopher Haster |
1:24750b9ad5ef | 3000 | frag_len = ( ssl->in_msg[9] << 16 ) | |
Christopher Haster |
1:24750b9ad5ef | 3001 | ( ssl->in_msg[10] << 8 ) | |
Christopher Haster |
1:24750b9ad5ef | 3002 | ssl->in_msg[11]; |
Christopher Haster |
1:24750b9ad5ef | 3003 | |
Christopher Haster |
1:24750b9ad5ef | 3004 | if( frag_off + frag_len > msg_len ) |
Christopher Haster |
1:24750b9ad5ef | 3005 | { |
Christopher Haster |
1:24750b9ad5ef | 3006 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment offset/len: %d + %d > %d", |
Christopher Haster |
1:24750b9ad5ef | 3007 | frag_off, frag_len, msg_len ) ); |
Christopher Haster |
1:24750b9ad5ef | 3008 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3009 | } |
Christopher Haster |
1:24750b9ad5ef | 3010 | |
Christopher Haster |
1:24750b9ad5ef | 3011 | if( frag_len + 12 > ssl->in_msglen ) |
Christopher Haster |
1:24750b9ad5ef | 3012 | { |
Christopher Haster |
1:24750b9ad5ef | 3013 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment length: %d + 12 > %d", |
Christopher Haster |
1:24750b9ad5ef | 3014 | frag_len, ssl->in_msglen ) ); |
Christopher Haster |
1:24750b9ad5ef | 3015 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3016 | } |
Christopher Haster |
1:24750b9ad5ef | 3017 | |
Christopher Haster |
1:24750b9ad5ef | 3018 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d", |
Christopher Haster |
1:24750b9ad5ef | 3019 | frag_off, frag_len ) ); |
Christopher Haster |
1:24750b9ad5ef | 3020 | |
Christopher Haster |
1:24750b9ad5ef | 3021 | memcpy( msg + frag_off, ssl->in_msg + 12, frag_len ); |
Christopher Haster |
1:24750b9ad5ef | 3022 | ssl_bitmask_set( bitmask, frag_off, frag_len ); |
Christopher Haster |
1:24750b9ad5ef | 3023 | |
Christopher Haster |
1:24750b9ad5ef | 3024 | /* |
Christopher Haster |
1:24750b9ad5ef | 3025 | * Do we have the complete message by now? |
Christopher Haster |
1:24750b9ad5ef | 3026 | * If yes, finalize it, else ask to read the next record. |
Christopher Haster |
1:24750b9ad5ef | 3027 | */ |
Christopher Haster |
1:24750b9ad5ef | 3028 | if( ssl_bitmask_check( bitmask, msg_len ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3029 | { |
Christopher Haster |
1:24750b9ad5ef | 3030 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3031 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
Christopher Haster |
1:24750b9ad5ef | 3032 | } |
Christopher Haster |
1:24750b9ad5ef | 3033 | |
Christopher Haster |
1:24750b9ad5ef | 3034 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3035 | |
Christopher Haster |
1:24750b9ad5ef | 3036 | if( frag_len + 12 < ssl->in_msglen ) |
Christopher Haster |
1:24750b9ad5ef | 3037 | { |
Christopher Haster |
1:24750b9ad5ef | 3038 | /* |
Christopher Haster |
1:24750b9ad5ef | 3039 | * We'got more handshake messages in the same record. |
Christopher Haster |
1:24750b9ad5ef | 3040 | * This case is not handled now because no know implementation does |
Christopher Haster |
1:24750b9ad5ef | 3041 | * that and it's hard to test, so we prefer to fail cleanly for now. |
Christopher Haster |
1:24750b9ad5ef | 3042 | */ |
Christopher Haster |
1:24750b9ad5ef | 3043 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "last fragment not alone in its record" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3044 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
Christopher Haster |
1:24750b9ad5ef | 3045 | } |
Christopher Haster |
1:24750b9ad5ef | 3046 | |
Christopher Haster |
1:24750b9ad5ef | 3047 | if( ssl->in_left > ssl->next_record_offset ) |
Christopher Haster |
1:24750b9ad5ef | 3048 | { |
Christopher Haster |
1:24750b9ad5ef | 3049 | /* |
Christopher Haster |
1:24750b9ad5ef | 3050 | * We've got more data in the buffer after the current record, |
Christopher Haster |
1:24750b9ad5ef | 3051 | * that we don't want to overwrite. Move it before writing the |
Christopher Haster |
1:24750b9ad5ef | 3052 | * reassembled message, and adjust in_left and next_record_offset. |
Christopher Haster |
1:24750b9ad5ef | 3053 | */ |
Christopher Haster |
1:24750b9ad5ef | 3054 | unsigned char *cur_remain = ssl->in_hdr + ssl->next_record_offset; |
Christopher Haster |
1:24750b9ad5ef | 3055 | unsigned char *new_remain = ssl->in_msg + ssl->in_hslen; |
Christopher Haster |
1:24750b9ad5ef | 3056 | size_t remain_len = ssl->in_left - ssl->next_record_offset; |
Christopher Haster |
1:24750b9ad5ef | 3057 | |
Christopher Haster |
1:24750b9ad5ef | 3058 | /* First compute and check new lengths */ |
Christopher Haster |
1:24750b9ad5ef | 3059 | ssl->next_record_offset = new_remain - ssl->in_hdr; |
Christopher Haster |
1:24750b9ad5ef | 3060 | ssl->in_left = ssl->next_record_offset + remain_len; |
Christopher Haster |
1:24750b9ad5ef | 3061 | |
Christopher Haster |
1:24750b9ad5ef | 3062 | if( ssl->in_left > MBEDTLS_SSL_BUFFER_LEN - |
Christopher Haster |
1:24750b9ad5ef | 3063 | (size_t)( ssl->in_hdr - ssl->in_buf ) ) |
Christopher Haster |
1:24750b9ad5ef | 3064 | { |
Christopher Haster |
1:24750b9ad5ef | 3065 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "reassembled message too large for buffer" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3066 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); |
Christopher Haster |
1:24750b9ad5ef | 3067 | } |
Christopher Haster |
1:24750b9ad5ef | 3068 | |
Christopher Haster |
1:24750b9ad5ef | 3069 | memmove( new_remain, cur_remain, remain_len ); |
Christopher Haster |
1:24750b9ad5ef | 3070 | } |
Christopher Haster |
1:24750b9ad5ef | 3071 | |
Christopher Haster |
1:24750b9ad5ef | 3072 | memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen ); |
Christopher Haster |
1:24750b9ad5ef | 3073 | |
Christopher Haster |
1:24750b9ad5ef | 3074 | mbedtls_free( ssl->handshake->hs_msg ); |
Christopher Haster |
1:24750b9ad5ef | 3075 | ssl->handshake->hs_msg = NULL; |
Christopher Haster |
1:24750b9ad5ef | 3076 | |
Christopher Haster |
1:24750b9ad5ef | 3077 | MBEDTLS_SSL_DEBUG_BUF( 3, "reassembled handshake message", |
Christopher Haster |
1:24750b9ad5ef | 3078 | ssl->in_msg, ssl->in_hslen ); |
Christopher Haster |
1:24750b9ad5ef | 3079 | |
Christopher Haster |
1:24750b9ad5ef | 3080 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3081 | } |
Christopher Haster |
1:24750b9ad5ef | 3082 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
Christopher Haster |
1:24750b9ad5ef | 3083 | |
Christopher Haster |
1:24750b9ad5ef | 3084 | static int ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 3085 | { |
Christopher Haster |
1:24750b9ad5ef | 3086 | if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) ) |
Christopher Haster |
1:24750b9ad5ef | 3087 | { |
Christopher Haster |
1:24750b9ad5ef | 3088 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d", |
Christopher Haster |
1:24750b9ad5ef | 3089 | ssl->in_msglen ) ); |
Christopher Haster |
1:24750b9ad5ef | 3090 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3091 | } |
Christopher Haster |
1:24750b9ad5ef | 3092 | |
Christopher Haster |
1:24750b9ad5ef | 3093 | ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ( |
Christopher Haster |
1:24750b9ad5ef | 3094 | ( ssl->in_msg[1] << 16 ) | |
Christopher Haster |
1:24750b9ad5ef | 3095 | ( ssl->in_msg[2] << 8 ) | |
Christopher Haster |
1:24750b9ad5ef | 3096 | ssl->in_msg[3] ); |
Christopher Haster |
1:24750b9ad5ef | 3097 | |
Christopher Haster |
1:24750b9ad5ef | 3098 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" |
Christopher Haster |
1:24750b9ad5ef | 3099 | " %d, type = %d, hslen = %d", |
Christopher Haster |
1:24750b9ad5ef | 3100 | ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); |
Christopher Haster |
1:24750b9ad5ef | 3101 | |
Christopher Haster |
1:24750b9ad5ef | 3102 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 3103 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 3104 | { |
Christopher Haster |
1:24750b9ad5ef | 3105 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 3106 | unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; |
Christopher Haster |
1:24750b9ad5ef | 3107 | |
Christopher Haster |
1:24750b9ad5ef | 3108 | /* ssl->handshake is NULL when receiving ClientHello for renego */ |
Christopher Haster |
1:24750b9ad5ef | 3109 | if( ssl->handshake != NULL && |
Christopher Haster |
1:24750b9ad5ef | 3110 | recv_msg_seq != ssl->handshake->in_msg_seq ) |
Christopher Haster |
1:24750b9ad5ef | 3111 | { |
Christopher Haster |
1:24750b9ad5ef | 3112 | /* Retransmit only on last message from previous flight, to avoid |
Christopher Haster |
1:24750b9ad5ef | 3113 | * too many retransmissions. |
Christopher Haster |
1:24750b9ad5ef | 3114 | * Besides, No sane server ever retransmits HelloVerifyRequest */ |
Christopher Haster |
1:24750b9ad5ef | 3115 | if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 && |
Christopher Haster |
1:24750b9ad5ef | 3116 | ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST ) |
Christopher Haster |
1:24750b9ad5ef | 3117 | { |
Christopher Haster |
1:24750b9ad5ef | 3118 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, " |
Christopher Haster |
1:24750b9ad5ef | 3119 | "message_seq = %d, start_of_flight = %d", |
Christopher Haster |
1:24750b9ad5ef | 3120 | recv_msg_seq, |
Christopher Haster |
1:24750b9ad5ef | 3121 | ssl->handshake->in_flight_start_seq ) ); |
Christopher Haster |
1:24750b9ad5ef | 3122 | |
Christopher Haster |
1:24750b9ad5ef | 3123 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3124 | { |
Christopher Haster |
1:24750b9ad5ef | 3125 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
Christopher Haster |
1:24750b9ad5ef | 3126 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3127 | } |
Christopher Haster |
1:24750b9ad5ef | 3128 | } |
Christopher Haster |
1:24750b9ad5ef | 3129 | else |
Christopher Haster |
1:24750b9ad5ef | 3130 | { |
Christopher Haster |
1:24750b9ad5ef | 3131 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: " |
Christopher Haster |
1:24750b9ad5ef | 3132 | "message_seq = %d, expected = %d", |
Christopher Haster |
1:24750b9ad5ef | 3133 | recv_msg_seq, |
Christopher Haster |
1:24750b9ad5ef | 3134 | ssl->handshake->in_msg_seq ) ); |
Christopher Haster |
1:24750b9ad5ef | 3135 | } |
Christopher Haster |
1:24750b9ad5ef | 3136 | |
Christopher Haster |
1:24750b9ad5ef | 3137 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
Christopher Haster |
1:24750b9ad5ef | 3138 | } |
Christopher Haster |
1:24750b9ad5ef | 3139 | /* Wait until message completion to increment in_msg_seq */ |
Christopher Haster |
1:24750b9ad5ef | 3140 | |
Christopher Haster |
1:24750b9ad5ef | 3141 | /* Reassemble if current message is fragmented or reassembly is |
Christopher Haster |
1:24750b9ad5ef | 3142 | * already in progress */ |
Christopher Haster |
1:24750b9ad5ef | 3143 | if( ssl->in_msglen < ssl->in_hslen || |
Christopher Haster |
1:24750b9ad5ef | 3144 | memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 || |
Christopher Haster |
1:24750b9ad5ef | 3145 | memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 || |
Christopher Haster |
1:24750b9ad5ef | 3146 | ( ssl->handshake != NULL && ssl->handshake->hs_msg != NULL ) ) |
Christopher Haster |
1:24750b9ad5ef | 3147 | { |
Christopher Haster |
1:24750b9ad5ef | 3148 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3149 | |
Christopher Haster |
1:24750b9ad5ef | 3150 | if( ( ret = ssl_reassemble_dtls_handshake( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3151 | { |
Christopher Haster |
1:24750b9ad5ef | 3152 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_reassemble_dtls_handshake", ret ); |
Christopher Haster |
1:24750b9ad5ef | 3153 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3154 | } |
Christopher Haster |
1:24750b9ad5ef | 3155 | } |
Christopher Haster |
1:24750b9ad5ef | 3156 | } |
Christopher Haster |
1:24750b9ad5ef | 3157 | else |
Christopher Haster |
1:24750b9ad5ef | 3158 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
Christopher Haster |
1:24750b9ad5ef | 3159 | /* With TLS we don't handle fragmentation (for now) */ |
Christopher Haster |
1:24750b9ad5ef | 3160 | if( ssl->in_msglen < ssl->in_hslen ) |
Christopher Haster |
1:24750b9ad5ef | 3161 | { |
Christopher Haster |
1:24750b9ad5ef | 3162 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3163 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
Christopher Haster |
1:24750b9ad5ef | 3164 | } |
Christopher Haster |
1:24750b9ad5ef | 3165 | |
Christopher Haster |
1:24750b9ad5ef | 3166 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && |
Christopher Haster |
1:24750b9ad5ef | 3167 | ssl->handshake != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 3168 | { |
Christopher Haster |
1:24750b9ad5ef | 3169 | ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); |
Christopher Haster |
1:24750b9ad5ef | 3170 | } |
Christopher Haster |
1:24750b9ad5ef | 3171 | |
Christopher Haster |
1:24750b9ad5ef | 3172 | /* Handshake message is complete, increment counter */ |
Christopher Haster |
1:24750b9ad5ef | 3173 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 3174 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
Christopher Haster |
1:24750b9ad5ef | 3175 | ssl->handshake != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 3176 | { |
Christopher Haster |
1:24750b9ad5ef | 3177 | ssl->handshake->in_msg_seq++; |
Christopher Haster |
1:24750b9ad5ef | 3178 | } |
Christopher Haster |
1:24750b9ad5ef | 3179 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3180 | |
Christopher Haster |
1:24750b9ad5ef | 3181 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3182 | } |
Christopher Haster |
1:24750b9ad5ef | 3183 | |
Christopher Haster |
1:24750b9ad5ef | 3184 | /* |
Christopher Haster |
1:24750b9ad5ef | 3185 | * DTLS anti-replay: RFC 6347 4.1.2.6 |
Christopher Haster |
1:24750b9ad5ef | 3186 | * |
Christopher Haster |
1:24750b9ad5ef | 3187 | * in_window is a field of bits numbered from 0 (lsb) to 63 (msb). |
Christopher Haster |
1:24750b9ad5ef | 3188 | * Bit n is set iff record number in_window_top - n has been seen. |
Christopher Haster |
1:24750b9ad5ef | 3189 | * |
Christopher Haster |
1:24750b9ad5ef | 3190 | * Usually, in_window_top is the last record number seen and the lsb of |
Christopher Haster |
1:24750b9ad5ef | 3191 | * in_window is set. The only exception is the initial state (record number 0 |
Christopher Haster |
1:24750b9ad5ef | 3192 | * not seen yet). |
Christopher Haster |
1:24750b9ad5ef | 3193 | */ |
Christopher Haster |
1:24750b9ad5ef | 3194 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
Christopher Haster |
1:24750b9ad5ef | 3195 | static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 3196 | { |
Christopher Haster |
1:24750b9ad5ef | 3197 | ssl->in_window_top = 0; |
Christopher Haster |
1:24750b9ad5ef | 3198 | ssl->in_window = 0; |
Christopher Haster |
1:24750b9ad5ef | 3199 | } |
Christopher Haster |
1:24750b9ad5ef | 3200 | |
Christopher Haster |
1:24750b9ad5ef | 3201 | static inline uint64_t ssl_load_six_bytes( unsigned char *buf ) |
Christopher Haster |
1:24750b9ad5ef | 3202 | { |
Christopher Haster |
1:24750b9ad5ef | 3203 | return( ( (uint64_t) buf[0] << 40 ) | |
Christopher Haster |
1:24750b9ad5ef | 3204 | ( (uint64_t) buf[1] << 32 ) | |
Christopher Haster |
1:24750b9ad5ef | 3205 | ( (uint64_t) buf[2] << 24 ) | |
Christopher Haster |
1:24750b9ad5ef | 3206 | ( (uint64_t) buf[3] << 16 ) | |
Christopher Haster |
1:24750b9ad5ef | 3207 | ( (uint64_t) buf[4] << 8 ) | |
Christopher Haster |
1:24750b9ad5ef | 3208 | ( (uint64_t) buf[5] ) ); |
Christopher Haster |
1:24750b9ad5ef | 3209 | } |
Christopher Haster |
1:24750b9ad5ef | 3210 | |
Christopher Haster |
1:24750b9ad5ef | 3211 | /* |
Christopher Haster |
1:24750b9ad5ef | 3212 | * Return 0 if sequence number is acceptable, -1 otherwise |
Christopher Haster |
1:24750b9ad5ef | 3213 | */ |
Christopher Haster |
1:24750b9ad5ef | 3214 | int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 3215 | { |
Christopher Haster |
1:24750b9ad5ef | 3216 | uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); |
Christopher Haster |
1:24750b9ad5ef | 3217 | uint64_t bit; |
Christopher Haster |
1:24750b9ad5ef | 3218 | |
Christopher Haster |
1:24750b9ad5ef | 3219 | if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) |
Christopher Haster |
1:24750b9ad5ef | 3220 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3221 | |
Christopher Haster |
1:24750b9ad5ef | 3222 | if( rec_seqnum > ssl->in_window_top ) |
Christopher Haster |
1:24750b9ad5ef | 3223 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3224 | |
Christopher Haster |
1:24750b9ad5ef | 3225 | bit = ssl->in_window_top - rec_seqnum; |
Christopher Haster |
1:24750b9ad5ef | 3226 | |
Christopher Haster |
1:24750b9ad5ef | 3227 | if( bit >= 64 ) |
Christopher Haster |
1:24750b9ad5ef | 3228 | return( -1 ); |
Christopher Haster |
1:24750b9ad5ef | 3229 | |
Christopher Haster |
1:24750b9ad5ef | 3230 | if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3231 | return( -1 ); |
Christopher Haster |
1:24750b9ad5ef | 3232 | |
Christopher Haster |
1:24750b9ad5ef | 3233 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3234 | } |
Christopher Haster |
1:24750b9ad5ef | 3235 | |
Christopher Haster |
1:24750b9ad5ef | 3236 | /* |
Christopher Haster |
1:24750b9ad5ef | 3237 | * Update replay window on new validated record |
Christopher Haster |
1:24750b9ad5ef | 3238 | */ |
Christopher Haster |
1:24750b9ad5ef | 3239 | void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 3240 | { |
Christopher Haster |
1:24750b9ad5ef | 3241 | uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); |
Christopher Haster |
1:24750b9ad5ef | 3242 | |
Christopher Haster |
1:24750b9ad5ef | 3243 | if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) |
Christopher Haster |
1:24750b9ad5ef | 3244 | return; |
Christopher Haster |
1:24750b9ad5ef | 3245 | |
Christopher Haster |
1:24750b9ad5ef | 3246 | if( rec_seqnum > ssl->in_window_top ) |
Christopher Haster |
1:24750b9ad5ef | 3247 | { |
Christopher Haster |
1:24750b9ad5ef | 3248 | /* Update window_top and the contents of the window */ |
Christopher Haster |
1:24750b9ad5ef | 3249 | uint64_t shift = rec_seqnum - ssl->in_window_top; |
Christopher Haster |
1:24750b9ad5ef | 3250 | |
Christopher Haster |
1:24750b9ad5ef | 3251 | if( shift >= 64 ) |
Christopher Haster |
1:24750b9ad5ef | 3252 | ssl->in_window = 1; |
Christopher Haster |
1:24750b9ad5ef | 3253 | else |
Christopher Haster |
1:24750b9ad5ef | 3254 | { |
Christopher Haster |
1:24750b9ad5ef | 3255 | ssl->in_window <<= shift; |
Christopher Haster |
1:24750b9ad5ef | 3256 | ssl->in_window |= 1; |
Christopher Haster |
1:24750b9ad5ef | 3257 | } |
Christopher Haster |
1:24750b9ad5ef | 3258 | |
Christopher Haster |
1:24750b9ad5ef | 3259 | ssl->in_window_top = rec_seqnum; |
Christopher Haster |
1:24750b9ad5ef | 3260 | } |
Christopher Haster |
1:24750b9ad5ef | 3261 | else |
Christopher Haster |
1:24750b9ad5ef | 3262 | { |
Christopher Haster |
1:24750b9ad5ef | 3263 | /* Mark that number as seen in the current window */ |
Christopher Haster |
1:24750b9ad5ef | 3264 | uint64_t bit = ssl->in_window_top - rec_seqnum; |
Christopher Haster |
1:24750b9ad5ef | 3265 | |
Christopher Haster |
1:24750b9ad5ef | 3266 | if( bit < 64 ) /* Always true, but be extra sure */ |
Christopher Haster |
1:24750b9ad5ef | 3267 | ssl->in_window |= (uint64_t) 1 << bit; |
Christopher Haster |
1:24750b9ad5ef | 3268 | } |
Christopher Haster |
1:24750b9ad5ef | 3269 | } |
Christopher Haster |
1:24750b9ad5ef | 3270 | #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ |
Christopher Haster |
1:24750b9ad5ef | 3271 | |
Christopher Haster |
1:24750b9ad5ef | 3272 | #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 3273 | /* Forward declaration */ |
Christopher Haster |
1:24750b9ad5ef | 3274 | static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ); |
Christopher Haster |
1:24750b9ad5ef | 3275 | |
Christopher Haster |
1:24750b9ad5ef | 3276 | /* |
Christopher Haster |
1:24750b9ad5ef | 3277 | * Without any SSL context, check if a datagram looks like a ClientHello with |
Christopher Haster |
1:24750b9ad5ef | 3278 | * a valid cookie, and if it doesn't, generate a HelloVerifyRequest message. |
Christopher Haster |
1:24750b9ad5ef | 3279 | * Both input and output include full DTLS headers. |
Christopher Haster |
1:24750b9ad5ef | 3280 | * |
Christopher Haster |
1:24750b9ad5ef | 3281 | * - if cookie is valid, return 0 |
Christopher Haster |
1:24750b9ad5ef | 3282 | * - if ClientHello looks superficially valid but cookie is not, |
Christopher Haster |
1:24750b9ad5ef | 3283 | * fill obuf and set olen, then |
Christopher Haster |
1:24750b9ad5ef | 3284 | * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED |
Christopher Haster |
1:24750b9ad5ef | 3285 | * - otherwise return a specific error code |
Christopher Haster |
1:24750b9ad5ef | 3286 | */ |
Christopher Haster |
1:24750b9ad5ef | 3287 | static int ssl_check_dtls_clihlo_cookie( |
Christopher Haster |
1:24750b9ad5ef | 3288 | mbedtls_ssl_cookie_write_t *f_cookie_write, |
Christopher Haster |
1:24750b9ad5ef | 3289 | mbedtls_ssl_cookie_check_t *f_cookie_check, |
Christopher Haster |
1:24750b9ad5ef | 3290 | void *p_cookie, |
Christopher Haster |
1:24750b9ad5ef | 3291 | const unsigned char *cli_id, size_t cli_id_len, |
Christopher Haster |
1:24750b9ad5ef | 3292 | const unsigned char *in, size_t in_len, |
Christopher Haster |
1:24750b9ad5ef | 3293 | unsigned char *obuf, size_t buf_len, size_t *olen ) |
Christopher Haster |
1:24750b9ad5ef | 3294 | { |
Christopher Haster |
1:24750b9ad5ef | 3295 | size_t sid_len, cookie_len; |
Christopher Haster |
1:24750b9ad5ef | 3296 | unsigned char *p; |
Christopher Haster |
1:24750b9ad5ef | 3297 | |
Christopher Haster |
1:24750b9ad5ef | 3298 | if( f_cookie_write == NULL || f_cookie_check == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 3299 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 3300 | |
Christopher Haster |
1:24750b9ad5ef | 3301 | /* |
Christopher Haster |
1:24750b9ad5ef | 3302 | * Structure of ClientHello with record and handshake headers, |
Christopher Haster |
1:24750b9ad5ef | 3303 | * and expected values. We don't need to check a lot, more checks will be |
Christopher Haster |
1:24750b9ad5ef | 3304 | * done when actually parsing the ClientHello - skipping those checks |
Christopher Haster |
1:24750b9ad5ef | 3305 | * avoids code duplication and does not make cookie forging any easier. |
Christopher Haster |
1:24750b9ad5ef | 3306 | * |
Christopher Haster |
1:24750b9ad5ef | 3307 | * 0-0 ContentType type; copied, must be handshake |
Christopher Haster |
1:24750b9ad5ef | 3308 | * 1-2 ProtocolVersion version; copied |
Christopher Haster |
1:24750b9ad5ef | 3309 | * 3-4 uint16 epoch; copied, must be 0 |
Christopher Haster |
1:24750b9ad5ef | 3310 | * 5-10 uint48 sequence_number; copied |
Christopher Haster |
1:24750b9ad5ef | 3311 | * 11-12 uint16 length; (ignored) |
Christopher Haster |
1:24750b9ad5ef | 3312 | * |
Christopher Haster |
1:24750b9ad5ef | 3313 | * 13-13 HandshakeType msg_type; (ignored) |
Christopher Haster |
1:24750b9ad5ef | 3314 | * 14-16 uint24 length; (ignored) |
Christopher Haster |
1:24750b9ad5ef | 3315 | * 17-18 uint16 message_seq; copied |
Christopher Haster |
1:24750b9ad5ef | 3316 | * 19-21 uint24 fragment_offset; copied, must be 0 |
Christopher Haster |
1:24750b9ad5ef | 3317 | * 22-24 uint24 fragment_length; (ignored) |
Christopher Haster |
1:24750b9ad5ef | 3318 | * |
Christopher Haster |
1:24750b9ad5ef | 3319 | * 25-26 ProtocolVersion client_version; (ignored) |
Christopher Haster |
1:24750b9ad5ef | 3320 | * 27-58 Random random; (ignored) |
Christopher Haster |
1:24750b9ad5ef | 3321 | * 59-xx SessionID session_id; 1 byte len + sid_len content |
Christopher Haster |
1:24750b9ad5ef | 3322 | * 60+ opaque cookie<0..2^8-1>; 1 byte len + content |
Christopher Haster |
1:24750b9ad5ef | 3323 | * ... |
Christopher Haster |
1:24750b9ad5ef | 3324 | * |
Christopher Haster |
1:24750b9ad5ef | 3325 | * Minimum length is 61 bytes. |
Christopher Haster |
1:24750b9ad5ef | 3326 | */ |
Christopher Haster |
1:24750b9ad5ef | 3327 | if( in_len < 61 || |
Christopher Haster |
1:24750b9ad5ef | 3328 | in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || |
Christopher Haster |
1:24750b9ad5ef | 3329 | in[3] != 0 || in[4] != 0 || |
Christopher Haster |
1:24750b9ad5ef | 3330 | in[19] != 0 || in[20] != 0 || in[21] != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3331 | { |
Christopher Haster |
1:24750b9ad5ef | 3332 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
Christopher Haster |
1:24750b9ad5ef | 3333 | } |
Christopher Haster |
1:24750b9ad5ef | 3334 | |
Christopher Haster |
1:24750b9ad5ef | 3335 | sid_len = in[59]; |
Christopher Haster |
1:24750b9ad5ef | 3336 | if( sid_len > in_len - 61 ) |
Christopher Haster |
1:24750b9ad5ef | 3337 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
Christopher Haster |
1:24750b9ad5ef | 3338 | |
Christopher Haster |
1:24750b9ad5ef | 3339 | cookie_len = in[60 + sid_len]; |
Christopher Haster |
1:24750b9ad5ef | 3340 | if( cookie_len > in_len - 60 ) |
Christopher Haster |
1:24750b9ad5ef | 3341 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
Christopher Haster |
1:24750b9ad5ef | 3342 | |
Christopher Haster |
1:24750b9ad5ef | 3343 | if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len, |
Christopher Haster |
1:24750b9ad5ef | 3344 | cli_id, cli_id_len ) == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3345 | { |
Christopher Haster |
1:24750b9ad5ef | 3346 | /* Valid cookie */ |
Christopher Haster |
1:24750b9ad5ef | 3347 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3348 | } |
Christopher Haster |
1:24750b9ad5ef | 3349 | |
Christopher Haster |
1:24750b9ad5ef | 3350 | /* |
Christopher Haster |
1:24750b9ad5ef | 3351 | * If we get here, we've got an invalid cookie, let's prepare HVR. |
Christopher Haster |
1:24750b9ad5ef | 3352 | * |
Christopher Haster |
1:24750b9ad5ef | 3353 | * 0-0 ContentType type; copied |
Christopher Haster |
1:24750b9ad5ef | 3354 | * 1-2 ProtocolVersion version; copied |
Christopher Haster |
1:24750b9ad5ef | 3355 | * 3-4 uint16 epoch; copied |
Christopher Haster |
1:24750b9ad5ef | 3356 | * 5-10 uint48 sequence_number; copied |
Christopher Haster |
1:24750b9ad5ef | 3357 | * 11-12 uint16 length; olen - 13 |
Christopher Haster |
1:24750b9ad5ef | 3358 | * |
Christopher Haster |
1:24750b9ad5ef | 3359 | * 13-13 HandshakeType msg_type; hello_verify_request |
Christopher Haster |
1:24750b9ad5ef | 3360 | * 14-16 uint24 length; olen - 25 |
Christopher Haster |
1:24750b9ad5ef | 3361 | * 17-18 uint16 message_seq; copied |
Christopher Haster |
1:24750b9ad5ef | 3362 | * 19-21 uint24 fragment_offset; copied |
Christopher Haster |
1:24750b9ad5ef | 3363 | * 22-24 uint24 fragment_length; olen - 25 |
Christopher Haster |
1:24750b9ad5ef | 3364 | * |
Christopher Haster |
1:24750b9ad5ef | 3365 | * 25-26 ProtocolVersion server_version; 0xfe 0xff |
Christopher Haster |
1:24750b9ad5ef | 3366 | * 27-27 opaque cookie<0..2^8-1>; cookie_len = olen - 27, cookie |
Christopher Haster |
1:24750b9ad5ef | 3367 | * |
Christopher Haster |
1:24750b9ad5ef | 3368 | * Minimum length is 28. |
Christopher Haster |
1:24750b9ad5ef | 3369 | */ |
Christopher Haster |
1:24750b9ad5ef | 3370 | if( buf_len < 28 ) |
Christopher Haster |
1:24750b9ad5ef | 3371 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); |
Christopher Haster |
1:24750b9ad5ef | 3372 | |
Christopher Haster |
1:24750b9ad5ef | 3373 | /* Copy most fields and adapt others */ |
Christopher Haster |
1:24750b9ad5ef | 3374 | memcpy( obuf, in, 25 ); |
Christopher Haster |
1:24750b9ad5ef | 3375 | obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; |
Christopher Haster |
1:24750b9ad5ef | 3376 | obuf[25] = 0xfe; |
Christopher Haster |
1:24750b9ad5ef | 3377 | obuf[26] = 0xff; |
Christopher Haster |
1:24750b9ad5ef | 3378 | |
Christopher Haster |
1:24750b9ad5ef | 3379 | /* Generate and write actual cookie */ |
Christopher Haster |
1:24750b9ad5ef | 3380 | p = obuf + 28; |
Christopher Haster |
1:24750b9ad5ef | 3381 | if( f_cookie_write( p_cookie, |
Christopher Haster |
1:24750b9ad5ef | 3382 | &p, obuf + buf_len, cli_id, cli_id_len ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3383 | { |
Christopher Haster |
1:24750b9ad5ef | 3384 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 3385 | } |
Christopher Haster |
1:24750b9ad5ef | 3386 | |
Christopher Haster |
1:24750b9ad5ef | 3387 | *olen = p - obuf; |
Christopher Haster |
1:24750b9ad5ef | 3388 | |
Christopher Haster |
1:24750b9ad5ef | 3389 | /* Go back and fill length fields */ |
Christopher Haster |
1:24750b9ad5ef | 3390 | obuf[27] = (unsigned char)( *olen - 28 ); |
Christopher Haster |
1:24750b9ad5ef | 3391 | |
Christopher Haster |
1:24750b9ad5ef | 3392 | obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 ); |
Christopher Haster |
1:24750b9ad5ef | 3393 | obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 3394 | obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) ); |
Christopher Haster |
1:24750b9ad5ef | 3395 | |
Christopher Haster |
1:24750b9ad5ef | 3396 | obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 3397 | obuf[12] = (unsigned char)( ( *olen - 13 ) ); |
Christopher Haster |
1:24750b9ad5ef | 3398 | |
Christopher Haster |
1:24750b9ad5ef | 3399 | return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); |
Christopher Haster |
1:24750b9ad5ef | 3400 | } |
Christopher Haster |
1:24750b9ad5ef | 3401 | |
Christopher Haster |
1:24750b9ad5ef | 3402 | /* |
Christopher Haster |
1:24750b9ad5ef | 3403 | * Handle possible client reconnect with the same UDP quadruplet |
Christopher Haster |
1:24750b9ad5ef | 3404 | * (RFC 6347 Section 4.2.8). |
Christopher Haster |
1:24750b9ad5ef | 3405 | * |
Christopher Haster |
1:24750b9ad5ef | 3406 | * Called by ssl_parse_record_header() in case we receive an epoch 0 record |
Christopher Haster |
1:24750b9ad5ef | 3407 | * that looks like a ClientHello. |
Christopher Haster |
1:24750b9ad5ef | 3408 | * |
Christopher Haster |
1:24750b9ad5ef | 3409 | * - if the input looks like a ClientHello without cookies, |
Christopher Haster |
1:24750b9ad5ef | 3410 | * send back HelloVerifyRequest, then |
Christopher Haster |
1:24750b9ad5ef | 3411 | * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED |
Christopher Haster |
1:24750b9ad5ef | 3412 | * - if the input looks like a ClientHello with a valid cookie, |
Christopher Haster |
1:24750b9ad5ef | 3413 | * reset the session of the current context, and |
Christopher Haster |
1:24750b9ad5ef | 3414 | * return MBEDTLS_ERR_SSL_CLIENT_RECONNECT |
Christopher Haster |
1:24750b9ad5ef | 3415 | * - if anything goes wrong, return a specific error code |
Christopher Haster |
1:24750b9ad5ef | 3416 | * |
Christopher Haster |
1:24750b9ad5ef | 3417 | * mbedtls_ssl_read_record() will ignore the record if anything else than |
Christopher Haster |
1:24750b9ad5ef | 3418 | * MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function |
Christopher Haster |
1:24750b9ad5ef | 3419 | * cannot not return 0. |
Christopher Haster |
1:24750b9ad5ef | 3420 | */ |
Christopher Haster |
1:24750b9ad5ef | 3421 | static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 3422 | { |
Christopher Haster |
1:24750b9ad5ef | 3423 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 3424 | size_t len; |
Christopher Haster |
1:24750b9ad5ef | 3425 | |
Christopher Haster |
1:24750b9ad5ef | 3426 | ret = ssl_check_dtls_clihlo_cookie( |
Christopher Haster |
1:24750b9ad5ef | 3427 | ssl->conf->f_cookie_write, |
Christopher Haster |
1:24750b9ad5ef | 3428 | ssl->conf->f_cookie_check, |
Christopher Haster |
1:24750b9ad5ef | 3429 | ssl->conf->p_cookie, |
Christopher Haster |
1:24750b9ad5ef | 3430 | ssl->cli_id, ssl->cli_id_len, |
Christopher Haster |
1:24750b9ad5ef | 3431 | ssl->in_buf, ssl->in_left, |
Christopher Haster |
1:24750b9ad5ef | 3432 | ssl->out_buf, MBEDTLS_SSL_MAX_CONTENT_LEN, &len ); |
Christopher Haster |
1:24750b9ad5ef | 3433 | |
Christopher Haster |
1:24750b9ad5ef | 3434 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret ); |
Christopher Haster |
1:24750b9ad5ef | 3435 | |
Christopher Haster |
1:24750b9ad5ef | 3436 | if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) |
Christopher Haster |
1:24750b9ad5ef | 3437 | { |
Christopher Haster |
1:24750b9ad5ef | 3438 | /* Dont check write errors as we can't do anything here. |
Christopher Haster |
1:24750b9ad5ef | 3439 | * If the error is permanent we'll catch it later, |
Christopher Haster |
1:24750b9ad5ef | 3440 | * if it's not, then hopefully it'll work next time. */ |
Christopher Haster |
1:24750b9ad5ef | 3441 | (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 3442 | |
Christopher Haster |
1:24750b9ad5ef | 3443 | return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); |
Christopher Haster |
1:24750b9ad5ef | 3444 | } |
Christopher Haster |
1:24750b9ad5ef | 3445 | |
Christopher Haster |
1:24750b9ad5ef | 3446 | if( ret == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3447 | { |
Christopher Haster |
1:24750b9ad5ef | 3448 | /* Got a valid cookie, partially reset context */ |
Christopher Haster |
1:24750b9ad5ef | 3449 | if( ( ret = ssl_session_reset_int( ssl, 1 ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3450 | { |
Christopher Haster |
1:24750b9ad5ef | 3451 | MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret ); |
Christopher Haster |
1:24750b9ad5ef | 3452 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3453 | } |
Christopher Haster |
1:24750b9ad5ef | 3454 | |
Christopher Haster |
1:24750b9ad5ef | 3455 | return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT ); |
Christopher Haster |
1:24750b9ad5ef | 3456 | } |
Christopher Haster |
1:24750b9ad5ef | 3457 | |
Christopher Haster |
1:24750b9ad5ef | 3458 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3459 | } |
Christopher Haster |
1:24750b9ad5ef | 3460 | #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ |
Christopher Haster |
1:24750b9ad5ef | 3461 | |
Christopher Haster |
1:24750b9ad5ef | 3462 | /* |
Christopher Haster |
1:24750b9ad5ef | 3463 | * ContentType type; |
Christopher Haster |
1:24750b9ad5ef | 3464 | * ProtocolVersion version; |
Christopher Haster |
1:24750b9ad5ef | 3465 | * uint16 epoch; // DTLS only |
Christopher Haster |
1:24750b9ad5ef | 3466 | * uint48 sequence_number; // DTLS only |
Christopher Haster |
1:24750b9ad5ef | 3467 | * uint16 length; |
Christopher Haster |
1:24750b9ad5ef | 3468 | */ |
Christopher Haster |
1:24750b9ad5ef | 3469 | static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 3470 | { |
Christopher Haster |
1:24750b9ad5ef | 3471 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 3472 | int major_ver, minor_ver; |
Christopher Haster |
1:24750b9ad5ef | 3473 | |
Christopher Haster |
1:24750b9ad5ef | 3474 | MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) ); |
Christopher Haster |
1:24750b9ad5ef | 3475 | |
Christopher Haster |
1:24750b9ad5ef | 3476 | ssl->in_msgtype = ssl->in_hdr[0]; |
Christopher Haster |
1:24750b9ad5ef | 3477 | ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; |
Christopher Haster |
1:24750b9ad5ef | 3478 | mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 ); |
Christopher Haster |
1:24750b9ad5ef | 3479 | |
Christopher Haster |
1:24750b9ad5ef | 3480 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " |
Christopher Haster |
1:24750b9ad5ef | 3481 | "version = [%d:%d], msglen = %d", |
Christopher Haster |
1:24750b9ad5ef | 3482 | ssl->in_msgtype, |
Christopher Haster |
1:24750b9ad5ef | 3483 | major_ver, minor_ver, ssl->in_msglen ) ); |
Christopher Haster |
1:24750b9ad5ef | 3484 | |
Christopher Haster |
1:24750b9ad5ef | 3485 | /* Check record type */ |
Christopher Haster |
1:24750b9ad5ef | 3486 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && |
Christopher Haster |
1:24750b9ad5ef | 3487 | ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT && |
Christopher Haster |
1:24750b9ad5ef | 3488 | ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && |
Christopher Haster |
1:24750b9ad5ef | 3489 | ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
Christopher Haster |
1:24750b9ad5ef | 3490 | { |
Christopher Haster |
1:24750b9ad5ef | 3491 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3492 | |
Christopher Haster |
1:24750b9ad5ef | 3493 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
Christopher Haster |
1:24750b9ad5ef | 3494 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Christopher Haster |
1:24750b9ad5ef | 3495 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3496 | { |
Christopher Haster |
1:24750b9ad5ef | 3497 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3498 | } |
Christopher Haster |
1:24750b9ad5ef | 3499 | |
Christopher Haster |
1:24750b9ad5ef | 3500 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3501 | } |
Christopher Haster |
1:24750b9ad5ef | 3502 | |
Christopher Haster |
1:24750b9ad5ef | 3503 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 3504 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 3505 | { |
Christopher Haster |
1:24750b9ad5ef | 3506 | /* Drop unexpected ChangeCipherSpec messages */ |
Christopher Haster |
1:24750b9ad5ef | 3507 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && |
Christopher Haster |
1:24750b9ad5ef | 3508 | ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && |
Christopher Haster |
1:24750b9ad5ef | 3509 | ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) |
Christopher Haster |
1:24750b9ad5ef | 3510 | { |
Christopher Haster |
1:24750b9ad5ef | 3511 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3512 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3513 | } |
Christopher Haster |
1:24750b9ad5ef | 3514 | |
Christopher Haster |
1:24750b9ad5ef | 3515 | /* Drop unexpected ApplicationData records, |
Christopher Haster |
1:24750b9ad5ef | 3516 | * except at the beginning of renegotiations */ |
Christopher Haster |
1:24750b9ad5ef | 3517 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && |
Christopher Haster |
1:24750b9ad5ef | 3518 | ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER |
Christopher Haster |
1:24750b9ad5ef | 3519 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 3520 | && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && |
Christopher Haster |
1:24750b9ad5ef | 3521 | ssl->state == MBEDTLS_SSL_SERVER_HELLO ) |
Christopher Haster |
1:24750b9ad5ef | 3522 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3523 | ) |
Christopher Haster |
1:24750b9ad5ef | 3524 | { |
Christopher Haster |
1:24750b9ad5ef | 3525 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3526 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3527 | } |
Christopher Haster |
1:24750b9ad5ef | 3528 | } |
Christopher Haster |
1:24750b9ad5ef | 3529 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3530 | |
Christopher Haster |
1:24750b9ad5ef | 3531 | /* Check version */ |
Christopher Haster |
1:24750b9ad5ef | 3532 | if( major_ver != ssl->major_ver ) |
Christopher Haster |
1:24750b9ad5ef | 3533 | { |
Christopher Haster |
1:24750b9ad5ef | 3534 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3535 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3536 | } |
Christopher Haster |
1:24750b9ad5ef | 3537 | |
Christopher Haster |
1:24750b9ad5ef | 3538 | if( minor_ver > ssl->conf->max_minor_ver ) |
Christopher Haster |
1:24750b9ad5ef | 3539 | { |
Christopher Haster |
1:24750b9ad5ef | 3540 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3541 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3542 | } |
Christopher Haster |
1:24750b9ad5ef | 3543 | |
Christopher Haster |
1:24750b9ad5ef | 3544 | /* Check epoch (and sequence number) with DTLS */ |
Christopher Haster |
1:24750b9ad5ef | 3545 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 3546 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 3547 | { |
Christopher Haster |
1:24750b9ad5ef | 3548 | unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; |
Christopher Haster |
1:24750b9ad5ef | 3549 | |
Christopher Haster |
1:24750b9ad5ef | 3550 | if( rec_epoch != ssl->in_epoch ) |
Christopher Haster |
1:24750b9ad5ef | 3551 | { |
Christopher Haster |
1:24750b9ad5ef | 3552 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: " |
Christopher Haster |
1:24750b9ad5ef | 3553 | "expected %d, received %d", |
Christopher Haster |
1:24750b9ad5ef | 3554 | ssl->in_epoch, rec_epoch ) ); |
Christopher Haster |
1:24750b9ad5ef | 3555 | |
Christopher Haster |
1:24750b9ad5ef | 3556 | #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 3557 | /* |
Christopher Haster |
1:24750b9ad5ef | 3558 | * Check for an epoch 0 ClientHello. We can't use in_msg here to |
Christopher Haster |
1:24750b9ad5ef | 3559 | * access the first byte of record content (handshake type), as we |
Christopher Haster |
1:24750b9ad5ef | 3560 | * have an active transform (possibly iv_len != 0), so use the |
Christopher Haster |
1:24750b9ad5ef | 3561 | * fact that the record header len is 13 instead. |
Christopher Haster |
1:24750b9ad5ef | 3562 | */ |
Christopher Haster |
1:24750b9ad5ef | 3563 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
Christopher Haster |
1:24750b9ad5ef | 3564 | ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && |
Christopher Haster |
1:24750b9ad5ef | 3565 | rec_epoch == 0 && |
Christopher Haster |
1:24750b9ad5ef | 3566 | ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
Christopher Haster |
1:24750b9ad5ef | 3567 | ssl->in_left > 13 && |
Christopher Haster |
1:24750b9ad5ef | 3568 | ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO ) |
Christopher Haster |
1:24750b9ad5ef | 3569 | { |
Christopher Haster |
1:24750b9ad5ef | 3570 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect " |
Christopher Haster |
1:24750b9ad5ef | 3571 | "from the same port" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3572 | return( ssl_handle_possible_reconnect( ssl ) ); |
Christopher Haster |
1:24750b9ad5ef | 3573 | } |
Christopher Haster |
1:24750b9ad5ef | 3574 | else |
Christopher Haster |
1:24750b9ad5ef | 3575 | #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ |
Christopher Haster |
1:24750b9ad5ef | 3576 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3577 | } |
Christopher Haster |
1:24750b9ad5ef | 3578 | |
Christopher Haster |
1:24750b9ad5ef | 3579 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
Christopher Haster |
1:24750b9ad5ef | 3580 | /* Replay detection only works for the current epoch */ |
Christopher Haster |
1:24750b9ad5ef | 3581 | if( rec_epoch == ssl->in_epoch && |
Christopher Haster |
1:24750b9ad5ef | 3582 | mbedtls_ssl_dtls_replay_check( ssl ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3583 | { |
Christopher Haster |
1:24750b9ad5ef | 3584 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3585 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3586 | } |
Christopher Haster |
1:24750b9ad5ef | 3587 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3588 | } |
Christopher Haster |
1:24750b9ad5ef | 3589 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
Christopher Haster |
1:24750b9ad5ef | 3590 | |
Christopher Haster |
1:24750b9ad5ef | 3591 | /* Check length against the size of our buffer */ |
Christopher Haster |
1:24750b9ad5ef | 3592 | if( ssl->in_msglen > MBEDTLS_SSL_BUFFER_LEN |
Christopher Haster |
1:24750b9ad5ef | 3593 | - (size_t)( ssl->in_msg - ssl->in_buf ) ) |
Christopher Haster |
1:24750b9ad5ef | 3594 | { |
Christopher Haster |
1:24750b9ad5ef | 3595 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3596 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3597 | } |
Christopher Haster |
1:24750b9ad5ef | 3598 | |
Christopher Haster |
1:24750b9ad5ef | 3599 | /* Check length against bounds of the current transform and version */ |
Christopher Haster |
1:24750b9ad5ef | 3600 | if( ssl->transform_in == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 3601 | { |
Christopher Haster |
1:24750b9ad5ef | 3602 | if( ssl->in_msglen < 1 || |
Christopher Haster |
1:24750b9ad5ef | 3603 | ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
Christopher Haster |
1:24750b9ad5ef | 3604 | { |
Christopher Haster |
1:24750b9ad5ef | 3605 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3606 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3607 | } |
Christopher Haster |
1:24750b9ad5ef | 3608 | } |
Christopher Haster |
1:24750b9ad5ef | 3609 | else |
Christopher Haster |
1:24750b9ad5ef | 3610 | { |
Christopher Haster |
1:24750b9ad5ef | 3611 | if( ssl->in_msglen < ssl->transform_in->minlen ) |
Christopher Haster |
1:24750b9ad5ef | 3612 | { |
Christopher Haster |
1:24750b9ad5ef | 3613 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3614 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3615 | } |
Christopher Haster |
1:24750b9ad5ef | 3616 | |
Christopher Haster |
1:24750b9ad5ef | 3617 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 3618 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && |
Christopher Haster |
1:24750b9ad5ef | 3619 | ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN ) |
Christopher Haster |
1:24750b9ad5ef | 3620 | { |
Christopher Haster |
1:24750b9ad5ef | 3621 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3622 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3623 | } |
Christopher Haster |
1:24750b9ad5ef | 3624 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3625 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
Christopher Haster |
1:24750b9ad5ef | 3626 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 3627 | /* |
Christopher Haster |
1:24750b9ad5ef | 3628 | * TLS encrypted messages can have up to 256 bytes of padding |
Christopher Haster |
1:24750b9ad5ef | 3629 | */ |
Christopher Haster |
1:24750b9ad5ef | 3630 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 && |
Christopher Haster |
1:24750b9ad5ef | 3631 | ssl->in_msglen > ssl->transform_in->minlen + |
Christopher Haster |
1:24750b9ad5ef | 3632 | MBEDTLS_SSL_MAX_CONTENT_LEN + 256 ) |
Christopher Haster |
1:24750b9ad5ef | 3633 | { |
Christopher Haster |
1:24750b9ad5ef | 3634 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3635 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3636 | } |
Christopher Haster |
1:24750b9ad5ef | 3637 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3638 | } |
Christopher Haster |
1:24750b9ad5ef | 3639 | |
Christopher Haster |
1:24750b9ad5ef | 3640 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3641 | } |
Christopher Haster |
1:24750b9ad5ef | 3642 | |
Christopher Haster |
1:24750b9ad5ef | 3643 | /* |
Christopher Haster |
1:24750b9ad5ef | 3644 | * If applicable, decrypt (and decompress) record content |
Christopher Haster |
1:24750b9ad5ef | 3645 | */ |
Christopher Haster |
1:24750b9ad5ef | 3646 | static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 3647 | { |
Christopher Haster |
1:24750b9ad5ef | 3648 | int ret, done = 0; |
Christopher Haster |
1:24750b9ad5ef | 3649 | |
Christopher Haster |
1:24750b9ad5ef | 3650 | MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network", |
Christopher Haster |
1:24750b9ad5ef | 3651 | ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 3652 | |
Christopher Haster |
1:24750b9ad5ef | 3653 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
Christopher Haster |
1:24750b9ad5ef | 3654 | if( mbedtls_ssl_hw_record_read != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 3655 | { |
Christopher Haster |
1:24750b9ad5ef | 3656 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_read()" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3657 | |
Christopher Haster |
1:24750b9ad5ef | 3658 | ret = mbedtls_ssl_hw_record_read( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 3659 | if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) |
Christopher Haster |
1:24750b9ad5ef | 3660 | { |
Christopher Haster |
1:24750b9ad5ef | 3661 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_read", ret ); |
Christopher Haster |
1:24750b9ad5ef | 3662 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 3663 | } |
Christopher Haster |
1:24750b9ad5ef | 3664 | |
Christopher Haster |
1:24750b9ad5ef | 3665 | if( ret == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3666 | done = 1; |
Christopher Haster |
1:24750b9ad5ef | 3667 | } |
Christopher Haster |
1:24750b9ad5ef | 3668 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
Christopher Haster |
1:24750b9ad5ef | 3669 | if( !done && ssl->transform_in != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 3670 | { |
Christopher Haster |
1:24750b9ad5ef | 3671 | if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3672 | { |
Christopher Haster |
1:24750b9ad5ef | 3673 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret ); |
Christopher Haster |
1:24750b9ad5ef | 3674 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3675 | } |
Christopher Haster |
1:24750b9ad5ef | 3676 | |
Christopher Haster |
1:24750b9ad5ef | 3677 | MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt", |
Christopher Haster |
1:24750b9ad5ef | 3678 | ssl->in_msg, ssl->in_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 3679 | |
Christopher Haster |
1:24750b9ad5ef | 3680 | if( ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
Christopher Haster |
1:24750b9ad5ef | 3681 | { |
Christopher Haster |
1:24750b9ad5ef | 3682 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3683 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
Christopher Haster |
1:24750b9ad5ef | 3684 | } |
Christopher Haster |
1:24750b9ad5ef | 3685 | } |
Christopher Haster |
1:24750b9ad5ef | 3686 | |
Christopher Haster |
1:24750b9ad5ef | 3687 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
Christopher Haster |
1:24750b9ad5ef | 3688 | if( ssl->transform_in != NULL && |
Christopher Haster |
1:24750b9ad5ef | 3689 | ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
Christopher Haster |
1:24750b9ad5ef | 3690 | { |
Christopher Haster |
1:24750b9ad5ef | 3691 | if( ( ret = ssl_decompress_buf( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3692 | { |
Christopher Haster |
1:24750b9ad5ef | 3693 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret ); |
Christopher Haster |
1:24750b9ad5ef | 3694 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3695 | } |
Christopher Haster |
1:24750b9ad5ef | 3696 | |
Christopher Haster |
1:24750b9ad5ef | 3697 | // TODO: what's the purpose of these lines? is in_len used? |
Christopher Haster |
1:24750b9ad5ef | 3698 | ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 3699 | ssl->in_len[1] = (unsigned char)( ssl->in_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 3700 | } |
Christopher Haster |
1:24750b9ad5ef | 3701 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
Christopher Haster |
1:24750b9ad5ef | 3702 | |
Christopher Haster |
1:24750b9ad5ef | 3703 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
Christopher Haster |
1:24750b9ad5ef | 3704 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 3705 | { |
Christopher Haster |
1:24750b9ad5ef | 3706 | mbedtls_ssl_dtls_replay_update( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 3707 | } |
Christopher Haster |
1:24750b9ad5ef | 3708 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3709 | |
Christopher Haster |
1:24750b9ad5ef | 3710 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3711 | } |
Christopher Haster |
1:24750b9ad5ef | 3712 | |
Christopher Haster |
1:24750b9ad5ef | 3713 | static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 3714 | |
Christopher Haster |
1:24750b9ad5ef | 3715 | /* |
Christopher Haster |
1:24750b9ad5ef | 3716 | * Read a record. |
Christopher Haster |
1:24750b9ad5ef | 3717 | * |
Christopher Haster |
1:24750b9ad5ef | 3718 | * Silently ignore non-fatal alert (and for DTLS, invalid records as well, |
Christopher Haster |
1:24750b9ad5ef | 3719 | * RFC 6347 4.1.2.7) and continue reading until a valid record is found. |
Christopher Haster |
1:24750b9ad5ef | 3720 | * |
Christopher Haster |
1:24750b9ad5ef | 3721 | */ |
Christopher Haster |
1:24750b9ad5ef | 3722 | int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 3723 | { |
Christopher Haster |
1:24750b9ad5ef | 3724 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 3725 | |
Christopher Haster |
1:24750b9ad5ef | 3726 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3727 | |
Christopher Haster |
1:24750b9ad5ef | 3728 | if( ssl->in_hslen != 0 && ssl->in_hslen < ssl->in_msglen ) |
Christopher Haster |
1:24750b9ad5ef | 3729 | { |
Christopher Haster |
1:24750b9ad5ef | 3730 | /* |
Christopher Haster |
1:24750b9ad5ef | 3731 | * Get next Handshake message in the current record |
Christopher Haster |
1:24750b9ad5ef | 3732 | */ |
Christopher Haster |
1:24750b9ad5ef | 3733 | ssl->in_msglen -= ssl->in_hslen; |
Christopher Haster |
1:24750b9ad5ef | 3734 | |
Christopher Haster |
1:24750b9ad5ef | 3735 | memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen, |
Christopher Haster |
1:24750b9ad5ef | 3736 | ssl->in_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 3737 | |
Christopher Haster |
1:24750b9ad5ef | 3738 | MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record", |
Christopher Haster |
1:24750b9ad5ef | 3739 | ssl->in_msg, ssl->in_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 3740 | |
Christopher Haster |
1:24750b9ad5ef | 3741 | if( ( ret = ssl_prepare_handshake_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3742 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3743 | |
Christopher Haster |
1:24750b9ad5ef | 3744 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3745 | } |
Christopher Haster |
1:24750b9ad5ef | 3746 | |
Christopher Haster |
1:24750b9ad5ef | 3747 | ssl->in_hslen = 0; |
Christopher Haster |
1:24750b9ad5ef | 3748 | |
Christopher Haster |
1:24750b9ad5ef | 3749 | /* |
Christopher Haster |
1:24750b9ad5ef | 3750 | * Read the record header and parse it |
Christopher Haster |
1:24750b9ad5ef | 3751 | */ |
Christopher Haster |
1:24750b9ad5ef | 3752 | read_record_header: |
Christopher Haster |
1:24750b9ad5ef | 3753 | if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3754 | { |
Christopher Haster |
1:24750b9ad5ef | 3755 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); |
Christopher Haster |
1:24750b9ad5ef | 3756 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3757 | } |
Christopher Haster |
1:24750b9ad5ef | 3758 | |
Christopher Haster |
1:24750b9ad5ef | 3759 | if( ( ret = ssl_parse_record_header( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3760 | { |
Christopher Haster |
1:24750b9ad5ef | 3761 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 3762 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
Christopher Haster |
1:24750b9ad5ef | 3763 | ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT ) |
Christopher Haster |
1:24750b9ad5ef | 3764 | { |
Christopher Haster |
1:24750b9ad5ef | 3765 | /* Ignore bad record and get next one; drop the whole datagram |
Christopher Haster |
1:24750b9ad5ef | 3766 | * since current header cannot be trusted to find the next record |
Christopher Haster |
1:24750b9ad5ef | 3767 | * in current datagram */ |
Christopher Haster |
1:24750b9ad5ef | 3768 | ssl->next_record_offset = 0; |
Christopher Haster |
1:24750b9ad5ef | 3769 | ssl->in_left = 0; |
Christopher Haster |
1:24750b9ad5ef | 3770 | |
Christopher Haster |
1:24750b9ad5ef | 3771 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (header)" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3772 | goto read_record_header; |
Christopher Haster |
1:24750b9ad5ef | 3773 | } |
Christopher Haster |
1:24750b9ad5ef | 3774 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3775 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3776 | } |
Christopher Haster |
1:24750b9ad5ef | 3777 | |
Christopher Haster |
1:24750b9ad5ef | 3778 | /* |
Christopher Haster |
1:24750b9ad5ef | 3779 | * Read and optionally decrypt the message contents |
Christopher Haster |
1:24750b9ad5ef | 3780 | */ |
Christopher Haster |
1:24750b9ad5ef | 3781 | if( ( ret = mbedtls_ssl_fetch_input( ssl, |
Christopher Haster |
1:24750b9ad5ef | 3782 | mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3783 | { |
Christopher Haster |
1:24750b9ad5ef | 3784 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); |
Christopher Haster |
1:24750b9ad5ef | 3785 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3786 | } |
Christopher Haster |
1:24750b9ad5ef | 3787 | |
Christopher Haster |
1:24750b9ad5ef | 3788 | /* Done reading this record, get ready for the next one */ |
Christopher Haster |
1:24750b9ad5ef | 3789 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 3790 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 3791 | ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 3792 | else |
Christopher Haster |
1:24750b9ad5ef | 3793 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3794 | ssl->in_left = 0; |
Christopher Haster |
1:24750b9ad5ef | 3795 | |
Christopher Haster |
1:24750b9ad5ef | 3796 | if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3797 | { |
Christopher Haster |
1:24750b9ad5ef | 3798 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 3799 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 3800 | { |
Christopher Haster |
1:24750b9ad5ef | 3801 | /* Silently discard invalid records */ |
Christopher Haster |
1:24750b9ad5ef | 3802 | if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD || |
Christopher Haster |
1:24750b9ad5ef | 3803 | ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
Christopher Haster |
1:24750b9ad5ef | 3804 | { |
Christopher Haster |
1:24750b9ad5ef | 3805 | /* Except when waiting for Finished as a bad mac here |
Christopher Haster |
1:24750b9ad5ef | 3806 | * probably means something went wrong in the handshake |
Christopher Haster |
1:24750b9ad5ef | 3807 | * (eg wrong psk used, mitm downgrade attempt, etc.) */ |
Christopher Haster |
1:24750b9ad5ef | 3808 | if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED || |
Christopher Haster |
1:24750b9ad5ef | 3809 | ssl->state == MBEDTLS_SSL_SERVER_FINISHED ) |
Christopher Haster |
1:24750b9ad5ef | 3810 | { |
Christopher Haster |
1:24750b9ad5ef | 3811 | #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) |
Christopher Haster |
1:24750b9ad5ef | 3812 | if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
Christopher Haster |
1:24750b9ad5ef | 3813 | { |
Christopher Haster |
1:24750b9ad5ef | 3814 | mbedtls_ssl_send_alert_message( ssl, |
Christopher Haster |
1:24750b9ad5ef | 3815 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Christopher Haster |
1:24750b9ad5ef | 3816 | MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); |
Christopher Haster |
1:24750b9ad5ef | 3817 | } |
Christopher Haster |
1:24750b9ad5ef | 3818 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3819 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3820 | } |
Christopher Haster |
1:24750b9ad5ef | 3821 | |
Christopher Haster |
1:24750b9ad5ef | 3822 | #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) |
Christopher Haster |
1:24750b9ad5ef | 3823 | if( ssl->conf->badmac_limit != 0 && |
Christopher Haster |
1:24750b9ad5ef | 3824 | ++ssl->badmac_seen >= ssl->conf->badmac_limit ) |
Christopher Haster |
1:24750b9ad5ef | 3825 | { |
Christopher Haster |
1:24750b9ad5ef | 3826 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3827 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
Christopher Haster |
1:24750b9ad5ef | 3828 | } |
Christopher Haster |
1:24750b9ad5ef | 3829 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3830 | |
Christopher Haster |
1:24750b9ad5ef | 3831 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3832 | goto read_record_header; |
Christopher Haster |
1:24750b9ad5ef | 3833 | } |
Christopher Haster |
1:24750b9ad5ef | 3834 | |
Christopher Haster |
1:24750b9ad5ef | 3835 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3836 | } |
Christopher Haster |
1:24750b9ad5ef | 3837 | else |
Christopher Haster |
1:24750b9ad5ef | 3838 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3839 | { |
Christopher Haster |
1:24750b9ad5ef | 3840 | /* Error out (and send alert) on invalid records */ |
Christopher Haster |
1:24750b9ad5ef | 3841 | #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) |
Christopher Haster |
1:24750b9ad5ef | 3842 | if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
Christopher Haster |
1:24750b9ad5ef | 3843 | { |
Christopher Haster |
1:24750b9ad5ef | 3844 | mbedtls_ssl_send_alert_message( ssl, |
Christopher Haster |
1:24750b9ad5ef | 3845 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Christopher Haster |
1:24750b9ad5ef | 3846 | MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); |
Christopher Haster |
1:24750b9ad5ef | 3847 | } |
Christopher Haster |
1:24750b9ad5ef | 3848 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3849 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3850 | } |
Christopher Haster |
1:24750b9ad5ef | 3851 | } |
Christopher Haster |
1:24750b9ad5ef | 3852 | |
Christopher Haster |
1:24750b9ad5ef | 3853 | /* |
Christopher Haster |
1:24750b9ad5ef | 3854 | * When we sent the last flight of the handshake, we MUST respond to a |
Christopher Haster |
1:24750b9ad5ef | 3855 | * retransmit of the peer's previous flight with a retransmit. (In |
Christopher Haster |
1:24750b9ad5ef | 3856 | * practice, only the Finished message will make it, other messages |
Christopher Haster |
1:24750b9ad5ef | 3857 | * including CCS use the old transform so they're dropped as invalid.) |
Christopher Haster |
1:24750b9ad5ef | 3858 | * |
Christopher Haster |
1:24750b9ad5ef | 3859 | * If the record we received is not a handshake message, however, it |
Christopher Haster |
1:24750b9ad5ef | 3860 | * means the peer received our last flight so we can clean up |
Christopher Haster |
1:24750b9ad5ef | 3861 | * handshake info. |
Christopher Haster |
1:24750b9ad5ef | 3862 | * |
Christopher Haster |
1:24750b9ad5ef | 3863 | * This check needs to be done before prepare_handshake() due to an edge |
Christopher Haster |
1:24750b9ad5ef | 3864 | * case: if the client immediately requests renegotiation, this |
Christopher Haster |
1:24750b9ad5ef | 3865 | * finishes the current handshake first, avoiding the new ClientHello |
Christopher Haster |
1:24750b9ad5ef | 3866 | * being mistaken for an ancient message in the current handshake. |
Christopher Haster |
1:24750b9ad5ef | 3867 | */ |
Christopher Haster |
1:24750b9ad5ef | 3868 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 3869 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
Christopher Haster |
1:24750b9ad5ef | 3870 | ssl->handshake != NULL && |
Christopher Haster |
1:24750b9ad5ef | 3871 | ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
Christopher Haster |
1:24750b9ad5ef | 3872 | { |
Christopher Haster |
1:24750b9ad5ef | 3873 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
Christopher Haster |
1:24750b9ad5ef | 3874 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
Christopher Haster |
1:24750b9ad5ef | 3875 | { |
Christopher Haster |
1:24750b9ad5ef | 3876 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "received retransmit of last flight" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3877 | |
Christopher Haster |
1:24750b9ad5ef | 3878 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3879 | { |
Christopher Haster |
1:24750b9ad5ef | 3880 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
Christopher Haster |
1:24750b9ad5ef | 3881 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3882 | } |
Christopher Haster |
1:24750b9ad5ef | 3883 | |
Christopher Haster |
1:24750b9ad5ef | 3884 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
Christopher Haster |
1:24750b9ad5ef | 3885 | } |
Christopher Haster |
1:24750b9ad5ef | 3886 | else |
Christopher Haster |
1:24750b9ad5ef | 3887 | { |
Christopher Haster |
1:24750b9ad5ef | 3888 | ssl_handshake_wrapup_free_hs_transform( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 3889 | } |
Christopher Haster |
1:24750b9ad5ef | 3890 | } |
Christopher Haster |
1:24750b9ad5ef | 3891 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3892 | |
Christopher Haster |
1:24750b9ad5ef | 3893 | /* |
Christopher Haster |
1:24750b9ad5ef | 3894 | * Handle particular types of records |
Christopher Haster |
1:24750b9ad5ef | 3895 | */ |
Christopher Haster |
1:24750b9ad5ef | 3896 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
Christopher Haster |
1:24750b9ad5ef | 3897 | { |
Christopher Haster |
1:24750b9ad5ef | 3898 | if( ( ret = ssl_prepare_handshake_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3899 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3900 | } |
Christopher Haster |
1:24750b9ad5ef | 3901 | |
Christopher Haster |
1:24750b9ad5ef | 3902 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) |
Christopher Haster |
1:24750b9ad5ef | 3903 | { |
Christopher Haster |
1:24750b9ad5ef | 3904 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]", |
Christopher Haster |
1:24750b9ad5ef | 3905 | ssl->in_msg[0], ssl->in_msg[1] ) ); |
Christopher Haster |
1:24750b9ad5ef | 3906 | |
Christopher Haster |
1:24750b9ad5ef | 3907 | /* |
Christopher Haster |
1:24750b9ad5ef | 3908 | * Ignore non-fatal alerts, except close_notify and no_renegotiation |
Christopher Haster |
1:24750b9ad5ef | 3909 | */ |
Christopher Haster |
1:24750b9ad5ef | 3910 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL ) |
Christopher Haster |
1:24750b9ad5ef | 3911 | { |
Christopher Haster |
1:24750b9ad5ef | 3912 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)", |
Christopher Haster |
1:24750b9ad5ef | 3913 | ssl->in_msg[1] ) ); |
Christopher Haster |
1:24750b9ad5ef | 3914 | return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE ); |
Christopher Haster |
1:24750b9ad5ef | 3915 | } |
Christopher Haster |
1:24750b9ad5ef | 3916 | |
Christopher Haster |
1:24750b9ad5ef | 3917 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
Christopher Haster |
1:24750b9ad5ef | 3918 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) |
Christopher Haster |
1:24750b9ad5ef | 3919 | { |
Christopher Haster |
1:24750b9ad5ef | 3920 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3921 | return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ); |
Christopher Haster |
1:24750b9ad5ef | 3922 | } |
Christopher Haster |
1:24750b9ad5ef | 3923 | |
Christopher Haster |
1:24750b9ad5ef | 3924 | #if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 3925 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
Christopher Haster |
1:24750b9ad5ef | 3926 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) |
Christopher Haster |
1:24750b9ad5ef | 3927 | { |
Christopher Haster |
1:24750b9ad5ef | 3928 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3929 | /* Will be handled when trying to parse ServerHello */ |
Christopher Haster |
1:24750b9ad5ef | 3930 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3931 | } |
Christopher Haster |
1:24750b9ad5ef | 3932 | #endif |
Christopher Haster |
1:24750b9ad5ef | 3933 | |
Christopher Haster |
1:24750b9ad5ef | 3934 | #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 3935 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && |
Christopher Haster |
1:24750b9ad5ef | 3936 | ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
Christopher Haster |
1:24750b9ad5ef | 3937 | ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
Christopher Haster |
1:24750b9ad5ef | 3938 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) |
Christopher Haster |
1:24750b9ad5ef | 3939 | { |
Christopher Haster |
1:24750b9ad5ef | 3940 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3941 | /* Will be handled in mbedtls_ssl_parse_certificate() */ |
Christopher Haster |
1:24750b9ad5ef | 3942 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3943 | } |
Christopher Haster |
1:24750b9ad5ef | 3944 | #endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ |
Christopher Haster |
1:24750b9ad5ef | 3945 | |
Christopher Haster |
1:24750b9ad5ef | 3946 | /* Silently ignore: fetch new message */ |
Christopher Haster |
1:24750b9ad5ef | 3947 | goto read_record_header; |
Christopher Haster |
1:24750b9ad5ef | 3948 | } |
Christopher Haster |
1:24750b9ad5ef | 3949 | |
Christopher Haster |
1:24750b9ad5ef | 3950 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3951 | |
Christopher Haster |
1:24750b9ad5ef | 3952 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3953 | } |
Christopher Haster |
1:24750b9ad5ef | 3954 | |
Christopher Haster |
1:24750b9ad5ef | 3955 | int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 3956 | { |
Christopher Haster |
1:24750b9ad5ef | 3957 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 3958 | |
Christopher Haster |
1:24750b9ad5ef | 3959 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
Christopher Haster |
1:24750b9ad5ef | 3960 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
Christopher Haster |
1:24750b9ad5ef | 3961 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3962 | { |
Christopher Haster |
1:24750b9ad5ef | 3963 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3964 | } |
Christopher Haster |
1:24750b9ad5ef | 3965 | |
Christopher Haster |
1:24750b9ad5ef | 3966 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3967 | } |
Christopher Haster |
1:24750b9ad5ef | 3968 | |
Christopher Haster |
1:24750b9ad5ef | 3969 | int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 3970 | unsigned char level, |
Christopher Haster |
1:24750b9ad5ef | 3971 | unsigned char message ) |
Christopher Haster |
1:24750b9ad5ef | 3972 | { |
Christopher Haster |
1:24750b9ad5ef | 3973 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 3974 | |
Christopher Haster |
1:24750b9ad5ef | 3975 | if( ssl == NULL || ssl->conf == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 3976 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 3977 | |
Christopher Haster |
1:24750b9ad5ef | 3978 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3979 | |
Christopher Haster |
1:24750b9ad5ef | 3980 | ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; |
Christopher Haster |
1:24750b9ad5ef | 3981 | ssl->out_msglen = 2; |
Christopher Haster |
1:24750b9ad5ef | 3982 | ssl->out_msg[0] = level; |
Christopher Haster |
1:24750b9ad5ef | 3983 | ssl->out_msg[1] = message; |
Christopher Haster |
1:24750b9ad5ef | 3984 | |
Christopher Haster |
1:24750b9ad5ef | 3985 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 3986 | { |
Christopher Haster |
1:24750b9ad5ef | 3987 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
Christopher Haster |
1:24750b9ad5ef | 3988 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 3989 | } |
Christopher Haster |
1:24750b9ad5ef | 3990 | |
Christopher Haster |
1:24750b9ad5ef | 3991 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 3992 | |
Christopher Haster |
1:24750b9ad5ef | 3993 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 3994 | } |
Christopher Haster |
1:24750b9ad5ef | 3995 | |
Christopher Haster |
1:24750b9ad5ef | 3996 | /* |
Christopher Haster |
1:24750b9ad5ef | 3997 | * Handshake functions |
Christopher Haster |
1:24750b9ad5ef | 3998 | */ |
Christopher Haster |
1:24750b9ad5ef | 3999 | #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ |
Christopher Haster |
1:24750b9ad5ef | 4000 | !defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ |
Christopher Haster |
1:24750b9ad5ef | 4001 | !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ |
Christopher Haster |
1:24750b9ad5ef | 4002 | !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ |
Christopher Haster |
1:24750b9ad5ef | 4003 | !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ |
Christopher Haster |
1:24750b9ad5ef | 4004 | !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ |
Christopher Haster |
1:24750b9ad5ef | 4005 | !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 4006 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 4007 | { |
Christopher Haster |
1:24750b9ad5ef | 4008 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
Christopher Haster |
1:24750b9ad5ef | 4009 | |
Christopher Haster |
1:24750b9ad5ef | 4010 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4011 | |
Christopher Haster |
1:24750b9ad5ef | 4012 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
Christopher Haster |
1:24750b9ad5ef | 4013 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
Christopher Haster |
1:24750b9ad5ef | 4014 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
Christopher Haster |
1:24750b9ad5ef | 4015 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
Christopher Haster |
1:24750b9ad5ef | 4016 | { |
Christopher Haster |
1:24750b9ad5ef | 4017 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4018 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 4019 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 4020 | } |
Christopher Haster |
1:24750b9ad5ef | 4021 | |
Christopher Haster |
1:24750b9ad5ef | 4022 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4023 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 4024 | } |
Christopher Haster |
1:24750b9ad5ef | 4025 | |
Christopher Haster |
1:24750b9ad5ef | 4026 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 4027 | { |
Christopher Haster |
1:24750b9ad5ef | 4028 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
Christopher Haster |
1:24750b9ad5ef | 4029 | |
Christopher Haster |
1:24750b9ad5ef | 4030 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4031 | |
Christopher Haster |
1:24750b9ad5ef | 4032 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
Christopher Haster |
1:24750b9ad5ef | 4033 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
Christopher Haster |
1:24750b9ad5ef | 4034 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
Christopher Haster |
1:24750b9ad5ef | 4035 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
Christopher Haster |
1:24750b9ad5ef | 4036 | { |
Christopher Haster |
1:24750b9ad5ef | 4037 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4038 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 4039 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 4040 | } |
Christopher Haster |
1:24750b9ad5ef | 4041 | |
Christopher Haster |
1:24750b9ad5ef | 4042 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4043 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 4044 | } |
Christopher Haster |
1:24750b9ad5ef | 4045 | #else |
Christopher Haster |
1:24750b9ad5ef | 4046 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 4047 | { |
Christopher Haster |
1:24750b9ad5ef | 4048 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
Christopher Haster |
1:24750b9ad5ef | 4049 | size_t i, n; |
Christopher Haster |
1:24750b9ad5ef | 4050 | const mbedtls_x509_crt *crt; |
Christopher Haster |
1:24750b9ad5ef | 4051 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
Christopher Haster |
1:24750b9ad5ef | 4052 | |
Christopher Haster |
1:24750b9ad5ef | 4053 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4054 | |
Christopher Haster |
1:24750b9ad5ef | 4055 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
Christopher Haster |
1:24750b9ad5ef | 4056 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
Christopher Haster |
1:24750b9ad5ef | 4057 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
Christopher Haster |
1:24750b9ad5ef | 4058 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
Christopher Haster |
1:24750b9ad5ef | 4059 | { |
Christopher Haster |
1:24750b9ad5ef | 4060 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4061 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 4062 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 4063 | } |
Christopher Haster |
1:24750b9ad5ef | 4064 | |
Christopher Haster |
1:24750b9ad5ef | 4065 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 4066 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
Christopher Haster |
1:24750b9ad5ef | 4067 | { |
Christopher Haster |
1:24750b9ad5ef | 4068 | if( ssl->client_auth == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4069 | { |
Christopher Haster |
1:24750b9ad5ef | 4070 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4071 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 4072 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 4073 | } |
Christopher Haster |
1:24750b9ad5ef | 4074 | |
Christopher Haster |
1:24750b9ad5ef | 4075 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 4076 | /* |
Christopher Haster |
1:24750b9ad5ef | 4077 | * If using SSLv3 and got no cert, send an Alert message |
Christopher Haster |
1:24750b9ad5ef | 4078 | * (otherwise an empty Certificate message will be sent). |
Christopher Haster |
1:24750b9ad5ef | 4079 | */ |
Christopher Haster |
1:24750b9ad5ef | 4080 | if( mbedtls_ssl_own_cert( ssl ) == NULL && |
Christopher Haster |
1:24750b9ad5ef | 4081 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
Christopher Haster |
1:24750b9ad5ef | 4082 | { |
Christopher Haster |
1:24750b9ad5ef | 4083 | ssl->out_msglen = 2; |
Christopher Haster |
1:24750b9ad5ef | 4084 | ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; |
Christopher Haster |
1:24750b9ad5ef | 4085 | ssl->out_msg[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING; |
Christopher Haster |
1:24750b9ad5ef | 4086 | ssl->out_msg[1] = MBEDTLS_SSL_ALERT_MSG_NO_CERT; |
Christopher Haster |
1:24750b9ad5ef | 4087 | |
Christopher Haster |
1:24750b9ad5ef | 4088 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4089 | goto write_msg; |
Christopher Haster |
1:24750b9ad5ef | 4090 | } |
Christopher Haster |
1:24750b9ad5ef | 4091 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Christopher Haster |
1:24750b9ad5ef | 4092 | } |
Christopher Haster |
1:24750b9ad5ef | 4093 | #endif /* MBEDTLS_SSL_CLI_C */ |
Christopher Haster |
1:24750b9ad5ef | 4094 | #if defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 4095 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
Christopher Haster |
1:24750b9ad5ef | 4096 | { |
Christopher Haster |
1:24750b9ad5ef | 4097 | if( mbedtls_ssl_own_cert( ssl ) == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 4098 | { |
Christopher Haster |
1:24750b9ad5ef | 4099 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4100 | return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED ); |
Christopher Haster |
1:24750b9ad5ef | 4101 | } |
Christopher Haster |
1:24750b9ad5ef | 4102 | } |
Christopher Haster |
1:24750b9ad5ef | 4103 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4104 | |
Christopher Haster |
1:24750b9ad5ef | 4105 | MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) ); |
Christopher Haster |
1:24750b9ad5ef | 4106 | |
Christopher Haster |
1:24750b9ad5ef | 4107 | /* |
Christopher Haster |
1:24750b9ad5ef | 4108 | * 0 . 0 handshake type |
Christopher Haster |
1:24750b9ad5ef | 4109 | * 1 . 3 handshake length |
Christopher Haster |
1:24750b9ad5ef | 4110 | * 4 . 6 length of all certs |
Christopher Haster |
1:24750b9ad5ef | 4111 | * 7 . 9 length of cert. 1 |
Christopher Haster |
1:24750b9ad5ef | 4112 | * 10 . n-1 peer certificate |
Christopher Haster |
1:24750b9ad5ef | 4113 | * n . n+2 length of cert. 2 |
Christopher Haster |
1:24750b9ad5ef | 4114 | * n+3 . ... upper level cert, etc. |
Christopher Haster |
1:24750b9ad5ef | 4115 | */ |
Christopher Haster |
1:24750b9ad5ef | 4116 | i = 7; |
Christopher Haster |
1:24750b9ad5ef | 4117 | crt = mbedtls_ssl_own_cert( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 4118 | |
Christopher Haster |
1:24750b9ad5ef | 4119 | while( crt != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 4120 | { |
Christopher Haster |
1:24750b9ad5ef | 4121 | n = crt->raw.len; |
Christopher Haster |
1:24750b9ad5ef | 4122 | if( n > MBEDTLS_SSL_MAX_CONTENT_LEN - 3 - i ) |
Christopher Haster |
1:24750b9ad5ef | 4123 | { |
Christopher Haster |
1:24750b9ad5ef | 4124 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d", |
Christopher Haster |
1:24750b9ad5ef | 4125 | i + 3 + n, MBEDTLS_SSL_MAX_CONTENT_LEN ) ); |
Christopher Haster |
1:24750b9ad5ef | 4126 | return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); |
Christopher Haster |
1:24750b9ad5ef | 4127 | } |
Christopher Haster |
1:24750b9ad5ef | 4128 | |
Christopher Haster |
1:24750b9ad5ef | 4129 | ssl->out_msg[i ] = (unsigned char)( n >> 16 ); |
Christopher Haster |
1:24750b9ad5ef | 4130 | ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 4131 | ssl->out_msg[i + 2] = (unsigned char)( n ); |
Christopher Haster |
1:24750b9ad5ef | 4132 | |
Christopher Haster |
1:24750b9ad5ef | 4133 | i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); |
Christopher Haster |
1:24750b9ad5ef | 4134 | i += n; crt = crt->next; |
Christopher Haster |
1:24750b9ad5ef | 4135 | } |
Christopher Haster |
1:24750b9ad5ef | 4136 | |
Christopher Haster |
1:24750b9ad5ef | 4137 | ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); |
Christopher Haster |
1:24750b9ad5ef | 4138 | ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); |
Christopher Haster |
1:24750b9ad5ef | 4139 | ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); |
Christopher Haster |
1:24750b9ad5ef | 4140 | |
Christopher Haster |
1:24750b9ad5ef | 4141 | ssl->out_msglen = i; |
Christopher Haster |
1:24750b9ad5ef | 4142 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
Christopher Haster |
1:24750b9ad5ef | 4143 | ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; |
Christopher Haster |
1:24750b9ad5ef | 4144 | |
Christopher Haster |
1:24750b9ad5ef | 4145 | #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 4146 | write_msg: |
Christopher Haster |
1:24750b9ad5ef | 4147 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4148 | |
Christopher Haster |
1:24750b9ad5ef | 4149 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 4150 | |
Christopher Haster |
1:24750b9ad5ef | 4151 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4152 | { |
Christopher Haster |
1:24750b9ad5ef | 4153 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
Christopher Haster |
1:24750b9ad5ef | 4154 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 4155 | } |
Christopher Haster |
1:24750b9ad5ef | 4156 | |
Christopher Haster |
1:24750b9ad5ef | 4157 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4158 | |
Christopher Haster |
1:24750b9ad5ef | 4159 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 4160 | } |
Christopher Haster |
1:24750b9ad5ef | 4161 | |
Christopher Haster |
1:24750b9ad5ef | 4162 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 4163 | { |
Christopher Haster |
1:24750b9ad5ef | 4164 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
Christopher Haster |
1:24750b9ad5ef | 4165 | size_t i, n; |
Christopher Haster |
1:24750b9ad5ef | 4166 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
Christopher Haster |
1:24750b9ad5ef | 4167 | int authmode = ssl->conf->authmode; |
Christopher Haster |
1:24750b9ad5ef | 4168 | |
Christopher Haster |
1:24750b9ad5ef | 4169 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4170 | |
Christopher Haster |
1:24750b9ad5ef | 4171 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
Christopher Haster |
1:24750b9ad5ef | 4172 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
Christopher Haster |
1:24750b9ad5ef | 4173 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
Christopher Haster |
1:24750b9ad5ef | 4174 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
Christopher Haster |
1:24750b9ad5ef | 4175 | { |
Christopher Haster |
1:24750b9ad5ef | 4176 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4177 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 4178 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 4179 | } |
Christopher Haster |
1:24750b9ad5ef | 4180 | |
Christopher Haster |
1:24750b9ad5ef | 4181 | #if defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 4182 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
Christopher Haster |
1:24750b9ad5ef | 4183 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) |
Christopher Haster |
1:24750b9ad5ef | 4184 | { |
Christopher Haster |
1:24750b9ad5ef | 4185 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4186 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 4187 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 4188 | } |
Christopher Haster |
1:24750b9ad5ef | 4189 | |
Christopher Haster |
1:24750b9ad5ef | 4190 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
Christopher Haster |
1:24750b9ad5ef | 4191 | if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ) |
Christopher Haster |
1:24750b9ad5ef | 4192 | authmode = ssl->handshake->sni_authmode; |
Christopher Haster |
1:24750b9ad5ef | 4193 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4194 | |
Christopher Haster |
1:24750b9ad5ef | 4195 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
Christopher Haster |
1:24750b9ad5ef | 4196 | authmode == MBEDTLS_SSL_VERIFY_NONE ) |
Christopher Haster |
1:24750b9ad5ef | 4197 | { |
Christopher Haster |
1:24750b9ad5ef | 4198 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; |
Christopher Haster |
1:24750b9ad5ef | 4199 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4200 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 4201 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 4202 | } |
Christopher Haster |
1:24750b9ad5ef | 4203 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4204 | |
Christopher Haster |
1:24750b9ad5ef | 4205 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4206 | { |
Christopher Haster |
1:24750b9ad5ef | 4207 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
Christopher Haster |
1:24750b9ad5ef | 4208 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 4209 | } |
Christopher Haster |
1:24750b9ad5ef | 4210 | |
Christopher Haster |
1:24750b9ad5ef | 4211 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 4212 | |
Christopher Haster |
1:24750b9ad5ef | 4213 | #if defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 4214 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 4215 | /* |
Christopher Haster |
1:24750b9ad5ef | 4216 | * Check if the client sent an empty certificate |
Christopher Haster |
1:24750b9ad5ef | 4217 | */ |
Christopher Haster |
1:24750b9ad5ef | 4218 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
Christopher Haster |
1:24750b9ad5ef | 4219 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
Christopher Haster |
1:24750b9ad5ef | 4220 | { |
Christopher Haster |
1:24750b9ad5ef | 4221 | if( ssl->in_msglen == 2 && |
Christopher Haster |
1:24750b9ad5ef | 4222 | ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT && |
Christopher Haster |
1:24750b9ad5ef | 4223 | ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
Christopher Haster |
1:24750b9ad5ef | 4224 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) |
Christopher Haster |
1:24750b9ad5ef | 4225 | { |
Christopher Haster |
1:24750b9ad5ef | 4226 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4227 | |
Christopher Haster |
1:24750b9ad5ef | 4228 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; |
Christopher Haster |
1:24750b9ad5ef | 4229 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) |
Christopher Haster |
1:24750b9ad5ef | 4230 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 4231 | else |
Christopher Haster |
1:24750b9ad5ef | 4232 | return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); |
Christopher Haster |
1:24750b9ad5ef | 4233 | } |
Christopher Haster |
1:24750b9ad5ef | 4234 | } |
Christopher Haster |
1:24750b9ad5ef | 4235 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Christopher Haster |
1:24750b9ad5ef | 4236 | |
Christopher Haster |
1:24750b9ad5ef | 4237 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
Christopher Haster |
1:24750b9ad5ef | 4238 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 4239 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
Christopher Haster |
1:24750b9ad5ef | 4240 | ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) |
Christopher Haster |
1:24750b9ad5ef | 4241 | { |
Christopher Haster |
1:24750b9ad5ef | 4242 | if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) && |
Christopher Haster |
1:24750b9ad5ef | 4243 | ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
Christopher Haster |
1:24750b9ad5ef | 4244 | ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && |
Christopher Haster |
1:24750b9ad5ef | 4245 | memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4246 | { |
Christopher Haster |
1:24750b9ad5ef | 4247 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4248 | |
Christopher Haster |
1:24750b9ad5ef | 4249 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; |
Christopher Haster |
1:24750b9ad5ef | 4250 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) |
Christopher Haster |
1:24750b9ad5ef | 4251 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 4252 | else |
Christopher Haster |
1:24750b9ad5ef | 4253 | return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); |
Christopher Haster |
1:24750b9ad5ef | 4254 | } |
Christopher Haster |
1:24750b9ad5ef | 4255 | } |
Christopher Haster |
1:24750b9ad5ef | 4256 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
Christopher Haster |
1:24750b9ad5ef | 4257 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 4258 | #endif /* MBEDTLS_SSL_SRV_C */ |
Christopher Haster |
1:24750b9ad5ef | 4259 | |
Christopher Haster |
1:24750b9ad5ef | 4260 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
Christopher Haster |
1:24750b9ad5ef | 4261 | { |
Christopher Haster |
1:24750b9ad5ef | 4262 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4263 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
Christopher Haster |
1:24750b9ad5ef | 4264 | } |
Christopher Haster |
1:24750b9ad5ef | 4265 | |
Christopher Haster |
1:24750b9ad5ef | 4266 | if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE || |
Christopher Haster |
1:24750b9ad5ef | 4267 | ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 ) |
Christopher Haster |
1:24750b9ad5ef | 4268 | { |
Christopher Haster |
1:24750b9ad5ef | 4269 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4270 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
Christopher Haster |
1:24750b9ad5ef | 4271 | } |
Christopher Haster |
1:24750b9ad5ef | 4272 | |
Christopher Haster |
1:24750b9ad5ef | 4273 | i = mbedtls_ssl_hs_hdr_len( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 4274 | |
Christopher Haster |
1:24750b9ad5ef | 4275 | /* |
Christopher Haster |
1:24750b9ad5ef | 4276 | * Same message structure as in mbedtls_ssl_write_certificate() |
Christopher Haster |
1:24750b9ad5ef | 4277 | */ |
Christopher Haster |
1:24750b9ad5ef | 4278 | n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; |
Christopher Haster |
1:24750b9ad5ef | 4279 | |
Christopher Haster |
1:24750b9ad5ef | 4280 | if( ssl->in_msg[i] != 0 || |
Christopher Haster |
1:24750b9ad5ef | 4281 | ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) |
Christopher Haster |
1:24750b9ad5ef | 4282 | { |
Christopher Haster |
1:24750b9ad5ef | 4283 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4284 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
Christopher Haster |
1:24750b9ad5ef | 4285 | } |
Christopher Haster |
1:24750b9ad5ef | 4286 | |
Christopher Haster |
1:24750b9ad5ef | 4287 | /* In case we tried to reuse a session but it failed */ |
Christopher Haster |
1:24750b9ad5ef | 4288 | if( ssl->session_negotiate->peer_cert != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 4289 | { |
Christopher Haster |
1:24750b9ad5ef | 4290 | mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert ); |
Christopher Haster |
1:24750b9ad5ef | 4291 | mbedtls_free( ssl->session_negotiate->peer_cert ); |
Christopher Haster |
1:24750b9ad5ef | 4292 | } |
Christopher Haster |
1:24750b9ad5ef | 4293 | |
Christopher Haster |
1:24750b9ad5ef | 4294 | if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1, |
Christopher Haster |
1:24750b9ad5ef | 4295 | sizeof( mbedtls_x509_crt ) ) ) == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 4296 | { |
Christopher Haster |
1:24750b9ad5ef | 4297 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", |
Christopher Haster |
1:24750b9ad5ef | 4298 | sizeof( mbedtls_x509_crt ) ) ); |
Christopher Haster |
1:24750b9ad5ef | 4299 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 4300 | } |
Christopher Haster |
1:24750b9ad5ef | 4301 | |
Christopher Haster |
1:24750b9ad5ef | 4302 | mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert ); |
Christopher Haster |
1:24750b9ad5ef | 4303 | |
Christopher Haster |
1:24750b9ad5ef | 4304 | i += 3; |
Christopher Haster |
1:24750b9ad5ef | 4305 | |
Christopher Haster |
1:24750b9ad5ef | 4306 | while( i < ssl->in_hslen ) |
Christopher Haster |
1:24750b9ad5ef | 4307 | { |
Christopher Haster |
1:24750b9ad5ef | 4308 | if( ssl->in_msg[i] != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4309 | { |
Christopher Haster |
1:24750b9ad5ef | 4310 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4311 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
Christopher Haster |
1:24750b9ad5ef | 4312 | } |
Christopher Haster |
1:24750b9ad5ef | 4313 | |
Christopher Haster |
1:24750b9ad5ef | 4314 | n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) |
Christopher Haster |
1:24750b9ad5ef | 4315 | | (unsigned int) ssl->in_msg[i + 2]; |
Christopher Haster |
1:24750b9ad5ef | 4316 | i += 3; |
Christopher Haster |
1:24750b9ad5ef | 4317 | |
Christopher Haster |
1:24750b9ad5ef | 4318 | if( n < 128 || i + n > ssl->in_hslen ) |
Christopher Haster |
1:24750b9ad5ef | 4319 | { |
Christopher Haster |
1:24750b9ad5ef | 4320 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4321 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
Christopher Haster |
1:24750b9ad5ef | 4322 | } |
Christopher Haster |
1:24750b9ad5ef | 4323 | |
Christopher Haster |
1:24750b9ad5ef | 4324 | ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert, |
Christopher Haster |
1:24750b9ad5ef | 4325 | ssl->in_msg + i, n ); |
Christopher Haster |
1:24750b9ad5ef | 4326 | if( ret != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4327 | { |
Christopher Haster |
1:24750b9ad5ef | 4328 | MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret ); |
Christopher Haster |
1:24750b9ad5ef | 4329 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 4330 | } |
Christopher Haster |
1:24750b9ad5ef | 4331 | |
Christopher Haster |
1:24750b9ad5ef | 4332 | i += n; |
Christopher Haster |
1:24750b9ad5ef | 4333 | } |
Christopher Haster |
1:24750b9ad5ef | 4334 | |
Christopher Haster |
1:24750b9ad5ef | 4335 | MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert ); |
Christopher Haster |
1:24750b9ad5ef | 4336 | |
Christopher Haster |
1:24750b9ad5ef | 4337 | /* |
Christopher Haster |
1:24750b9ad5ef | 4338 | * On client, make sure the server cert doesn't change during renego to |
Christopher Haster |
1:24750b9ad5ef | 4339 | * avoid "triple handshake" attack: https://secure-resumption.com/ |
Christopher Haster |
1:24750b9ad5ef | 4340 | */ |
Christopher Haster |
1:24750b9ad5ef | 4341 | #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 4342 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && |
Christopher Haster |
1:24750b9ad5ef | 4343 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
Christopher Haster |
1:24750b9ad5ef | 4344 | { |
Christopher Haster |
1:24750b9ad5ef | 4345 | if( ssl->session->peer_cert == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 4346 | { |
Christopher Haster |
1:24750b9ad5ef | 4347 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4348 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
Christopher Haster |
1:24750b9ad5ef | 4349 | } |
Christopher Haster |
1:24750b9ad5ef | 4350 | |
Christopher Haster |
1:24750b9ad5ef | 4351 | if( ssl->session->peer_cert->raw.len != |
Christopher Haster |
1:24750b9ad5ef | 4352 | ssl->session_negotiate->peer_cert->raw.len || |
Christopher Haster |
1:24750b9ad5ef | 4353 | memcmp( ssl->session->peer_cert->raw.p, |
Christopher Haster |
1:24750b9ad5ef | 4354 | ssl->session_negotiate->peer_cert->raw.p, |
Christopher Haster |
1:24750b9ad5ef | 4355 | ssl->session->peer_cert->raw.len ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4356 | { |
Christopher Haster |
1:24750b9ad5ef | 4357 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4358 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
Christopher Haster |
1:24750b9ad5ef | 4359 | } |
Christopher Haster |
1:24750b9ad5ef | 4360 | } |
Christopher Haster |
1:24750b9ad5ef | 4361 | #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ |
Christopher Haster |
1:24750b9ad5ef | 4362 | |
Christopher Haster |
1:24750b9ad5ef | 4363 | if( authmode != MBEDTLS_SSL_VERIFY_NONE ) |
Christopher Haster |
1:24750b9ad5ef | 4364 | { |
Christopher Haster |
1:24750b9ad5ef | 4365 | mbedtls_x509_crt *ca_chain; |
Christopher Haster |
1:24750b9ad5ef | 4366 | mbedtls_x509_crl *ca_crl; |
Christopher Haster |
1:24750b9ad5ef | 4367 | |
Christopher Haster |
1:24750b9ad5ef | 4368 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
Christopher Haster |
1:24750b9ad5ef | 4369 | if( ssl->handshake->sni_ca_chain != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 4370 | { |
Christopher Haster |
1:24750b9ad5ef | 4371 | ca_chain = ssl->handshake->sni_ca_chain; |
Christopher Haster |
1:24750b9ad5ef | 4372 | ca_crl = ssl->handshake->sni_ca_crl; |
Christopher Haster |
1:24750b9ad5ef | 4373 | } |
Christopher Haster |
1:24750b9ad5ef | 4374 | else |
Christopher Haster |
1:24750b9ad5ef | 4375 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4376 | { |
Christopher Haster |
1:24750b9ad5ef | 4377 | ca_chain = ssl->conf->ca_chain; |
Christopher Haster |
1:24750b9ad5ef | 4378 | ca_crl = ssl->conf->ca_crl; |
Christopher Haster |
1:24750b9ad5ef | 4379 | } |
Christopher Haster |
1:24750b9ad5ef | 4380 | |
Christopher Haster |
1:24750b9ad5ef | 4381 | if( ca_chain == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 4382 | { |
Christopher Haster |
1:24750b9ad5ef | 4383 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4384 | return( MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED ); |
Christopher Haster |
1:24750b9ad5ef | 4385 | } |
Christopher Haster |
1:24750b9ad5ef | 4386 | |
Christopher Haster |
1:24750b9ad5ef | 4387 | /* |
Christopher Haster |
1:24750b9ad5ef | 4388 | * Main check: verify certificate |
Christopher Haster |
1:24750b9ad5ef | 4389 | */ |
Christopher Haster |
1:24750b9ad5ef | 4390 | ret = mbedtls_x509_crt_verify_with_profile( |
Christopher Haster |
1:24750b9ad5ef | 4391 | ssl->session_negotiate->peer_cert, |
Christopher Haster |
1:24750b9ad5ef | 4392 | ca_chain, ca_crl, |
Christopher Haster |
1:24750b9ad5ef | 4393 | ssl->conf->cert_profile, |
Christopher Haster |
1:24750b9ad5ef | 4394 | ssl->hostname, |
Christopher Haster |
1:24750b9ad5ef | 4395 | &ssl->session_negotiate->verify_result, |
Christopher Haster |
1:24750b9ad5ef | 4396 | ssl->conf->f_vrfy, ssl->conf->p_vrfy ); |
Christopher Haster |
1:24750b9ad5ef | 4397 | |
Christopher Haster |
1:24750b9ad5ef | 4398 | if( ret != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4399 | { |
Christopher Haster |
1:24750b9ad5ef | 4400 | MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); |
Christopher Haster |
1:24750b9ad5ef | 4401 | } |
Christopher Haster |
1:24750b9ad5ef | 4402 | |
Christopher Haster |
1:24750b9ad5ef | 4403 | /* |
Christopher Haster |
1:24750b9ad5ef | 4404 | * Secondary checks: always done, but change 'ret' only if it was 0 |
Christopher Haster |
1:24750b9ad5ef | 4405 | */ |
Christopher Haster |
1:24750b9ad5ef | 4406 | |
Christopher Haster |
1:24750b9ad5ef | 4407 | #if defined(MBEDTLS_ECP_C) |
Christopher Haster |
1:24750b9ad5ef | 4408 | { |
Christopher Haster |
1:24750b9ad5ef | 4409 | const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk; |
Christopher Haster |
1:24750b9ad5ef | 4410 | |
Christopher Haster |
1:24750b9ad5ef | 4411 | /* If certificate uses an EC key, make sure the curve is OK */ |
Christopher Haster |
1:24750b9ad5ef | 4412 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) && |
Christopher Haster |
1:24750b9ad5ef | 4413 | mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4414 | { |
Christopher Haster |
1:24750b9ad5ef | 4415 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4416 | if( ret == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4417 | ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; |
Christopher Haster |
1:24750b9ad5ef | 4418 | } |
Christopher Haster |
1:24750b9ad5ef | 4419 | } |
Christopher Haster |
1:24750b9ad5ef | 4420 | #endif /* MBEDTLS_ECP_C */ |
Christopher Haster |
1:24750b9ad5ef | 4421 | |
Christopher Haster |
1:24750b9ad5ef | 4422 | if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert, |
Christopher Haster |
1:24750b9ad5ef | 4423 | ciphersuite_info, |
Christopher Haster |
1:24750b9ad5ef | 4424 | ! ssl->conf->endpoint, |
Christopher Haster |
1:24750b9ad5ef | 4425 | &ssl->session_negotiate->verify_result ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4426 | { |
Christopher Haster |
1:24750b9ad5ef | 4427 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4428 | if( ret == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4429 | ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; |
Christopher Haster |
1:24750b9ad5ef | 4430 | } |
Christopher Haster |
1:24750b9ad5ef | 4431 | |
Christopher Haster |
1:24750b9ad5ef | 4432 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) |
Christopher Haster |
1:24750b9ad5ef | 4433 | ret = 0; |
Christopher Haster |
1:24750b9ad5ef | 4434 | } |
Christopher Haster |
1:24750b9ad5ef | 4435 | |
Christopher Haster |
1:24750b9ad5ef | 4436 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4437 | |
Christopher Haster |
1:24750b9ad5ef | 4438 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 4439 | } |
Christopher Haster |
1:24750b9ad5ef | 4440 | #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED |
Christopher Haster |
1:24750b9ad5ef | 4441 | !MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
Christopher Haster |
1:24750b9ad5ef | 4442 | !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED |
Christopher Haster |
1:24750b9ad5ef | 4443 | !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
Christopher Haster |
1:24750b9ad5ef | 4444 | !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
Christopher Haster |
1:24750b9ad5ef | 4445 | !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED |
Christopher Haster |
1:24750b9ad5ef | 4446 | !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ |
Christopher Haster |
1:24750b9ad5ef | 4447 | |
Christopher Haster |
1:24750b9ad5ef | 4448 | int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 4449 | { |
Christopher Haster |
1:24750b9ad5ef | 4450 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 4451 | |
Christopher Haster |
1:24750b9ad5ef | 4452 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4453 | |
Christopher Haster |
1:24750b9ad5ef | 4454 | ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; |
Christopher Haster |
1:24750b9ad5ef | 4455 | ssl->out_msglen = 1; |
Christopher Haster |
1:24750b9ad5ef | 4456 | ssl->out_msg[0] = 1; |
Christopher Haster |
1:24750b9ad5ef | 4457 | |
Christopher Haster |
1:24750b9ad5ef | 4458 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 4459 | |
Christopher Haster |
1:24750b9ad5ef | 4460 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4461 | { |
Christopher Haster |
1:24750b9ad5ef | 4462 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
Christopher Haster |
1:24750b9ad5ef | 4463 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 4464 | } |
Christopher Haster |
1:24750b9ad5ef | 4465 | |
Christopher Haster |
1:24750b9ad5ef | 4466 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4467 | |
Christopher Haster |
1:24750b9ad5ef | 4468 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 4469 | } |
Christopher Haster |
1:24750b9ad5ef | 4470 | |
Christopher Haster |
1:24750b9ad5ef | 4471 | int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 4472 | { |
Christopher Haster |
1:24750b9ad5ef | 4473 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 4474 | |
Christopher Haster |
1:24750b9ad5ef | 4475 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4476 | |
Christopher Haster |
1:24750b9ad5ef | 4477 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4478 | { |
Christopher Haster |
1:24750b9ad5ef | 4479 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
Christopher Haster |
1:24750b9ad5ef | 4480 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 4481 | } |
Christopher Haster |
1:24750b9ad5ef | 4482 | |
Christopher Haster |
1:24750b9ad5ef | 4483 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) |
Christopher Haster |
1:24750b9ad5ef | 4484 | { |
Christopher Haster |
1:24750b9ad5ef | 4485 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4486 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
Christopher Haster |
1:24750b9ad5ef | 4487 | } |
Christopher Haster |
1:24750b9ad5ef | 4488 | |
Christopher Haster |
1:24750b9ad5ef | 4489 | if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 ) |
Christopher Haster |
1:24750b9ad5ef | 4490 | { |
Christopher Haster |
1:24750b9ad5ef | 4491 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4492 | return( MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC ); |
Christopher Haster |
1:24750b9ad5ef | 4493 | } |
Christopher Haster |
1:24750b9ad5ef | 4494 | |
Christopher Haster |
1:24750b9ad5ef | 4495 | /* |
Christopher Haster |
1:24750b9ad5ef | 4496 | * Switch to our negotiated transform and session parameters for inbound |
Christopher Haster |
1:24750b9ad5ef | 4497 | * data. |
Christopher Haster |
1:24750b9ad5ef | 4498 | */ |
Christopher Haster |
1:24750b9ad5ef | 4499 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4500 | ssl->transform_in = ssl->transform_negotiate; |
Christopher Haster |
1:24750b9ad5ef | 4501 | ssl->session_in = ssl->session_negotiate; |
Christopher Haster |
1:24750b9ad5ef | 4502 | |
Christopher Haster |
1:24750b9ad5ef | 4503 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 4504 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 4505 | { |
Christopher Haster |
1:24750b9ad5ef | 4506 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
Christopher Haster |
1:24750b9ad5ef | 4507 | ssl_dtls_replay_reset( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 4508 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4509 | |
Christopher Haster |
1:24750b9ad5ef | 4510 | /* Increment epoch */ |
Christopher Haster |
1:24750b9ad5ef | 4511 | if( ++ssl->in_epoch == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4512 | { |
Christopher Haster |
1:24750b9ad5ef | 4513 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4514 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
Christopher Haster |
1:24750b9ad5ef | 4515 | } |
Christopher Haster |
1:24750b9ad5ef | 4516 | } |
Christopher Haster |
1:24750b9ad5ef | 4517 | else |
Christopher Haster |
1:24750b9ad5ef | 4518 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
Christopher Haster |
1:24750b9ad5ef | 4519 | memset( ssl->in_ctr, 0, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 4520 | |
Christopher Haster |
1:24750b9ad5ef | 4521 | /* |
Christopher Haster |
1:24750b9ad5ef | 4522 | * Set the in_msg pointer to the correct location based on IV length |
Christopher Haster |
1:24750b9ad5ef | 4523 | */ |
Christopher Haster |
1:24750b9ad5ef | 4524 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
Christopher Haster |
1:24750b9ad5ef | 4525 | { |
Christopher Haster |
1:24750b9ad5ef | 4526 | ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen - |
Christopher Haster |
1:24750b9ad5ef | 4527 | ssl->transform_negotiate->fixed_ivlen; |
Christopher Haster |
1:24750b9ad5ef | 4528 | } |
Christopher Haster |
1:24750b9ad5ef | 4529 | else |
Christopher Haster |
1:24750b9ad5ef | 4530 | ssl->in_msg = ssl->in_iv; |
Christopher Haster |
1:24750b9ad5ef | 4531 | |
Christopher Haster |
1:24750b9ad5ef | 4532 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
Christopher Haster |
1:24750b9ad5ef | 4533 | if( mbedtls_ssl_hw_record_activate != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 4534 | { |
Christopher Haster |
1:24750b9ad5ef | 4535 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4536 | { |
Christopher Haster |
1:24750b9ad5ef | 4537 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
Christopher Haster |
1:24750b9ad5ef | 4538 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 4539 | } |
Christopher Haster |
1:24750b9ad5ef | 4540 | } |
Christopher Haster |
1:24750b9ad5ef | 4541 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4542 | |
Christopher Haster |
1:24750b9ad5ef | 4543 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 4544 | |
Christopher Haster |
1:24750b9ad5ef | 4545 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4546 | |
Christopher Haster |
1:24750b9ad5ef | 4547 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 4548 | } |
Christopher Haster |
1:24750b9ad5ef | 4549 | |
Christopher Haster |
1:24750b9ad5ef | 4550 | void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 4551 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info ) |
Christopher Haster |
1:24750b9ad5ef | 4552 | { |
Christopher Haster |
1:24750b9ad5ef | 4553 | ((void) ciphersuite_info); |
Christopher Haster |
1:24750b9ad5ef | 4554 | |
Christopher Haster |
1:24750b9ad5ef | 4555 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
Christopher Haster |
1:24750b9ad5ef | 4556 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 4557 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) |
Christopher Haster |
1:24750b9ad5ef | 4558 | ssl->handshake->update_checksum = ssl_update_checksum_md5sha1; |
Christopher Haster |
1:24750b9ad5ef | 4559 | else |
Christopher Haster |
1:24750b9ad5ef | 4560 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4561 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 4562 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 4563 | if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) |
Christopher Haster |
1:24750b9ad5ef | 4564 | ssl->handshake->update_checksum = ssl_update_checksum_sha384; |
Christopher Haster |
1:24750b9ad5ef | 4565 | else |
Christopher Haster |
1:24750b9ad5ef | 4566 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4567 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 4568 | if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 ) |
Christopher Haster |
1:24750b9ad5ef | 4569 | ssl->handshake->update_checksum = ssl_update_checksum_sha256; |
Christopher Haster |
1:24750b9ad5ef | 4570 | else |
Christopher Haster |
1:24750b9ad5ef | 4571 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4572 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 4573 | { |
Christopher Haster |
1:24750b9ad5ef | 4574 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4575 | return; |
Christopher Haster |
1:24750b9ad5ef | 4576 | } |
Christopher Haster |
1:24750b9ad5ef | 4577 | } |
Christopher Haster |
1:24750b9ad5ef | 4578 | |
Christopher Haster |
1:24750b9ad5ef | 4579 | void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 4580 | { |
Christopher Haster |
1:24750b9ad5ef | 4581 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
Christopher Haster |
1:24750b9ad5ef | 4582 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 4583 | mbedtls_md5_starts( &ssl->handshake->fin_md5 ); |
Christopher Haster |
1:24750b9ad5ef | 4584 | mbedtls_sha1_starts( &ssl->handshake->fin_sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 4585 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4586 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 4587 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 4588 | mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 ); |
Christopher Haster |
1:24750b9ad5ef | 4589 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4590 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 4591 | mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 ); |
Christopher Haster |
1:24750b9ad5ef | 4592 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4593 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 4594 | } |
Christopher Haster |
1:24750b9ad5ef | 4595 | |
Christopher Haster |
1:24750b9ad5ef | 4596 | static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 4597 | const unsigned char *buf, size_t len ) |
Christopher Haster |
1:24750b9ad5ef | 4598 | { |
Christopher Haster |
1:24750b9ad5ef | 4599 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
Christopher Haster |
1:24750b9ad5ef | 4600 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 4601 | mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4602 | mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4603 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4604 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 4605 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 4606 | mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4607 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4608 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 4609 | mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4610 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4611 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 4612 | } |
Christopher Haster |
1:24750b9ad5ef | 4613 | |
Christopher Haster |
1:24750b9ad5ef | 4614 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
Christopher Haster |
1:24750b9ad5ef | 4615 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 4616 | static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 4617 | const unsigned char *buf, size_t len ) |
Christopher Haster |
1:24750b9ad5ef | 4618 | { |
Christopher Haster |
1:24750b9ad5ef | 4619 | mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4620 | mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4621 | } |
Christopher Haster |
1:24750b9ad5ef | 4622 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4623 | |
Christopher Haster |
1:24750b9ad5ef | 4624 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 4625 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 4626 | static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 4627 | const unsigned char *buf, size_t len ) |
Christopher Haster |
1:24750b9ad5ef | 4628 | { |
Christopher Haster |
1:24750b9ad5ef | 4629 | mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4630 | } |
Christopher Haster |
1:24750b9ad5ef | 4631 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4632 | |
Christopher Haster |
1:24750b9ad5ef | 4633 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 4634 | static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 4635 | const unsigned char *buf, size_t len ) |
Christopher Haster |
1:24750b9ad5ef | 4636 | { |
Christopher Haster |
1:24750b9ad5ef | 4637 | mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4638 | } |
Christopher Haster |
1:24750b9ad5ef | 4639 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4640 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 4641 | |
Christopher Haster |
1:24750b9ad5ef | 4642 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 4643 | static void ssl_calc_finished_ssl( |
Christopher Haster |
1:24750b9ad5ef | 4644 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
Christopher Haster |
1:24750b9ad5ef | 4645 | { |
Christopher Haster |
1:24750b9ad5ef | 4646 | const char *sender; |
Christopher Haster |
1:24750b9ad5ef | 4647 | mbedtls_md5_context md5; |
Christopher Haster |
1:24750b9ad5ef | 4648 | mbedtls_sha1_context sha1; |
Christopher Haster |
1:24750b9ad5ef | 4649 | |
Christopher Haster |
1:24750b9ad5ef | 4650 | unsigned char padbuf[48]; |
Christopher Haster |
1:24750b9ad5ef | 4651 | unsigned char md5sum[16]; |
Christopher Haster |
1:24750b9ad5ef | 4652 | unsigned char sha1sum[20]; |
Christopher Haster |
1:24750b9ad5ef | 4653 | |
Christopher Haster |
1:24750b9ad5ef | 4654 | mbedtls_ssl_session *session = ssl->session_negotiate; |
Christopher Haster |
1:24750b9ad5ef | 4655 | if( !session ) |
Christopher Haster |
1:24750b9ad5ef | 4656 | session = ssl->session; |
Christopher Haster |
1:24750b9ad5ef | 4657 | |
Christopher Haster |
1:24750b9ad5ef | 4658 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4659 | |
Christopher Haster |
1:24750b9ad5ef | 4660 | mbedtls_md5_init( &md5 ); |
Christopher Haster |
1:24750b9ad5ef | 4661 | mbedtls_sha1_init( &sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 4662 | |
Christopher Haster |
1:24750b9ad5ef | 4663 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
Christopher Haster |
1:24750b9ad5ef | 4664 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 4665 | |
Christopher Haster |
1:24750b9ad5ef | 4666 | /* |
Christopher Haster |
1:24750b9ad5ef | 4667 | * SSLv3: |
Christopher Haster |
1:24750b9ad5ef | 4668 | * hash = |
Christopher Haster |
1:24750b9ad5ef | 4669 | * MD5( master + pad2 + |
Christopher Haster |
1:24750b9ad5ef | 4670 | * MD5( handshake + sender + master + pad1 ) ) |
Christopher Haster |
1:24750b9ad5ef | 4671 | * + SHA1( master + pad2 + |
Christopher Haster |
1:24750b9ad5ef | 4672 | * SHA1( handshake + sender + master + pad1 ) ) |
Christopher Haster |
1:24750b9ad5ef | 4673 | */ |
Christopher Haster |
1:24750b9ad5ef | 4674 | |
Christopher Haster |
1:24750b9ad5ef | 4675 | #if !defined(MBEDTLS_MD5_ALT) |
Christopher Haster |
1:24750b9ad5ef | 4676 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) |
Christopher Haster |
1:24750b9ad5ef | 4677 | md5.state, sizeof( md5.state ) ); |
Christopher Haster |
1:24750b9ad5ef | 4678 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4679 | |
Christopher Haster |
1:24750b9ad5ef | 4680 | #if !defined(MBEDTLS_SHA1_ALT) |
Christopher Haster |
1:24750b9ad5ef | 4681 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) |
Christopher Haster |
1:24750b9ad5ef | 4682 | sha1.state, sizeof( sha1.state ) ); |
Christopher Haster |
1:24750b9ad5ef | 4683 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4684 | |
Christopher Haster |
1:24750b9ad5ef | 4685 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) ? "CLNT" |
Christopher Haster |
1:24750b9ad5ef | 4686 | : "SRVR"; |
Christopher Haster |
1:24750b9ad5ef | 4687 | |
Christopher Haster |
1:24750b9ad5ef | 4688 | memset( padbuf, 0x36, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 4689 | |
Christopher Haster |
1:24750b9ad5ef | 4690 | mbedtls_md5_update( &md5, (const unsigned char *) sender, 4 ); |
Christopher Haster |
1:24750b9ad5ef | 4691 | mbedtls_md5_update( &md5, session->master, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 4692 | mbedtls_md5_update( &md5, padbuf, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 4693 | mbedtls_md5_finish( &md5, md5sum ); |
Christopher Haster |
1:24750b9ad5ef | 4694 | |
Christopher Haster |
1:24750b9ad5ef | 4695 | mbedtls_sha1_update( &sha1, (const unsigned char *) sender, 4 ); |
Christopher Haster |
1:24750b9ad5ef | 4696 | mbedtls_sha1_update( &sha1, session->master, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 4697 | mbedtls_sha1_update( &sha1, padbuf, 40 ); |
Christopher Haster |
1:24750b9ad5ef | 4698 | mbedtls_sha1_finish( &sha1, sha1sum ); |
Christopher Haster |
1:24750b9ad5ef | 4699 | |
Christopher Haster |
1:24750b9ad5ef | 4700 | memset( padbuf, 0x5C, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 4701 | |
Christopher Haster |
1:24750b9ad5ef | 4702 | mbedtls_md5_starts( &md5 ); |
Christopher Haster |
1:24750b9ad5ef | 4703 | mbedtls_md5_update( &md5, session->master, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 4704 | mbedtls_md5_update( &md5, padbuf, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 4705 | mbedtls_md5_update( &md5, md5sum, 16 ); |
Christopher Haster |
1:24750b9ad5ef | 4706 | mbedtls_md5_finish( &md5, buf ); |
Christopher Haster |
1:24750b9ad5ef | 4707 | |
Christopher Haster |
1:24750b9ad5ef | 4708 | mbedtls_sha1_starts( &sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 4709 | mbedtls_sha1_update( &sha1, session->master, 48 ); |
Christopher Haster |
1:24750b9ad5ef | 4710 | mbedtls_sha1_update( &sha1, padbuf , 40 ); |
Christopher Haster |
1:24750b9ad5ef | 4711 | mbedtls_sha1_update( &sha1, sha1sum, 20 ); |
Christopher Haster |
1:24750b9ad5ef | 4712 | mbedtls_sha1_finish( &sha1, buf + 16 ); |
Christopher Haster |
1:24750b9ad5ef | 4713 | |
Christopher Haster |
1:24750b9ad5ef | 4714 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 ); |
Christopher Haster |
1:24750b9ad5ef | 4715 | |
Christopher Haster |
1:24750b9ad5ef | 4716 | mbedtls_md5_free( &md5 ); |
Christopher Haster |
1:24750b9ad5ef | 4717 | mbedtls_sha1_free( &sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 4718 | |
Christopher Haster |
1:24750b9ad5ef | 4719 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
Christopher Haster |
1:24750b9ad5ef | 4720 | mbedtls_zeroize( md5sum, sizeof( md5sum ) ); |
Christopher Haster |
1:24750b9ad5ef | 4721 | mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); |
Christopher Haster |
1:24750b9ad5ef | 4722 | |
Christopher Haster |
1:24750b9ad5ef | 4723 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4724 | } |
Christopher Haster |
1:24750b9ad5ef | 4725 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Christopher Haster |
1:24750b9ad5ef | 4726 | |
Christopher Haster |
1:24750b9ad5ef | 4727 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 4728 | static void ssl_calc_finished_tls( |
Christopher Haster |
1:24750b9ad5ef | 4729 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
Christopher Haster |
1:24750b9ad5ef | 4730 | { |
Christopher Haster |
1:24750b9ad5ef | 4731 | int len = 12; |
Christopher Haster |
1:24750b9ad5ef | 4732 | const char *sender; |
Christopher Haster |
1:24750b9ad5ef | 4733 | mbedtls_md5_context md5; |
Christopher Haster |
1:24750b9ad5ef | 4734 | mbedtls_sha1_context sha1; |
Christopher Haster |
1:24750b9ad5ef | 4735 | unsigned char padbuf[36]; |
Christopher Haster |
1:24750b9ad5ef | 4736 | |
Christopher Haster |
1:24750b9ad5ef | 4737 | mbedtls_ssl_session *session = ssl->session_negotiate; |
Christopher Haster |
1:24750b9ad5ef | 4738 | if( !session ) |
Christopher Haster |
1:24750b9ad5ef | 4739 | session = ssl->session; |
Christopher Haster |
1:24750b9ad5ef | 4740 | |
Christopher Haster |
1:24750b9ad5ef | 4741 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4742 | |
Christopher Haster |
1:24750b9ad5ef | 4743 | mbedtls_md5_init( &md5 ); |
Christopher Haster |
1:24750b9ad5ef | 4744 | mbedtls_sha1_init( &sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 4745 | |
Christopher Haster |
1:24750b9ad5ef | 4746 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
Christopher Haster |
1:24750b9ad5ef | 4747 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 4748 | |
Christopher Haster |
1:24750b9ad5ef | 4749 | /* |
Christopher Haster |
1:24750b9ad5ef | 4750 | * TLSv1: |
Christopher Haster |
1:24750b9ad5ef | 4751 | * hash = PRF( master, finished_label, |
Christopher Haster |
1:24750b9ad5ef | 4752 | * MD5( handshake ) + SHA1( handshake ) )[0..11] |
Christopher Haster |
1:24750b9ad5ef | 4753 | */ |
Christopher Haster |
1:24750b9ad5ef | 4754 | |
Christopher Haster |
1:24750b9ad5ef | 4755 | #if !defined(MBEDTLS_MD5_ALT) |
Christopher Haster |
1:24750b9ad5ef | 4756 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) |
Christopher Haster |
1:24750b9ad5ef | 4757 | md5.state, sizeof( md5.state ) ); |
Christopher Haster |
1:24750b9ad5ef | 4758 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4759 | |
Christopher Haster |
1:24750b9ad5ef | 4760 | #if !defined(MBEDTLS_SHA1_ALT) |
Christopher Haster |
1:24750b9ad5ef | 4761 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) |
Christopher Haster |
1:24750b9ad5ef | 4762 | sha1.state, sizeof( sha1.state ) ); |
Christopher Haster |
1:24750b9ad5ef | 4763 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4764 | |
Christopher Haster |
1:24750b9ad5ef | 4765 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
Christopher Haster |
1:24750b9ad5ef | 4766 | ? "client finished" |
Christopher Haster |
1:24750b9ad5ef | 4767 | : "server finished"; |
Christopher Haster |
1:24750b9ad5ef | 4768 | |
Christopher Haster |
1:24750b9ad5ef | 4769 | mbedtls_md5_finish( &md5, padbuf ); |
Christopher Haster |
1:24750b9ad5ef | 4770 | mbedtls_sha1_finish( &sha1, padbuf + 16 ); |
Christopher Haster |
1:24750b9ad5ef | 4771 | |
Christopher Haster |
1:24750b9ad5ef | 4772 | ssl->handshake->tls_prf( session->master, 48, sender, |
Christopher Haster |
1:24750b9ad5ef | 4773 | padbuf, 36, buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4774 | |
Christopher Haster |
1:24750b9ad5ef | 4775 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4776 | |
Christopher Haster |
1:24750b9ad5ef | 4777 | mbedtls_md5_free( &md5 ); |
Christopher Haster |
1:24750b9ad5ef | 4778 | mbedtls_sha1_free( &sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 4779 | |
Christopher Haster |
1:24750b9ad5ef | 4780 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
Christopher Haster |
1:24750b9ad5ef | 4781 | |
Christopher Haster |
1:24750b9ad5ef | 4782 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4783 | } |
Christopher Haster |
1:24750b9ad5ef | 4784 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
Christopher Haster |
1:24750b9ad5ef | 4785 | |
Christopher Haster |
1:24750b9ad5ef | 4786 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 4787 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 4788 | static void ssl_calc_finished_tls_sha256( |
Christopher Haster |
1:24750b9ad5ef | 4789 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
Christopher Haster |
1:24750b9ad5ef | 4790 | { |
Christopher Haster |
1:24750b9ad5ef | 4791 | int len = 12; |
Christopher Haster |
1:24750b9ad5ef | 4792 | const char *sender; |
Christopher Haster |
1:24750b9ad5ef | 4793 | mbedtls_sha256_context sha256; |
Christopher Haster |
1:24750b9ad5ef | 4794 | unsigned char padbuf[32]; |
Christopher Haster |
1:24750b9ad5ef | 4795 | |
Christopher Haster |
1:24750b9ad5ef | 4796 | mbedtls_ssl_session *session = ssl->session_negotiate; |
Christopher Haster |
1:24750b9ad5ef | 4797 | if( !session ) |
Christopher Haster |
1:24750b9ad5ef | 4798 | session = ssl->session; |
Christopher Haster |
1:24750b9ad5ef | 4799 | |
Christopher Haster |
1:24750b9ad5ef | 4800 | mbedtls_sha256_init( &sha256 ); |
Christopher Haster |
1:24750b9ad5ef | 4801 | |
Christopher Haster |
1:24750b9ad5ef | 4802 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4803 | |
Christopher Haster |
1:24750b9ad5ef | 4804 | mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); |
Christopher Haster |
1:24750b9ad5ef | 4805 | |
Christopher Haster |
1:24750b9ad5ef | 4806 | /* |
Christopher Haster |
1:24750b9ad5ef | 4807 | * TLSv1.2: |
Christopher Haster |
1:24750b9ad5ef | 4808 | * hash = PRF( master, finished_label, |
Christopher Haster |
1:24750b9ad5ef | 4809 | * Hash( handshake ) )[0.11] |
Christopher Haster |
1:24750b9ad5ef | 4810 | */ |
Christopher Haster |
1:24750b9ad5ef | 4811 | |
Christopher Haster |
1:24750b9ad5ef | 4812 | #if !defined(MBEDTLS_SHA256_ALT) |
Christopher Haster |
1:24750b9ad5ef | 4813 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *) |
Christopher Haster |
1:24750b9ad5ef | 4814 | sha256.state, sizeof( sha256.state ) ); |
Christopher Haster |
1:24750b9ad5ef | 4815 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4816 | |
Christopher Haster |
1:24750b9ad5ef | 4817 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
Christopher Haster |
1:24750b9ad5ef | 4818 | ? "client finished" |
Christopher Haster |
1:24750b9ad5ef | 4819 | : "server finished"; |
Christopher Haster |
1:24750b9ad5ef | 4820 | |
Christopher Haster |
1:24750b9ad5ef | 4821 | mbedtls_sha256_finish( &sha256, padbuf ); |
Christopher Haster |
1:24750b9ad5ef | 4822 | |
Christopher Haster |
1:24750b9ad5ef | 4823 | ssl->handshake->tls_prf( session->master, 48, sender, |
Christopher Haster |
1:24750b9ad5ef | 4824 | padbuf, 32, buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4825 | |
Christopher Haster |
1:24750b9ad5ef | 4826 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4827 | |
Christopher Haster |
1:24750b9ad5ef | 4828 | mbedtls_sha256_free( &sha256 ); |
Christopher Haster |
1:24750b9ad5ef | 4829 | |
Christopher Haster |
1:24750b9ad5ef | 4830 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
Christopher Haster |
1:24750b9ad5ef | 4831 | |
Christopher Haster |
1:24750b9ad5ef | 4832 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4833 | } |
Christopher Haster |
1:24750b9ad5ef | 4834 | #endif /* MBEDTLS_SHA256_C */ |
Christopher Haster |
1:24750b9ad5ef | 4835 | |
Christopher Haster |
1:24750b9ad5ef | 4836 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 4837 | static void ssl_calc_finished_tls_sha384( |
Christopher Haster |
1:24750b9ad5ef | 4838 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
Christopher Haster |
1:24750b9ad5ef | 4839 | { |
Christopher Haster |
1:24750b9ad5ef | 4840 | int len = 12; |
Christopher Haster |
1:24750b9ad5ef | 4841 | const char *sender; |
Christopher Haster |
1:24750b9ad5ef | 4842 | mbedtls_sha512_context sha512; |
Christopher Haster |
1:24750b9ad5ef | 4843 | unsigned char padbuf[48]; |
Christopher Haster |
1:24750b9ad5ef | 4844 | |
Christopher Haster |
1:24750b9ad5ef | 4845 | mbedtls_ssl_session *session = ssl->session_negotiate; |
Christopher Haster |
1:24750b9ad5ef | 4846 | if( !session ) |
Christopher Haster |
1:24750b9ad5ef | 4847 | session = ssl->session; |
Christopher Haster |
1:24750b9ad5ef | 4848 | |
Christopher Haster |
1:24750b9ad5ef | 4849 | mbedtls_sha512_init( &sha512 ); |
Christopher Haster |
1:24750b9ad5ef | 4850 | |
Christopher Haster |
1:24750b9ad5ef | 4851 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4852 | |
Christopher Haster |
1:24750b9ad5ef | 4853 | mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); |
Christopher Haster |
1:24750b9ad5ef | 4854 | |
Christopher Haster |
1:24750b9ad5ef | 4855 | /* |
Christopher Haster |
1:24750b9ad5ef | 4856 | * TLSv1.2: |
Christopher Haster |
1:24750b9ad5ef | 4857 | * hash = PRF( master, finished_label, |
Christopher Haster |
1:24750b9ad5ef | 4858 | * Hash( handshake ) )[0.11] |
Christopher Haster |
1:24750b9ad5ef | 4859 | */ |
Christopher Haster |
1:24750b9ad5ef | 4860 | |
Christopher Haster |
1:24750b9ad5ef | 4861 | #if !defined(MBEDTLS_SHA512_ALT) |
Christopher Haster |
1:24750b9ad5ef | 4862 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) |
Christopher Haster |
1:24750b9ad5ef | 4863 | sha512.state, sizeof( sha512.state ) ); |
Christopher Haster |
1:24750b9ad5ef | 4864 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4865 | |
Christopher Haster |
1:24750b9ad5ef | 4866 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
Christopher Haster |
1:24750b9ad5ef | 4867 | ? "client finished" |
Christopher Haster |
1:24750b9ad5ef | 4868 | : "server finished"; |
Christopher Haster |
1:24750b9ad5ef | 4869 | |
Christopher Haster |
1:24750b9ad5ef | 4870 | mbedtls_sha512_finish( &sha512, padbuf ); |
Christopher Haster |
1:24750b9ad5ef | 4871 | |
Christopher Haster |
1:24750b9ad5ef | 4872 | ssl->handshake->tls_prf( session->master, 48, sender, |
Christopher Haster |
1:24750b9ad5ef | 4873 | padbuf, 48, buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4874 | |
Christopher Haster |
1:24750b9ad5ef | 4875 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 4876 | |
Christopher Haster |
1:24750b9ad5ef | 4877 | mbedtls_sha512_free( &sha512 ); |
Christopher Haster |
1:24750b9ad5ef | 4878 | |
Christopher Haster |
1:24750b9ad5ef | 4879 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
Christopher Haster |
1:24750b9ad5ef | 4880 | |
Christopher Haster |
1:24750b9ad5ef | 4881 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4882 | } |
Christopher Haster |
1:24750b9ad5ef | 4883 | #endif /* MBEDTLS_SHA512_C */ |
Christopher Haster |
1:24750b9ad5ef | 4884 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 4885 | |
Christopher Haster |
1:24750b9ad5ef | 4886 | static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 4887 | { |
Christopher Haster |
1:24750b9ad5ef | 4888 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4889 | |
Christopher Haster |
1:24750b9ad5ef | 4890 | /* |
Christopher Haster |
1:24750b9ad5ef | 4891 | * Free our handshake params |
Christopher Haster |
1:24750b9ad5ef | 4892 | */ |
Christopher Haster |
1:24750b9ad5ef | 4893 | mbedtls_ssl_handshake_free( ssl->handshake ); |
Christopher Haster |
1:24750b9ad5ef | 4894 | mbedtls_free( ssl->handshake ); |
Christopher Haster |
1:24750b9ad5ef | 4895 | ssl->handshake = NULL; |
Christopher Haster |
1:24750b9ad5ef | 4896 | |
Christopher Haster |
1:24750b9ad5ef | 4897 | /* |
Christopher Haster |
1:24750b9ad5ef | 4898 | * Free the previous transform and swith in the current one |
Christopher Haster |
1:24750b9ad5ef | 4899 | */ |
Christopher Haster |
1:24750b9ad5ef | 4900 | if( ssl->transform ) |
Christopher Haster |
1:24750b9ad5ef | 4901 | { |
Christopher Haster |
1:24750b9ad5ef | 4902 | mbedtls_ssl_transform_free( ssl->transform ); |
Christopher Haster |
1:24750b9ad5ef | 4903 | mbedtls_free( ssl->transform ); |
Christopher Haster |
1:24750b9ad5ef | 4904 | } |
Christopher Haster |
1:24750b9ad5ef | 4905 | ssl->transform = ssl->transform_negotiate; |
Christopher Haster |
1:24750b9ad5ef | 4906 | ssl->transform_negotiate = NULL; |
Christopher Haster |
1:24750b9ad5ef | 4907 | |
Christopher Haster |
1:24750b9ad5ef | 4908 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4909 | } |
Christopher Haster |
1:24750b9ad5ef | 4910 | |
Christopher Haster |
1:24750b9ad5ef | 4911 | void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 4912 | { |
Christopher Haster |
1:24750b9ad5ef | 4913 | int resume = ssl->handshake->resume; |
Christopher Haster |
1:24750b9ad5ef | 4914 | |
Christopher Haster |
1:24750b9ad5ef | 4915 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4916 | |
Christopher Haster |
1:24750b9ad5ef | 4917 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 4918 | if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
Christopher Haster |
1:24750b9ad5ef | 4919 | { |
Christopher Haster |
1:24750b9ad5ef | 4920 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE; |
Christopher Haster |
1:24750b9ad5ef | 4921 | ssl->renego_records_seen = 0; |
Christopher Haster |
1:24750b9ad5ef | 4922 | } |
Christopher Haster |
1:24750b9ad5ef | 4923 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4924 | |
Christopher Haster |
1:24750b9ad5ef | 4925 | /* |
Christopher Haster |
1:24750b9ad5ef | 4926 | * Free the previous session and switch in the current one |
Christopher Haster |
1:24750b9ad5ef | 4927 | */ |
Christopher Haster |
1:24750b9ad5ef | 4928 | if( ssl->session ) |
Christopher Haster |
1:24750b9ad5ef | 4929 | { |
Christopher Haster |
1:24750b9ad5ef | 4930 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
Christopher Haster |
1:24750b9ad5ef | 4931 | /* RFC 7366 3.1: keep the EtM state */ |
Christopher Haster |
1:24750b9ad5ef | 4932 | ssl->session_negotiate->encrypt_then_mac = |
Christopher Haster |
1:24750b9ad5ef | 4933 | ssl->session->encrypt_then_mac; |
Christopher Haster |
1:24750b9ad5ef | 4934 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4935 | |
Christopher Haster |
1:24750b9ad5ef | 4936 | mbedtls_ssl_session_free( ssl->session ); |
Christopher Haster |
1:24750b9ad5ef | 4937 | mbedtls_free( ssl->session ); |
Christopher Haster |
1:24750b9ad5ef | 4938 | } |
Christopher Haster |
1:24750b9ad5ef | 4939 | ssl->session = ssl->session_negotiate; |
Christopher Haster |
1:24750b9ad5ef | 4940 | ssl->session_negotiate = NULL; |
Christopher Haster |
1:24750b9ad5ef | 4941 | |
Christopher Haster |
1:24750b9ad5ef | 4942 | /* |
Christopher Haster |
1:24750b9ad5ef | 4943 | * Add cache entry |
Christopher Haster |
1:24750b9ad5ef | 4944 | */ |
Christopher Haster |
1:24750b9ad5ef | 4945 | if( ssl->conf->f_set_cache != NULL && |
Christopher Haster |
1:24750b9ad5ef | 4946 | ssl->session->id_len != 0 && |
Christopher Haster |
1:24750b9ad5ef | 4947 | resume == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4948 | { |
Christopher Haster |
1:24750b9ad5ef | 4949 | if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 4950 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4951 | } |
Christopher Haster |
1:24750b9ad5ef | 4952 | |
Christopher Haster |
1:24750b9ad5ef | 4953 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 4954 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
Christopher Haster |
1:24750b9ad5ef | 4955 | ssl->handshake->flight != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 4956 | { |
Christopher Haster |
1:24750b9ad5ef | 4957 | /* Cancel handshake timer */ |
Christopher Haster |
1:24750b9ad5ef | 4958 | ssl_set_timer( ssl, 0 ); |
Christopher Haster |
1:24750b9ad5ef | 4959 | |
Christopher Haster |
1:24750b9ad5ef | 4960 | /* Keep last flight around in case we need to resend it: |
Christopher Haster |
1:24750b9ad5ef | 4961 | * we need the handshake and transform structures for that */ |
Christopher Haster |
1:24750b9ad5ef | 4962 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4963 | } |
Christopher Haster |
1:24750b9ad5ef | 4964 | else |
Christopher Haster |
1:24750b9ad5ef | 4965 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4966 | ssl_handshake_wrapup_free_hs_transform( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 4967 | |
Christopher Haster |
1:24750b9ad5ef | 4968 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 4969 | |
Christopher Haster |
1:24750b9ad5ef | 4970 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4971 | } |
Christopher Haster |
1:24750b9ad5ef | 4972 | |
Christopher Haster |
1:24750b9ad5ef | 4973 | int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 4974 | { |
Christopher Haster |
1:24750b9ad5ef | 4975 | int ret, hash_len; |
Christopher Haster |
1:24750b9ad5ef | 4976 | |
Christopher Haster |
1:24750b9ad5ef | 4977 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) ); |
Christopher Haster |
1:24750b9ad5ef | 4978 | |
Christopher Haster |
1:24750b9ad5ef | 4979 | /* |
Christopher Haster |
1:24750b9ad5ef | 4980 | * Set the out_msg pointer to the correct location based on IV length |
Christopher Haster |
1:24750b9ad5ef | 4981 | */ |
Christopher Haster |
1:24750b9ad5ef | 4982 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
Christopher Haster |
1:24750b9ad5ef | 4983 | { |
Christopher Haster |
1:24750b9ad5ef | 4984 | ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen - |
Christopher Haster |
1:24750b9ad5ef | 4985 | ssl->transform_negotiate->fixed_ivlen; |
Christopher Haster |
1:24750b9ad5ef | 4986 | } |
Christopher Haster |
1:24750b9ad5ef | 4987 | else |
Christopher Haster |
1:24750b9ad5ef | 4988 | ssl->out_msg = ssl->out_iv; |
Christopher Haster |
1:24750b9ad5ef | 4989 | |
Christopher Haster |
1:24750b9ad5ef | 4990 | ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); |
Christopher Haster |
1:24750b9ad5ef | 4991 | |
Christopher Haster |
1:24750b9ad5ef | 4992 | // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63) |
Christopher Haster |
1:24750b9ad5ef | 4993 | hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12; |
Christopher Haster |
1:24750b9ad5ef | 4994 | |
Christopher Haster |
1:24750b9ad5ef | 4995 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 4996 | ssl->verify_data_len = hash_len; |
Christopher Haster |
1:24750b9ad5ef | 4997 | memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len ); |
Christopher Haster |
1:24750b9ad5ef | 4998 | #endif |
Christopher Haster |
1:24750b9ad5ef | 4999 | |
Christopher Haster |
1:24750b9ad5ef | 5000 | ssl->out_msglen = 4 + hash_len; |
Christopher Haster |
1:24750b9ad5ef | 5001 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
Christopher Haster |
1:24750b9ad5ef | 5002 | ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED; |
Christopher Haster |
1:24750b9ad5ef | 5003 | |
Christopher Haster |
1:24750b9ad5ef | 5004 | /* |
Christopher Haster |
1:24750b9ad5ef | 5005 | * In case of session resuming, invert the client and server |
Christopher Haster |
1:24750b9ad5ef | 5006 | * ChangeCipherSpec messages order. |
Christopher Haster |
1:24750b9ad5ef | 5007 | */ |
Christopher Haster |
1:24750b9ad5ef | 5008 | if( ssl->handshake->resume != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5009 | { |
Christopher Haster |
1:24750b9ad5ef | 5010 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 5011 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
Christopher Haster |
1:24750b9ad5ef | 5012 | ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; |
Christopher Haster |
1:24750b9ad5ef | 5013 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5014 | #if defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 5015 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
Christopher Haster |
1:24750b9ad5ef | 5016 | ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; |
Christopher Haster |
1:24750b9ad5ef | 5017 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5018 | } |
Christopher Haster |
1:24750b9ad5ef | 5019 | else |
Christopher Haster |
1:24750b9ad5ef | 5020 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 5021 | |
Christopher Haster |
1:24750b9ad5ef | 5022 | /* |
Christopher Haster |
1:24750b9ad5ef | 5023 | * Switch to our negotiated transform and session parameters for outbound |
Christopher Haster |
1:24750b9ad5ef | 5024 | * data. |
Christopher Haster |
1:24750b9ad5ef | 5025 | */ |
Christopher Haster |
1:24750b9ad5ef | 5026 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); |
Christopher Haster |
1:24750b9ad5ef | 5027 | |
Christopher Haster |
1:24750b9ad5ef | 5028 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 5029 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 5030 | { |
Christopher Haster |
1:24750b9ad5ef | 5031 | unsigned char i; |
Christopher Haster |
1:24750b9ad5ef | 5032 | |
Christopher Haster |
1:24750b9ad5ef | 5033 | /* Remember current epoch settings for resending */ |
Christopher Haster |
1:24750b9ad5ef | 5034 | ssl->handshake->alt_transform_out = ssl->transform_out; |
Christopher Haster |
1:24750b9ad5ef | 5035 | memcpy( ssl->handshake->alt_out_ctr, ssl->out_ctr, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 5036 | |
Christopher Haster |
1:24750b9ad5ef | 5037 | /* Set sequence_number to zero */ |
Christopher Haster |
1:24750b9ad5ef | 5038 | memset( ssl->out_ctr + 2, 0, 6 ); |
Christopher Haster |
1:24750b9ad5ef | 5039 | |
Christopher Haster |
1:24750b9ad5ef | 5040 | /* Increment epoch */ |
Christopher Haster |
1:24750b9ad5ef | 5041 | for( i = 2; i > 0; i-- ) |
Christopher Haster |
1:24750b9ad5ef | 5042 | if( ++ssl->out_ctr[i - 1] != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5043 | break; |
Christopher Haster |
1:24750b9ad5ef | 5044 | |
Christopher Haster |
1:24750b9ad5ef | 5045 | /* The loop goes to its end iff the counter is wrapping */ |
Christopher Haster |
1:24750b9ad5ef | 5046 | if( i == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5047 | { |
Christopher Haster |
1:24750b9ad5ef | 5048 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); |
Christopher Haster |
1:24750b9ad5ef | 5049 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
Christopher Haster |
1:24750b9ad5ef | 5050 | } |
Christopher Haster |
1:24750b9ad5ef | 5051 | } |
Christopher Haster |
1:24750b9ad5ef | 5052 | else |
Christopher Haster |
1:24750b9ad5ef | 5053 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
Christopher Haster |
1:24750b9ad5ef | 5054 | memset( ssl->out_ctr, 0, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 5055 | |
Christopher Haster |
1:24750b9ad5ef | 5056 | ssl->transform_out = ssl->transform_negotiate; |
Christopher Haster |
1:24750b9ad5ef | 5057 | ssl->session_out = ssl->session_negotiate; |
Christopher Haster |
1:24750b9ad5ef | 5058 | |
Christopher Haster |
1:24750b9ad5ef | 5059 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
Christopher Haster |
1:24750b9ad5ef | 5060 | if( mbedtls_ssl_hw_record_activate != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5061 | { |
Christopher Haster |
1:24750b9ad5ef | 5062 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5063 | { |
Christopher Haster |
1:24750b9ad5ef | 5064 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
Christopher Haster |
1:24750b9ad5ef | 5065 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 5066 | } |
Christopher Haster |
1:24750b9ad5ef | 5067 | } |
Christopher Haster |
1:24750b9ad5ef | 5068 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5069 | |
Christopher Haster |
1:24750b9ad5ef | 5070 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 5071 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 5072 | mbedtls_ssl_send_flight_completed( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 5073 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5074 | |
Christopher Haster |
1:24750b9ad5ef | 5075 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5076 | { |
Christopher Haster |
1:24750b9ad5ef | 5077 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
Christopher Haster |
1:24750b9ad5ef | 5078 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 5079 | } |
Christopher Haster |
1:24750b9ad5ef | 5080 | |
Christopher Haster |
1:24750b9ad5ef | 5081 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) ); |
Christopher Haster |
1:24750b9ad5ef | 5082 | |
Christopher Haster |
1:24750b9ad5ef | 5083 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5084 | } |
Christopher Haster |
1:24750b9ad5ef | 5085 | |
Christopher Haster |
1:24750b9ad5ef | 5086 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 5087 | #define SSL_MAX_HASH_LEN 36 |
Christopher Haster |
1:24750b9ad5ef | 5088 | #else |
Christopher Haster |
1:24750b9ad5ef | 5089 | #define SSL_MAX_HASH_LEN 12 |
Christopher Haster |
1:24750b9ad5ef | 5090 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5091 | |
Christopher Haster |
1:24750b9ad5ef | 5092 | int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 5093 | { |
Christopher Haster |
1:24750b9ad5ef | 5094 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 5095 | unsigned int hash_len; |
Christopher Haster |
1:24750b9ad5ef | 5096 | unsigned char buf[SSL_MAX_HASH_LEN]; |
Christopher Haster |
1:24750b9ad5ef | 5097 | |
Christopher Haster |
1:24750b9ad5ef | 5098 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); |
Christopher Haster |
1:24750b9ad5ef | 5099 | |
Christopher Haster |
1:24750b9ad5ef | 5100 | ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 ); |
Christopher Haster |
1:24750b9ad5ef | 5101 | |
Christopher Haster |
1:24750b9ad5ef | 5102 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5103 | { |
Christopher Haster |
1:24750b9ad5ef | 5104 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
Christopher Haster |
1:24750b9ad5ef | 5105 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 5106 | } |
Christopher Haster |
1:24750b9ad5ef | 5107 | |
Christopher Haster |
1:24750b9ad5ef | 5108 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
Christopher Haster |
1:24750b9ad5ef | 5109 | { |
Christopher Haster |
1:24750b9ad5ef | 5110 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 5111 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
Christopher Haster |
1:24750b9ad5ef | 5112 | } |
Christopher Haster |
1:24750b9ad5ef | 5113 | |
Christopher Haster |
1:24750b9ad5ef | 5114 | /* There is currently no ciphersuite using another length with TLS 1.2 */ |
Christopher Haster |
1:24750b9ad5ef | 5115 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 5116 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
Christopher Haster |
1:24750b9ad5ef | 5117 | hash_len = 36; |
Christopher Haster |
1:24750b9ad5ef | 5118 | else |
Christopher Haster |
1:24750b9ad5ef | 5119 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5120 | hash_len = 12; |
Christopher Haster |
1:24750b9ad5ef | 5121 | |
Christopher Haster |
1:24750b9ad5ef | 5122 | if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED || |
Christopher Haster |
1:24750b9ad5ef | 5123 | ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len ) |
Christopher Haster |
1:24750b9ad5ef | 5124 | { |
Christopher Haster |
1:24750b9ad5ef | 5125 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 5126 | return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); |
Christopher Haster |
1:24750b9ad5ef | 5127 | } |
Christopher Haster |
1:24750b9ad5ef | 5128 | |
Christopher Haster |
1:24750b9ad5ef | 5129 | if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), |
Christopher Haster |
1:24750b9ad5ef | 5130 | buf, hash_len ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5131 | { |
Christopher Haster |
1:24750b9ad5ef | 5132 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 5133 | return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); |
Christopher Haster |
1:24750b9ad5ef | 5134 | } |
Christopher Haster |
1:24750b9ad5ef | 5135 | |
Christopher Haster |
1:24750b9ad5ef | 5136 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 5137 | ssl->verify_data_len = hash_len; |
Christopher Haster |
1:24750b9ad5ef | 5138 | memcpy( ssl->peer_verify_data, buf, hash_len ); |
Christopher Haster |
1:24750b9ad5ef | 5139 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5140 | |
Christopher Haster |
1:24750b9ad5ef | 5141 | if( ssl->handshake->resume != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5142 | { |
Christopher Haster |
1:24750b9ad5ef | 5143 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 5144 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
Christopher Haster |
1:24750b9ad5ef | 5145 | ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; |
Christopher Haster |
1:24750b9ad5ef | 5146 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5147 | #if defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 5148 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
Christopher Haster |
1:24750b9ad5ef | 5149 | ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; |
Christopher Haster |
1:24750b9ad5ef | 5150 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5151 | } |
Christopher Haster |
1:24750b9ad5ef | 5152 | else |
Christopher Haster |
1:24750b9ad5ef | 5153 | ssl->state++; |
Christopher Haster |
1:24750b9ad5ef | 5154 | |
Christopher Haster |
1:24750b9ad5ef | 5155 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 5156 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 5157 | mbedtls_ssl_recv_flight_completed( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 5158 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5159 | |
Christopher Haster |
1:24750b9ad5ef | 5160 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) ); |
Christopher Haster |
1:24750b9ad5ef | 5161 | |
Christopher Haster |
1:24750b9ad5ef | 5162 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5163 | } |
Christopher Haster |
1:24750b9ad5ef | 5164 | |
Christopher Haster |
1:24750b9ad5ef | 5165 | static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) |
Christopher Haster |
1:24750b9ad5ef | 5166 | { |
Christopher Haster |
1:24750b9ad5ef | 5167 | memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); |
Christopher Haster |
1:24750b9ad5ef | 5168 | |
Christopher Haster |
1:24750b9ad5ef | 5169 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
Christopher Haster |
1:24750b9ad5ef | 5170 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 5171 | mbedtls_md5_init( &handshake->fin_md5 ); |
Christopher Haster |
1:24750b9ad5ef | 5172 | mbedtls_sha1_init( &handshake->fin_sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 5173 | mbedtls_md5_starts( &handshake->fin_md5 ); |
Christopher Haster |
1:24750b9ad5ef | 5174 | mbedtls_sha1_starts( &handshake->fin_sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 5175 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5176 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 5177 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 5178 | mbedtls_sha256_init( &handshake->fin_sha256 ); |
Christopher Haster |
1:24750b9ad5ef | 5179 | mbedtls_sha256_starts( &handshake->fin_sha256, 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5180 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5181 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 5182 | mbedtls_sha512_init( &handshake->fin_sha512 ); |
Christopher Haster |
1:24750b9ad5ef | 5183 | mbedtls_sha512_starts( &handshake->fin_sha512, 1 ); |
Christopher Haster |
1:24750b9ad5ef | 5184 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5185 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 5186 | |
Christopher Haster |
1:24750b9ad5ef | 5187 | handshake->update_checksum = ssl_update_checksum_start; |
Christopher Haster |
1:24750b9ad5ef | 5188 | handshake->sig_alg = MBEDTLS_SSL_HASH_SHA1; |
Christopher Haster |
1:24750b9ad5ef | 5189 | |
Christopher Haster |
1:24750b9ad5ef | 5190 | #if defined(MBEDTLS_DHM_C) |
Christopher Haster |
1:24750b9ad5ef | 5191 | mbedtls_dhm_init( &handshake->dhm_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 5192 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5193 | #if defined(MBEDTLS_ECDH_C) |
Christopher Haster |
1:24750b9ad5ef | 5194 | mbedtls_ecdh_init( &handshake->ecdh_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 5195 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5196 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 5197 | mbedtls_ecjpake_init( &handshake->ecjpake_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 5198 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 5199 | handshake->ecjpake_cache = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5200 | handshake->ecjpake_cache_len = 0; |
Christopher Haster |
1:24750b9ad5ef | 5201 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5202 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5203 | |
Christopher Haster |
1:24750b9ad5ef | 5204 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
Christopher Haster |
1:24750b9ad5ef | 5205 | handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET; |
Christopher Haster |
1:24750b9ad5ef | 5206 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5207 | } |
Christopher Haster |
1:24750b9ad5ef | 5208 | |
Christopher Haster |
1:24750b9ad5ef | 5209 | static void ssl_transform_init( mbedtls_ssl_transform *transform ) |
Christopher Haster |
1:24750b9ad5ef | 5210 | { |
Christopher Haster |
1:24750b9ad5ef | 5211 | memset( transform, 0, sizeof(mbedtls_ssl_transform) ); |
Christopher Haster |
1:24750b9ad5ef | 5212 | |
Christopher Haster |
1:24750b9ad5ef | 5213 | mbedtls_cipher_init( &transform->cipher_ctx_enc ); |
Christopher Haster |
1:24750b9ad5ef | 5214 | mbedtls_cipher_init( &transform->cipher_ctx_dec ); |
Christopher Haster |
1:24750b9ad5ef | 5215 | |
Christopher Haster |
1:24750b9ad5ef | 5216 | mbedtls_md_init( &transform->md_ctx_enc ); |
Christopher Haster |
1:24750b9ad5ef | 5217 | mbedtls_md_init( &transform->md_ctx_dec ); |
Christopher Haster |
1:24750b9ad5ef | 5218 | } |
Christopher Haster |
1:24750b9ad5ef | 5219 | |
Christopher Haster |
1:24750b9ad5ef | 5220 | void mbedtls_ssl_session_init( mbedtls_ssl_session *session ) |
Christopher Haster |
1:24750b9ad5ef | 5221 | { |
Christopher Haster |
1:24750b9ad5ef | 5222 | memset( session, 0, sizeof(mbedtls_ssl_session) ); |
Christopher Haster |
1:24750b9ad5ef | 5223 | } |
Christopher Haster |
1:24750b9ad5ef | 5224 | |
Christopher Haster |
1:24750b9ad5ef | 5225 | static int ssl_handshake_init( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 5226 | { |
Christopher Haster |
1:24750b9ad5ef | 5227 | /* Clear old handshake information if present */ |
Christopher Haster |
1:24750b9ad5ef | 5228 | if( ssl->transform_negotiate ) |
Christopher Haster |
1:24750b9ad5ef | 5229 | mbedtls_ssl_transform_free( ssl->transform_negotiate ); |
Christopher Haster |
1:24750b9ad5ef | 5230 | if( ssl->session_negotiate ) |
Christopher Haster |
1:24750b9ad5ef | 5231 | mbedtls_ssl_session_free( ssl->session_negotiate ); |
Christopher Haster |
1:24750b9ad5ef | 5232 | if( ssl->handshake ) |
Christopher Haster |
1:24750b9ad5ef | 5233 | mbedtls_ssl_handshake_free( ssl->handshake ); |
Christopher Haster |
1:24750b9ad5ef | 5234 | |
Christopher Haster |
1:24750b9ad5ef | 5235 | /* |
Christopher Haster |
1:24750b9ad5ef | 5236 | * Either the pointers are now NULL or cleared properly and can be freed. |
Christopher Haster |
1:24750b9ad5ef | 5237 | * Now allocate missing structures. |
Christopher Haster |
1:24750b9ad5ef | 5238 | */ |
Christopher Haster |
1:24750b9ad5ef | 5239 | if( ssl->transform_negotiate == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5240 | { |
Christopher Haster |
1:24750b9ad5ef | 5241 | ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) ); |
Christopher Haster |
1:24750b9ad5ef | 5242 | } |
Christopher Haster |
1:24750b9ad5ef | 5243 | |
Christopher Haster |
1:24750b9ad5ef | 5244 | if( ssl->session_negotiate == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5245 | { |
Christopher Haster |
1:24750b9ad5ef | 5246 | ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) ); |
Christopher Haster |
1:24750b9ad5ef | 5247 | } |
Christopher Haster |
1:24750b9ad5ef | 5248 | |
Christopher Haster |
1:24750b9ad5ef | 5249 | if( ssl->handshake == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5250 | { |
Christopher Haster |
1:24750b9ad5ef | 5251 | ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) ); |
Christopher Haster |
1:24750b9ad5ef | 5252 | } |
Christopher Haster |
1:24750b9ad5ef | 5253 | |
Christopher Haster |
1:24750b9ad5ef | 5254 | /* All pointers should exist and can be directly freed without issue */ |
Christopher Haster |
1:24750b9ad5ef | 5255 | if( ssl->handshake == NULL || |
Christopher Haster |
1:24750b9ad5ef | 5256 | ssl->transform_negotiate == NULL || |
Christopher Haster |
1:24750b9ad5ef | 5257 | ssl->session_negotiate == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5258 | { |
Christopher Haster |
1:24750b9ad5ef | 5259 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) ); |
Christopher Haster |
1:24750b9ad5ef | 5260 | |
Christopher Haster |
1:24750b9ad5ef | 5261 | mbedtls_free( ssl->handshake ); |
Christopher Haster |
1:24750b9ad5ef | 5262 | mbedtls_free( ssl->transform_negotiate ); |
Christopher Haster |
1:24750b9ad5ef | 5263 | mbedtls_free( ssl->session_negotiate ); |
Christopher Haster |
1:24750b9ad5ef | 5264 | |
Christopher Haster |
1:24750b9ad5ef | 5265 | ssl->handshake = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5266 | ssl->transform_negotiate = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5267 | ssl->session_negotiate = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5268 | |
Christopher Haster |
1:24750b9ad5ef | 5269 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 5270 | } |
Christopher Haster |
1:24750b9ad5ef | 5271 | |
Christopher Haster |
1:24750b9ad5ef | 5272 | /* Initialize structures */ |
Christopher Haster |
1:24750b9ad5ef | 5273 | mbedtls_ssl_session_init( ssl->session_negotiate ); |
Christopher Haster |
1:24750b9ad5ef | 5274 | ssl_transform_init( ssl->transform_negotiate ); |
Christopher Haster |
1:24750b9ad5ef | 5275 | ssl_handshake_params_init( ssl->handshake ); |
Christopher Haster |
1:24750b9ad5ef | 5276 | |
Christopher Haster |
1:24750b9ad5ef | 5277 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 5278 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 5279 | { |
Christopher Haster |
1:24750b9ad5ef | 5280 | ssl->handshake->alt_transform_out = ssl->transform_out; |
Christopher Haster |
1:24750b9ad5ef | 5281 | |
Christopher Haster |
1:24750b9ad5ef | 5282 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
Christopher Haster |
1:24750b9ad5ef | 5283 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; |
Christopher Haster |
1:24750b9ad5ef | 5284 | else |
Christopher Haster |
1:24750b9ad5ef | 5285 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
Christopher Haster |
1:24750b9ad5ef | 5286 | |
Christopher Haster |
1:24750b9ad5ef | 5287 | ssl_set_timer( ssl, 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5288 | } |
Christopher Haster |
1:24750b9ad5ef | 5289 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5290 | |
Christopher Haster |
1:24750b9ad5ef | 5291 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5292 | } |
Christopher Haster |
1:24750b9ad5ef | 5293 | |
Christopher Haster |
1:24750b9ad5ef | 5294 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 5295 | /* Dummy cookie callbacks for defaults */ |
Christopher Haster |
1:24750b9ad5ef | 5296 | static int ssl_cookie_write_dummy( void *ctx, |
Christopher Haster |
1:24750b9ad5ef | 5297 | unsigned char **p, unsigned char *end, |
Christopher Haster |
1:24750b9ad5ef | 5298 | const unsigned char *cli_id, size_t cli_id_len ) |
Christopher Haster |
1:24750b9ad5ef | 5299 | { |
Christopher Haster |
1:24750b9ad5ef | 5300 | ((void) ctx); |
Christopher Haster |
1:24750b9ad5ef | 5301 | ((void) p); |
Christopher Haster |
1:24750b9ad5ef | 5302 | ((void) end); |
Christopher Haster |
1:24750b9ad5ef | 5303 | ((void) cli_id); |
Christopher Haster |
1:24750b9ad5ef | 5304 | ((void) cli_id_len); |
Christopher Haster |
1:24750b9ad5ef | 5305 | |
Christopher Haster |
1:24750b9ad5ef | 5306 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
Christopher Haster |
1:24750b9ad5ef | 5307 | } |
Christopher Haster |
1:24750b9ad5ef | 5308 | |
Christopher Haster |
1:24750b9ad5ef | 5309 | static int ssl_cookie_check_dummy( void *ctx, |
Christopher Haster |
1:24750b9ad5ef | 5310 | const unsigned char *cookie, size_t cookie_len, |
Christopher Haster |
1:24750b9ad5ef | 5311 | const unsigned char *cli_id, size_t cli_id_len ) |
Christopher Haster |
1:24750b9ad5ef | 5312 | { |
Christopher Haster |
1:24750b9ad5ef | 5313 | ((void) ctx); |
Christopher Haster |
1:24750b9ad5ef | 5314 | ((void) cookie); |
Christopher Haster |
1:24750b9ad5ef | 5315 | ((void) cookie_len); |
Christopher Haster |
1:24750b9ad5ef | 5316 | ((void) cli_id); |
Christopher Haster |
1:24750b9ad5ef | 5317 | ((void) cli_id_len); |
Christopher Haster |
1:24750b9ad5ef | 5318 | |
Christopher Haster |
1:24750b9ad5ef | 5319 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
Christopher Haster |
1:24750b9ad5ef | 5320 | } |
Christopher Haster |
1:24750b9ad5ef | 5321 | #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ |
Christopher Haster |
1:24750b9ad5ef | 5322 | |
Christopher Haster |
1:24750b9ad5ef | 5323 | /* |
Christopher Haster |
1:24750b9ad5ef | 5324 | * Initialize an SSL context |
Christopher Haster |
1:24750b9ad5ef | 5325 | */ |
Christopher Haster |
1:24750b9ad5ef | 5326 | void mbedtls_ssl_init( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 5327 | { |
Christopher Haster |
1:24750b9ad5ef | 5328 | memset( ssl, 0, sizeof( mbedtls_ssl_context ) ); |
Christopher Haster |
1:24750b9ad5ef | 5329 | } |
Christopher Haster |
1:24750b9ad5ef | 5330 | |
Christopher Haster |
1:24750b9ad5ef | 5331 | /* |
Christopher Haster |
1:24750b9ad5ef | 5332 | * Setup an SSL context |
Christopher Haster |
1:24750b9ad5ef | 5333 | */ |
Christopher Haster |
1:24750b9ad5ef | 5334 | int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 5335 | const mbedtls_ssl_config *conf ) |
Christopher Haster |
1:24750b9ad5ef | 5336 | { |
Christopher Haster |
1:24750b9ad5ef | 5337 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 5338 | const size_t len = MBEDTLS_SSL_BUFFER_LEN; |
Christopher Haster |
1:24750b9ad5ef | 5339 | |
Christopher Haster |
1:24750b9ad5ef | 5340 | ssl->conf = conf; |
Christopher Haster |
1:24750b9ad5ef | 5341 | |
Christopher Haster |
1:24750b9ad5ef | 5342 | /* |
Christopher Haster |
1:24750b9ad5ef | 5343 | * Prepare base structures |
Christopher Haster |
1:24750b9ad5ef | 5344 | */ |
Christopher Haster |
1:24750b9ad5ef | 5345 | if( ( ssl-> in_buf = mbedtls_calloc( 1, len ) ) == NULL || |
Christopher Haster |
1:24750b9ad5ef | 5346 | ( ssl->out_buf = mbedtls_calloc( 1, len ) ) == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5347 | { |
Christopher Haster |
1:24750b9ad5ef | 5348 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", len ) ); |
Christopher Haster |
1:24750b9ad5ef | 5349 | mbedtls_free( ssl->in_buf ); |
Christopher Haster |
1:24750b9ad5ef | 5350 | ssl->in_buf = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5351 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 5352 | } |
Christopher Haster |
1:24750b9ad5ef | 5353 | |
Christopher Haster |
1:24750b9ad5ef | 5354 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 5355 | if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 5356 | { |
Christopher Haster |
1:24750b9ad5ef | 5357 | ssl->out_hdr = ssl->out_buf; |
Christopher Haster |
1:24750b9ad5ef | 5358 | ssl->out_ctr = ssl->out_buf + 3; |
Christopher Haster |
1:24750b9ad5ef | 5359 | ssl->out_len = ssl->out_buf + 11; |
Christopher Haster |
1:24750b9ad5ef | 5360 | ssl->out_iv = ssl->out_buf + 13; |
Christopher Haster |
1:24750b9ad5ef | 5361 | ssl->out_msg = ssl->out_buf + 13; |
Christopher Haster |
1:24750b9ad5ef | 5362 | |
Christopher Haster |
1:24750b9ad5ef | 5363 | ssl->in_hdr = ssl->in_buf; |
Christopher Haster |
1:24750b9ad5ef | 5364 | ssl->in_ctr = ssl->in_buf + 3; |
Christopher Haster |
1:24750b9ad5ef | 5365 | ssl->in_len = ssl->in_buf + 11; |
Christopher Haster |
1:24750b9ad5ef | 5366 | ssl->in_iv = ssl->in_buf + 13; |
Christopher Haster |
1:24750b9ad5ef | 5367 | ssl->in_msg = ssl->in_buf + 13; |
Christopher Haster |
1:24750b9ad5ef | 5368 | } |
Christopher Haster |
1:24750b9ad5ef | 5369 | else |
Christopher Haster |
1:24750b9ad5ef | 5370 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5371 | { |
Christopher Haster |
1:24750b9ad5ef | 5372 | ssl->out_ctr = ssl->out_buf; |
Christopher Haster |
1:24750b9ad5ef | 5373 | ssl->out_hdr = ssl->out_buf + 8; |
Christopher Haster |
1:24750b9ad5ef | 5374 | ssl->out_len = ssl->out_buf + 11; |
Christopher Haster |
1:24750b9ad5ef | 5375 | ssl->out_iv = ssl->out_buf + 13; |
Christopher Haster |
1:24750b9ad5ef | 5376 | ssl->out_msg = ssl->out_buf + 13; |
Christopher Haster |
1:24750b9ad5ef | 5377 | |
Christopher Haster |
1:24750b9ad5ef | 5378 | ssl->in_ctr = ssl->in_buf; |
Christopher Haster |
1:24750b9ad5ef | 5379 | ssl->in_hdr = ssl->in_buf + 8; |
Christopher Haster |
1:24750b9ad5ef | 5380 | ssl->in_len = ssl->in_buf + 11; |
Christopher Haster |
1:24750b9ad5ef | 5381 | ssl->in_iv = ssl->in_buf + 13; |
Christopher Haster |
1:24750b9ad5ef | 5382 | ssl->in_msg = ssl->in_buf + 13; |
Christopher Haster |
1:24750b9ad5ef | 5383 | } |
Christopher Haster |
1:24750b9ad5ef | 5384 | |
Christopher Haster |
1:24750b9ad5ef | 5385 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5386 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 5387 | |
Christopher Haster |
1:24750b9ad5ef | 5388 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5389 | } |
Christopher Haster |
1:24750b9ad5ef | 5390 | |
Christopher Haster |
1:24750b9ad5ef | 5391 | /* |
Christopher Haster |
1:24750b9ad5ef | 5392 | * Reset an initialized and used SSL context for re-use while retaining |
Christopher Haster |
1:24750b9ad5ef | 5393 | * all application-set variables, function pointers and data. |
Christopher Haster |
1:24750b9ad5ef | 5394 | * |
Christopher Haster |
1:24750b9ad5ef | 5395 | * If partial is non-zero, keep data in the input buffer and client ID. |
Christopher Haster |
1:24750b9ad5ef | 5396 | * (Use when a DTLS client reconnects from the same port.) |
Christopher Haster |
1:24750b9ad5ef | 5397 | */ |
Christopher Haster |
1:24750b9ad5ef | 5398 | static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) |
Christopher Haster |
1:24750b9ad5ef | 5399 | { |
Christopher Haster |
1:24750b9ad5ef | 5400 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 5401 | |
Christopher Haster |
1:24750b9ad5ef | 5402 | ssl->state = MBEDTLS_SSL_HELLO_REQUEST; |
Christopher Haster |
1:24750b9ad5ef | 5403 | |
Christopher Haster |
1:24750b9ad5ef | 5404 | /* Cancel any possibly running timer */ |
Christopher Haster |
1:24750b9ad5ef | 5405 | ssl_set_timer( ssl, 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5406 | |
Christopher Haster |
1:24750b9ad5ef | 5407 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 5408 | ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; |
Christopher Haster |
1:24750b9ad5ef | 5409 | ssl->renego_records_seen = 0; |
Christopher Haster |
1:24750b9ad5ef | 5410 | |
Christopher Haster |
1:24750b9ad5ef | 5411 | ssl->verify_data_len = 0; |
Christopher Haster |
1:24750b9ad5ef | 5412 | memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); |
Christopher Haster |
1:24750b9ad5ef | 5413 | memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); |
Christopher Haster |
1:24750b9ad5ef | 5414 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5415 | ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; |
Christopher Haster |
1:24750b9ad5ef | 5416 | |
Christopher Haster |
1:24750b9ad5ef | 5417 | ssl->in_offt = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5418 | |
Christopher Haster |
1:24750b9ad5ef | 5419 | ssl->in_msg = ssl->in_buf + 13; |
Christopher Haster |
1:24750b9ad5ef | 5420 | ssl->in_msgtype = 0; |
Christopher Haster |
1:24750b9ad5ef | 5421 | ssl->in_msglen = 0; |
Christopher Haster |
1:24750b9ad5ef | 5422 | if( partial == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5423 | ssl->in_left = 0; |
Christopher Haster |
1:24750b9ad5ef | 5424 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 5425 | ssl->next_record_offset = 0; |
Christopher Haster |
1:24750b9ad5ef | 5426 | ssl->in_epoch = 0; |
Christopher Haster |
1:24750b9ad5ef | 5427 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5428 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
Christopher Haster |
1:24750b9ad5ef | 5429 | ssl_dtls_replay_reset( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 5430 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5431 | |
Christopher Haster |
1:24750b9ad5ef | 5432 | ssl->in_hslen = 0; |
Christopher Haster |
1:24750b9ad5ef | 5433 | ssl->nb_zero = 0; |
Christopher Haster |
1:24750b9ad5ef | 5434 | ssl->record_read = 0; |
Christopher Haster |
1:24750b9ad5ef | 5435 | |
Christopher Haster |
1:24750b9ad5ef | 5436 | ssl->out_msg = ssl->out_buf + 13; |
Christopher Haster |
1:24750b9ad5ef | 5437 | ssl->out_msgtype = 0; |
Christopher Haster |
1:24750b9ad5ef | 5438 | ssl->out_msglen = 0; |
Christopher Haster |
1:24750b9ad5ef | 5439 | ssl->out_left = 0; |
Christopher Haster |
1:24750b9ad5ef | 5440 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
Christopher Haster |
1:24750b9ad5ef | 5441 | if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ) |
Christopher Haster |
1:24750b9ad5ef | 5442 | ssl->split_done = 0; |
Christopher Haster |
1:24750b9ad5ef | 5443 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5444 | |
Christopher Haster |
1:24750b9ad5ef | 5445 | ssl->transform_in = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5446 | ssl->transform_out = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5447 | |
Christopher Haster |
1:24750b9ad5ef | 5448 | memset( ssl->out_buf, 0, MBEDTLS_SSL_BUFFER_LEN ); |
Christopher Haster |
1:24750b9ad5ef | 5449 | if( partial == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5450 | memset( ssl->in_buf, 0, MBEDTLS_SSL_BUFFER_LEN ); |
Christopher Haster |
1:24750b9ad5ef | 5451 | |
Christopher Haster |
1:24750b9ad5ef | 5452 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
Christopher Haster |
1:24750b9ad5ef | 5453 | if( mbedtls_ssl_hw_record_reset != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5454 | { |
Christopher Haster |
1:24750b9ad5ef | 5455 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_reset()" ) ); |
Christopher Haster |
1:24750b9ad5ef | 5456 | if( ( ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5457 | { |
Christopher Haster |
1:24750b9ad5ef | 5458 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_reset", ret ); |
Christopher Haster |
1:24750b9ad5ef | 5459 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 5460 | } |
Christopher Haster |
1:24750b9ad5ef | 5461 | } |
Christopher Haster |
1:24750b9ad5ef | 5462 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5463 | |
Christopher Haster |
1:24750b9ad5ef | 5464 | if( ssl->transform ) |
Christopher Haster |
1:24750b9ad5ef | 5465 | { |
Christopher Haster |
1:24750b9ad5ef | 5466 | mbedtls_ssl_transform_free( ssl->transform ); |
Christopher Haster |
1:24750b9ad5ef | 5467 | mbedtls_free( ssl->transform ); |
Christopher Haster |
1:24750b9ad5ef | 5468 | ssl->transform = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5469 | } |
Christopher Haster |
1:24750b9ad5ef | 5470 | |
Christopher Haster |
1:24750b9ad5ef | 5471 | if( ssl->session ) |
Christopher Haster |
1:24750b9ad5ef | 5472 | { |
Christopher Haster |
1:24750b9ad5ef | 5473 | mbedtls_ssl_session_free( ssl->session ); |
Christopher Haster |
1:24750b9ad5ef | 5474 | mbedtls_free( ssl->session ); |
Christopher Haster |
1:24750b9ad5ef | 5475 | ssl->session = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5476 | } |
Christopher Haster |
1:24750b9ad5ef | 5477 | |
Christopher Haster |
1:24750b9ad5ef | 5478 | #if defined(MBEDTLS_SSL_ALPN) |
Christopher Haster |
1:24750b9ad5ef | 5479 | ssl->alpn_chosen = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5480 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5481 | |
Christopher Haster |
1:24750b9ad5ef | 5482 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 5483 | if( partial == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5484 | { |
Christopher Haster |
1:24750b9ad5ef | 5485 | mbedtls_free( ssl->cli_id ); |
Christopher Haster |
1:24750b9ad5ef | 5486 | ssl->cli_id = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5487 | ssl->cli_id_len = 0; |
Christopher Haster |
1:24750b9ad5ef | 5488 | } |
Christopher Haster |
1:24750b9ad5ef | 5489 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5490 | |
Christopher Haster |
1:24750b9ad5ef | 5491 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5492 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 5493 | |
Christopher Haster |
1:24750b9ad5ef | 5494 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5495 | } |
Christopher Haster |
1:24750b9ad5ef | 5496 | |
Christopher Haster |
1:24750b9ad5ef | 5497 | /* |
Christopher Haster |
1:24750b9ad5ef | 5498 | * Reset an initialized and used SSL context for re-use while retaining |
Christopher Haster |
1:24750b9ad5ef | 5499 | * all application-set variables, function pointers and data. |
Christopher Haster |
1:24750b9ad5ef | 5500 | */ |
Christopher Haster |
1:24750b9ad5ef | 5501 | int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 5502 | { |
Christopher Haster |
1:24750b9ad5ef | 5503 | return( ssl_session_reset_int( ssl, 0 ) ); |
Christopher Haster |
1:24750b9ad5ef | 5504 | } |
Christopher Haster |
1:24750b9ad5ef | 5505 | |
Christopher Haster |
1:24750b9ad5ef | 5506 | /* |
Christopher Haster |
1:24750b9ad5ef | 5507 | * SSL set accessors |
Christopher Haster |
1:24750b9ad5ef | 5508 | */ |
Christopher Haster |
1:24750b9ad5ef | 5509 | void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ) |
Christopher Haster |
1:24750b9ad5ef | 5510 | { |
Christopher Haster |
1:24750b9ad5ef | 5511 | conf->endpoint = endpoint; |
Christopher Haster |
1:24750b9ad5ef | 5512 | } |
Christopher Haster |
1:24750b9ad5ef | 5513 | |
Christopher Haster |
1:24750b9ad5ef | 5514 | void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ) |
Christopher Haster |
1:24750b9ad5ef | 5515 | { |
Christopher Haster |
1:24750b9ad5ef | 5516 | conf->transport = transport; |
Christopher Haster |
1:24750b9ad5ef | 5517 | } |
Christopher Haster |
1:24750b9ad5ef | 5518 | |
Christopher Haster |
1:24750b9ad5ef | 5519 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
Christopher Haster |
1:24750b9ad5ef | 5520 | void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ) |
Christopher Haster |
1:24750b9ad5ef | 5521 | { |
Christopher Haster |
1:24750b9ad5ef | 5522 | conf->anti_replay = mode; |
Christopher Haster |
1:24750b9ad5ef | 5523 | } |
Christopher Haster |
1:24750b9ad5ef | 5524 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5525 | |
Christopher Haster |
1:24750b9ad5ef | 5526 | #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) |
Christopher Haster |
1:24750b9ad5ef | 5527 | void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ) |
Christopher Haster |
1:24750b9ad5ef | 5528 | { |
Christopher Haster |
1:24750b9ad5ef | 5529 | conf->badmac_limit = limit; |
Christopher Haster |
1:24750b9ad5ef | 5530 | } |
Christopher Haster |
1:24750b9ad5ef | 5531 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5532 | |
Christopher Haster |
1:24750b9ad5ef | 5533 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 5534 | void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ) |
Christopher Haster |
1:24750b9ad5ef | 5535 | { |
Christopher Haster |
1:24750b9ad5ef | 5536 | conf->hs_timeout_min = min; |
Christopher Haster |
1:24750b9ad5ef | 5537 | conf->hs_timeout_max = max; |
Christopher Haster |
1:24750b9ad5ef | 5538 | } |
Christopher Haster |
1:24750b9ad5ef | 5539 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5540 | |
Christopher Haster |
1:24750b9ad5ef | 5541 | void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ) |
Christopher Haster |
1:24750b9ad5ef | 5542 | { |
Christopher Haster |
1:24750b9ad5ef | 5543 | conf->authmode = authmode; |
Christopher Haster |
1:24750b9ad5ef | 5544 | } |
Christopher Haster |
1:24750b9ad5ef | 5545 | |
Christopher Haster |
1:24750b9ad5ef | 5546 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 5547 | void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5548 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
Christopher Haster |
1:24750b9ad5ef | 5549 | void *p_vrfy ) |
Christopher Haster |
1:24750b9ad5ef | 5550 | { |
Christopher Haster |
1:24750b9ad5ef | 5551 | conf->f_vrfy = f_vrfy; |
Christopher Haster |
1:24750b9ad5ef | 5552 | conf->p_vrfy = p_vrfy; |
Christopher Haster |
1:24750b9ad5ef | 5553 | } |
Christopher Haster |
1:24750b9ad5ef | 5554 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Christopher Haster |
1:24750b9ad5ef | 5555 | |
Christopher Haster |
1:24750b9ad5ef | 5556 | void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5557 | int (*f_rng)(void *, unsigned char *, size_t), |
Christopher Haster |
1:24750b9ad5ef | 5558 | void *p_rng ) |
Christopher Haster |
1:24750b9ad5ef | 5559 | { |
Christopher Haster |
1:24750b9ad5ef | 5560 | conf->f_rng = f_rng; |
Christopher Haster |
1:24750b9ad5ef | 5561 | conf->p_rng = p_rng; |
Christopher Haster |
1:24750b9ad5ef | 5562 | } |
Christopher Haster |
1:24750b9ad5ef | 5563 | |
Christopher Haster |
1:24750b9ad5ef | 5564 | void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5565 | void (*f_dbg)(void *, int, const char *, int, const char *), |
Christopher Haster |
1:24750b9ad5ef | 5566 | void *p_dbg ) |
Christopher Haster |
1:24750b9ad5ef | 5567 | { |
Christopher Haster |
1:24750b9ad5ef | 5568 | conf->f_dbg = f_dbg; |
Christopher Haster |
1:24750b9ad5ef | 5569 | conf->p_dbg = p_dbg; |
Christopher Haster |
1:24750b9ad5ef | 5570 | } |
Christopher Haster |
1:24750b9ad5ef | 5571 | |
Christopher Haster |
1:24750b9ad5ef | 5572 | void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 5573 | void *p_bio, |
Christopher Haster |
1:24750b9ad5ef | 5574 | int (*f_send)(void *, const unsigned char *, size_t), |
Christopher Haster |
1:24750b9ad5ef | 5575 | int (*f_recv)(void *, unsigned char *, size_t), |
Christopher Haster |
1:24750b9ad5ef | 5576 | int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) ) |
Christopher Haster |
1:24750b9ad5ef | 5577 | { |
Christopher Haster |
1:24750b9ad5ef | 5578 | ssl->p_bio = p_bio; |
Christopher Haster |
1:24750b9ad5ef | 5579 | ssl->f_send = f_send; |
Christopher Haster |
1:24750b9ad5ef | 5580 | ssl->f_recv = f_recv; |
Christopher Haster |
1:24750b9ad5ef | 5581 | ssl->f_recv_timeout = f_recv_timeout; |
Christopher Haster |
1:24750b9ad5ef | 5582 | } |
Christopher Haster |
1:24750b9ad5ef | 5583 | |
Christopher Haster |
1:24750b9ad5ef | 5584 | void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) |
Christopher Haster |
1:24750b9ad5ef | 5585 | { |
Christopher Haster |
1:24750b9ad5ef | 5586 | conf->read_timeout = timeout; |
Christopher Haster |
1:24750b9ad5ef | 5587 | } |
Christopher Haster |
1:24750b9ad5ef | 5588 | |
Christopher Haster |
1:24750b9ad5ef | 5589 | void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 5590 | void *p_timer, |
Christopher Haster |
1:24750b9ad5ef | 5591 | void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms), |
Christopher Haster |
1:24750b9ad5ef | 5592 | int (*f_get_timer)(void *) ) |
Christopher Haster |
1:24750b9ad5ef | 5593 | { |
Christopher Haster |
1:24750b9ad5ef | 5594 | ssl->p_timer = p_timer; |
Christopher Haster |
1:24750b9ad5ef | 5595 | ssl->f_set_timer = f_set_timer; |
Christopher Haster |
1:24750b9ad5ef | 5596 | ssl->f_get_timer = f_get_timer; |
Christopher Haster |
1:24750b9ad5ef | 5597 | |
Christopher Haster |
1:24750b9ad5ef | 5598 | /* Make sure we start with no timer running */ |
Christopher Haster |
1:24750b9ad5ef | 5599 | ssl_set_timer( ssl, 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5600 | } |
Christopher Haster |
1:24750b9ad5ef | 5601 | |
Christopher Haster |
1:24750b9ad5ef | 5602 | #if defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 5603 | void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5604 | void *p_cache, |
Christopher Haster |
1:24750b9ad5ef | 5605 | int (*f_get_cache)(void *, mbedtls_ssl_session *), |
Christopher Haster |
1:24750b9ad5ef | 5606 | int (*f_set_cache)(void *, const mbedtls_ssl_session *) ) |
Christopher Haster |
1:24750b9ad5ef | 5607 | { |
Christopher Haster |
1:24750b9ad5ef | 5608 | conf->p_cache = p_cache; |
Christopher Haster |
1:24750b9ad5ef | 5609 | conf->f_get_cache = f_get_cache; |
Christopher Haster |
1:24750b9ad5ef | 5610 | conf->f_set_cache = f_set_cache; |
Christopher Haster |
1:24750b9ad5ef | 5611 | } |
Christopher Haster |
1:24750b9ad5ef | 5612 | #endif /* MBEDTLS_SSL_SRV_C */ |
Christopher Haster |
1:24750b9ad5ef | 5613 | |
Christopher Haster |
1:24750b9ad5ef | 5614 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 5615 | int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ) |
Christopher Haster |
1:24750b9ad5ef | 5616 | { |
Christopher Haster |
1:24750b9ad5ef | 5617 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 5618 | |
Christopher Haster |
1:24750b9ad5ef | 5619 | if( ssl == NULL || |
Christopher Haster |
1:24750b9ad5ef | 5620 | session == NULL || |
Christopher Haster |
1:24750b9ad5ef | 5621 | ssl->session_negotiate == NULL || |
Christopher Haster |
1:24750b9ad5ef | 5622 | ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) |
Christopher Haster |
1:24750b9ad5ef | 5623 | { |
Christopher Haster |
1:24750b9ad5ef | 5624 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 5625 | } |
Christopher Haster |
1:24750b9ad5ef | 5626 | |
Christopher Haster |
1:24750b9ad5ef | 5627 | if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5628 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 5629 | |
Christopher Haster |
1:24750b9ad5ef | 5630 | ssl->handshake->resume = 1; |
Christopher Haster |
1:24750b9ad5ef | 5631 | |
Christopher Haster |
1:24750b9ad5ef | 5632 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5633 | } |
Christopher Haster |
1:24750b9ad5ef | 5634 | #endif /* MBEDTLS_SSL_CLI_C */ |
Christopher Haster |
1:24750b9ad5ef | 5635 | |
Christopher Haster |
1:24750b9ad5ef | 5636 | void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5637 | const int *ciphersuites ) |
Christopher Haster |
1:24750b9ad5ef | 5638 | { |
Christopher Haster |
1:24750b9ad5ef | 5639 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites; |
Christopher Haster |
1:24750b9ad5ef | 5640 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites; |
Christopher Haster |
1:24750b9ad5ef | 5641 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites; |
Christopher Haster |
1:24750b9ad5ef | 5642 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites; |
Christopher Haster |
1:24750b9ad5ef | 5643 | } |
Christopher Haster |
1:24750b9ad5ef | 5644 | |
Christopher Haster |
1:24750b9ad5ef | 5645 | void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5646 | const int *ciphersuites, |
Christopher Haster |
1:24750b9ad5ef | 5647 | int major, int minor ) |
Christopher Haster |
1:24750b9ad5ef | 5648 | { |
Christopher Haster |
1:24750b9ad5ef | 5649 | if( major != MBEDTLS_SSL_MAJOR_VERSION_3 ) |
Christopher Haster |
1:24750b9ad5ef | 5650 | return; |
Christopher Haster |
1:24750b9ad5ef | 5651 | |
Christopher Haster |
1:24750b9ad5ef | 5652 | if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 ) |
Christopher Haster |
1:24750b9ad5ef | 5653 | return; |
Christopher Haster |
1:24750b9ad5ef | 5654 | |
Christopher Haster |
1:24750b9ad5ef | 5655 | conf->ciphersuite_list[minor] = ciphersuites; |
Christopher Haster |
1:24750b9ad5ef | 5656 | } |
Christopher Haster |
1:24750b9ad5ef | 5657 | |
Christopher Haster |
1:24750b9ad5ef | 5658 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 5659 | void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5660 | const mbedtls_x509_crt_profile *profile ) |
Christopher Haster |
1:24750b9ad5ef | 5661 | { |
Christopher Haster |
1:24750b9ad5ef | 5662 | conf->cert_profile = profile; |
Christopher Haster |
1:24750b9ad5ef | 5663 | } |
Christopher Haster |
1:24750b9ad5ef | 5664 | |
Christopher Haster |
1:24750b9ad5ef | 5665 | /* Append a new keycert entry to a (possibly empty) list */ |
Christopher Haster |
1:24750b9ad5ef | 5666 | static int ssl_append_key_cert( mbedtls_ssl_key_cert **head, |
Christopher Haster |
1:24750b9ad5ef | 5667 | mbedtls_x509_crt *cert, |
Christopher Haster |
1:24750b9ad5ef | 5668 | mbedtls_pk_context *key ) |
Christopher Haster |
1:24750b9ad5ef | 5669 | { |
Christopher Haster |
1:24750b9ad5ef | 5670 | mbedtls_ssl_key_cert *new; |
Christopher Haster |
1:24750b9ad5ef | 5671 | |
Christopher Haster |
1:24750b9ad5ef | 5672 | new = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) ); |
Christopher Haster |
1:24750b9ad5ef | 5673 | if( new == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5674 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 5675 | |
Christopher Haster |
1:24750b9ad5ef | 5676 | new->cert = cert; |
Christopher Haster |
1:24750b9ad5ef | 5677 | new->key = key; |
Christopher Haster |
1:24750b9ad5ef | 5678 | new->next = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5679 | |
Christopher Haster |
1:24750b9ad5ef | 5680 | /* Update head is the list was null, else add to the end */ |
Christopher Haster |
1:24750b9ad5ef | 5681 | if( *head == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5682 | { |
Christopher Haster |
1:24750b9ad5ef | 5683 | *head = new; |
Christopher Haster |
1:24750b9ad5ef | 5684 | } |
Christopher Haster |
1:24750b9ad5ef | 5685 | else |
Christopher Haster |
1:24750b9ad5ef | 5686 | { |
Christopher Haster |
1:24750b9ad5ef | 5687 | mbedtls_ssl_key_cert *cur = *head; |
Christopher Haster |
1:24750b9ad5ef | 5688 | while( cur->next != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5689 | cur = cur->next; |
Christopher Haster |
1:24750b9ad5ef | 5690 | cur->next = new; |
Christopher Haster |
1:24750b9ad5ef | 5691 | } |
Christopher Haster |
1:24750b9ad5ef | 5692 | |
Christopher Haster |
1:24750b9ad5ef | 5693 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5694 | } |
Christopher Haster |
1:24750b9ad5ef | 5695 | |
Christopher Haster |
1:24750b9ad5ef | 5696 | int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5697 | mbedtls_x509_crt *own_cert, |
Christopher Haster |
1:24750b9ad5ef | 5698 | mbedtls_pk_context *pk_key ) |
Christopher Haster |
1:24750b9ad5ef | 5699 | { |
Christopher Haster |
1:24750b9ad5ef | 5700 | return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) ); |
Christopher Haster |
1:24750b9ad5ef | 5701 | } |
Christopher Haster |
1:24750b9ad5ef | 5702 | |
Christopher Haster |
1:24750b9ad5ef | 5703 | void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5704 | mbedtls_x509_crt *ca_chain, |
Christopher Haster |
1:24750b9ad5ef | 5705 | mbedtls_x509_crl *ca_crl ) |
Christopher Haster |
1:24750b9ad5ef | 5706 | { |
Christopher Haster |
1:24750b9ad5ef | 5707 | conf->ca_chain = ca_chain; |
Christopher Haster |
1:24750b9ad5ef | 5708 | conf->ca_crl = ca_crl; |
Christopher Haster |
1:24750b9ad5ef | 5709 | } |
Christopher Haster |
1:24750b9ad5ef | 5710 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Christopher Haster |
1:24750b9ad5ef | 5711 | |
Christopher Haster |
1:24750b9ad5ef | 5712 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
Christopher Haster |
1:24750b9ad5ef | 5713 | int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 5714 | mbedtls_x509_crt *own_cert, |
Christopher Haster |
1:24750b9ad5ef | 5715 | mbedtls_pk_context *pk_key ) |
Christopher Haster |
1:24750b9ad5ef | 5716 | { |
Christopher Haster |
1:24750b9ad5ef | 5717 | return( ssl_append_key_cert( &ssl->handshake->sni_key_cert, |
Christopher Haster |
1:24750b9ad5ef | 5718 | own_cert, pk_key ) ); |
Christopher Haster |
1:24750b9ad5ef | 5719 | } |
Christopher Haster |
1:24750b9ad5ef | 5720 | |
Christopher Haster |
1:24750b9ad5ef | 5721 | void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 5722 | mbedtls_x509_crt *ca_chain, |
Christopher Haster |
1:24750b9ad5ef | 5723 | mbedtls_x509_crl *ca_crl ) |
Christopher Haster |
1:24750b9ad5ef | 5724 | { |
Christopher Haster |
1:24750b9ad5ef | 5725 | ssl->handshake->sni_ca_chain = ca_chain; |
Christopher Haster |
1:24750b9ad5ef | 5726 | ssl->handshake->sni_ca_crl = ca_crl; |
Christopher Haster |
1:24750b9ad5ef | 5727 | } |
Christopher Haster |
1:24750b9ad5ef | 5728 | |
Christopher Haster |
1:24750b9ad5ef | 5729 | void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 5730 | int authmode ) |
Christopher Haster |
1:24750b9ad5ef | 5731 | { |
Christopher Haster |
1:24750b9ad5ef | 5732 | ssl->handshake->sni_authmode = authmode; |
Christopher Haster |
1:24750b9ad5ef | 5733 | } |
Christopher Haster |
1:24750b9ad5ef | 5734 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
Christopher Haster |
1:24750b9ad5ef | 5735 | |
Christopher Haster |
1:24750b9ad5ef | 5736 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 5737 | /* |
Christopher Haster |
1:24750b9ad5ef | 5738 | * Set EC J-PAKE password for current handshake |
Christopher Haster |
1:24750b9ad5ef | 5739 | */ |
Christopher Haster |
1:24750b9ad5ef | 5740 | int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 5741 | const unsigned char *pw, |
Christopher Haster |
1:24750b9ad5ef | 5742 | size_t pw_len ) |
Christopher Haster |
1:24750b9ad5ef | 5743 | { |
Christopher Haster |
1:24750b9ad5ef | 5744 | mbedtls_ecjpake_role role; |
Christopher Haster |
1:24750b9ad5ef | 5745 | |
Christopher Haster |
1:24750b9ad5ef | 5746 | if( ssl->handshake == NULL && ssl->conf == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5747 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 5748 | |
Christopher Haster |
1:24750b9ad5ef | 5749 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
Christopher Haster |
1:24750b9ad5ef | 5750 | role = MBEDTLS_ECJPAKE_SERVER; |
Christopher Haster |
1:24750b9ad5ef | 5751 | else |
Christopher Haster |
1:24750b9ad5ef | 5752 | role = MBEDTLS_ECJPAKE_CLIENT; |
Christopher Haster |
1:24750b9ad5ef | 5753 | |
Christopher Haster |
1:24750b9ad5ef | 5754 | return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx, |
Christopher Haster |
1:24750b9ad5ef | 5755 | role, |
Christopher Haster |
1:24750b9ad5ef | 5756 | MBEDTLS_MD_SHA256, |
Christopher Haster |
1:24750b9ad5ef | 5757 | MBEDTLS_ECP_DP_SECP256R1, |
Christopher Haster |
1:24750b9ad5ef | 5758 | pw, pw_len ) ); |
Christopher Haster |
1:24750b9ad5ef | 5759 | } |
Christopher Haster |
1:24750b9ad5ef | 5760 | #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
Christopher Haster |
1:24750b9ad5ef | 5761 | |
Christopher Haster |
1:24750b9ad5ef | 5762 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 5763 | int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5764 | const unsigned char *psk, size_t psk_len, |
Christopher Haster |
1:24750b9ad5ef | 5765 | const unsigned char *psk_identity, size_t psk_identity_len ) |
Christopher Haster |
1:24750b9ad5ef | 5766 | { |
Christopher Haster |
1:24750b9ad5ef | 5767 | if( psk == NULL || psk_identity == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5768 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 5769 | |
Christopher Haster |
1:24750b9ad5ef | 5770 | if( psk_len > MBEDTLS_PSK_MAX_LEN ) |
Christopher Haster |
1:24750b9ad5ef | 5771 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 5772 | |
Christopher Haster |
1:24750b9ad5ef | 5773 | /* Identity len will be encoded on two bytes */ |
Christopher Haster |
1:24750b9ad5ef | 5774 | if( ( psk_identity_len >> 16 ) != 0 || |
Christopher Haster |
1:24750b9ad5ef | 5775 | psk_identity_len > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
Christopher Haster |
1:24750b9ad5ef | 5776 | { |
Christopher Haster |
1:24750b9ad5ef | 5777 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 5778 | } |
Christopher Haster |
1:24750b9ad5ef | 5779 | |
Christopher Haster |
1:24750b9ad5ef | 5780 | if( conf->psk != NULL || conf->psk_identity != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5781 | { |
Christopher Haster |
1:24750b9ad5ef | 5782 | mbedtls_free( conf->psk ); |
Christopher Haster |
1:24750b9ad5ef | 5783 | mbedtls_free( conf->psk_identity ); |
Christopher Haster |
1:24750b9ad5ef | 5784 | conf->psk = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5785 | conf->psk_identity = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5786 | } |
Christopher Haster |
1:24750b9ad5ef | 5787 | |
Christopher Haster |
1:24750b9ad5ef | 5788 | if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL || |
Christopher Haster |
1:24750b9ad5ef | 5789 | ( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5790 | { |
Christopher Haster |
1:24750b9ad5ef | 5791 | mbedtls_free( conf->psk ); |
Christopher Haster |
1:24750b9ad5ef | 5792 | mbedtls_free( conf->psk_identity ); |
Christopher Haster |
1:24750b9ad5ef | 5793 | conf->psk = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5794 | conf->psk_identity = NULL; |
Christopher Haster |
1:24750b9ad5ef | 5795 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 5796 | } |
Christopher Haster |
1:24750b9ad5ef | 5797 | |
Christopher Haster |
1:24750b9ad5ef | 5798 | conf->psk_len = psk_len; |
Christopher Haster |
1:24750b9ad5ef | 5799 | conf->psk_identity_len = psk_identity_len; |
Christopher Haster |
1:24750b9ad5ef | 5800 | |
Christopher Haster |
1:24750b9ad5ef | 5801 | memcpy( conf->psk, psk, conf->psk_len ); |
Christopher Haster |
1:24750b9ad5ef | 5802 | memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len ); |
Christopher Haster |
1:24750b9ad5ef | 5803 | |
Christopher Haster |
1:24750b9ad5ef | 5804 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5805 | } |
Christopher Haster |
1:24750b9ad5ef | 5806 | |
Christopher Haster |
1:24750b9ad5ef | 5807 | int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 5808 | const unsigned char *psk, size_t psk_len ) |
Christopher Haster |
1:24750b9ad5ef | 5809 | { |
Christopher Haster |
1:24750b9ad5ef | 5810 | if( psk == NULL || ssl->handshake == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5811 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 5812 | |
Christopher Haster |
1:24750b9ad5ef | 5813 | if( psk_len > MBEDTLS_PSK_MAX_LEN ) |
Christopher Haster |
1:24750b9ad5ef | 5814 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 5815 | |
Christopher Haster |
1:24750b9ad5ef | 5816 | if( ssl->handshake->psk != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5817 | mbedtls_free( ssl->handshake->psk ); |
Christopher Haster |
1:24750b9ad5ef | 5818 | |
Christopher Haster |
1:24750b9ad5ef | 5819 | if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5820 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 5821 | |
Christopher Haster |
1:24750b9ad5ef | 5822 | ssl->handshake->psk_len = psk_len; |
Christopher Haster |
1:24750b9ad5ef | 5823 | memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len ); |
Christopher Haster |
1:24750b9ad5ef | 5824 | |
Christopher Haster |
1:24750b9ad5ef | 5825 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5826 | } |
Christopher Haster |
1:24750b9ad5ef | 5827 | |
Christopher Haster |
1:24750b9ad5ef | 5828 | void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5829 | int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, |
Christopher Haster |
1:24750b9ad5ef | 5830 | size_t), |
Christopher Haster |
1:24750b9ad5ef | 5831 | void *p_psk ) |
Christopher Haster |
1:24750b9ad5ef | 5832 | { |
Christopher Haster |
1:24750b9ad5ef | 5833 | conf->f_psk = f_psk; |
Christopher Haster |
1:24750b9ad5ef | 5834 | conf->p_psk = p_psk; |
Christopher Haster |
1:24750b9ad5ef | 5835 | } |
Christopher Haster |
1:24750b9ad5ef | 5836 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
Christopher Haster |
1:24750b9ad5ef | 5837 | |
Christopher Haster |
1:24750b9ad5ef | 5838 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 5839 | int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ) |
Christopher Haster |
1:24750b9ad5ef | 5840 | { |
Christopher Haster |
1:24750b9ad5ef | 5841 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 5842 | |
Christopher Haster |
1:24750b9ad5ef | 5843 | if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 || |
Christopher Haster |
1:24750b9ad5ef | 5844 | ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5845 | { |
Christopher Haster |
1:24750b9ad5ef | 5846 | mbedtls_mpi_free( &conf->dhm_P ); |
Christopher Haster |
1:24750b9ad5ef | 5847 | mbedtls_mpi_free( &conf->dhm_G ); |
Christopher Haster |
1:24750b9ad5ef | 5848 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 5849 | } |
Christopher Haster |
1:24750b9ad5ef | 5850 | |
Christopher Haster |
1:24750b9ad5ef | 5851 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5852 | } |
Christopher Haster |
1:24750b9ad5ef | 5853 | |
Christopher Haster |
1:24750b9ad5ef | 5854 | int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ) |
Christopher Haster |
1:24750b9ad5ef | 5855 | { |
Christopher Haster |
1:24750b9ad5ef | 5856 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 5857 | |
Christopher Haster |
1:24750b9ad5ef | 5858 | if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 || |
Christopher Haster |
1:24750b9ad5ef | 5859 | ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5860 | { |
Christopher Haster |
1:24750b9ad5ef | 5861 | mbedtls_mpi_free( &conf->dhm_P ); |
Christopher Haster |
1:24750b9ad5ef | 5862 | mbedtls_mpi_free( &conf->dhm_G ); |
Christopher Haster |
1:24750b9ad5ef | 5863 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 5864 | } |
Christopher Haster |
1:24750b9ad5ef | 5865 | |
Christopher Haster |
1:24750b9ad5ef | 5866 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5867 | } |
Christopher Haster |
1:24750b9ad5ef | 5868 | #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */ |
Christopher Haster |
1:24750b9ad5ef | 5869 | |
Christopher Haster |
1:24750b9ad5ef | 5870 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 5871 | /* |
Christopher Haster |
1:24750b9ad5ef | 5872 | * Set the minimum length for Diffie-Hellman parameters |
Christopher Haster |
1:24750b9ad5ef | 5873 | */ |
Christopher Haster |
1:24750b9ad5ef | 5874 | void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5875 | unsigned int bitlen ) |
Christopher Haster |
1:24750b9ad5ef | 5876 | { |
Christopher Haster |
1:24750b9ad5ef | 5877 | conf->dhm_min_bitlen = bitlen; |
Christopher Haster |
1:24750b9ad5ef | 5878 | } |
Christopher Haster |
1:24750b9ad5ef | 5879 | #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ |
Christopher Haster |
1:24750b9ad5ef | 5880 | |
Christopher Haster |
1:24750b9ad5ef | 5881 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 5882 | /* |
Christopher Haster |
1:24750b9ad5ef | 5883 | * Set allowed/preferred hashes for handshake signatures |
Christopher Haster |
1:24750b9ad5ef | 5884 | */ |
Christopher Haster |
1:24750b9ad5ef | 5885 | void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5886 | const int *hashes ) |
Christopher Haster |
1:24750b9ad5ef | 5887 | { |
Christopher Haster |
1:24750b9ad5ef | 5888 | conf->sig_hashes = hashes; |
Christopher Haster |
1:24750b9ad5ef | 5889 | } |
Christopher Haster |
1:24750b9ad5ef | 5890 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5891 | |
Christopher Haster |
1:24750b9ad5ef | 5892 | #if defined(MBEDTLS_ECP_C) |
Christopher Haster |
1:24750b9ad5ef | 5893 | /* |
Christopher Haster |
1:24750b9ad5ef | 5894 | * Set the allowed elliptic curves |
Christopher Haster |
1:24750b9ad5ef | 5895 | */ |
Christopher Haster |
1:24750b9ad5ef | 5896 | void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5897 | const mbedtls_ecp_group_id *curve_list ) |
Christopher Haster |
1:24750b9ad5ef | 5898 | { |
Christopher Haster |
1:24750b9ad5ef | 5899 | conf->curve_list = curve_list; |
Christopher Haster |
1:24750b9ad5ef | 5900 | } |
Christopher Haster |
1:24750b9ad5ef | 5901 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5902 | |
Christopher Haster |
1:24750b9ad5ef | 5903 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 5904 | int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) |
Christopher Haster |
1:24750b9ad5ef | 5905 | { |
Christopher Haster |
1:24750b9ad5ef | 5906 | size_t hostname_len; |
Christopher Haster |
1:24750b9ad5ef | 5907 | |
Christopher Haster |
1:24750b9ad5ef | 5908 | if( hostname == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5909 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 5910 | |
Christopher Haster |
1:24750b9ad5ef | 5911 | hostname_len = strlen( hostname ); |
Christopher Haster |
1:24750b9ad5ef | 5912 | |
Christopher Haster |
1:24750b9ad5ef | 5913 | if( hostname_len + 1 == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 5914 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 5915 | |
Christopher Haster |
1:24750b9ad5ef | 5916 | if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) |
Christopher Haster |
1:24750b9ad5ef | 5917 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 5918 | |
Christopher Haster |
1:24750b9ad5ef | 5919 | ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); |
Christopher Haster |
1:24750b9ad5ef | 5920 | |
Christopher Haster |
1:24750b9ad5ef | 5921 | if( ssl->hostname == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 5922 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Christopher Haster |
1:24750b9ad5ef | 5923 | |
Christopher Haster |
1:24750b9ad5ef | 5924 | memcpy( ssl->hostname, hostname, hostname_len ); |
Christopher Haster |
1:24750b9ad5ef | 5925 | |
Christopher Haster |
1:24750b9ad5ef | 5926 | ssl->hostname[hostname_len] = '\0'; |
Christopher Haster |
1:24750b9ad5ef | 5927 | |
Christopher Haster |
1:24750b9ad5ef | 5928 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5929 | } |
Christopher Haster |
1:24750b9ad5ef | 5930 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5931 | |
Christopher Haster |
1:24750b9ad5ef | 5932 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
Christopher Haster |
1:24750b9ad5ef | 5933 | void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 5934 | int (*f_sni)(void *, mbedtls_ssl_context *, |
Christopher Haster |
1:24750b9ad5ef | 5935 | const unsigned char *, size_t), |
Christopher Haster |
1:24750b9ad5ef | 5936 | void *p_sni ) |
Christopher Haster |
1:24750b9ad5ef | 5937 | { |
Christopher Haster |
1:24750b9ad5ef | 5938 | conf->f_sni = f_sni; |
Christopher Haster |
1:24750b9ad5ef | 5939 | conf->p_sni = p_sni; |
Christopher Haster |
1:24750b9ad5ef | 5940 | } |
Christopher Haster |
1:24750b9ad5ef | 5941 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
Christopher Haster |
1:24750b9ad5ef | 5942 | |
Christopher Haster |
1:24750b9ad5ef | 5943 | #if defined(MBEDTLS_SSL_ALPN) |
Christopher Haster |
1:24750b9ad5ef | 5944 | int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ) |
Christopher Haster |
1:24750b9ad5ef | 5945 | { |
Christopher Haster |
1:24750b9ad5ef | 5946 | size_t cur_len, tot_len; |
Christopher Haster |
1:24750b9ad5ef | 5947 | const char **p; |
Christopher Haster |
1:24750b9ad5ef | 5948 | |
Christopher Haster |
1:24750b9ad5ef | 5949 | /* |
Christopher Haster |
1:24750b9ad5ef | 5950 | * "Empty strings MUST NOT be included and byte strings MUST NOT be |
Christopher Haster |
1:24750b9ad5ef | 5951 | * truncated". Check lengths now rather than later. |
Christopher Haster |
1:24750b9ad5ef | 5952 | */ |
Christopher Haster |
1:24750b9ad5ef | 5953 | tot_len = 0; |
Christopher Haster |
1:24750b9ad5ef | 5954 | for( p = protos; *p != NULL; p++ ) |
Christopher Haster |
1:24750b9ad5ef | 5955 | { |
Christopher Haster |
1:24750b9ad5ef | 5956 | cur_len = strlen( *p ); |
Christopher Haster |
1:24750b9ad5ef | 5957 | tot_len += cur_len; |
Christopher Haster |
1:24750b9ad5ef | 5958 | |
Christopher Haster |
1:24750b9ad5ef | 5959 | if( cur_len == 0 || cur_len > 255 || tot_len > 65535 ) |
Christopher Haster |
1:24750b9ad5ef | 5960 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 5961 | } |
Christopher Haster |
1:24750b9ad5ef | 5962 | |
Christopher Haster |
1:24750b9ad5ef | 5963 | conf->alpn_list = protos; |
Christopher Haster |
1:24750b9ad5ef | 5964 | |
Christopher Haster |
1:24750b9ad5ef | 5965 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 5966 | } |
Christopher Haster |
1:24750b9ad5ef | 5967 | |
Christopher Haster |
1:24750b9ad5ef | 5968 | const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 5969 | { |
Christopher Haster |
1:24750b9ad5ef | 5970 | return( ssl->alpn_chosen ); |
Christopher Haster |
1:24750b9ad5ef | 5971 | } |
Christopher Haster |
1:24750b9ad5ef | 5972 | #endif /* MBEDTLS_SSL_ALPN */ |
Christopher Haster |
1:24750b9ad5ef | 5973 | |
Christopher Haster |
1:24750b9ad5ef | 5974 | void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) |
Christopher Haster |
1:24750b9ad5ef | 5975 | { |
Christopher Haster |
1:24750b9ad5ef | 5976 | conf->max_major_ver = major; |
Christopher Haster |
1:24750b9ad5ef | 5977 | conf->max_minor_ver = minor; |
Christopher Haster |
1:24750b9ad5ef | 5978 | } |
Christopher Haster |
1:24750b9ad5ef | 5979 | |
Christopher Haster |
1:24750b9ad5ef | 5980 | void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ) |
Christopher Haster |
1:24750b9ad5ef | 5981 | { |
Christopher Haster |
1:24750b9ad5ef | 5982 | conf->min_major_ver = major; |
Christopher Haster |
1:24750b9ad5ef | 5983 | conf->min_minor_ver = minor; |
Christopher Haster |
1:24750b9ad5ef | 5984 | } |
Christopher Haster |
1:24750b9ad5ef | 5985 | |
Christopher Haster |
1:24750b9ad5ef | 5986 | #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 5987 | void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ) |
Christopher Haster |
1:24750b9ad5ef | 5988 | { |
Christopher Haster |
1:24750b9ad5ef | 5989 | conf->fallback = fallback; |
Christopher Haster |
1:24750b9ad5ef | 5990 | } |
Christopher Haster |
1:24750b9ad5ef | 5991 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5992 | |
Christopher Haster |
1:24750b9ad5ef | 5993 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
Christopher Haster |
1:24750b9ad5ef | 5994 | void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ) |
Christopher Haster |
1:24750b9ad5ef | 5995 | { |
Christopher Haster |
1:24750b9ad5ef | 5996 | conf->encrypt_then_mac = etm; |
Christopher Haster |
1:24750b9ad5ef | 5997 | } |
Christopher Haster |
1:24750b9ad5ef | 5998 | #endif |
Christopher Haster |
1:24750b9ad5ef | 5999 | |
Christopher Haster |
1:24750b9ad5ef | 6000 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
Christopher Haster |
1:24750b9ad5ef | 6001 | void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ) |
Christopher Haster |
1:24750b9ad5ef | 6002 | { |
Christopher Haster |
1:24750b9ad5ef | 6003 | conf->extended_ms = ems; |
Christopher Haster |
1:24750b9ad5ef | 6004 | } |
Christopher Haster |
1:24750b9ad5ef | 6005 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6006 | |
Christopher Haster |
1:24750b9ad5ef | 6007 | #if defined(MBEDTLS_ARC4_C) |
Christopher Haster |
1:24750b9ad5ef | 6008 | void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ) |
Christopher Haster |
1:24750b9ad5ef | 6009 | { |
Christopher Haster |
1:24750b9ad5ef | 6010 | conf->arc4_disabled = arc4; |
Christopher Haster |
1:24750b9ad5ef | 6011 | } |
Christopher Haster |
1:24750b9ad5ef | 6012 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6013 | |
Christopher Haster |
1:24750b9ad5ef | 6014 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
Christopher Haster |
1:24750b9ad5ef | 6015 | int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code ) |
Christopher Haster |
1:24750b9ad5ef | 6016 | { |
Christopher Haster |
1:24750b9ad5ef | 6017 | if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID || |
Christopher Haster |
1:24750b9ad5ef | 6018 | mfl_code_to_length[mfl_code] > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
Christopher Haster |
1:24750b9ad5ef | 6019 | { |
Christopher Haster |
1:24750b9ad5ef | 6020 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 6021 | } |
Christopher Haster |
1:24750b9ad5ef | 6022 | |
Christopher Haster |
1:24750b9ad5ef | 6023 | conf->mfl_code = mfl_code; |
Christopher Haster |
1:24750b9ad5ef | 6024 | |
Christopher Haster |
1:24750b9ad5ef | 6025 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 6026 | } |
Christopher Haster |
1:24750b9ad5ef | 6027 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
Christopher Haster |
1:24750b9ad5ef | 6028 | |
Christopher Haster |
1:24750b9ad5ef | 6029 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
Christopher Haster |
1:24750b9ad5ef | 6030 | void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ) |
Christopher Haster |
1:24750b9ad5ef | 6031 | { |
Christopher Haster |
1:24750b9ad5ef | 6032 | conf->trunc_hmac = truncate; |
Christopher Haster |
1:24750b9ad5ef | 6033 | } |
Christopher Haster |
1:24750b9ad5ef | 6034 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
Christopher Haster |
1:24750b9ad5ef | 6035 | |
Christopher Haster |
1:24750b9ad5ef | 6036 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
Christopher Haster |
1:24750b9ad5ef | 6037 | void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split ) |
Christopher Haster |
1:24750b9ad5ef | 6038 | { |
Christopher Haster |
1:24750b9ad5ef | 6039 | conf->cbc_record_splitting = split; |
Christopher Haster |
1:24750b9ad5ef | 6040 | } |
Christopher Haster |
1:24750b9ad5ef | 6041 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6042 | |
Christopher Haster |
1:24750b9ad5ef | 6043 | void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ) |
Christopher Haster |
1:24750b9ad5ef | 6044 | { |
Christopher Haster |
1:24750b9ad5ef | 6045 | conf->allow_legacy_renegotiation = allow_legacy; |
Christopher Haster |
1:24750b9ad5ef | 6046 | } |
Christopher Haster |
1:24750b9ad5ef | 6047 | |
Christopher Haster |
1:24750b9ad5ef | 6048 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 6049 | void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ) |
Christopher Haster |
1:24750b9ad5ef | 6050 | { |
Christopher Haster |
1:24750b9ad5ef | 6051 | conf->disable_renegotiation = renegotiation; |
Christopher Haster |
1:24750b9ad5ef | 6052 | } |
Christopher Haster |
1:24750b9ad5ef | 6053 | |
Christopher Haster |
1:24750b9ad5ef | 6054 | void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ) |
Christopher Haster |
1:24750b9ad5ef | 6055 | { |
Christopher Haster |
1:24750b9ad5ef | 6056 | conf->renego_max_records = max_records; |
Christopher Haster |
1:24750b9ad5ef | 6057 | } |
Christopher Haster |
1:24750b9ad5ef | 6058 | |
Christopher Haster |
1:24750b9ad5ef | 6059 | void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 6060 | const unsigned char period[8] ) |
Christopher Haster |
1:24750b9ad5ef | 6061 | { |
Christopher Haster |
1:24750b9ad5ef | 6062 | memcpy( conf->renego_period, period, 8 ); |
Christopher Haster |
1:24750b9ad5ef | 6063 | } |
Christopher Haster |
1:24750b9ad5ef | 6064 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
Christopher Haster |
1:24750b9ad5ef | 6065 | |
Christopher Haster |
1:24750b9ad5ef | 6066 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
Christopher Haster |
1:24750b9ad5ef | 6067 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 6068 | void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ) |
Christopher Haster |
1:24750b9ad5ef | 6069 | { |
Christopher Haster |
1:24750b9ad5ef | 6070 | conf->session_tickets = use_tickets; |
Christopher Haster |
1:24750b9ad5ef | 6071 | } |
Christopher Haster |
1:24750b9ad5ef | 6072 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6073 | |
Christopher Haster |
1:24750b9ad5ef | 6074 | #if defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 6075 | void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 6076 | mbedtls_ssl_ticket_write_t *f_ticket_write, |
Christopher Haster |
1:24750b9ad5ef | 6077 | mbedtls_ssl_ticket_parse_t *f_ticket_parse, |
Christopher Haster |
1:24750b9ad5ef | 6078 | void *p_ticket ) |
Christopher Haster |
1:24750b9ad5ef | 6079 | { |
Christopher Haster |
1:24750b9ad5ef | 6080 | conf->f_ticket_write = f_ticket_write; |
Christopher Haster |
1:24750b9ad5ef | 6081 | conf->f_ticket_parse = f_ticket_parse; |
Christopher Haster |
1:24750b9ad5ef | 6082 | conf->p_ticket = p_ticket; |
Christopher Haster |
1:24750b9ad5ef | 6083 | } |
Christopher Haster |
1:24750b9ad5ef | 6084 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6085 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
Christopher Haster |
1:24750b9ad5ef | 6086 | |
Christopher Haster |
1:24750b9ad5ef | 6087 | #if defined(MBEDTLS_SSL_EXPORT_KEYS) |
Christopher Haster |
1:24750b9ad5ef | 6088 | void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 6089 | mbedtls_ssl_export_keys_t *f_export_keys, |
Christopher Haster |
1:24750b9ad5ef | 6090 | void *p_export_keys ) |
Christopher Haster |
1:24750b9ad5ef | 6091 | { |
Christopher Haster |
1:24750b9ad5ef | 6092 | conf->f_export_keys = f_export_keys; |
Christopher Haster |
1:24750b9ad5ef | 6093 | conf->p_export_keys = p_export_keys; |
Christopher Haster |
1:24750b9ad5ef | 6094 | } |
Christopher Haster |
1:24750b9ad5ef | 6095 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6096 | |
Christopher Haster |
1:24750b9ad5ef | 6097 | /* |
Christopher Haster |
1:24750b9ad5ef | 6098 | * SSL get accessors |
Christopher Haster |
1:24750b9ad5ef | 6099 | */ |
Christopher Haster |
1:24750b9ad5ef | 6100 | size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6101 | { |
Christopher Haster |
1:24750b9ad5ef | 6102 | return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); |
Christopher Haster |
1:24750b9ad5ef | 6103 | } |
Christopher Haster |
1:24750b9ad5ef | 6104 | |
Christopher Haster |
1:24750b9ad5ef | 6105 | uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6106 | { |
Christopher Haster |
1:24750b9ad5ef | 6107 | if( ssl->session != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6108 | return( ssl->session->verify_result ); |
Christopher Haster |
1:24750b9ad5ef | 6109 | |
Christopher Haster |
1:24750b9ad5ef | 6110 | if( ssl->session_negotiate != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6111 | return( ssl->session_negotiate->verify_result ); |
Christopher Haster |
1:24750b9ad5ef | 6112 | |
Christopher Haster |
1:24750b9ad5ef | 6113 | return( 0xFFFFFFFF ); |
Christopher Haster |
1:24750b9ad5ef | 6114 | } |
Christopher Haster |
1:24750b9ad5ef | 6115 | |
Christopher Haster |
1:24750b9ad5ef | 6116 | const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6117 | { |
Christopher Haster |
1:24750b9ad5ef | 6118 | if( ssl == NULL || ssl->session == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6119 | return( NULL ); |
Christopher Haster |
1:24750b9ad5ef | 6120 | |
Christopher Haster |
1:24750b9ad5ef | 6121 | return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite ); |
Christopher Haster |
1:24750b9ad5ef | 6122 | } |
Christopher Haster |
1:24750b9ad5ef | 6123 | |
Christopher Haster |
1:24750b9ad5ef | 6124 | const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6125 | { |
Christopher Haster |
1:24750b9ad5ef | 6126 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 6127 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 6128 | { |
Christopher Haster |
1:24750b9ad5ef | 6129 | switch( ssl->minor_ver ) |
Christopher Haster |
1:24750b9ad5ef | 6130 | { |
Christopher Haster |
1:24750b9ad5ef | 6131 | case MBEDTLS_SSL_MINOR_VERSION_2: |
Christopher Haster |
1:24750b9ad5ef | 6132 | return( "DTLSv1.0" ); |
Christopher Haster |
1:24750b9ad5ef | 6133 | |
Christopher Haster |
1:24750b9ad5ef | 6134 | case MBEDTLS_SSL_MINOR_VERSION_3: |
Christopher Haster |
1:24750b9ad5ef | 6135 | return( "DTLSv1.2" ); |
Christopher Haster |
1:24750b9ad5ef | 6136 | |
Christopher Haster |
1:24750b9ad5ef | 6137 | default: |
Christopher Haster |
1:24750b9ad5ef | 6138 | return( "unknown (DTLS)" ); |
Christopher Haster |
1:24750b9ad5ef | 6139 | } |
Christopher Haster |
1:24750b9ad5ef | 6140 | } |
Christopher Haster |
1:24750b9ad5ef | 6141 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6142 | |
Christopher Haster |
1:24750b9ad5ef | 6143 | switch( ssl->minor_ver ) |
Christopher Haster |
1:24750b9ad5ef | 6144 | { |
Christopher Haster |
1:24750b9ad5ef | 6145 | case MBEDTLS_SSL_MINOR_VERSION_0: |
Christopher Haster |
1:24750b9ad5ef | 6146 | return( "SSLv3.0" ); |
Christopher Haster |
1:24750b9ad5ef | 6147 | |
Christopher Haster |
1:24750b9ad5ef | 6148 | case MBEDTLS_SSL_MINOR_VERSION_1: |
Christopher Haster |
1:24750b9ad5ef | 6149 | return( "TLSv1.0" ); |
Christopher Haster |
1:24750b9ad5ef | 6150 | |
Christopher Haster |
1:24750b9ad5ef | 6151 | case MBEDTLS_SSL_MINOR_VERSION_2: |
Christopher Haster |
1:24750b9ad5ef | 6152 | return( "TLSv1.1" ); |
Christopher Haster |
1:24750b9ad5ef | 6153 | |
Christopher Haster |
1:24750b9ad5ef | 6154 | case MBEDTLS_SSL_MINOR_VERSION_3: |
Christopher Haster |
1:24750b9ad5ef | 6155 | return( "TLSv1.2" ); |
Christopher Haster |
1:24750b9ad5ef | 6156 | |
Christopher Haster |
1:24750b9ad5ef | 6157 | default: |
Christopher Haster |
1:24750b9ad5ef | 6158 | return( "unknown" ); |
Christopher Haster |
1:24750b9ad5ef | 6159 | } |
Christopher Haster |
1:24750b9ad5ef | 6160 | } |
Christopher Haster |
1:24750b9ad5ef | 6161 | |
Christopher Haster |
1:24750b9ad5ef | 6162 | int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6163 | { |
Christopher Haster |
1:24750b9ad5ef | 6164 | size_t transform_expansion; |
Christopher Haster |
1:24750b9ad5ef | 6165 | const mbedtls_ssl_transform *transform = ssl->transform_out; |
Christopher Haster |
1:24750b9ad5ef | 6166 | |
Christopher Haster |
1:24750b9ad5ef | 6167 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
Christopher Haster |
1:24750b9ad5ef | 6168 | if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6169 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
Christopher Haster |
1:24750b9ad5ef | 6170 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6171 | |
Christopher Haster |
1:24750b9ad5ef | 6172 | if( transform == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6173 | return( (int) mbedtls_ssl_hdr_len( ssl ) ); |
Christopher Haster |
1:24750b9ad5ef | 6174 | |
Christopher Haster |
1:24750b9ad5ef | 6175 | switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) ) |
Christopher Haster |
1:24750b9ad5ef | 6176 | { |
Christopher Haster |
1:24750b9ad5ef | 6177 | case MBEDTLS_MODE_GCM: |
Christopher Haster |
1:24750b9ad5ef | 6178 | case MBEDTLS_MODE_CCM: |
Christopher Haster |
1:24750b9ad5ef | 6179 | case MBEDTLS_MODE_STREAM: |
Christopher Haster |
1:24750b9ad5ef | 6180 | transform_expansion = transform->minlen; |
Christopher Haster |
1:24750b9ad5ef | 6181 | break; |
Christopher Haster |
1:24750b9ad5ef | 6182 | |
Christopher Haster |
1:24750b9ad5ef | 6183 | case MBEDTLS_MODE_CBC: |
Christopher Haster |
1:24750b9ad5ef | 6184 | transform_expansion = transform->maclen |
Christopher Haster |
1:24750b9ad5ef | 6185 | + mbedtls_cipher_get_block_size( &transform->cipher_ctx_enc ); |
Christopher Haster |
1:24750b9ad5ef | 6186 | break; |
Christopher Haster |
1:24750b9ad5ef | 6187 | |
Christopher Haster |
1:24750b9ad5ef | 6188 | default: |
Christopher Haster |
1:24750b9ad5ef | 6189 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6190 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 6191 | } |
Christopher Haster |
1:24750b9ad5ef | 6192 | |
Christopher Haster |
1:24750b9ad5ef | 6193 | return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) ); |
Christopher Haster |
1:24750b9ad5ef | 6194 | } |
Christopher Haster |
1:24750b9ad5ef | 6195 | |
Christopher Haster |
1:24750b9ad5ef | 6196 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
Christopher Haster |
1:24750b9ad5ef | 6197 | size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6198 | { |
Christopher Haster |
1:24750b9ad5ef | 6199 | size_t max_len; |
Christopher Haster |
1:24750b9ad5ef | 6200 | |
Christopher Haster |
1:24750b9ad5ef | 6201 | /* |
Christopher Haster |
1:24750b9ad5ef | 6202 | * Assume mfl_code is correct since it was checked when set |
Christopher Haster |
1:24750b9ad5ef | 6203 | */ |
Christopher Haster |
1:24750b9ad5ef | 6204 | max_len = mfl_code_to_length[ssl->conf->mfl_code]; |
Christopher Haster |
1:24750b9ad5ef | 6205 | |
Christopher Haster |
1:24750b9ad5ef | 6206 | /* |
Christopher Haster |
1:24750b9ad5ef | 6207 | * Check if a smaller max length was negotiated |
Christopher Haster |
1:24750b9ad5ef | 6208 | */ |
Christopher Haster |
1:24750b9ad5ef | 6209 | if( ssl->session_out != NULL && |
Christopher Haster |
1:24750b9ad5ef | 6210 | mfl_code_to_length[ssl->session_out->mfl_code] < max_len ) |
Christopher Haster |
1:24750b9ad5ef | 6211 | { |
Christopher Haster |
1:24750b9ad5ef | 6212 | max_len = mfl_code_to_length[ssl->session_out->mfl_code]; |
Christopher Haster |
1:24750b9ad5ef | 6213 | } |
Christopher Haster |
1:24750b9ad5ef | 6214 | |
Christopher Haster |
1:24750b9ad5ef | 6215 | return max_len; |
Christopher Haster |
1:24750b9ad5ef | 6216 | } |
Christopher Haster |
1:24750b9ad5ef | 6217 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
Christopher Haster |
1:24750b9ad5ef | 6218 | |
Christopher Haster |
1:24750b9ad5ef | 6219 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 6220 | const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6221 | { |
Christopher Haster |
1:24750b9ad5ef | 6222 | if( ssl == NULL || ssl->session == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6223 | return( NULL ); |
Christopher Haster |
1:24750b9ad5ef | 6224 | |
Christopher Haster |
1:24750b9ad5ef | 6225 | return( ssl->session->peer_cert ); |
Christopher Haster |
1:24750b9ad5ef | 6226 | } |
Christopher Haster |
1:24750b9ad5ef | 6227 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Christopher Haster |
1:24750b9ad5ef | 6228 | |
Christopher Haster |
1:24750b9ad5ef | 6229 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 6230 | int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *dst ) |
Christopher Haster |
1:24750b9ad5ef | 6231 | { |
Christopher Haster |
1:24750b9ad5ef | 6232 | if( ssl == NULL || |
Christopher Haster |
1:24750b9ad5ef | 6233 | dst == NULL || |
Christopher Haster |
1:24750b9ad5ef | 6234 | ssl->session == NULL || |
Christopher Haster |
1:24750b9ad5ef | 6235 | ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) |
Christopher Haster |
1:24750b9ad5ef | 6236 | { |
Christopher Haster |
1:24750b9ad5ef | 6237 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 6238 | } |
Christopher Haster |
1:24750b9ad5ef | 6239 | |
Christopher Haster |
1:24750b9ad5ef | 6240 | return( ssl_session_copy( dst, ssl->session ) ); |
Christopher Haster |
1:24750b9ad5ef | 6241 | } |
Christopher Haster |
1:24750b9ad5ef | 6242 | #endif /* MBEDTLS_SSL_CLI_C */ |
Christopher Haster |
1:24750b9ad5ef | 6243 | |
Christopher Haster |
1:24750b9ad5ef | 6244 | /* |
Christopher Haster |
1:24750b9ad5ef | 6245 | * Perform a single step of the SSL handshake |
Christopher Haster |
1:24750b9ad5ef | 6246 | */ |
Christopher Haster |
1:24750b9ad5ef | 6247 | int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6248 | { |
Christopher Haster |
1:24750b9ad5ef | 6249 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
Christopher Haster |
1:24750b9ad5ef | 6250 | |
Christopher Haster |
1:24750b9ad5ef | 6251 | if( ssl == NULL || ssl->conf == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6252 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 6253 | |
Christopher Haster |
1:24750b9ad5ef | 6254 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 6255 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
Christopher Haster |
1:24750b9ad5ef | 6256 | ret = mbedtls_ssl_handshake_client_step( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 6257 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6258 | #if defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 6259 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
Christopher Haster |
1:24750b9ad5ef | 6260 | ret = mbedtls_ssl_handshake_server_step( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 6261 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6262 | |
Christopher Haster |
1:24750b9ad5ef | 6263 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6264 | } |
Christopher Haster |
1:24750b9ad5ef | 6265 | |
Christopher Haster |
1:24750b9ad5ef | 6266 | /* |
Christopher Haster |
1:24750b9ad5ef | 6267 | * Perform the SSL handshake |
Christopher Haster |
1:24750b9ad5ef | 6268 | */ |
Christopher Haster |
1:24750b9ad5ef | 6269 | int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6270 | { |
Christopher Haster |
1:24750b9ad5ef | 6271 | int ret = 0; |
Christopher Haster |
1:24750b9ad5ef | 6272 | |
Christopher Haster |
1:24750b9ad5ef | 6273 | if( ssl == NULL || ssl->conf == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6274 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 6275 | |
Christopher Haster |
1:24750b9ad5ef | 6276 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6277 | |
Christopher Haster |
1:24750b9ad5ef | 6278 | while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
Christopher Haster |
1:24750b9ad5ef | 6279 | { |
Christopher Haster |
1:24750b9ad5ef | 6280 | ret = mbedtls_ssl_handshake_step( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 6281 | |
Christopher Haster |
1:24750b9ad5ef | 6282 | if( ret != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6283 | break; |
Christopher Haster |
1:24750b9ad5ef | 6284 | } |
Christopher Haster |
1:24750b9ad5ef | 6285 | |
Christopher Haster |
1:24750b9ad5ef | 6286 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6287 | |
Christopher Haster |
1:24750b9ad5ef | 6288 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6289 | } |
Christopher Haster |
1:24750b9ad5ef | 6290 | |
Christopher Haster |
1:24750b9ad5ef | 6291 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 6292 | #if defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 6293 | /* |
Christopher Haster |
1:24750b9ad5ef | 6294 | * Write HelloRequest to request renegotiation on server |
Christopher Haster |
1:24750b9ad5ef | 6295 | */ |
Christopher Haster |
1:24750b9ad5ef | 6296 | static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6297 | { |
Christopher Haster |
1:24750b9ad5ef | 6298 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 6299 | |
Christopher Haster |
1:24750b9ad5ef | 6300 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6301 | |
Christopher Haster |
1:24750b9ad5ef | 6302 | ssl->out_msglen = 4; |
Christopher Haster |
1:24750b9ad5ef | 6303 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
Christopher Haster |
1:24750b9ad5ef | 6304 | ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; |
Christopher Haster |
1:24750b9ad5ef | 6305 | |
Christopher Haster |
1:24750b9ad5ef | 6306 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6307 | { |
Christopher Haster |
1:24750b9ad5ef | 6308 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6309 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6310 | } |
Christopher Haster |
1:24750b9ad5ef | 6311 | |
Christopher Haster |
1:24750b9ad5ef | 6312 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6313 | |
Christopher Haster |
1:24750b9ad5ef | 6314 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 6315 | } |
Christopher Haster |
1:24750b9ad5ef | 6316 | #endif /* MBEDTLS_SSL_SRV_C */ |
Christopher Haster |
1:24750b9ad5ef | 6317 | |
Christopher Haster |
1:24750b9ad5ef | 6318 | /* |
Christopher Haster |
1:24750b9ad5ef | 6319 | * Actually renegotiate current connection, triggered by either: |
Christopher Haster |
1:24750b9ad5ef | 6320 | * - any side: calling mbedtls_ssl_renegotiate(), |
Christopher Haster |
1:24750b9ad5ef | 6321 | * - client: receiving a HelloRequest during mbedtls_ssl_read(), |
Christopher Haster |
1:24750b9ad5ef | 6322 | * - server: receiving any handshake message on server during mbedtls_ssl_read() after |
Christopher Haster |
1:24750b9ad5ef | 6323 | * the initial handshake is completed. |
Christopher Haster |
1:24750b9ad5ef | 6324 | * If the handshake doesn't complete due to waiting for I/O, it will continue |
Christopher Haster |
1:24750b9ad5ef | 6325 | * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively. |
Christopher Haster |
1:24750b9ad5ef | 6326 | */ |
Christopher Haster |
1:24750b9ad5ef | 6327 | static int ssl_start_renegotiation( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6328 | { |
Christopher Haster |
1:24750b9ad5ef | 6329 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 6330 | |
Christopher Haster |
1:24750b9ad5ef | 6331 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6332 | |
Christopher Haster |
1:24750b9ad5ef | 6333 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6334 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6335 | |
Christopher Haster |
1:24750b9ad5ef | 6336 | /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and |
Christopher Haster |
1:24750b9ad5ef | 6337 | * the ServerHello will have message_seq = 1" */ |
Christopher Haster |
1:24750b9ad5ef | 6338 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 6339 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
Christopher Haster |
1:24750b9ad5ef | 6340 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
Christopher Haster |
1:24750b9ad5ef | 6341 | { |
Christopher Haster |
1:24750b9ad5ef | 6342 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
Christopher Haster |
1:24750b9ad5ef | 6343 | ssl->handshake->out_msg_seq = 1; |
Christopher Haster |
1:24750b9ad5ef | 6344 | else |
Christopher Haster |
1:24750b9ad5ef | 6345 | ssl->handshake->in_msg_seq = 1; |
Christopher Haster |
1:24750b9ad5ef | 6346 | } |
Christopher Haster |
1:24750b9ad5ef | 6347 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6348 | |
Christopher Haster |
1:24750b9ad5ef | 6349 | ssl->state = MBEDTLS_SSL_HELLO_REQUEST; |
Christopher Haster |
1:24750b9ad5ef | 6350 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; |
Christopher Haster |
1:24750b9ad5ef | 6351 | |
Christopher Haster |
1:24750b9ad5ef | 6352 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6353 | { |
Christopher Haster |
1:24750b9ad5ef | 6354 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6355 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6356 | } |
Christopher Haster |
1:24750b9ad5ef | 6357 | |
Christopher Haster |
1:24750b9ad5ef | 6358 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6359 | |
Christopher Haster |
1:24750b9ad5ef | 6360 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 6361 | } |
Christopher Haster |
1:24750b9ad5ef | 6362 | |
Christopher Haster |
1:24750b9ad5ef | 6363 | /* |
Christopher Haster |
1:24750b9ad5ef | 6364 | * Renegotiate current connection on client, |
Christopher Haster |
1:24750b9ad5ef | 6365 | * or request renegotiation on server |
Christopher Haster |
1:24750b9ad5ef | 6366 | */ |
Christopher Haster |
1:24750b9ad5ef | 6367 | int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6368 | { |
Christopher Haster |
1:24750b9ad5ef | 6369 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
Christopher Haster |
1:24750b9ad5ef | 6370 | |
Christopher Haster |
1:24750b9ad5ef | 6371 | if( ssl == NULL || ssl->conf == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6372 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 6373 | |
Christopher Haster |
1:24750b9ad5ef | 6374 | #if defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 6375 | /* On server, just send the request */ |
Christopher Haster |
1:24750b9ad5ef | 6376 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
Christopher Haster |
1:24750b9ad5ef | 6377 | { |
Christopher Haster |
1:24750b9ad5ef | 6378 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
Christopher Haster |
1:24750b9ad5ef | 6379 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 6380 | |
Christopher Haster |
1:24750b9ad5ef | 6381 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; |
Christopher Haster |
1:24750b9ad5ef | 6382 | |
Christopher Haster |
1:24750b9ad5ef | 6383 | /* Did we already try/start sending HelloRequest? */ |
Christopher Haster |
1:24750b9ad5ef | 6384 | if( ssl->out_left != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6385 | return( mbedtls_ssl_flush_output( ssl ) ); |
Christopher Haster |
1:24750b9ad5ef | 6386 | |
Christopher Haster |
1:24750b9ad5ef | 6387 | return( ssl_write_hello_request( ssl ) ); |
Christopher Haster |
1:24750b9ad5ef | 6388 | } |
Christopher Haster |
1:24750b9ad5ef | 6389 | #endif /* MBEDTLS_SSL_SRV_C */ |
Christopher Haster |
1:24750b9ad5ef | 6390 | |
Christopher Haster |
1:24750b9ad5ef | 6391 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 6392 | /* |
Christopher Haster |
1:24750b9ad5ef | 6393 | * On client, either start the renegotiation process or, |
Christopher Haster |
1:24750b9ad5ef | 6394 | * if already in progress, continue the handshake |
Christopher Haster |
1:24750b9ad5ef | 6395 | */ |
Christopher Haster |
1:24750b9ad5ef | 6396 | if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
Christopher Haster |
1:24750b9ad5ef | 6397 | { |
Christopher Haster |
1:24750b9ad5ef | 6398 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
Christopher Haster |
1:24750b9ad5ef | 6399 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 6400 | |
Christopher Haster |
1:24750b9ad5ef | 6401 | if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6402 | { |
Christopher Haster |
1:24750b9ad5ef | 6403 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6404 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6405 | } |
Christopher Haster |
1:24750b9ad5ef | 6406 | } |
Christopher Haster |
1:24750b9ad5ef | 6407 | else |
Christopher Haster |
1:24750b9ad5ef | 6408 | { |
Christopher Haster |
1:24750b9ad5ef | 6409 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6410 | { |
Christopher Haster |
1:24750b9ad5ef | 6411 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6412 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6413 | } |
Christopher Haster |
1:24750b9ad5ef | 6414 | } |
Christopher Haster |
1:24750b9ad5ef | 6415 | #endif /* MBEDTLS_SSL_CLI_C */ |
Christopher Haster |
1:24750b9ad5ef | 6416 | |
Christopher Haster |
1:24750b9ad5ef | 6417 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6418 | } |
Christopher Haster |
1:24750b9ad5ef | 6419 | |
Christopher Haster |
1:24750b9ad5ef | 6420 | /* |
Christopher Haster |
1:24750b9ad5ef | 6421 | * Check record counters and renegotiate if they're above the limit. |
Christopher Haster |
1:24750b9ad5ef | 6422 | */ |
Christopher Haster |
1:24750b9ad5ef | 6423 | static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6424 | { |
Christopher Haster |
1:24750b9ad5ef | 6425 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || |
Christopher Haster |
1:24750b9ad5ef | 6426 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || |
Christopher Haster |
1:24750b9ad5ef | 6427 | ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) |
Christopher Haster |
1:24750b9ad5ef | 6428 | { |
Christopher Haster |
1:24750b9ad5ef | 6429 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 6430 | } |
Christopher Haster |
1:24750b9ad5ef | 6431 | |
Christopher Haster |
1:24750b9ad5ef | 6432 | if( memcmp( ssl->in_ctr, ssl->conf->renego_period, 8 ) <= 0 && |
Christopher Haster |
1:24750b9ad5ef | 6433 | memcmp( ssl->out_ctr, ssl->conf->renego_period, 8 ) <= 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6434 | { |
Christopher Haster |
1:24750b9ad5ef | 6435 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 6436 | } |
Christopher Haster |
1:24750b9ad5ef | 6437 | |
Christopher Haster |
1:24750b9ad5ef | 6438 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6439 | return( mbedtls_ssl_renegotiate( ssl ) ); |
Christopher Haster |
1:24750b9ad5ef | 6440 | } |
Christopher Haster |
1:24750b9ad5ef | 6441 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
Christopher Haster |
1:24750b9ad5ef | 6442 | |
Christopher Haster |
1:24750b9ad5ef | 6443 | /* |
Christopher Haster |
1:24750b9ad5ef | 6444 | * Receive application data decrypted from the SSL layer |
Christopher Haster |
1:24750b9ad5ef | 6445 | */ |
Christopher Haster |
1:24750b9ad5ef | 6446 | int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) |
Christopher Haster |
1:24750b9ad5ef | 6447 | { |
Christopher Haster |
1:24750b9ad5ef | 6448 | int ret, record_read = 0; |
Christopher Haster |
1:24750b9ad5ef | 6449 | size_t n; |
Christopher Haster |
1:24750b9ad5ef | 6450 | |
Christopher Haster |
1:24750b9ad5ef | 6451 | if( ssl == NULL || ssl->conf == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6452 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 6453 | |
Christopher Haster |
1:24750b9ad5ef | 6454 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6455 | |
Christopher Haster |
1:24750b9ad5ef | 6456 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 6457 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 6458 | { |
Christopher Haster |
1:24750b9ad5ef | 6459 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6460 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6461 | |
Christopher Haster |
1:24750b9ad5ef | 6462 | if( ssl->handshake != NULL && |
Christopher Haster |
1:24750b9ad5ef | 6463 | ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) |
Christopher Haster |
1:24750b9ad5ef | 6464 | { |
Christopher Haster |
1:24750b9ad5ef | 6465 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6466 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6467 | } |
Christopher Haster |
1:24750b9ad5ef | 6468 | } |
Christopher Haster |
1:24750b9ad5ef | 6469 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6470 | |
Christopher Haster |
1:24750b9ad5ef | 6471 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 6472 | if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6473 | { |
Christopher Haster |
1:24750b9ad5ef | 6474 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6475 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6476 | } |
Christopher Haster |
1:24750b9ad5ef | 6477 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6478 | |
Christopher Haster |
1:24750b9ad5ef | 6479 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
Christopher Haster |
1:24750b9ad5ef | 6480 | { |
Christopher Haster |
1:24750b9ad5ef | 6481 | ret = mbedtls_ssl_handshake( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 6482 | if( ret == MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO ) |
Christopher Haster |
1:24750b9ad5ef | 6483 | { |
Christopher Haster |
1:24750b9ad5ef | 6484 | record_read = 1; |
Christopher Haster |
1:24750b9ad5ef | 6485 | } |
Christopher Haster |
1:24750b9ad5ef | 6486 | else if( ret != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6487 | { |
Christopher Haster |
1:24750b9ad5ef | 6488 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6489 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6490 | } |
Christopher Haster |
1:24750b9ad5ef | 6491 | } |
Christopher Haster |
1:24750b9ad5ef | 6492 | |
Christopher Haster |
1:24750b9ad5ef | 6493 | if( ssl->in_offt == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6494 | { |
Christopher Haster |
1:24750b9ad5ef | 6495 | /* Start timer if not already running */ |
Christopher Haster |
1:24750b9ad5ef | 6496 | if( ssl->f_get_timer != NULL && |
Christopher Haster |
1:24750b9ad5ef | 6497 | ssl->f_get_timer( ssl->p_timer ) == -1 ) |
Christopher Haster |
1:24750b9ad5ef | 6498 | { |
Christopher Haster |
1:24750b9ad5ef | 6499 | ssl_set_timer( ssl, ssl->conf->read_timeout ); |
Christopher Haster |
1:24750b9ad5ef | 6500 | } |
Christopher Haster |
1:24750b9ad5ef | 6501 | |
Christopher Haster |
1:24750b9ad5ef | 6502 | if( ! record_read ) |
Christopher Haster |
1:24750b9ad5ef | 6503 | { |
Christopher Haster |
1:24750b9ad5ef | 6504 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6505 | { |
Christopher Haster |
1:24750b9ad5ef | 6506 | if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) |
Christopher Haster |
1:24750b9ad5ef | 6507 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 6508 | |
Christopher Haster |
1:24750b9ad5ef | 6509 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6510 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6511 | } |
Christopher Haster |
1:24750b9ad5ef | 6512 | } |
Christopher Haster |
1:24750b9ad5ef | 6513 | |
Christopher Haster |
1:24750b9ad5ef | 6514 | if( ssl->in_msglen == 0 && |
Christopher Haster |
1:24750b9ad5ef | 6515 | ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
Christopher Haster |
1:24750b9ad5ef | 6516 | { |
Christopher Haster |
1:24750b9ad5ef | 6517 | /* |
Christopher Haster |
1:24750b9ad5ef | 6518 | * OpenSSL sends empty messages to randomize the IV |
Christopher Haster |
1:24750b9ad5ef | 6519 | */ |
Christopher Haster |
1:24750b9ad5ef | 6520 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6521 | { |
Christopher Haster |
1:24750b9ad5ef | 6522 | if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) |
Christopher Haster |
1:24750b9ad5ef | 6523 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 6524 | |
Christopher Haster |
1:24750b9ad5ef | 6525 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6526 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6527 | } |
Christopher Haster |
1:24750b9ad5ef | 6528 | } |
Christopher Haster |
1:24750b9ad5ef | 6529 | |
Christopher Haster |
1:24750b9ad5ef | 6530 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 6531 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
Christopher Haster |
1:24750b9ad5ef | 6532 | { |
Christopher Haster |
1:24750b9ad5ef | 6533 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6534 | |
Christopher Haster |
1:24750b9ad5ef | 6535 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 6536 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && |
Christopher Haster |
1:24750b9ad5ef | 6537 | ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST || |
Christopher Haster |
1:24750b9ad5ef | 6538 | ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) ) |
Christopher Haster |
1:24750b9ad5ef | 6539 | { |
Christopher Haster |
1:24750b9ad5ef | 6540 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6541 | |
Christopher Haster |
1:24750b9ad5ef | 6542 | /* With DTLS, drop the packet (probably from last handshake) */ |
Christopher Haster |
1:24750b9ad5ef | 6543 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 6544 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 6545 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
Christopher Haster |
1:24750b9ad5ef | 6546 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6547 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
Christopher Haster |
1:24750b9ad5ef | 6548 | } |
Christopher Haster |
1:24750b9ad5ef | 6549 | |
Christopher Haster |
1:24750b9ad5ef | 6550 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
Christopher Haster |
1:24750b9ad5ef | 6551 | ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) |
Christopher Haster |
1:24750b9ad5ef | 6552 | { |
Christopher Haster |
1:24750b9ad5ef | 6553 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6554 | |
Christopher Haster |
1:24750b9ad5ef | 6555 | /* With DTLS, drop the packet (probably from last handshake) */ |
Christopher Haster |
1:24750b9ad5ef | 6556 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 6557 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 6558 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
Christopher Haster |
1:24750b9ad5ef | 6559 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6560 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
Christopher Haster |
1:24750b9ad5ef | 6561 | } |
Christopher Haster |
1:24750b9ad5ef | 6562 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6563 | |
Christopher Haster |
1:24750b9ad5ef | 6564 | if( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || |
Christopher Haster |
1:24750b9ad5ef | 6565 | ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && |
Christopher Haster |
1:24750b9ad5ef | 6566 | ssl->conf->allow_legacy_renegotiation == |
Christopher Haster |
1:24750b9ad5ef | 6567 | MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) |
Christopher Haster |
1:24750b9ad5ef | 6568 | { |
Christopher Haster |
1:24750b9ad5ef | 6569 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6570 | |
Christopher Haster |
1:24750b9ad5ef | 6571 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 6572 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
Christopher Haster |
1:24750b9ad5ef | 6573 | { |
Christopher Haster |
1:24750b9ad5ef | 6574 | /* |
Christopher Haster |
1:24750b9ad5ef | 6575 | * SSLv3 does not have a "no_renegotiation" alert |
Christopher Haster |
1:24750b9ad5ef | 6576 | */ |
Christopher Haster |
1:24750b9ad5ef | 6577 | if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6578 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6579 | } |
Christopher Haster |
1:24750b9ad5ef | 6580 | else |
Christopher Haster |
1:24750b9ad5ef | 6581 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Christopher Haster |
1:24750b9ad5ef | 6582 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
Christopher Haster |
1:24750b9ad5ef | 6583 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 6584 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
Christopher Haster |
1:24750b9ad5ef | 6585 | { |
Christopher Haster |
1:24750b9ad5ef | 6586 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
Christopher Haster |
1:24750b9ad5ef | 6587 | MBEDTLS_SSL_ALERT_LEVEL_WARNING, |
Christopher Haster |
1:24750b9ad5ef | 6588 | MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6589 | { |
Christopher Haster |
1:24750b9ad5ef | 6590 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6591 | } |
Christopher Haster |
1:24750b9ad5ef | 6592 | } |
Christopher Haster |
1:24750b9ad5ef | 6593 | else |
Christopher Haster |
1:24750b9ad5ef | 6594 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || |
Christopher Haster |
1:24750b9ad5ef | 6595 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 6596 | { |
Christopher Haster |
1:24750b9ad5ef | 6597 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6598 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Christopher Haster |
1:24750b9ad5ef | 6599 | } |
Christopher Haster |
1:24750b9ad5ef | 6600 | } |
Christopher Haster |
1:24750b9ad5ef | 6601 | else |
Christopher Haster |
1:24750b9ad5ef | 6602 | { |
Christopher Haster |
1:24750b9ad5ef | 6603 | /* DTLS clients need to know renego is server-initiated */ |
Christopher Haster |
1:24750b9ad5ef | 6604 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 6605 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
Christopher Haster |
1:24750b9ad5ef | 6606 | ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
Christopher Haster |
1:24750b9ad5ef | 6607 | { |
Christopher Haster |
1:24750b9ad5ef | 6608 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; |
Christopher Haster |
1:24750b9ad5ef | 6609 | } |
Christopher Haster |
1:24750b9ad5ef | 6610 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6611 | ret = ssl_start_renegotiation( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 6612 | if( ret == MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO ) |
Christopher Haster |
1:24750b9ad5ef | 6613 | { |
Christopher Haster |
1:24750b9ad5ef | 6614 | record_read = 1; |
Christopher Haster |
1:24750b9ad5ef | 6615 | } |
Christopher Haster |
1:24750b9ad5ef | 6616 | else if( ret != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6617 | { |
Christopher Haster |
1:24750b9ad5ef | 6618 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6619 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6620 | } |
Christopher Haster |
1:24750b9ad5ef | 6621 | } |
Christopher Haster |
1:24750b9ad5ef | 6622 | |
Christopher Haster |
1:24750b9ad5ef | 6623 | /* If a non-handshake record was read during renego, fallthrough, |
Christopher Haster |
1:24750b9ad5ef | 6624 | * else tell the user they should call mbedtls_ssl_read() again */ |
Christopher Haster |
1:24750b9ad5ef | 6625 | if( ! record_read ) |
Christopher Haster |
1:24750b9ad5ef | 6626 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
Christopher Haster |
1:24750b9ad5ef | 6627 | } |
Christopher Haster |
1:24750b9ad5ef | 6628 | else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
Christopher Haster |
1:24750b9ad5ef | 6629 | { |
Christopher Haster |
1:24750b9ad5ef | 6630 | |
Christopher Haster |
1:24750b9ad5ef | 6631 | if( ssl->conf->renego_max_records >= 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6632 | { |
Christopher Haster |
1:24750b9ad5ef | 6633 | if( ++ssl->renego_records_seen > ssl->conf->renego_max_records ) |
Christopher Haster |
1:24750b9ad5ef | 6634 | { |
Christopher Haster |
1:24750b9ad5ef | 6635 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, " |
Christopher Haster |
1:24750b9ad5ef | 6636 | "but not honored by client" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6637 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
Christopher Haster |
1:24750b9ad5ef | 6638 | } |
Christopher Haster |
1:24750b9ad5ef | 6639 | } |
Christopher Haster |
1:24750b9ad5ef | 6640 | } |
Christopher Haster |
1:24750b9ad5ef | 6641 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
Christopher Haster |
1:24750b9ad5ef | 6642 | |
Christopher Haster |
1:24750b9ad5ef | 6643 | /* Fatal and closure alerts handled by mbedtls_ssl_read_record() */ |
Christopher Haster |
1:24750b9ad5ef | 6644 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) |
Christopher Haster |
1:24750b9ad5ef | 6645 | { |
Christopher Haster |
1:24750b9ad5ef | 6646 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6647 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
Christopher Haster |
1:24750b9ad5ef | 6648 | } |
Christopher Haster |
1:24750b9ad5ef | 6649 | |
Christopher Haster |
1:24750b9ad5ef | 6650 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
Christopher Haster |
1:24750b9ad5ef | 6651 | { |
Christopher Haster |
1:24750b9ad5ef | 6652 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6653 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
Christopher Haster |
1:24750b9ad5ef | 6654 | } |
Christopher Haster |
1:24750b9ad5ef | 6655 | |
Christopher Haster |
1:24750b9ad5ef | 6656 | ssl->in_offt = ssl->in_msg; |
Christopher Haster |
1:24750b9ad5ef | 6657 | |
Christopher Haster |
1:24750b9ad5ef | 6658 | /* We're going to return something now, cancel timer, |
Christopher Haster |
1:24750b9ad5ef | 6659 | * except if handshake (renegotiation) is in progress */ |
Christopher Haster |
1:24750b9ad5ef | 6660 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
Christopher Haster |
1:24750b9ad5ef | 6661 | ssl_set_timer( ssl, 0 ); |
Christopher Haster |
1:24750b9ad5ef | 6662 | |
Christopher Haster |
1:24750b9ad5ef | 6663 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 6664 | /* If we requested renego but received AppData, resend HelloRequest. |
Christopher Haster |
1:24750b9ad5ef | 6665 | * Do it now, after setting in_offt, to avoid taking this branch |
Christopher Haster |
1:24750b9ad5ef | 6666 | * again if ssl_write_hello_request() returns WANT_WRITE */ |
Christopher Haster |
1:24750b9ad5ef | 6667 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 6668 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
Christopher Haster |
1:24750b9ad5ef | 6669 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
Christopher Haster |
1:24750b9ad5ef | 6670 | { |
Christopher Haster |
1:24750b9ad5ef | 6671 | if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6672 | { |
Christopher Haster |
1:24750b9ad5ef | 6673 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6674 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6675 | } |
Christopher Haster |
1:24750b9ad5ef | 6676 | } |
Christopher Haster |
1:24750b9ad5ef | 6677 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
Christopher Haster |
1:24750b9ad5ef | 6678 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6679 | } |
Christopher Haster |
1:24750b9ad5ef | 6680 | |
Christopher Haster |
1:24750b9ad5ef | 6681 | n = ( len < ssl->in_msglen ) |
Christopher Haster |
1:24750b9ad5ef | 6682 | ? len : ssl->in_msglen; |
Christopher Haster |
1:24750b9ad5ef | 6683 | |
Christopher Haster |
1:24750b9ad5ef | 6684 | memcpy( buf, ssl->in_offt, n ); |
Christopher Haster |
1:24750b9ad5ef | 6685 | ssl->in_msglen -= n; |
Christopher Haster |
1:24750b9ad5ef | 6686 | |
Christopher Haster |
1:24750b9ad5ef | 6687 | if( ssl->in_msglen == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6688 | /* all bytes consumed */ |
Christopher Haster |
1:24750b9ad5ef | 6689 | ssl->in_offt = NULL; |
Christopher Haster |
1:24750b9ad5ef | 6690 | else |
Christopher Haster |
1:24750b9ad5ef | 6691 | /* more data available */ |
Christopher Haster |
1:24750b9ad5ef | 6692 | ssl->in_offt += n; |
Christopher Haster |
1:24750b9ad5ef | 6693 | |
Christopher Haster |
1:24750b9ad5ef | 6694 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6695 | |
Christopher Haster |
1:24750b9ad5ef | 6696 | return( (int) n ); |
Christopher Haster |
1:24750b9ad5ef | 6697 | } |
Christopher Haster |
1:24750b9ad5ef | 6698 | |
Christopher Haster |
1:24750b9ad5ef | 6699 | /* |
Christopher Haster |
1:24750b9ad5ef | 6700 | * Send application data to be encrypted by the SSL layer, |
Christopher Haster |
1:24750b9ad5ef | 6701 | * taking care of max fragment length and buffer size |
Christopher Haster |
1:24750b9ad5ef | 6702 | */ |
Christopher Haster |
1:24750b9ad5ef | 6703 | static int ssl_write_real( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 6704 | const unsigned char *buf, size_t len ) |
Christopher Haster |
1:24750b9ad5ef | 6705 | { |
Christopher Haster |
1:24750b9ad5ef | 6706 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 6707 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
Christopher Haster |
1:24750b9ad5ef | 6708 | size_t max_len = mbedtls_ssl_get_max_frag_len( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 6709 | |
Christopher Haster |
1:24750b9ad5ef | 6710 | if( len > max_len ) |
Christopher Haster |
1:24750b9ad5ef | 6711 | { |
Christopher Haster |
1:24750b9ad5ef | 6712 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 6713 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 6714 | { |
Christopher Haster |
1:24750b9ad5ef | 6715 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) " |
Christopher Haster |
1:24750b9ad5ef | 6716 | "maximum fragment length: %d > %d", |
Christopher Haster |
1:24750b9ad5ef | 6717 | len, max_len ) ); |
Christopher Haster |
1:24750b9ad5ef | 6718 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 6719 | } |
Christopher Haster |
1:24750b9ad5ef | 6720 | else |
Christopher Haster |
1:24750b9ad5ef | 6721 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6722 | len = max_len; |
Christopher Haster |
1:24750b9ad5ef | 6723 | } |
Christopher Haster |
1:24750b9ad5ef | 6724 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
Christopher Haster |
1:24750b9ad5ef | 6725 | |
Christopher Haster |
1:24750b9ad5ef | 6726 | if( ssl->out_left != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6727 | { |
Christopher Haster |
1:24750b9ad5ef | 6728 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6729 | { |
Christopher Haster |
1:24750b9ad5ef | 6730 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6731 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6732 | } |
Christopher Haster |
1:24750b9ad5ef | 6733 | } |
Christopher Haster |
1:24750b9ad5ef | 6734 | else |
Christopher Haster |
1:24750b9ad5ef | 6735 | { |
Christopher Haster |
1:24750b9ad5ef | 6736 | ssl->out_msglen = len; |
Christopher Haster |
1:24750b9ad5ef | 6737 | ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; |
Christopher Haster |
1:24750b9ad5ef | 6738 | memcpy( ssl->out_msg, buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 6739 | |
Christopher Haster |
1:24750b9ad5ef | 6740 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6741 | { |
Christopher Haster |
1:24750b9ad5ef | 6742 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6743 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6744 | } |
Christopher Haster |
1:24750b9ad5ef | 6745 | } |
Christopher Haster |
1:24750b9ad5ef | 6746 | |
Christopher Haster |
1:24750b9ad5ef | 6747 | return( (int) len ); |
Christopher Haster |
1:24750b9ad5ef | 6748 | } |
Christopher Haster |
1:24750b9ad5ef | 6749 | |
Christopher Haster |
1:24750b9ad5ef | 6750 | /* |
Christopher Haster |
1:24750b9ad5ef | 6751 | * Write application data, doing 1/n-1 splitting if necessary. |
Christopher Haster |
1:24750b9ad5ef | 6752 | * |
Christopher Haster |
1:24750b9ad5ef | 6753 | * With non-blocking I/O, ssl_write_real() may return WANT_WRITE, |
Christopher Haster |
1:24750b9ad5ef | 6754 | * then the caller will call us again with the same arguments, so |
Christopher Haster |
1:24750b9ad5ef | 6755 | * remember wether we already did the split or not. |
Christopher Haster |
1:24750b9ad5ef | 6756 | */ |
Christopher Haster |
1:24750b9ad5ef | 6757 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
Christopher Haster |
1:24750b9ad5ef | 6758 | static int ssl_write_split( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 6759 | const unsigned char *buf, size_t len ) |
Christopher Haster |
1:24750b9ad5ef | 6760 | { |
Christopher Haster |
1:24750b9ad5ef | 6761 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 6762 | |
Christopher Haster |
1:24750b9ad5ef | 6763 | if( ssl->conf->cbc_record_splitting == |
Christopher Haster |
1:24750b9ad5ef | 6764 | MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || |
Christopher Haster |
1:24750b9ad5ef | 6765 | len <= 1 || |
Christopher Haster |
1:24750b9ad5ef | 6766 | ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 || |
Christopher Haster |
1:24750b9ad5ef | 6767 | mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ) |
Christopher Haster |
1:24750b9ad5ef | 6768 | != MBEDTLS_MODE_CBC ) |
Christopher Haster |
1:24750b9ad5ef | 6769 | { |
Christopher Haster |
1:24750b9ad5ef | 6770 | return( ssl_write_real( ssl, buf, len ) ); |
Christopher Haster |
1:24750b9ad5ef | 6771 | } |
Christopher Haster |
1:24750b9ad5ef | 6772 | |
Christopher Haster |
1:24750b9ad5ef | 6773 | if( ssl->split_done == 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6774 | { |
Christopher Haster |
1:24750b9ad5ef | 6775 | if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6776 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6777 | ssl->split_done = 1; |
Christopher Haster |
1:24750b9ad5ef | 6778 | } |
Christopher Haster |
1:24750b9ad5ef | 6779 | |
Christopher Haster |
1:24750b9ad5ef | 6780 | if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6781 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6782 | ssl->split_done = 0; |
Christopher Haster |
1:24750b9ad5ef | 6783 | |
Christopher Haster |
1:24750b9ad5ef | 6784 | return( ret + 1 ); |
Christopher Haster |
1:24750b9ad5ef | 6785 | } |
Christopher Haster |
1:24750b9ad5ef | 6786 | #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ |
Christopher Haster |
1:24750b9ad5ef | 6787 | |
Christopher Haster |
1:24750b9ad5ef | 6788 | /* |
Christopher Haster |
1:24750b9ad5ef | 6789 | * Write application data (public-facing wrapper) |
Christopher Haster |
1:24750b9ad5ef | 6790 | */ |
Christopher Haster |
1:24750b9ad5ef | 6791 | int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) |
Christopher Haster |
1:24750b9ad5ef | 6792 | { |
Christopher Haster |
1:24750b9ad5ef | 6793 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 6794 | |
Christopher Haster |
1:24750b9ad5ef | 6795 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6796 | |
Christopher Haster |
1:24750b9ad5ef | 6797 | if( ssl == NULL || ssl->conf == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6798 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 6799 | |
Christopher Haster |
1:24750b9ad5ef | 6800 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 6801 | if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6802 | { |
Christopher Haster |
1:24750b9ad5ef | 6803 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6804 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6805 | } |
Christopher Haster |
1:24750b9ad5ef | 6806 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6807 | |
Christopher Haster |
1:24750b9ad5ef | 6808 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
Christopher Haster |
1:24750b9ad5ef | 6809 | { |
Christopher Haster |
1:24750b9ad5ef | 6810 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6811 | { |
Christopher Haster |
1:24750b9ad5ef | 6812 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6813 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6814 | } |
Christopher Haster |
1:24750b9ad5ef | 6815 | } |
Christopher Haster |
1:24750b9ad5ef | 6816 | |
Christopher Haster |
1:24750b9ad5ef | 6817 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
Christopher Haster |
1:24750b9ad5ef | 6818 | ret = ssl_write_split( ssl, buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 6819 | #else |
Christopher Haster |
1:24750b9ad5ef | 6820 | ret = ssl_write_real( ssl, buf, len ); |
Christopher Haster |
1:24750b9ad5ef | 6821 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6822 | |
Christopher Haster |
1:24750b9ad5ef | 6823 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6824 | |
Christopher Haster |
1:24750b9ad5ef | 6825 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6826 | } |
Christopher Haster |
1:24750b9ad5ef | 6827 | |
Christopher Haster |
1:24750b9ad5ef | 6828 | /* |
Christopher Haster |
1:24750b9ad5ef | 6829 | * Notify the peer that the connection is being closed |
Christopher Haster |
1:24750b9ad5ef | 6830 | */ |
Christopher Haster |
1:24750b9ad5ef | 6831 | int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6832 | { |
Christopher Haster |
1:24750b9ad5ef | 6833 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 6834 | |
Christopher Haster |
1:24750b9ad5ef | 6835 | if( ssl == NULL || ssl->conf == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6836 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
Christopher Haster |
1:24750b9ad5ef | 6837 | |
Christopher Haster |
1:24750b9ad5ef | 6838 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6839 | |
Christopher Haster |
1:24750b9ad5ef | 6840 | if( ssl->out_left != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6841 | return( mbedtls_ssl_flush_output( ssl ) ); |
Christopher Haster |
1:24750b9ad5ef | 6842 | |
Christopher Haster |
1:24750b9ad5ef | 6843 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
Christopher Haster |
1:24750b9ad5ef | 6844 | { |
Christopher Haster |
1:24750b9ad5ef | 6845 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
Christopher Haster |
1:24750b9ad5ef | 6846 | MBEDTLS_SSL_ALERT_LEVEL_WARNING, |
Christopher Haster |
1:24750b9ad5ef | 6847 | MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 6848 | { |
Christopher Haster |
1:24750b9ad5ef | 6849 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret ); |
Christopher Haster |
1:24750b9ad5ef | 6850 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 6851 | } |
Christopher Haster |
1:24750b9ad5ef | 6852 | } |
Christopher Haster |
1:24750b9ad5ef | 6853 | |
Christopher Haster |
1:24750b9ad5ef | 6854 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6855 | |
Christopher Haster |
1:24750b9ad5ef | 6856 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 6857 | } |
Christopher Haster |
1:24750b9ad5ef | 6858 | |
Christopher Haster |
1:24750b9ad5ef | 6859 | void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) |
Christopher Haster |
1:24750b9ad5ef | 6860 | { |
Christopher Haster |
1:24750b9ad5ef | 6861 | if( transform == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6862 | return; |
Christopher Haster |
1:24750b9ad5ef | 6863 | |
Christopher Haster |
1:24750b9ad5ef | 6864 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
Christopher Haster |
1:24750b9ad5ef | 6865 | deflateEnd( &transform->ctx_deflate ); |
Christopher Haster |
1:24750b9ad5ef | 6866 | inflateEnd( &transform->ctx_inflate ); |
Christopher Haster |
1:24750b9ad5ef | 6867 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6868 | |
Christopher Haster |
1:24750b9ad5ef | 6869 | mbedtls_cipher_free( &transform->cipher_ctx_enc ); |
Christopher Haster |
1:24750b9ad5ef | 6870 | mbedtls_cipher_free( &transform->cipher_ctx_dec ); |
Christopher Haster |
1:24750b9ad5ef | 6871 | |
Christopher Haster |
1:24750b9ad5ef | 6872 | mbedtls_md_free( &transform->md_ctx_enc ); |
Christopher Haster |
1:24750b9ad5ef | 6873 | mbedtls_md_free( &transform->md_ctx_dec ); |
Christopher Haster |
1:24750b9ad5ef | 6874 | |
Christopher Haster |
1:24750b9ad5ef | 6875 | mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); |
Christopher Haster |
1:24750b9ad5ef | 6876 | } |
Christopher Haster |
1:24750b9ad5ef | 6877 | |
Christopher Haster |
1:24750b9ad5ef | 6878 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 6879 | static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert ) |
Christopher Haster |
1:24750b9ad5ef | 6880 | { |
Christopher Haster |
1:24750b9ad5ef | 6881 | mbedtls_ssl_key_cert *cur = key_cert, *next; |
Christopher Haster |
1:24750b9ad5ef | 6882 | |
Christopher Haster |
1:24750b9ad5ef | 6883 | while( cur != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6884 | { |
Christopher Haster |
1:24750b9ad5ef | 6885 | next = cur->next; |
Christopher Haster |
1:24750b9ad5ef | 6886 | mbedtls_free( cur ); |
Christopher Haster |
1:24750b9ad5ef | 6887 | cur = next; |
Christopher Haster |
1:24750b9ad5ef | 6888 | } |
Christopher Haster |
1:24750b9ad5ef | 6889 | } |
Christopher Haster |
1:24750b9ad5ef | 6890 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Christopher Haster |
1:24750b9ad5ef | 6891 | |
Christopher Haster |
1:24750b9ad5ef | 6892 | void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) |
Christopher Haster |
1:24750b9ad5ef | 6893 | { |
Christopher Haster |
1:24750b9ad5ef | 6894 | if( handshake == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6895 | return; |
Christopher Haster |
1:24750b9ad5ef | 6896 | |
Christopher Haster |
1:24750b9ad5ef | 6897 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
Christopher Haster |
1:24750b9ad5ef | 6898 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 6899 | mbedtls_md5_free( &handshake->fin_md5 ); |
Christopher Haster |
1:24750b9ad5ef | 6900 | mbedtls_sha1_free( &handshake->fin_sha1 ); |
Christopher Haster |
1:24750b9ad5ef | 6901 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6902 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 6903 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 6904 | mbedtls_sha256_free( &handshake->fin_sha256 ); |
Christopher Haster |
1:24750b9ad5ef | 6905 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6906 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 6907 | mbedtls_sha512_free( &handshake->fin_sha512 ); |
Christopher Haster |
1:24750b9ad5ef | 6908 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6909 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 6910 | |
Christopher Haster |
1:24750b9ad5ef | 6911 | #if defined(MBEDTLS_DHM_C) |
Christopher Haster |
1:24750b9ad5ef | 6912 | mbedtls_dhm_free( &handshake->dhm_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 6913 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6914 | #if defined(MBEDTLS_ECDH_C) |
Christopher Haster |
1:24750b9ad5ef | 6915 | mbedtls_ecdh_free( &handshake->ecdh_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 6916 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6917 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 6918 | mbedtls_ecjpake_free( &handshake->ecjpake_ctx ); |
Christopher Haster |
1:24750b9ad5ef | 6919 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 6920 | mbedtls_free( handshake->ecjpake_cache ); |
Christopher Haster |
1:24750b9ad5ef | 6921 | handshake->ecjpake_cache = NULL; |
Christopher Haster |
1:24750b9ad5ef | 6922 | handshake->ecjpake_cache_len = 0; |
Christopher Haster |
1:24750b9ad5ef | 6923 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6924 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6925 | |
Christopher Haster |
1:24750b9ad5ef | 6926 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) |
Christopher Haster |
1:24750b9ad5ef | 6927 | /* explicit void pointer cast for buggy MS compiler */ |
Christopher Haster |
1:24750b9ad5ef | 6928 | mbedtls_free( (void *) handshake->curves ); |
Christopher Haster |
1:24750b9ad5ef | 6929 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6930 | |
Christopher Haster |
1:24750b9ad5ef | 6931 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 6932 | if( handshake->psk != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6933 | { |
Christopher Haster |
1:24750b9ad5ef | 6934 | mbedtls_zeroize( handshake->psk, handshake->psk_len ); |
Christopher Haster |
1:24750b9ad5ef | 6935 | mbedtls_free( handshake->psk ); |
Christopher Haster |
1:24750b9ad5ef | 6936 | } |
Christopher Haster |
1:24750b9ad5ef | 6937 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6938 | |
Christopher Haster |
1:24750b9ad5ef | 6939 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ |
Christopher Haster |
1:24750b9ad5ef | 6940 | defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
Christopher Haster |
1:24750b9ad5ef | 6941 | /* |
Christopher Haster |
1:24750b9ad5ef | 6942 | * Free only the linked list wrapper, not the keys themselves |
Christopher Haster |
1:24750b9ad5ef | 6943 | * since the belong to the SNI callback |
Christopher Haster |
1:24750b9ad5ef | 6944 | */ |
Christopher Haster |
1:24750b9ad5ef | 6945 | if( handshake->sni_key_cert != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6946 | { |
Christopher Haster |
1:24750b9ad5ef | 6947 | mbedtls_ssl_key_cert *cur = handshake->sni_key_cert, *next; |
Christopher Haster |
1:24750b9ad5ef | 6948 | |
Christopher Haster |
1:24750b9ad5ef | 6949 | while( cur != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6950 | { |
Christopher Haster |
1:24750b9ad5ef | 6951 | next = cur->next; |
Christopher Haster |
1:24750b9ad5ef | 6952 | mbedtls_free( cur ); |
Christopher Haster |
1:24750b9ad5ef | 6953 | cur = next; |
Christopher Haster |
1:24750b9ad5ef | 6954 | } |
Christopher Haster |
1:24750b9ad5ef | 6955 | } |
Christopher Haster |
1:24750b9ad5ef | 6956 | #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
Christopher Haster |
1:24750b9ad5ef | 6957 | |
Christopher Haster |
1:24750b9ad5ef | 6958 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 6959 | mbedtls_free( handshake->verify_cookie ); |
Christopher Haster |
1:24750b9ad5ef | 6960 | mbedtls_free( handshake->hs_msg ); |
Christopher Haster |
1:24750b9ad5ef | 6961 | ssl_flight_free( handshake->flight ); |
Christopher Haster |
1:24750b9ad5ef | 6962 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6963 | |
Christopher Haster |
1:24750b9ad5ef | 6964 | mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) ); |
Christopher Haster |
1:24750b9ad5ef | 6965 | } |
Christopher Haster |
1:24750b9ad5ef | 6966 | |
Christopher Haster |
1:24750b9ad5ef | 6967 | void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) |
Christopher Haster |
1:24750b9ad5ef | 6968 | { |
Christopher Haster |
1:24750b9ad5ef | 6969 | if( session == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6970 | return; |
Christopher Haster |
1:24750b9ad5ef | 6971 | |
Christopher Haster |
1:24750b9ad5ef | 6972 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 6973 | if( session->peer_cert != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6974 | { |
Christopher Haster |
1:24750b9ad5ef | 6975 | mbedtls_x509_crt_free( session->peer_cert ); |
Christopher Haster |
1:24750b9ad5ef | 6976 | mbedtls_free( session->peer_cert ); |
Christopher Haster |
1:24750b9ad5ef | 6977 | } |
Christopher Haster |
1:24750b9ad5ef | 6978 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6979 | |
Christopher Haster |
1:24750b9ad5ef | 6980 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 6981 | mbedtls_free( session->ticket ); |
Christopher Haster |
1:24750b9ad5ef | 6982 | #endif |
Christopher Haster |
1:24750b9ad5ef | 6983 | |
Christopher Haster |
1:24750b9ad5ef | 6984 | mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) ); |
Christopher Haster |
1:24750b9ad5ef | 6985 | } |
Christopher Haster |
1:24750b9ad5ef | 6986 | |
Christopher Haster |
1:24750b9ad5ef | 6987 | /* |
Christopher Haster |
1:24750b9ad5ef | 6988 | * Free an SSL context |
Christopher Haster |
1:24750b9ad5ef | 6989 | */ |
Christopher Haster |
1:24750b9ad5ef | 6990 | void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 6991 | { |
Christopher Haster |
1:24750b9ad5ef | 6992 | if( ssl == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6993 | return; |
Christopher Haster |
1:24750b9ad5ef | 6994 | |
Christopher Haster |
1:24750b9ad5ef | 6995 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) ); |
Christopher Haster |
1:24750b9ad5ef | 6996 | |
Christopher Haster |
1:24750b9ad5ef | 6997 | if( ssl->out_buf != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 6998 | { |
Christopher Haster |
1:24750b9ad5ef | 6999 | mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN ); |
Christopher Haster |
1:24750b9ad5ef | 7000 | mbedtls_free( ssl->out_buf ); |
Christopher Haster |
1:24750b9ad5ef | 7001 | } |
Christopher Haster |
1:24750b9ad5ef | 7002 | |
Christopher Haster |
1:24750b9ad5ef | 7003 | if( ssl->in_buf != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 7004 | { |
Christopher Haster |
1:24750b9ad5ef | 7005 | mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN ); |
Christopher Haster |
1:24750b9ad5ef | 7006 | mbedtls_free( ssl->in_buf ); |
Christopher Haster |
1:24750b9ad5ef | 7007 | } |
Christopher Haster |
1:24750b9ad5ef | 7008 | |
Christopher Haster |
1:24750b9ad5ef | 7009 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
Christopher Haster |
1:24750b9ad5ef | 7010 | if( ssl->compress_buf != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 7011 | { |
Christopher Haster |
1:24750b9ad5ef | 7012 | mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN ); |
Christopher Haster |
1:24750b9ad5ef | 7013 | mbedtls_free( ssl->compress_buf ); |
Christopher Haster |
1:24750b9ad5ef | 7014 | } |
Christopher Haster |
1:24750b9ad5ef | 7015 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7016 | |
Christopher Haster |
1:24750b9ad5ef | 7017 | if( ssl->transform ) |
Christopher Haster |
1:24750b9ad5ef | 7018 | { |
Christopher Haster |
1:24750b9ad5ef | 7019 | mbedtls_ssl_transform_free( ssl->transform ); |
Christopher Haster |
1:24750b9ad5ef | 7020 | mbedtls_free( ssl->transform ); |
Christopher Haster |
1:24750b9ad5ef | 7021 | } |
Christopher Haster |
1:24750b9ad5ef | 7022 | |
Christopher Haster |
1:24750b9ad5ef | 7023 | if( ssl->handshake ) |
Christopher Haster |
1:24750b9ad5ef | 7024 | { |
Christopher Haster |
1:24750b9ad5ef | 7025 | mbedtls_ssl_handshake_free( ssl->handshake ); |
Christopher Haster |
1:24750b9ad5ef | 7026 | mbedtls_ssl_transform_free( ssl->transform_negotiate ); |
Christopher Haster |
1:24750b9ad5ef | 7027 | mbedtls_ssl_session_free( ssl->session_negotiate ); |
Christopher Haster |
1:24750b9ad5ef | 7028 | |
Christopher Haster |
1:24750b9ad5ef | 7029 | mbedtls_free( ssl->handshake ); |
Christopher Haster |
1:24750b9ad5ef | 7030 | mbedtls_free( ssl->transform_negotiate ); |
Christopher Haster |
1:24750b9ad5ef | 7031 | mbedtls_free( ssl->session_negotiate ); |
Christopher Haster |
1:24750b9ad5ef | 7032 | } |
Christopher Haster |
1:24750b9ad5ef | 7033 | |
Christopher Haster |
1:24750b9ad5ef | 7034 | if( ssl->session ) |
Christopher Haster |
1:24750b9ad5ef | 7035 | { |
Christopher Haster |
1:24750b9ad5ef | 7036 | mbedtls_ssl_session_free( ssl->session ); |
Christopher Haster |
1:24750b9ad5ef | 7037 | mbedtls_free( ssl->session ); |
Christopher Haster |
1:24750b9ad5ef | 7038 | } |
Christopher Haster |
1:24750b9ad5ef | 7039 | |
Christopher Haster |
1:24750b9ad5ef | 7040 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 7041 | if( ssl->hostname != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 7042 | { |
Christopher Haster |
1:24750b9ad5ef | 7043 | mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); |
Christopher Haster |
1:24750b9ad5ef | 7044 | mbedtls_free( ssl->hostname ); |
Christopher Haster |
1:24750b9ad5ef | 7045 | } |
Christopher Haster |
1:24750b9ad5ef | 7046 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7047 | |
Christopher Haster |
1:24750b9ad5ef | 7048 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
Christopher Haster |
1:24750b9ad5ef | 7049 | if( mbedtls_ssl_hw_record_finish != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 7050 | { |
Christopher Haster |
1:24750b9ad5ef | 7051 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_finish()" ) ); |
Christopher Haster |
1:24750b9ad5ef | 7052 | mbedtls_ssl_hw_record_finish( ssl ); |
Christopher Haster |
1:24750b9ad5ef | 7053 | } |
Christopher Haster |
1:24750b9ad5ef | 7054 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7055 | |
Christopher Haster |
1:24750b9ad5ef | 7056 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 7057 | mbedtls_free( ssl->cli_id ); |
Christopher Haster |
1:24750b9ad5ef | 7058 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7059 | |
Christopher Haster |
1:24750b9ad5ef | 7060 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); |
Christopher Haster |
1:24750b9ad5ef | 7061 | |
Christopher Haster |
1:24750b9ad5ef | 7062 | /* Actually clear after last debug message */ |
Christopher Haster |
1:24750b9ad5ef | 7063 | mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); |
Christopher Haster |
1:24750b9ad5ef | 7064 | } |
Christopher Haster |
1:24750b9ad5ef | 7065 | |
Christopher Haster |
1:24750b9ad5ef | 7066 | /* |
Christopher Haster |
1:24750b9ad5ef | 7067 | * Initialze mbedtls_ssl_config |
Christopher Haster |
1:24750b9ad5ef | 7068 | */ |
Christopher Haster |
1:24750b9ad5ef | 7069 | void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) |
Christopher Haster |
1:24750b9ad5ef | 7070 | { |
Christopher Haster |
1:24750b9ad5ef | 7071 | memset( conf, 0, sizeof( mbedtls_ssl_config ) ); |
Christopher Haster |
1:24750b9ad5ef | 7072 | } |
Christopher Haster |
1:24750b9ad5ef | 7073 | |
Christopher Haster |
1:24750b9ad5ef | 7074 | static int ssl_preset_suiteb_ciphersuites[] = { |
Christopher Haster |
1:24750b9ad5ef | 7075 | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
Christopher Haster |
1:24750b9ad5ef | 7076 | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
Christopher Haster |
1:24750b9ad5ef | 7077 | 0 |
Christopher Haster |
1:24750b9ad5ef | 7078 | }; |
Christopher Haster |
1:24750b9ad5ef | 7079 | |
Christopher Haster |
1:24750b9ad5ef | 7080 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 7081 | static int ssl_preset_suiteb_hashes[] = { |
Christopher Haster |
1:24750b9ad5ef | 7082 | MBEDTLS_MD_SHA256, |
Christopher Haster |
1:24750b9ad5ef | 7083 | MBEDTLS_MD_SHA384, |
Christopher Haster |
1:24750b9ad5ef | 7084 | MBEDTLS_MD_NONE |
Christopher Haster |
1:24750b9ad5ef | 7085 | }; |
Christopher Haster |
1:24750b9ad5ef | 7086 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7087 | |
Christopher Haster |
1:24750b9ad5ef | 7088 | #if defined(MBEDTLS_ECP_C) |
Christopher Haster |
1:24750b9ad5ef | 7089 | static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = { |
Christopher Haster |
1:24750b9ad5ef | 7090 | MBEDTLS_ECP_DP_SECP256R1, |
Christopher Haster |
1:24750b9ad5ef | 7091 | MBEDTLS_ECP_DP_SECP384R1, |
Christopher Haster |
1:24750b9ad5ef | 7092 | MBEDTLS_ECP_DP_NONE |
Christopher Haster |
1:24750b9ad5ef | 7093 | }; |
Christopher Haster |
1:24750b9ad5ef | 7094 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7095 | |
Christopher Haster |
1:24750b9ad5ef | 7096 | /* |
Christopher Haster |
1:24750b9ad5ef | 7097 | * Load default in mbedtls_ssl_config |
Christopher Haster |
1:24750b9ad5ef | 7098 | */ |
Christopher Haster |
1:24750b9ad5ef | 7099 | int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, |
Christopher Haster |
1:24750b9ad5ef | 7100 | int endpoint, int transport, int preset ) |
Christopher Haster |
1:24750b9ad5ef | 7101 | { |
Christopher Haster |
1:24750b9ad5ef | 7102 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 7103 | int ret; |
Christopher Haster |
1:24750b9ad5ef | 7104 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7105 | |
Christopher Haster |
1:24750b9ad5ef | 7106 | /* Use the functions here so that they are covered in tests, |
Christopher Haster |
1:24750b9ad5ef | 7107 | * but otherwise access member directly for efficiency */ |
Christopher Haster |
1:24750b9ad5ef | 7108 | mbedtls_ssl_conf_endpoint( conf, endpoint ); |
Christopher Haster |
1:24750b9ad5ef | 7109 | mbedtls_ssl_conf_transport( conf, transport ); |
Christopher Haster |
1:24750b9ad5ef | 7110 | |
Christopher Haster |
1:24750b9ad5ef | 7111 | /* |
Christopher Haster |
1:24750b9ad5ef | 7112 | * Things that are common to all presets |
Christopher Haster |
1:24750b9ad5ef | 7113 | */ |
Christopher Haster |
1:24750b9ad5ef | 7114 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 7115 | if( endpoint == MBEDTLS_SSL_IS_CLIENT ) |
Christopher Haster |
1:24750b9ad5ef | 7116 | { |
Christopher Haster |
1:24750b9ad5ef | 7117 | conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; |
Christopher Haster |
1:24750b9ad5ef | 7118 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
Christopher Haster |
1:24750b9ad5ef | 7119 | conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED; |
Christopher Haster |
1:24750b9ad5ef | 7120 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7121 | } |
Christopher Haster |
1:24750b9ad5ef | 7122 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7123 | |
Christopher Haster |
1:24750b9ad5ef | 7124 | #if defined(MBEDTLS_ARC4_C) |
Christopher Haster |
1:24750b9ad5ef | 7125 | conf->arc4_disabled = MBEDTLS_SSL_ARC4_DISABLED; |
Christopher Haster |
1:24750b9ad5ef | 7126 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7127 | |
Christopher Haster |
1:24750b9ad5ef | 7128 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
Christopher Haster |
1:24750b9ad5ef | 7129 | conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; |
Christopher Haster |
1:24750b9ad5ef | 7130 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7131 | |
Christopher Haster |
1:24750b9ad5ef | 7132 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
Christopher Haster |
1:24750b9ad5ef | 7133 | conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; |
Christopher Haster |
1:24750b9ad5ef | 7134 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7135 | |
Christopher Haster |
1:24750b9ad5ef | 7136 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
Christopher Haster |
1:24750b9ad5ef | 7137 | conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED; |
Christopher Haster |
1:24750b9ad5ef | 7138 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7139 | |
Christopher Haster |
1:24750b9ad5ef | 7140 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 7141 | conf->f_cookie_write = ssl_cookie_write_dummy; |
Christopher Haster |
1:24750b9ad5ef | 7142 | conf->f_cookie_check = ssl_cookie_check_dummy; |
Christopher Haster |
1:24750b9ad5ef | 7143 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7144 | |
Christopher Haster |
1:24750b9ad5ef | 7145 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
Christopher Haster |
1:24750b9ad5ef | 7146 | conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED; |
Christopher Haster |
1:24750b9ad5ef | 7147 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7148 | |
Christopher Haster |
1:24750b9ad5ef | 7149 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 7150 | conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN; |
Christopher Haster |
1:24750b9ad5ef | 7151 | conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX; |
Christopher Haster |
1:24750b9ad5ef | 7152 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7153 | |
Christopher Haster |
1:24750b9ad5ef | 7154 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Christopher Haster |
1:24750b9ad5ef | 7155 | conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; |
Christopher Haster |
1:24750b9ad5ef | 7156 | memset( conf->renego_period, 0xFF, 7 ); |
Christopher Haster |
1:24750b9ad5ef | 7157 | conf->renego_period[7] = 0x00; |
Christopher Haster |
1:24750b9ad5ef | 7158 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7159 | |
Christopher Haster |
1:24750b9ad5ef | 7160 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
Christopher Haster |
1:24750b9ad5ef | 7161 | if( endpoint == MBEDTLS_SSL_IS_SERVER ) |
Christopher Haster |
1:24750b9ad5ef | 7162 | { |
Christopher Haster |
1:24750b9ad5ef | 7163 | if( ( ret = mbedtls_ssl_conf_dh_param( conf, |
Christopher Haster |
1:24750b9ad5ef | 7164 | MBEDTLS_DHM_RFC5114_MODP_2048_P, |
Christopher Haster |
1:24750b9ad5ef | 7165 | MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 7166 | { |
Christopher Haster |
1:24750b9ad5ef | 7167 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 7168 | } |
Christopher Haster |
1:24750b9ad5ef | 7169 | } |
Christopher Haster |
1:24750b9ad5ef | 7170 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7171 | |
Christopher Haster |
1:24750b9ad5ef | 7172 | /* |
Christopher Haster |
1:24750b9ad5ef | 7173 | * Preset-specific defaults |
Christopher Haster |
1:24750b9ad5ef | 7174 | */ |
Christopher Haster |
1:24750b9ad5ef | 7175 | switch( preset ) |
Christopher Haster |
1:24750b9ad5ef | 7176 | { |
Christopher Haster |
1:24750b9ad5ef | 7177 | /* |
Christopher Haster |
1:24750b9ad5ef | 7178 | * NSA Suite B |
Christopher Haster |
1:24750b9ad5ef | 7179 | */ |
Christopher Haster |
1:24750b9ad5ef | 7180 | case MBEDTLS_SSL_PRESET_SUITEB: |
Christopher Haster |
1:24750b9ad5ef | 7181 | conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; |
Christopher Haster |
1:24750b9ad5ef | 7182 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ |
Christopher Haster |
1:24750b9ad5ef | 7183 | conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; |
Christopher Haster |
1:24750b9ad5ef | 7184 | conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; |
Christopher Haster |
1:24750b9ad5ef | 7185 | |
Christopher Haster |
1:24750b9ad5ef | 7186 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = |
Christopher Haster |
1:24750b9ad5ef | 7187 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = |
Christopher Haster |
1:24750b9ad5ef | 7188 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = |
Christopher Haster |
1:24750b9ad5ef | 7189 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = |
Christopher Haster |
1:24750b9ad5ef | 7190 | ssl_preset_suiteb_ciphersuites; |
Christopher Haster |
1:24750b9ad5ef | 7191 | |
Christopher Haster |
1:24750b9ad5ef | 7192 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 7193 | conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; |
Christopher Haster |
1:24750b9ad5ef | 7194 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7195 | |
Christopher Haster |
1:24750b9ad5ef | 7196 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 7197 | conf->sig_hashes = ssl_preset_suiteb_hashes; |
Christopher Haster |
1:24750b9ad5ef | 7198 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7199 | |
Christopher Haster |
1:24750b9ad5ef | 7200 | #if defined(MBEDTLS_ECP_C) |
Christopher Haster |
1:24750b9ad5ef | 7201 | conf->curve_list = ssl_preset_suiteb_curves; |
Christopher Haster |
1:24750b9ad5ef | 7202 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7203 | break; |
Christopher Haster |
1:24750b9ad5ef | 7204 | |
Christopher Haster |
1:24750b9ad5ef | 7205 | /* |
Christopher Haster |
1:24750b9ad5ef | 7206 | * Default |
Christopher Haster |
1:24750b9ad5ef | 7207 | */ |
Christopher Haster |
1:24750b9ad5ef | 7208 | default: |
Christopher Haster |
1:24750b9ad5ef | 7209 | conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; |
Christopher Haster |
1:24750b9ad5ef | 7210 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */ |
Christopher Haster |
1:24750b9ad5ef | 7211 | conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; |
Christopher Haster |
1:24750b9ad5ef | 7212 | conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; |
Christopher Haster |
1:24750b9ad5ef | 7213 | |
Christopher Haster |
1:24750b9ad5ef | 7214 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 7215 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 7216 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2; |
Christopher Haster |
1:24750b9ad5ef | 7217 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7218 | |
Christopher Haster |
1:24750b9ad5ef | 7219 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = |
Christopher Haster |
1:24750b9ad5ef | 7220 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = |
Christopher Haster |
1:24750b9ad5ef | 7221 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = |
Christopher Haster |
1:24750b9ad5ef | 7222 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = |
Christopher Haster |
1:24750b9ad5ef | 7223 | mbedtls_ssl_list_ciphersuites(); |
Christopher Haster |
1:24750b9ad5ef | 7224 | |
Christopher Haster |
1:24750b9ad5ef | 7225 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 7226 | conf->cert_profile = &mbedtls_x509_crt_profile_default; |
Christopher Haster |
1:24750b9ad5ef | 7227 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7228 | |
Christopher Haster |
1:24750b9ad5ef | 7229 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 7230 | conf->sig_hashes = mbedtls_md_list(); |
Christopher Haster |
1:24750b9ad5ef | 7231 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7232 | |
Christopher Haster |
1:24750b9ad5ef | 7233 | #if defined(MBEDTLS_ECP_C) |
Christopher Haster |
1:24750b9ad5ef | 7234 | conf->curve_list = mbedtls_ecp_grp_id_list(); |
Christopher Haster |
1:24750b9ad5ef | 7235 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7236 | |
Christopher Haster |
1:24750b9ad5ef | 7237 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 7238 | conf->dhm_min_bitlen = 1024; |
Christopher Haster |
1:24750b9ad5ef | 7239 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7240 | } |
Christopher Haster |
1:24750b9ad5ef | 7241 | |
Christopher Haster |
1:24750b9ad5ef | 7242 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 7243 | } |
Christopher Haster |
1:24750b9ad5ef | 7244 | |
Christopher Haster |
1:24750b9ad5ef | 7245 | /* |
Christopher Haster |
1:24750b9ad5ef | 7246 | * Free mbedtls_ssl_config |
Christopher Haster |
1:24750b9ad5ef | 7247 | */ |
Christopher Haster |
1:24750b9ad5ef | 7248 | void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) |
Christopher Haster |
1:24750b9ad5ef | 7249 | { |
Christopher Haster |
1:24750b9ad5ef | 7250 | #if defined(MBEDTLS_DHM_C) |
Christopher Haster |
1:24750b9ad5ef | 7251 | mbedtls_mpi_free( &conf->dhm_P ); |
Christopher Haster |
1:24750b9ad5ef | 7252 | mbedtls_mpi_free( &conf->dhm_G ); |
Christopher Haster |
1:24750b9ad5ef | 7253 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7254 | |
Christopher Haster |
1:24750b9ad5ef | 7255 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 7256 | if( conf->psk != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 7257 | { |
Christopher Haster |
1:24750b9ad5ef | 7258 | mbedtls_zeroize( conf->psk, conf->psk_len ); |
Christopher Haster |
1:24750b9ad5ef | 7259 | mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len ); |
Christopher Haster |
1:24750b9ad5ef | 7260 | mbedtls_free( conf->psk ); |
Christopher Haster |
1:24750b9ad5ef | 7261 | mbedtls_free( conf->psk_identity ); |
Christopher Haster |
1:24750b9ad5ef | 7262 | conf->psk_len = 0; |
Christopher Haster |
1:24750b9ad5ef | 7263 | conf->psk_identity_len = 0; |
Christopher Haster |
1:24750b9ad5ef | 7264 | } |
Christopher Haster |
1:24750b9ad5ef | 7265 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7266 | |
Christopher Haster |
1:24750b9ad5ef | 7267 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 7268 | ssl_key_cert_free( conf->key_cert ); |
Christopher Haster |
1:24750b9ad5ef | 7269 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7270 | |
Christopher Haster |
1:24750b9ad5ef | 7271 | mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) ); |
Christopher Haster |
1:24750b9ad5ef | 7272 | } |
Christopher Haster |
1:24750b9ad5ef | 7273 | |
Christopher Haster |
1:24750b9ad5ef | 7274 | #if defined(MBEDTLS_PK_C) && \ |
Christopher Haster |
1:24750b9ad5ef | 7275 | ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) ) |
Christopher Haster |
1:24750b9ad5ef | 7276 | /* |
Christopher Haster |
1:24750b9ad5ef | 7277 | * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX |
Christopher Haster |
1:24750b9ad5ef | 7278 | */ |
Christopher Haster |
1:24750b9ad5ef | 7279 | unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ) |
Christopher Haster |
1:24750b9ad5ef | 7280 | { |
Christopher Haster |
1:24750b9ad5ef | 7281 | #if defined(MBEDTLS_RSA_C) |
Christopher Haster |
1:24750b9ad5ef | 7282 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) ) |
Christopher Haster |
1:24750b9ad5ef | 7283 | return( MBEDTLS_SSL_SIG_RSA ); |
Christopher Haster |
1:24750b9ad5ef | 7284 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7285 | #if defined(MBEDTLS_ECDSA_C) |
Christopher Haster |
1:24750b9ad5ef | 7286 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) ) |
Christopher Haster |
1:24750b9ad5ef | 7287 | return( MBEDTLS_SSL_SIG_ECDSA ); |
Christopher Haster |
1:24750b9ad5ef | 7288 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7289 | return( MBEDTLS_SSL_SIG_ANON ); |
Christopher Haster |
1:24750b9ad5ef | 7290 | } |
Christopher Haster |
1:24750b9ad5ef | 7291 | |
Christopher Haster |
1:24750b9ad5ef | 7292 | mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ) |
Christopher Haster |
1:24750b9ad5ef | 7293 | { |
Christopher Haster |
1:24750b9ad5ef | 7294 | switch( sig ) |
Christopher Haster |
1:24750b9ad5ef | 7295 | { |
Christopher Haster |
1:24750b9ad5ef | 7296 | #if defined(MBEDTLS_RSA_C) |
Christopher Haster |
1:24750b9ad5ef | 7297 | case MBEDTLS_SSL_SIG_RSA: |
Christopher Haster |
1:24750b9ad5ef | 7298 | return( MBEDTLS_PK_RSA ); |
Christopher Haster |
1:24750b9ad5ef | 7299 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7300 | #if defined(MBEDTLS_ECDSA_C) |
Christopher Haster |
1:24750b9ad5ef | 7301 | case MBEDTLS_SSL_SIG_ECDSA: |
Christopher Haster |
1:24750b9ad5ef | 7302 | return( MBEDTLS_PK_ECDSA ); |
Christopher Haster |
1:24750b9ad5ef | 7303 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7304 | default: |
Christopher Haster |
1:24750b9ad5ef | 7305 | return( MBEDTLS_PK_NONE ); |
Christopher Haster |
1:24750b9ad5ef | 7306 | } |
Christopher Haster |
1:24750b9ad5ef | 7307 | } |
Christopher Haster |
1:24750b9ad5ef | 7308 | #endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */ |
Christopher Haster |
1:24750b9ad5ef | 7309 | |
Christopher Haster |
1:24750b9ad5ef | 7310 | /* |
Christopher Haster |
1:24750b9ad5ef | 7311 | * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX |
Christopher Haster |
1:24750b9ad5ef | 7312 | */ |
Christopher Haster |
1:24750b9ad5ef | 7313 | mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ) |
Christopher Haster |
1:24750b9ad5ef | 7314 | { |
Christopher Haster |
1:24750b9ad5ef | 7315 | switch( hash ) |
Christopher Haster |
1:24750b9ad5ef | 7316 | { |
Christopher Haster |
1:24750b9ad5ef | 7317 | #if defined(MBEDTLS_MD5_C) |
Christopher Haster |
1:24750b9ad5ef | 7318 | case MBEDTLS_SSL_HASH_MD5: |
Christopher Haster |
1:24750b9ad5ef | 7319 | return( MBEDTLS_MD_MD5 ); |
Christopher Haster |
1:24750b9ad5ef | 7320 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7321 | #if defined(MBEDTLS_SHA1_C) |
Christopher Haster |
1:24750b9ad5ef | 7322 | case MBEDTLS_SSL_HASH_SHA1: |
Christopher Haster |
1:24750b9ad5ef | 7323 | return( MBEDTLS_MD_SHA1 ); |
Christopher Haster |
1:24750b9ad5ef | 7324 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7325 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 7326 | case MBEDTLS_SSL_HASH_SHA224: |
Christopher Haster |
1:24750b9ad5ef | 7327 | return( MBEDTLS_MD_SHA224 ); |
Christopher Haster |
1:24750b9ad5ef | 7328 | case MBEDTLS_SSL_HASH_SHA256: |
Christopher Haster |
1:24750b9ad5ef | 7329 | return( MBEDTLS_MD_SHA256 ); |
Christopher Haster |
1:24750b9ad5ef | 7330 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7331 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 7332 | case MBEDTLS_SSL_HASH_SHA384: |
Christopher Haster |
1:24750b9ad5ef | 7333 | return( MBEDTLS_MD_SHA384 ); |
Christopher Haster |
1:24750b9ad5ef | 7334 | case MBEDTLS_SSL_HASH_SHA512: |
Christopher Haster |
1:24750b9ad5ef | 7335 | return( MBEDTLS_MD_SHA512 ); |
Christopher Haster |
1:24750b9ad5ef | 7336 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7337 | default: |
Christopher Haster |
1:24750b9ad5ef | 7338 | return( MBEDTLS_MD_NONE ); |
Christopher Haster |
1:24750b9ad5ef | 7339 | } |
Christopher Haster |
1:24750b9ad5ef | 7340 | } |
Christopher Haster |
1:24750b9ad5ef | 7341 | |
Christopher Haster |
1:24750b9ad5ef | 7342 | /* |
Christopher Haster |
1:24750b9ad5ef | 7343 | * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX |
Christopher Haster |
1:24750b9ad5ef | 7344 | */ |
Christopher Haster |
1:24750b9ad5ef | 7345 | unsigned char mbedtls_ssl_hash_from_md_alg( int md ) |
Christopher Haster |
1:24750b9ad5ef | 7346 | { |
Christopher Haster |
1:24750b9ad5ef | 7347 | switch( md ) |
Christopher Haster |
1:24750b9ad5ef | 7348 | { |
Christopher Haster |
1:24750b9ad5ef | 7349 | #if defined(MBEDTLS_MD5_C) |
Christopher Haster |
1:24750b9ad5ef | 7350 | case MBEDTLS_MD_MD5: |
Christopher Haster |
1:24750b9ad5ef | 7351 | return( MBEDTLS_SSL_HASH_MD5 ); |
Christopher Haster |
1:24750b9ad5ef | 7352 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7353 | #if defined(MBEDTLS_SHA1_C) |
Christopher Haster |
1:24750b9ad5ef | 7354 | case MBEDTLS_MD_SHA1: |
Christopher Haster |
1:24750b9ad5ef | 7355 | return( MBEDTLS_SSL_HASH_SHA1 ); |
Christopher Haster |
1:24750b9ad5ef | 7356 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7357 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 7358 | case MBEDTLS_MD_SHA224: |
Christopher Haster |
1:24750b9ad5ef | 7359 | return( MBEDTLS_SSL_HASH_SHA224 ); |
Christopher Haster |
1:24750b9ad5ef | 7360 | case MBEDTLS_MD_SHA256: |
Christopher Haster |
1:24750b9ad5ef | 7361 | return( MBEDTLS_SSL_HASH_SHA256 ); |
Christopher Haster |
1:24750b9ad5ef | 7362 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7363 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 7364 | case MBEDTLS_MD_SHA384: |
Christopher Haster |
1:24750b9ad5ef | 7365 | return( MBEDTLS_SSL_HASH_SHA384 ); |
Christopher Haster |
1:24750b9ad5ef | 7366 | case MBEDTLS_MD_SHA512: |
Christopher Haster |
1:24750b9ad5ef | 7367 | return( MBEDTLS_SSL_HASH_SHA512 ); |
Christopher Haster |
1:24750b9ad5ef | 7368 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7369 | default: |
Christopher Haster |
1:24750b9ad5ef | 7370 | return( MBEDTLS_SSL_HASH_NONE ); |
Christopher Haster |
1:24750b9ad5ef | 7371 | } |
Christopher Haster |
1:24750b9ad5ef | 7372 | } |
Christopher Haster |
1:24750b9ad5ef | 7373 | |
Christopher Haster |
1:24750b9ad5ef | 7374 | #if defined(MBEDTLS_ECP_C) |
Christopher Haster |
1:24750b9ad5ef | 7375 | /* |
Christopher Haster |
1:24750b9ad5ef | 7376 | * Check if a curve proposed by the peer is in our list. |
Christopher Haster |
1:24750b9ad5ef | 7377 | * Return 0 if we're willing to use it, -1 otherwise. |
Christopher Haster |
1:24750b9ad5ef | 7378 | */ |
Christopher Haster |
1:24750b9ad5ef | 7379 | int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ) |
Christopher Haster |
1:24750b9ad5ef | 7380 | { |
Christopher Haster |
1:24750b9ad5ef | 7381 | const mbedtls_ecp_group_id *gid; |
Christopher Haster |
1:24750b9ad5ef | 7382 | |
Christopher Haster |
1:24750b9ad5ef | 7383 | if( ssl->conf->curve_list == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 7384 | return( -1 ); |
Christopher Haster |
1:24750b9ad5ef | 7385 | |
Christopher Haster |
1:24750b9ad5ef | 7386 | for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) |
Christopher Haster |
1:24750b9ad5ef | 7387 | if( *gid == grp_id ) |
Christopher Haster |
1:24750b9ad5ef | 7388 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 7389 | |
Christopher Haster |
1:24750b9ad5ef | 7390 | return( -1 ); |
Christopher Haster |
1:24750b9ad5ef | 7391 | } |
Christopher Haster |
1:24750b9ad5ef | 7392 | #endif /* MBEDTLS_ECP_C */ |
Christopher Haster |
1:24750b9ad5ef | 7393 | |
Christopher Haster |
1:24750b9ad5ef | 7394 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 7395 | /* |
Christopher Haster |
1:24750b9ad5ef | 7396 | * Check if a hash proposed by the peer is in our list. |
Christopher Haster |
1:24750b9ad5ef | 7397 | * Return 0 if we're willing to use it, -1 otherwise. |
Christopher Haster |
1:24750b9ad5ef | 7398 | */ |
Christopher Haster |
1:24750b9ad5ef | 7399 | int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 7400 | mbedtls_md_type_t md ) |
Christopher Haster |
1:24750b9ad5ef | 7401 | { |
Christopher Haster |
1:24750b9ad5ef | 7402 | const int *cur; |
Christopher Haster |
1:24750b9ad5ef | 7403 | |
Christopher Haster |
1:24750b9ad5ef | 7404 | if( ssl->conf->sig_hashes == NULL ) |
Christopher Haster |
1:24750b9ad5ef | 7405 | return( -1 ); |
Christopher Haster |
1:24750b9ad5ef | 7406 | |
Christopher Haster |
1:24750b9ad5ef | 7407 | for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) |
Christopher Haster |
1:24750b9ad5ef | 7408 | if( *cur == (int) md ) |
Christopher Haster |
1:24750b9ad5ef | 7409 | return( 0 ); |
Christopher Haster |
1:24750b9ad5ef | 7410 | |
Christopher Haster |
1:24750b9ad5ef | 7411 | return( -1 ); |
Christopher Haster |
1:24750b9ad5ef | 7412 | } |
Christopher Haster |
1:24750b9ad5ef | 7413 | #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ |
Christopher Haster |
1:24750b9ad5ef | 7414 | |
Christopher Haster |
1:24750b9ad5ef | 7415 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 7416 | int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, |
Christopher Haster |
1:24750b9ad5ef | 7417 | const mbedtls_ssl_ciphersuite_t *ciphersuite, |
Christopher Haster |
1:24750b9ad5ef | 7418 | int cert_endpoint, |
Christopher Haster |
1:24750b9ad5ef | 7419 | uint32_t *flags ) |
Christopher Haster |
1:24750b9ad5ef | 7420 | { |
Christopher Haster |
1:24750b9ad5ef | 7421 | int ret = 0; |
Christopher Haster |
1:24750b9ad5ef | 7422 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) |
Christopher Haster |
1:24750b9ad5ef | 7423 | int usage = 0; |
Christopher Haster |
1:24750b9ad5ef | 7424 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7425 | #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
Christopher Haster |
1:24750b9ad5ef | 7426 | const char *ext_oid; |
Christopher Haster |
1:24750b9ad5ef | 7427 | size_t ext_len; |
Christopher Haster |
1:24750b9ad5ef | 7428 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7429 | |
Christopher Haster |
1:24750b9ad5ef | 7430 | #if !defined(MBEDTLS_X509_CHECK_KEY_USAGE) && \ |
Christopher Haster |
1:24750b9ad5ef | 7431 | !defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
Christopher Haster |
1:24750b9ad5ef | 7432 | ((void) cert); |
Christopher Haster |
1:24750b9ad5ef | 7433 | ((void) cert_endpoint); |
Christopher Haster |
1:24750b9ad5ef | 7434 | ((void) flags); |
Christopher Haster |
1:24750b9ad5ef | 7435 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7436 | |
Christopher Haster |
1:24750b9ad5ef | 7437 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) |
Christopher Haster |
1:24750b9ad5ef | 7438 | if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) |
Christopher Haster |
1:24750b9ad5ef | 7439 | { |
Christopher Haster |
1:24750b9ad5ef | 7440 | /* Server part of the key exchange */ |
Christopher Haster |
1:24750b9ad5ef | 7441 | switch( ciphersuite->key_exchange ) |
Christopher Haster |
1:24750b9ad5ef | 7442 | { |
Christopher Haster |
1:24750b9ad5ef | 7443 | case MBEDTLS_KEY_EXCHANGE_RSA: |
Christopher Haster |
1:24750b9ad5ef | 7444 | case MBEDTLS_KEY_EXCHANGE_RSA_PSK: |
Christopher Haster |
1:24750b9ad5ef | 7445 | usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; |
Christopher Haster |
1:24750b9ad5ef | 7446 | break; |
Christopher Haster |
1:24750b9ad5ef | 7447 | |
Christopher Haster |
1:24750b9ad5ef | 7448 | case MBEDTLS_KEY_EXCHANGE_DHE_RSA: |
Christopher Haster |
1:24750b9ad5ef | 7449 | case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: |
Christopher Haster |
1:24750b9ad5ef | 7450 | case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: |
Christopher Haster |
1:24750b9ad5ef | 7451 | usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; |
Christopher Haster |
1:24750b9ad5ef | 7452 | break; |
Christopher Haster |
1:24750b9ad5ef | 7453 | |
Christopher Haster |
1:24750b9ad5ef | 7454 | case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: |
Christopher Haster |
1:24750b9ad5ef | 7455 | case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: |
Christopher Haster |
1:24750b9ad5ef | 7456 | usage = MBEDTLS_X509_KU_KEY_AGREEMENT; |
Christopher Haster |
1:24750b9ad5ef | 7457 | break; |
Christopher Haster |
1:24750b9ad5ef | 7458 | |
Christopher Haster |
1:24750b9ad5ef | 7459 | /* Don't use default: we want warnings when adding new values */ |
Christopher Haster |
1:24750b9ad5ef | 7460 | case MBEDTLS_KEY_EXCHANGE_NONE: |
Christopher Haster |
1:24750b9ad5ef | 7461 | case MBEDTLS_KEY_EXCHANGE_PSK: |
Christopher Haster |
1:24750b9ad5ef | 7462 | case MBEDTLS_KEY_EXCHANGE_DHE_PSK: |
Christopher Haster |
1:24750b9ad5ef | 7463 | case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: |
Christopher Haster |
1:24750b9ad5ef | 7464 | case MBEDTLS_KEY_EXCHANGE_ECJPAKE: |
Christopher Haster |
1:24750b9ad5ef | 7465 | usage = 0; |
Christopher Haster |
1:24750b9ad5ef | 7466 | } |
Christopher Haster |
1:24750b9ad5ef | 7467 | } |
Christopher Haster |
1:24750b9ad5ef | 7468 | else |
Christopher Haster |
1:24750b9ad5ef | 7469 | { |
Christopher Haster |
1:24750b9ad5ef | 7470 | /* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */ |
Christopher Haster |
1:24750b9ad5ef | 7471 | usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; |
Christopher Haster |
1:24750b9ad5ef | 7472 | } |
Christopher Haster |
1:24750b9ad5ef | 7473 | |
Christopher Haster |
1:24750b9ad5ef | 7474 | if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 7475 | { |
Christopher Haster |
1:24750b9ad5ef | 7476 | *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE; |
Christopher Haster |
1:24750b9ad5ef | 7477 | ret = -1; |
Christopher Haster |
1:24750b9ad5ef | 7478 | } |
Christopher Haster |
1:24750b9ad5ef | 7479 | #else |
Christopher Haster |
1:24750b9ad5ef | 7480 | ((void) ciphersuite); |
Christopher Haster |
1:24750b9ad5ef | 7481 | #endif /* MBEDTLS_X509_CHECK_KEY_USAGE */ |
Christopher Haster |
1:24750b9ad5ef | 7482 | |
Christopher Haster |
1:24750b9ad5ef | 7483 | #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
Christopher Haster |
1:24750b9ad5ef | 7484 | if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) |
Christopher Haster |
1:24750b9ad5ef | 7485 | { |
Christopher Haster |
1:24750b9ad5ef | 7486 | ext_oid = MBEDTLS_OID_SERVER_AUTH; |
Christopher Haster |
1:24750b9ad5ef | 7487 | ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH ); |
Christopher Haster |
1:24750b9ad5ef | 7488 | } |
Christopher Haster |
1:24750b9ad5ef | 7489 | else |
Christopher Haster |
1:24750b9ad5ef | 7490 | { |
Christopher Haster |
1:24750b9ad5ef | 7491 | ext_oid = MBEDTLS_OID_CLIENT_AUTH; |
Christopher Haster |
1:24750b9ad5ef | 7492 | ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH ); |
Christopher Haster |
1:24750b9ad5ef | 7493 | } |
Christopher Haster |
1:24750b9ad5ef | 7494 | |
Christopher Haster |
1:24750b9ad5ef | 7495 | if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 ) |
Christopher Haster |
1:24750b9ad5ef | 7496 | { |
Christopher Haster |
1:24750b9ad5ef | 7497 | *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE; |
Christopher Haster |
1:24750b9ad5ef | 7498 | ret = -1; |
Christopher Haster |
1:24750b9ad5ef | 7499 | } |
Christopher Haster |
1:24750b9ad5ef | 7500 | #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ |
Christopher Haster |
1:24750b9ad5ef | 7501 | |
Christopher Haster |
1:24750b9ad5ef | 7502 | return( ret ); |
Christopher Haster |
1:24750b9ad5ef | 7503 | } |
Christopher Haster |
1:24750b9ad5ef | 7504 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Christopher Haster |
1:24750b9ad5ef | 7505 | |
Christopher Haster |
1:24750b9ad5ef | 7506 | /* |
Christopher Haster |
1:24750b9ad5ef | 7507 | * Convert version numbers to/from wire format |
Christopher Haster |
1:24750b9ad5ef | 7508 | * and, for DTLS, to/from TLS equivalent. |
Christopher Haster |
1:24750b9ad5ef | 7509 | * |
Christopher Haster |
1:24750b9ad5ef | 7510 | * For TLS this is the identity. |
Christopher Haster |
1:24750b9ad5ef | 7511 | * For DTLS, use one complement (v -> 255 - v, and then map as follows: |
Christopher Haster |
1:24750b9ad5ef | 7512 | * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) |
Christopher Haster |
1:24750b9ad5ef | 7513 | * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) |
Christopher Haster |
1:24750b9ad5ef | 7514 | */ |
Christopher Haster |
1:24750b9ad5ef | 7515 | void mbedtls_ssl_write_version( int major, int minor, int transport, |
Christopher Haster |
1:24750b9ad5ef | 7516 | unsigned char ver[2] ) |
Christopher Haster |
1:24750b9ad5ef | 7517 | { |
Christopher Haster |
1:24750b9ad5ef | 7518 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 7519 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 7520 | { |
Christopher Haster |
1:24750b9ad5ef | 7521 | if( minor == MBEDTLS_SSL_MINOR_VERSION_2 ) |
Christopher Haster |
1:24750b9ad5ef | 7522 | --minor; /* DTLS 1.0 stored as TLS 1.1 internally */ |
Christopher Haster |
1:24750b9ad5ef | 7523 | |
Christopher Haster |
1:24750b9ad5ef | 7524 | ver[0] = (unsigned char)( 255 - ( major - 2 ) ); |
Christopher Haster |
1:24750b9ad5ef | 7525 | ver[1] = (unsigned char)( 255 - ( minor - 1 ) ); |
Christopher Haster |
1:24750b9ad5ef | 7526 | } |
Christopher Haster |
1:24750b9ad5ef | 7527 | else |
Christopher Haster |
1:24750b9ad5ef | 7528 | #else |
Christopher Haster |
1:24750b9ad5ef | 7529 | ((void) transport); |
Christopher Haster |
1:24750b9ad5ef | 7530 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7531 | { |
Christopher Haster |
1:24750b9ad5ef | 7532 | ver[0] = (unsigned char) major; |
Christopher Haster |
1:24750b9ad5ef | 7533 | ver[1] = (unsigned char) minor; |
Christopher Haster |
1:24750b9ad5ef | 7534 | } |
Christopher Haster |
1:24750b9ad5ef | 7535 | } |
Christopher Haster |
1:24750b9ad5ef | 7536 | |
Christopher Haster |
1:24750b9ad5ef | 7537 | void mbedtls_ssl_read_version( int *major, int *minor, int transport, |
Christopher Haster |
1:24750b9ad5ef | 7538 | const unsigned char ver[2] ) |
Christopher Haster |
1:24750b9ad5ef | 7539 | { |
Christopher Haster |
1:24750b9ad5ef | 7540 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 7541 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 7542 | { |
Christopher Haster |
1:24750b9ad5ef | 7543 | *major = 255 - ver[0] + 2; |
Christopher Haster |
1:24750b9ad5ef | 7544 | *minor = 255 - ver[1] + 1; |
Christopher Haster |
1:24750b9ad5ef | 7545 | |
Christopher Haster |
1:24750b9ad5ef | 7546 | if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 ) |
Christopher Haster |
1:24750b9ad5ef | 7547 | ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */ |
Christopher Haster |
1:24750b9ad5ef | 7548 | } |
Christopher Haster |
1:24750b9ad5ef | 7549 | else |
Christopher Haster |
1:24750b9ad5ef | 7550 | #else |
Christopher Haster |
1:24750b9ad5ef | 7551 | ((void) transport); |
Christopher Haster |
1:24750b9ad5ef | 7552 | #endif |
Christopher Haster |
1:24750b9ad5ef | 7553 | { |
Christopher Haster |
1:24750b9ad5ef | 7554 | *major = ver[0]; |
Christopher Haster |
1:24750b9ad5ef | 7555 | *minor = ver[1]; |
Christopher Haster |
1:24750b9ad5ef | 7556 | } |
Christopher Haster |
1:24750b9ad5ef | 7557 | } |
Christopher Haster |
1:24750b9ad5ef | 7558 | |
Christopher Haster |
1:24750b9ad5ef | 7559 | #endif /* MBEDTLS_SSL_TLS_C */ |