mbed-os - mbed os with nrf51 internal bandgap enabled to re…

Users » elessair » Code » mbed-os

mbed os with nrf51 internal bandgap enabled to read battery level

Dependents: BLE_file_test BLE_Blink ExternalEncoder

features/mbedtls/src/ssl_tls.c@0:f269e3021894, 2016-10-23 (annotated)

Committer:: elessair
Date:: Sun Oct 23 15:10:02 2016 +0000
Revision:: 0:f269e3021894

Initial commit

Who changed what in which revision?

User	Revision	Line number	New contents of line
elessair	0:f269e3021894	1	/*
elessair	0:f269e3021894	2	* SSLv3/TLSv1 shared functions
elessair	0:f269e3021894	3	*
elessair	0:f269e3021894	4	* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
elessair	0:f269e3021894	5	* SPDX-License-Identifier: Apache-2.0
elessair	0:f269e3021894	6	*
elessair	0:f269e3021894	7	* Licensed under the Apache License, Version 2.0 (the "License"); you may
elessair	0:f269e3021894	8	* not use this file except in compliance with the License.
elessair	0:f269e3021894	9	* You may obtain a copy of the License at
elessair	0:f269e3021894	10	*
elessair	0:f269e3021894	11	* http://www.apache.org/licenses/LICENSE-2.0
elessair	0:f269e3021894	12	*
elessair	0:f269e3021894	13	* Unless required by applicable law or agreed to in writing, software
elessair	0:f269e3021894	14	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
elessair	0:f269e3021894	15	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
elessair	0:f269e3021894	16	* See the License for the specific language governing permissions and
elessair	0:f269e3021894	17	* limitations under the License.
elessair	0:f269e3021894	18	*
elessair	0:f269e3021894	19	* This file is part of mbed TLS (https://tls.mbed.org)
elessair	0:f269e3021894	20	*/
elessair	0:f269e3021894	21	/*
elessair	0:f269e3021894	22	* The SSL 3.0 specification was drafted by Netscape in 1996,
elessair	0:f269e3021894	23	* and became an IETF standard in 1999.
elessair	0:f269e3021894	24	*
elessair	0:f269e3021894	25	* http://wp.netscape.com/eng/ssl3/
elessair	0:f269e3021894	26	* http://www.ietf.org/rfc/rfc2246.txt
elessair	0:f269e3021894	27	* http://www.ietf.org/rfc/rfc4346.txt
elessair	0:f269e3021894	28	*/
elessair	0:f269e3021894	29
elessair	0:f269e3021894	30	#if !defined(MBEDTLS_CONFIG_FILE)
elessair	0:f269e3021894	31	#include "mbedtls/config.h"
elessair	0:f269e3021894	32	#else
elessair	0:f269e3021894	33	#include MBEDTLS_CONFIG_FILE
elessair	0:f269e3021894	34	#endif
elessair	0:f269e3021894	35
elessair	0:f269e3021894	36	#if defined(MBEDTLS_SSL_TLS_C)
elessair	0:f269e3021894	37
elessair	0:f269e3021894	38	#if defined(MBEDTLS_PLATFORM_C)
elessair	0:f269e3021894	39	#include "mbedtls/platform.h"
elessair	0:f269e3021894	40	#else
elessair	0:f269e3021894	41	#include <stdlib.h>
elessair	0:f269e3021894	42	#define mbedtls_calloc calloc
elessair	0:f269e3021894	43	#define mbedtls_free free
elessair	0:f269e3021894	44	#endif
elessair	0:f269e3021894	45
elessair	0:f269e3021894	46	#include "mbedtls/debug.h"
elessair	0:f269e3021894	47	#include "mbedtls/ssl.h"
elessair	0:f269e3021894	48	#include "mbedtls/ssl_internal.h"
elessair	0:f269e3021894	49
elessair	0:f269e3021894	50	#include <string.h>
elessair	0:f269e3021894	51
elessair	0:f269e3021894	52	#if defined(MBEDTLS_X509_CRT_PARSE_C)
elessair	0:f269e3021894	53	#include "mbedtls/oid.h"
elessair	0:f269e3021894	54	#endif
elessair	0:f269e3021894	55
elessair	0:f269e3021894	56	/* Implementation that should never be optimized out by the compiler */
elessair	0:f269e3021894	57	static void mbedtls_zeroize( void *v, size_t n ) {
elessair	0:f269e3021894	58	volatile unsigned char p = v; while( n-- ) p++ = 0;
elessair	0:f269e3021894	59	}
elessair	0:f269e3021894	60
elessair	0:f269e3021894	61	/* Length of the "epoch" field in the record header */
elessair	0:f269e3021894	62	static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	63	{
elessair	0:f269e3021894	64	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	65	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	66	return( 2 );
elessair	0:f269e3021894	67	#else
elessair	0:f269e3021894	68	((void) ssl);
elessair	0:f269e3021894	69	#endif
elessair	0:f269e3021894	70	return( 0 );
elessair	0:f269e3021894	71	}
elessair	0:f269e3021894	72
elessair	0:f269e3021894	73	/*
elessair	0:f269e3021894	74	* Start a timer.
elessair	0:f269e3021894	75	* Passing millisecs = 0 cancels a running timer.
elessair	0:f269e3021894	76	*/
elessair	0:f269e3021894	77	static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs )
elessair	0:f269e3021894	78	{
elessair	0:f269e3021894	79	if( ssl->f_set_timer == NULL )
elessair	0:f269e3021894	80	return;
elessair	0:f269e3021894	81
elessair	0:f269e3021894	82	MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) );
elessair	0:f269e3021894	83	ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs );
elessair	0:f269e3021894	84	}
elessair	0:f269e3021894	85
elessair	0:f269e3021894	86	/*
elessair	0:f269e3021894	87	* Return -1 is timer is expired, 0 if it isn't.
elessair	0:f269e3021894	88	*/
elessair	0:f269e3021894	89	static int ssl_check_timer( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	90	{
elessair	0:f269e3021894	91	if( ssl->f_get_timer == NULL )
elessair	0:f269e3021894	92	return( 0 );
elessair	0:f269e3021894	93
elessair	0:f269e3021894	94	if( ssl->f_get_timer( ssl->p_timer ) == 2 )
elessair	0:f269e3021894	95	{
elessair	0:f269e3021894	96	MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) );
elessair	0:f269e3021894	97	return( -1 );
elessair	0:f269e3021894	98	}
elessair	0:f269e3021894	99
elessair	0:f269e3021894	100	return( 0 );
elessair	0:f269e3021894	101	}
elessair	0:f269e3021894	102
elessair	0:f269e3021894	103	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	104	/*
elessair	0:f269e3021894	105	* Double the retransmit timeout value, within the allowed range,
elessair	0:f269e3021894	106	* returning -1 if the maximum value has already been reached.
elessair	0:f269e3021894	107	*/
elessair	0:f269e3021894	108	static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	109	{
elessair	0:f269e3021894	110	uint32_t new_timeout;
elessair	0:f269e3021894	111
elessair	0:f269e3021894	112	if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max )
elessair	0:f269e3021894	113	return( -1 );
elessair	0:f269e3021894	114
elessair	0:f269e3021894	115	new_timeout = 2 * ssl->handshake->retransmit_timeout;
elessair	0:f269e3021894	116
elessair	0:f269e3021894	117	/* Avoid arithmetic overflow and range overflow */
elessair	0:f269e3021894	118	if( new_timeout < ssl->handshake->retransmit_timeout \|\|
elessair	0:f269e3021894	119	new_timeout > ssl->conf->hs_timeout_max )
elessair	0:f269e3021894	120	{
elessair	0:f269e3021894	121	new_timeout = ssl->conf->hs_timeout_max;
elessair	0:f269e3021894	122	}
elessair	0:f269e3021894	123
elessair	0:f269e3021894	124	ssl->handshake->retransmit_timeout = new_timeout;
elessair	0:f269e3021894	125	MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
elessair	0:f269e3021894	126	ssl->handshake->retransmit_timeout ) );
elessair	0:f269e3021894	127
elessair	0:f269e3021894	128	return( 0 );
elessair	0:f269e3021894	129	}
elessair	0:f269e3021894	130
elessair	0:f269e3021894	131	static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	132	{
elessair	0:f269e3021894	133	ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
elessair	0:f269e3021894	134	MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
elessair	0:f269e3021894	135	ssl->handshake->retransmit_timeout ) );
elessair	0:f269e3021894	136	}
elessair	0:f269e3021894	137	#endif /* MBEDTLS_SSL_PROTO_DTLS */
elessair	0:f269e3021894	138
elessair	0:f269e3021894	139	#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
elessair	0:f269e3021894	140	/*
elessair	0:f269e3021894	141	* Convert max_fragment_length codes to length.
elessair	0:f269e3021894	142	* RFC 6066 says:
elessair	0:f269e3021894	143	* enum{
elessair	0:f269e3021894	144	* 2^9(1), 2^10(2), 2^11(3), 2^12(4), (255)
elessair	0:f269e3021894	145	* } MaxFragmentLength;
elessair	0:f269e3021894	146	* and we add 0 -> extension unused
elessair	0:f269e3021894	147	*/
elessair	0:f269e3021894	148	static unsigned int mfl_code_to_length[MBEDTLS_SSL_MAX_FRAG_LEN_INVALID] =
elessair	0:f269e3021894	149	{
elessair	0:f269e3021894	150	MBEDTLS_SSL_MAX_CONTENT_LEN, /* MBEDTLS_SSL_MAX_FRAG_LEN_NONE */
elessair	0:f269e3021894	151	512, /* MBEDTLS_SSL_MAX_FRAG_LEN_512 */
elessair	0:f269e3021894	152	1024, /* MBEDTLS_SSL_MAX_FRAG_LEN_1024 */
elessair	0:f269e3021894	153	2048, /* MBEDTLS_SSL_MAX_FRAG_LEN_2048 */
elessair	0:f269e3021894	154	4096, /* MBEDTLS_SSL_MAX_FRAG_LEN_4096 */
elessair	0:f269e3021894	155	};
elessair	0:f269e3021894	156	#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
elessair	0:f269e3021894	157
elessair	0:f269e3021894	158	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	159	static int ssl_session_copy( mbedtls_ssl_session dst, const mbedtls_ssl_session src )
elessair	0:f269e3021894	160	{
elessair	0:f269e3021894	161	mbedtls_ssl_session_free( dst );
elessair	0:f269e3021894	162	memcpy( dst, src, sizeof( mbedtls_ssl_session ) );
elessair	0:f269e3021894	163
elessair	0:f269e3021894	164	#if defined(MBEDTLS_X509_CRT_PARSE_C)
elessair	0:f269e3021894	165	if( src->peer_cert != NULL )
elessair	0:f269e3021894	166	{
elessair	0:f269e3021894	167	int ret;
elessair	0:f269e3021894	168
elessair	0:f269e3021894	169	dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
elessair	0:f269e3021894	170	if( dst->peer_cert == NULL )
elessair	0:f269e3021894	171	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
elessair	0:f269e3021894	172
elessair	0:f269e3021894	173	mbedtls_x509_crt_init( dst->peer_cert );
elessair	0:f269e3021894	174
elessair	0:f269e3021894	175	if( ( ret = mbedtls_x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p,
elessair	0:f269e3021894	176	src->peer_cert->raw.len ) ) != 0 )
elessair	0:f269e3021894	177	{
elessair	0:f269e3021894	178	mbedtls_free( dst->peer_cert );
elessair	0:f269e3021894	179	dst->peer_cert = NULL;
elessair	0:f269e3021894	180	return( ret );
elessair	0:f269e3021894	181	}
elessair	0:f269e3021894	182	}
elessair	0:f269e3021894	183	#endif /* MBEDTLS_X509_CRT_PARSE_C */
elessair	0:f269e3021894	184
elessair	0:f269e3021894	185	#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	186	if( src->ticket != NULL )
elessair	0:f269e3021894	187	{
elessair	0:f269e3021894	188	dst->ticket = mbedtls_calloc( 1, src->ticket_len );
elessair	0:f269e3021894	189	if( dst->ticket == NULL )
elessair	0:f269e3021894	190	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
elessair	0:f269e3021894	191
elessair	0:f269e3021894	192	memcpy( dst->ticket, src->ticket, src->ticket_len );
elessair	0:f269e3021894	193	}
elessair	0:f269e3021894	194	#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
elessair	0:f269e3021894	195
elessair	0:f269e3021894	196	return( 0 );
elessair	0:f269e3021894	197	}
elessair	0:f269e3021894	198	#endif /* MBEDTLS_SSL_CLI_C */
elessair	0:f269e3021894	199
elessair	0:f269e3021894	200	#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
elessair	0:f269e3021894	201	int (mbedtls_ssl_hw_record_init)( mbedtls_ssl_context ssl,
elessair	0:f269e3021894	202	const unsigned char key_enc, const unsigned char key_dec,
elessair	0:f269e3021894	203	size_t keylen,
elessair	0:f269e3021894	204	const unsigned char iv_enc, const unsigned char iv_dec,
elessair	0:f269e3021894	205	size_t ivlen,
elessair	0:f269e3021894	206	const unsigned char mac_enc, const unsigned char mac_dec,
elessair	0:f269e3021894	207	size_t maclen ) = NULL;
elessair	0:f269e3021894	208	int (mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context ssl, int direction) = NULL;
elessair	0:f269e3021894	209	int (mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context ssl ) = NULL;
elessair	0:f269e3021894	210	int (mbedtls_ssl_hw_record_write)( mbedtls_ssl_context ssl ) = NULL;
elessair	0:f269e3021894	211	int (mbedtls_ssl_hw_record_read)( mbedtls_ssl_context ssl ) = NULL;
elessair	0:f269e3021894	212	int (mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context ssl ) = NULL;
elessair	0:f269e3021894	213	#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
elessair	0:f269e3021894	214
elessair	0:f269e3021894	215	/*
elessair	0:f269e3021894	216	* Key material generation
elessair	0:f269e3021894	217	*/
elessair	0:f269e3021894	218	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	219	static int ssl3_prf( const unsigned char *secret, size_t slen,
elessair	0:f269e3021894	220	const char *label,
elessair	0:f269e3021894	221	const unsigned char *random, size_t rlen,
elessair	0:f269e3021894	222	unsigned char *dstbuf, size_t dlen )
elessair	0:f269e3021894	223	{
elessair	0:f269e3021894	224	size_t i;
elessair	0:f269e3021894	225	mbedtls_md5_context md5;
elessair	0:f269e3021894	226	mbedtls_sha1_context sha1;
elessair	0:f269e3021894	227	unsigned char padding[16];
elessair	0:f269e3021894	228	unsigned char sha1sum[20];
elessair	0:f269e3021894	229	((void)label);
elessair	0:f269e3021894	230
elessair	0:f269e3021894	231	mbedtls_md5_init( &md5 );
elessair	0:f269e3021894	232	mbedtls_sha1_init( &sha1 );
elessair	0:f269e3021894	233
elessair	0:f269e3021894	234	/*
elessair	0:f269e3021894	235	* SSLv3:
elessair	0:f269e3021894	236	* block =
elessair	0:f269e3021894	237	* MD5( secret + SHA1( 'A' + secret + random ) ) +
elessair	0:f269e3021894	238	* MD5( secret + SHA1( 'BB' + secret + random ) ) +
elessair	0:f269e3021894	239	* MD5( secret + SHA1( 'CCC' + secret + random ) ) +
elessair	0:f269e3021894	240	* ...
elessair	0:f269e3021894	241	*/
elessair	0:f269e3021894	242	for( i = 0; i < dlen / 16; i++ )
elessair	0:f269e3021894	243	{
elessair	0:f269e3021894	244	memset( padding, (unsigned char) ('A' + i), 1 + i );
elessair	0:f269e3021894	245
elessair	0:f269e3021894	246	mbedtls_sha1_starts( &sha1 );
elessair	0:f269e3021894	247	mbedtls_sha1_update( &sha1, padding, 1 + i );
elessair	0:f269e3021894	248	mbedtls_sha1_update( &sha1, secret, slen );
elessair	0:f269e3021894	249	mbedtls_sha1_update( &sha1, random, rlen );
elessair	0:f269e3021894	250	mbedtls_sha1_finish( &sha1, sha1sum );
elessair	0:f269e3021894	251
elessair	0:f269e3021894	252	mbedtls_md5_starts( &md5 );
elessair	0:f269e3021894	253	mbedtls_md5_update( &md5, secret, slen );
elessair	0:f269e3021894	254	mbedtls_md5_update( &md5, sha1sum, 20 );
elessair	0:f269e3021894	255	mbedtls_md5_finish( &md5, dstbuf + i * 16 );
elessair	0:f269e3021894	256	}
elessair	0:f269e3021894	257
elessair	0:f269e3021894	258	mbedtls_md5_free( &md5 );
elessair	0:f269e3021894	259	mbedtls_sha1_free( &sha1 );
elessair	0:f269e3021894	260
elessair	0:f269e3021894	261	mbedtls_zeroize( padding, sizeof( padding ) );
elessair	0:f269e3021894	262	mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
elessair	0:f269e3021894	263
elessair	0:f269e3021894	264	return( 0 );
elessair	0:f269e3021894	265	}
elessair	0:f269e3021894	266	#endif /* MBEDTLS_SSL_PROTO_SSL3 */
elessair	0:f269e3021894	267
elessair	0:f269e3021894	268	#if defined(MBEDTLS_SSL_PROTO_TLS1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_1)
elessair	0:f269e3021894	269	static int tls1_prf( const unsigned char *secret, size_t slen,
elessair	0:f269e3021894	270	const char *label,
elessair	0:f269e3021894	271	const unsigned char *random, size_t rlen,
elessair	0:f269e3021894	272	unsigned char *dstbuf, size_t dlen )
elessair	0:f269e3021894	273	{
elessair	0:f269e3021894	274	size_t nb, hs;
elessair	0:f269e3021894	275	size_t i, j, k;
elessair	0:f269e3021894	276	const unsigned char S1, S2;
elessair	0:f269e3021894	277	unsigned char tmp[128];
elessair	0:f269e3021894	278	unsigned char h_i[20];
elessair	0:f269e3021894	279	const mbedtls_md_info_t *md_info;
elessair	0:f269e3021894	280	mbedtls_md_context_t md_ctx;
elessair	0:f269e3021894	281	int ret;
elessair	0:f269e3021894	282
elessair	0:f269e3021894	283	mbedtls_md_init( &md_ctx );
elessair	0:f269e3021894	284
elessair	0:f269e3021894	285	if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
elessair	0:f269e3021894	286	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	287
elessair	0:f269e3021894	288	hs = ( slen + 1 ) / 2;
elessair	0:f269e3021894	289	S1 = secret;
elessair	0:f269e3021894	290	S2 = secret + slen - hs;
elessair	0:f269e3021894	291
elessair	0:f269e3021894	292	nb = strlen( label );
elessair	0:f269e3021894	293	memcpy( tmp + 20, label, nb );
elessair	0:f269e3021894	294	memcpy( tmp + 20 + nb, random, rlen );
elessair	0:f269e3021894	295	nb += rlen;
elessair	0:f269e3021894	296
elessair	0:f269e3021894	297	/*
elessair	0:f269e3021894	298	* First compute P_md5(secret,label+random)[0..dlen]
elessair	0:f269e3021894	299	*/
elessair	0:f269e3021894	300	if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL )
elessair	0:f269e3021894	301	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	302
elessair	0:f269e3021894	303	if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
elessair	0:f269e3021894	304	return( ret );
elessair	0:f269e3021894	305
elessair	0:f269e3021894	306	mbedtls_md_hmac_starts( &md_ctx, S1, hs );
elessair	0:f269e3021894	307	mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
elessair	0:f269e3021894	308	mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
elessair	0:f269e3021894	309
elessair	0:f269e3021894	310	for( i = 0; i < dlen; i += 16 )
elessair	0:f269e3021894	311	{
elessair	0:f269e3021894	312	mbedtls_md_hmac_reset ( &md_ctx );
elessair	0:f269e3021894	313	mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb );
elessair	0:f269e3021894	314	mbedtls_md_hmac_finish( &md_ctx, h_i );
elessair	0:f269e3021894	315
elessair	0:f269e3021894	316	mbedtls_md_hmac_reset ( &md_ctx );
elessair	0:f269e3021894	317	mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 );
elessair	0:f269e3021894	318	mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
elessair	0:f269e3021894	319
elessair	0:f269e3021894	320	k = ( i + 16 > dlen ) ? dlen % 16 : 16;
elessair	0:f269e3021894	321
elessair	0:f269e3021894	322	for( j = 0; j < k; j++ )
elessair	0:f269e3021894	323	dstbuf[i + j] = h_i[j];
elessair	0:f269e3021894	324	}
elessair	0:f269e3021894	325
elessair	0:f269e3021894	326	mbedtls_md_free( &md_ctx );
elessair	0:f269e3021894	327
elessair	0:f269e3021894	328	/*
elessair	0:f269e3021894	329	* XOR out with P_sha1(secret,label+random)[0..dlen]
elessair	0:f269e3021894	330	*/
elessair	0:f269e3021894	331	if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
elessair	0:f269e3021894	332	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	333
elessair	0:f269e3021894	334	if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
elessair	0:f269e3021894	335	return( ret );
elessair	0:f269e3021894	336
elessair	0:f269e3021894	337	mbedtls_md_hmac_starts( &md_ctx, S2, hs );
elessair	0:f269e3021894	338	mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
elessair	0:f269e3021894	339	mbedtls_md_hmac_finish( &md_ctx, tmp );
elessair	0:f269e3021894	340
elessair	0:f269e3021894	341	for( i = 0; i < dlen; i += 20 )
elessair	0:f269e3021894	342	{
elessair	0:f269e3021894	343	mbedtls_md_hmac_reset ( &md_ctx );
elessair	0:f269e3021894	344	mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb );
elessair	0:f269e3021894	345	mbedtls_md_hmac_finish( &md_ctx, h_i );
elessair	0:f269e3021894	346
elessair	0:f269e3021894	347	mbedtls_md_hmac_reset ( &md_ctx );
elessair	0:f269e3021894	348	mbedtls_md_hmac_update( &md_ctx, tmp, 20 );
elessair	0:f269e3021894	349	mbedtls_md_hmac_finish( &md_ctx, tmp );
elessair	0:f269e3021894	350
elessair	0:f269e3021894	351	k = ( i + 20 > dlen ) ? dlen % 20 : 20;
elessair	0:f269e3021894	352
elessair	0:f269e3021894	353	for( j = 0; j < k; j++ )
elessair	0:f269e3021894	354	dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
elessair	0:f269e3021894	355	}
elessair	0:f269e3021894	356
elessair	0:f269e3021894	357	mbedtls_md_free( &md_ctx );
elessair	0:f269e3021894	358
elessair	0:f269e3021894	359	mbedtls_zeroize( tmp, sizeof( tmp ) );
elessair	0:f269e3021894	360	mbedtls_zeroize( h_i, sizeof( h_i ) );
elessair	0:f269e3021894	361
elessair	0:f269e3021894	362	return( 0 );
elessair	0:f269e3021894	363	}
elessair	0:f269e3021894	364	#endif /* MBEDTLS_SSL_PROTO_TLS1) \|\| MBEDTLS_SSL_PROTO_TLS1_1 */
elessair	0:f269e3021894	365
elessair	0:f269e3021894	366	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	367	static int tls_prf_generic( mbedtls_md_type_t md_type,
elessair	0:f269e3021894	368	const unsigned char *secret, size_t slen,
elessair	0:f269e3021894	369	const char *label,
elessair	0:f269e3021894	370	const unsigned char *random, size_t rlen,
elessair	0:f269e3021894	371	unsigned char *dstbuf, size_t dlen )
elessair	0:f269e3021894	372	{
elessair	0:f269e3021894	373	size_t nb;
elessair	0:f269e3021894	374	size_t i, j, k, md_len;
elessair	0:f269e3021894	375	unsigned char tmp[128];
elessair	0:f269e3021894	376	unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
elessair	0:f269e3021894	377	const mbedtls_md_info_t *md_info;
elessair	0:f269e3021894	378	mbedtls_md_context_t md_ctx;
elessair	0:f269e3021894	379	int ret;
elessair	0:f269e3021894	380
elessair	0:f269e3021894	381	mbedtls_md_init( &md_ctx );
elessair	0:f269e3021894	382
elessair	0:f269e3021894	383	if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL )
elessair	0:f269e3021894	384	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	385
elessair	0:f269e3021894	386	md_len = mbedtls_md_get_size( md_info );
elessair	0:f269e3021894	387
elessair	0:f269e3021894	388	if( sizeof( tmp ) < md_len + strlen( label ) + rlen )
elessair	0:f269e3021894	389	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	390
elessair	0:f269e3021894	391	nb = strlen( label );
elessair	0:f269e3021894	392	memcpy( tmp + md_len, label, nb );
elessair	0:f269e3021894	393	memcpy( tmp + md_len + nb, random, rlen );
elessair	0:f269e3021894	394	nb += rlen;
elessair	0:f269e3021894	395
elessair	0:f269e3021894	396	/*
elessair	0:f269e3021894	397	* Compute P_<hash>(secret, label + random)[0..dlen]
elessair	0:f269e3021894	398	*/
elessair	0:f269e3021894	399	if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
elessair	0:f269e3021894	400	return( ret );
elessair	0:f269e3021894	401
elessair	0:f269e3021894	402	mbedtls_md_hmac_starts( &md_ctx, secret, slen );
elessair	0:f269e3021894	403	mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb );
elessair	0:f269e3021894	404	mbedtls_md_hmac_finish( &md_ctx, tmp );
elessair	0:f269e3021894	405
elessair	0:f269e3021894	406	for( i = 0; i < dlen; i += md_len )
elessair	0:f269e3021894	407	{
elessair	0:f269e3021894	408	mbedtls_md_hmac_reset ( &md_ctx );
elessair	0:f269e3021894	409	mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb );
elessair	0:f269e3021894	410	mbedtls_md_hmac_finish( &md_ctx, h_i );
elessair	0:f269e3021894	411
elessair	0:f269e3021894	412	mbedtls_md_hmac_reset ( &md_ctx );
elessair	0:f269e3021894	413	mbedtls_md_hmac_update( &md_ctx, tmp, md_len );
elessair	0:f269e3021894	414	mbedtls_md_hmac_finish( &md_ctx, tmp );
elessair	0:f269e3021894	415
elessair	0:f269e3021894	416	k = ( i + md_len > dlen ) ? dlen % md_len : md_len;
elessair	0:f269e3021894	417
elessair	0:f269e3021894	418	for( j = 0; j < k; j++ )
elessair	0:f269e3021894	419	dstbuf[i + j] = h_i[j];
elessair	0:f269e3021894	420	}
elessair	0:f269e3021894	421
elessair	0:f269e3021894	422	mbedtls_md_free( &md_ctx );
elessair	0:f269e3021894	423
elessair	0:f269e3021894	424	mbedtls_zeroize( tmp, sizeof( tmp ) );
elessair	0:f269e3021894	425	mbedtls_zeroize( h_i, sizeof( h_i ) );
elessair	0:f269e3021894	426
elessair	0:f269e3021894	427	return( 0 );
elessair	0:f269e3021894	428	}
elessair	0:f269e3021894	429
elessair	0:f269e3021894	430	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	431	static int tls_prf_sha256( const unsigned char *secret, size_t slen,
elessair	0:f269e3021894	432	const char *label,
elessair	0:f269e3021894	433	const unsigned char *random, size_t rlen,
elessair	0:f269e3021894	434	unsigned char *dstbuf, size_t dlen )
elessair	0:f269e3021894	435	{
elessair	0:f269e3021894	436	return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen,
elessair	0:f269e3021894	437	label, random, rlen, dstbuf, dlen ) );
elessair	0:f269e3021894	438	}
elessair	0:f269e3021894	439	#endif /* MBEDTLS_SHA256_C */
elessair	0:f269e3021894	440
elessair	0:f269e3021894	441	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	442	static int tls_prf_sha384( const unsigned char *secret, size_t slen,
elessair	0:f269e3021894	443	const char *label,
elessair	0:f269e3021894	444	const unsigned char *random, size_t rlen,
elessair	0:f269e3021894	445	unsigned char *dstbuf, size_t dlen )
elessair	0:f269e3021894	446	{
elessair	0:f269e3021894	447	return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen,
elessair	0:f269e3021894	448	label, random, rlen, dstbuf, dlen ) );
elessair	0:f269e3021894	449	}
elessair	0:f269e3021894	450	#endif /* MBEDTLS_SHA512_C */
elessair	0:f269e3021894	451	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	452
elessair	0:f269e3021894	453	static void ssl_update_checksum_start( mbedtls_ssl_context , const unsigned char , size_t );
elessair	0:f269e3021894	454
elessair	0:f269e3021894	455	#if defined(MBEDTLS_SSL_PROTO_SSL3) \|\| defined(MBEDTLS_SSL_PROTO_TLS1) \|\| \
elessair	0:f269e3021894	456	defined(MBEDTLS_SSL_PROTO_TLS1_1)
elessair	0:f269e3021894	457	static void ssl_update_checksum_md5sha1( mbedtls_ssl_context , const unsigned char , size_t );
elessair	0:f269e3021894	458	#endif
elessair	0:f269e3021894	459
elessair	0:f269e3021894	460	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	461	static void ssl_calc_verify_ssl( mbedtls_ssl_context , unsigned char );
elessair	0:f269e3021894	462	static void ssl_calc_finished_ssl( mbedtls_ssl_context , unsigned char , int );
elessair	0:f269e3021894	463	#endif
elessair	0:f269e3021894	464
elessair	0:f269e3021894	465	#if defined(MBEDTLS_SSL_PROTO_TLS1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_1)
elessair	0:f269e3021894	466	static void ssl_calc_verify_tls( mbedtls_ssl_context , unsigned char );
elessair	0:f269e3021894	467	static void ssl_calc_finished_tls( mbedtls_ssl_context , unsigned char , int );
elessair	0:f269e3021894	468	#endif
elessair	0:f269e3021894	469
elessair	0:f269e3021894	470	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	471	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	472	static void ssl_update_checksum_sha256( mbedtls_ssl_context , const unsigned char , size_t );
elessair	0:f269e3021894	473	static void ssl_calc_verify_tls_sha256( mbedtls_ssl_context ,unsigned char );
elessair	0:f269e3021894	474	static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context ,unsigned char , int );
elessair	0:f269e3021894	475	#endif
elessair	0:f269e3021894	476
elessair	0:f269e3021894	477	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	478	static void ssl_update_checksum_sha384( mbedtls_ssl_context , const unsigned char , size_t );
elessair	0:f269e3021894	479	static void ssl_calc_verify_tls_sha384( mbedtls_ssl_context , unsigned char );
elessair	0:f269e3021894	480	static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context , unsigned char , int );
elessair	0:f269e3021894	481	#endif
elessair	0:f269e3021894	482	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	483
elessair	0:f269e3021894	484	int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	485	{
elessair	0:f269e3021894	486	int ret = 0;
elessair	0:f269e3021894	487	unsigned char tmp[64];
elessair	0:f269e3021894	488	unsigned char keyblk[256];
elessair	0:f269e3021894	489	unsigned char *key1;
elessair	0:f269e3021894	490	unsigned char *key2;
elessair	0:f269e3021894	491	unsigned char *mac_enc;
elessair	0:f269e3021894	492	unsigned char *mac_dec;
elessair	0:f269e3021894	493	size_t iv_copy_len;
elessair	0:f269e3021894	494	const mbedtls_cipher_info_t *cipher_info;
elessair	0:f269e3021894	495	const mbedtls_md_info_t *md_info;
elessair	0:f269e3021894	496
elessair	0:f269e3021894	497	mbedtls_ssl_session *session = ssl->session_negotiate;
elessair	0:f269e3021894	498	mbedtls_ssl_transform *transform = ssl->transform_negotiate;
elessair	0:f269e3021894	499	mbedtls_ssl_handshake_params *handshake = ssl->handshake;
elessair	0:f269e3021894	500
elessair	0:f269e3021894	501	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
elessair	0:f269e3021894	502
elessair	0:f269e3021894	503	cipher_info = mbedtls_cipher_info_from_type( transform->ciphersuite_info->cipher );
elessair	0:f269e3021894	504	if( cipher_info == NULL )
elessair	0:f269e3021894	505	{
elessair	0:f269e3021894	506	MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
elessair	0:f269e3021894	507	transform->ciphersuite_info->cipher ) );
elessair	0:f269e3021894	508	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	509	}
elessair	0:f269e3021894	510
elessair	0:f269e3021894	511	md_info = mbedtls_md_info_from_type( transform->ciphersuite_info->mac );
elessair	0:f269e3021894	512	if( md_info == NULL )
elessair	0:f269e3021894	513	{
elessair	0:f269e3021894	514	MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
elessair	0:f269e3021894	515	transform->ciphersuite_info->mac ) );
elessair	0:f269e3021894	516	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	517	}
elessair	0:f269e3021894	518
elessair	0:f269e3021894	519	/*
elessair	0:f269e3021894	520	* Set appropriate PRF function and other SSL / TLS / TLS1.2 functions
elessair	0:f269e3021894	521	*/
elessair	0:f269e3021894	522	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	523	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
elessair	0:f269e3021894	524	{
elessair	0:f269e3021894	525	handshake->tls_prf = ssl3_prf;
elessair	0:f269e3021894	526	handshake->calc_verify = ssl_calc_verify_ssl;
elessair	0:f269e3021894	527	handshake->calc_finished = ssl_calc_finished_ssl;
elessair	0:f269e3021894	528	}
elessair	0:f269e3021894	529	else
elessair	0:f269e3021894	530	#endif
elessair	0:f269e3021894	531	#if defined(MBEDTLS_SSL_PROTO_TLS1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_1)
elessair	0:f269e3021894	532	if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
elessair	0:f269e3021894	533	{
elessair	0:f269e3021894	534	handshake->tls_prf = tls1_prf;
elessair	0:f269e3021894	535	handshake->calc_verify = ssl_calc_verify_tls;
elessair	0:f269e3021894	536	handshake->calc_finished = ssl_calc_finished_tls;
elessair	0:f269e3021894	537	}
elessair	0:f269e3021894	538	else
elessair	0:f269e3021894	539	#endif
elessair	0:f269e3021894	540	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	541	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	542	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
elessair	0:f269e3021894	543	transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
elessair	0:f269e3021894	544	{
elessair	0:f269e3021894	545	handshake->tls_prf = tls_prf_sha384;
elessair	0:f269e3021894	546	handshake->calc_verify = ssl_calc_verify_tls_sha384;
elessair	0:f269e3021894	547	handshake->calc_finished = ssl_calc_finished_tls_sha384;
elessair	0:f269e3021894	548	}
elessair	0:f269e3021894	549	else
elessair	0:f269e3021894	550	#endif
elessair	0:f269e3021894	551	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	552	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
elessair	0:f269e3021894	553	{
elessair	0:f269e3021894	554	handshake->tls_prf = tls_prf_sha256;
elessair	0:f269e3021894	555	handshake->calc_verify = ssl_calc_verify_tls_sha256;
elessair	0:f269e3021894	556	handshake->calc_finished = ssl_calc_finished_tls_sha256;
elessair	0:f269e3021894	557	}
elessair	0:f269e3021894	558	else
elessair	0:f269e3021894	559	#endif
elessair	0:f269e3021894	560	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	561	{
elessair	0:f269e3021894	562	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	563	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	564	}
elessair	0:f269e3021894	565
elessair	0:f269e3021894	566	/*
elessair	0:f269e3021894	567	* SSLv3:
elessair	0:f269e3021894	568	* master =
elessair	0:f269e3021894	569	* MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) +
elessair	0:f269e3021894	570	* MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) +
elessair	0:f269e3021894	571	* MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) )
elessair	0:f269e3021894	572	*
elessair	0:f269e3021894	573	* TLSv1+:
elessair	0:f269e3021894	574	* master = PRF( premaster, "master secret", randbytes )[0..47]
elessair	0:f269e3021894	575	*/
elessair	0:f269e3021894	576	if( handshake->resume == 0 )
elessair	0:f269e3021894	577	{
elessair	0:f269e3021894	578	MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
elessair	0:f269e3021894	579	handshake->pmslen );
elessair	0:f269e3021894	580
elessair	0:f269e3021894	581	#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
elessair	0:f269e3021894	582	if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED )
elessair	0:f269e3021894	583	{
elessair	0:f269e3021894	584	unsigned char session_hash[48];
elessair	0:f269e3021894	585	size_t hash_len;
elessair	0:f269e3021894	586
elessair	0:f269e3021894	587	MBEDTLS_SSL_DEBUG_MSG( 3, ( "using extended master secret" ) );
elessair	0:f269e3021894	588
elessair	0:f269e3021894	589	ssl->handshake->calc_verify( ssl, session_hash );
elessair	0:f269e3021894	590
elessair	0:f269e3021894	591	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	592	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
elessair	0:f269e3021894	593	{
elessair	0:f269e3021894	594	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	595	if( ssl->transform_negotiate->ciphersuite_info->mac ==
elessair	0:f269e3021894	596	MBEDTLS_MD_SHA384 )
elessair	0:f269e3021894	597	{
elessair	0:f269e3021894	598	hash_len = 48;
elessair	0:f269e3021894	599	}
elessair	0:f269e3021894	600	else
elessair	0:f269e3021894	601	#endif
elessair	0:f269e3021894	602	hash_len = 32;
elessair	0:f269e3021894	603	}
elessair	0:f269e3021894	604	else
elessair	0:f269e3021894	605	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	606	hash_len = 36;
elessair	0:f269e3021894	607
elessair	0:f269e3021894	608	MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len );
elessair	0:f269e3021894	609
elessair	0:f269e3021894	610	ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
elessair	0:f269e3021894	611	"extended master secret",
elessair	0:f269e3021894	612	session_hash, hash_len,
elessair	0:f269e3021894	613	session->master, 48 );
elessair	0:f269e3021894	614	if( ret != 0 )
elessair	0:f269e3021894	615	{
elessair	0:f269e3021894	616	MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
elessair	0:f269e3021894	617	return( ret );
elessair	0:f269e3021894	618	}
elessair	0:f269e3021894	619
elessair	0:f269e3021894	620	}
elessair	0:f269e3021894	621	else
elessair	0:f269e3021894	622	#endif
elessair	0:f269e3021894	623	ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
elessair	0:f269e3021894	624	"master secret",
elessair	0:f269e3021894	625	handshake->randbytes, 64,
elessair	0:f269e3021894	626	session->master, 48 );
elessair	0:f269e3021894	627	if( ret != 0 )
elessair	0:f269e3021894	628	{
elessair	0:f269e3021894	629	MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
elessair	0:f269e3021894	630	return( ret );
elessair	0:f269e3021894	631	}
elessair	0:f269e3021894	632
elessair	0:f269e3021894	633	mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) );
elessair	0:f269e3021894	634	}
elessair	0:f269e3021894	635	else
elessair	0:f269e3021894	636	MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
elessair	0:f269e3021894	637
elessair	0:f269e3021894	638	/*
elessair	0:f269e3021894	639	* Swap the client and server random values.
elessair	0:f269e3021894	640	*/
elessair	0:f269e3021894	641	memcpy( tmp, handshake->randbytes, 64 );
elessair	0:f269e3021894	642	memcpy( handshake->randbytes, tmp + 32, 32 );
elessair	0:f269e3021894	643	memcpy( handshake->randbytes + 32, tmp, 32 );
elessair	0:f269e3021894	644	mbedtls_zeroize( tmp, sizeof( tmp ) );
elessair	0:f269e3021894	645
elessair	0:f269e3021894	646	/*
elessair	0:f269e3021894	647	* SSLv3:
elessair	0:f269e3021894	648	* key block =
elessair	0:f269e3021894	649	* MD5( master + SHA1( 'A' + master + randbytes ) ) +
elessair	0:f269e3021894	650	* MD5( master + SHA1( 'BB' + master + randbytes ) ) +
elessair	0:f269e3021894	651	* MD5( master + SHA1( 'CCC' + master + randbytes ) ) +
elessair	0:f269e3021894	652	* MD5( master + SHA1( 'DDDD' + master + randbytes ) ) +
elessair	0:f269e3021894	653	* ...
elessair	0:f269e3021894	654	*
elessair	0:f269e3021894	655	* TLSv1:
elessair	0:f269e3021894	656	* key block = PRF( master, "key expansion", randbytes )
elessair	0:f269e3021894	657	*/
elessair	0:f269e3021894	658	ret = handshake->tls_prf( session->master, 48, "key expansion",
elessair	0:f269e3021894	659	handshake->randbytes, 64, keyblk, 256 );
elessair	0:f269e3021894	660	if( ret != 0 )
elessair	0:f269e3021894	661	{
elessair	0:f269e3021894	662	MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
elessair	0:f269e3021894	663	return( ret );
elessair	0:f269e3021894	664	}
elessair	0:f269e3021894	665
elessair	0:f269e3021894	666	MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
elessair	0:f269e3021894	667	mbedtls_ssl_get_ciphersuite_name( session->ciphersuite ) ) );
elessair	0:f269e3021894	668	MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", session->master, 48 );
elessair	0:f269e3021894	669	MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
elessair	0:f269e3021894	670	MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
elessair	0:f269e3021894	671
elessair	0:f269e3021894	672	mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) );
elessair	0:f269e3021894	673
elessair	0:f269e3021894	674	/*
elessair	0:f269e3021894	675	* Determine the appropriate key, IV and MAC length.
elessair	0:f269e3021894	676	*/
elessair	0:f269e3021894	677
elessair	0:f269e3021894	678	transform->keylen = cipher_info->key_bitlen / 8;
elessair	0:f269e3021894	679
elessair	0:f269e3021894	680	if( cipher_info->mode == MBEDTLS_MODE_GCM \|\|
elessair	0:f269e3021894	681	cipher_info->mode == MBEDTLS_MODE_CCM )
elessair	0:f269e3021894	682	{
elessair	0:f269e3021894	683	transform->maclen = 0;
elessair	0:f269e3021894	684
elessair	0:f269e3021894	685	transform->ivlen = 12;
elessair	0:f269e3021894	686	transform->fixed_ivlen = 4;
elessair	0:f269e3021894	687
elessair	0:f269e3021894	688	/* Minimum length is expicit IV + tag */
elessair	0:f269e3021894	689	transform->minlen = transform->ivlen - transform->fixed_ivlen
elessair	0:f269e3021894	690	+ ( transform->ciphersuite_info->flags &
elessair	0:f269e3021894	691	MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16 );
elessair	0:f269e3021894	692	}
elessair	0:f269e3021894	693	else
elessair	0:f269e3021894	694	{
elessair	0:f269e3021894	695	/* Initialize HMAC contexts */
elessair	0:f269e3021894	696	if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 \|\|
elessair	0:f269e3021894	697	( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
elessair	0:f269e3021894	698	{
elessair	0:f269e3021894	699	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
elessair	0:f269e3021894	700	return( ret );
elessair	0:f269e3021894	701	}
elessair	0:f269e3021894	702
elessair	0:f269e3021894	703	/* Get MAC length */
elessair	0:f269e3021894	704	transform->maclen = mbedtls_md_get_size( md_info );
elessair	0:f269e3021894	705
elessair	0:f269e3021894	706	#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
elessair	0:f269e3021894	707	/*
elessair	0:f269e3021894	708	* If HMAC is to be truncated, we shall keep the leftmost bytes,
elessair	0:f269e3021894	709	* (rfc 6066 page 13 or rfc 2104 section 4),
elessair	0:f269e3021894	710	* so we only need to adjust the length here.
elessair	0:f269e3021894	711	*/
elessair	0:f269e3021894	712	if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
elessair	0:f269e3021894	713	transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN;
elessair	0:f269e3021894	714	#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
elessair	0:f269e3021894	715
elessair	0:f269e3021894	716	/* IV length */
elessair	0:f269e3021894	717	transform->ivlen = cipher_info->iv_size;
elessair	0:f269e3021894	718
elessair	0:f269e3021894	719	/* Minimum length */
elessair	0:f269e3021894	720	if( cipher_info->mode == MBEDTLS_MODE_STREAM )
elessair	0:f269e3021894	721	transform->minlen = transform->maclen;
elessair	0:f269e3021894	722	else
elessair	0:f269e3021894	723	{
elessair	0:f269e3021894	724	/*
elessair	0:f269e3021894	725	* GenericBlockCipher:
elessair	0:f269e3021894	726	* 1. if EtM is in use: one block plus MAC
elessair	0:f269e3021894	727	* otherwise: * first multiple of blocklen greater than maclen
elessair	0:f269e3021894	728	* 2. IV except for SSL3 and TLS 1.0
elessair	0:f269e3021894	729	*/
elessair	0:f269e3021894	730	#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
elessair	0:f269e3021894	731	if( session->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
elessair	0:f269e3021894	732	{
elessair	0:f269e3021894	733	transform->minlen = transform->maclen
elessair	0:f269e3021894	734	+ cipher_info->block_size;
elessair	0:f269e3021894	735	}
elessair	0:f269e3021894	736	else
elessair	0:f269e3021894	737	#endif
elessair	0:f269e3021894	738	{
elessair	0:f269e3021894	739	transform->minlen = transform->maclen
elessair	0:f269e3021894	740	+ cipher_info->block_size
elessair	0:f269e3021894	741	- transform->maclen % cipher_info->block_size;
elessair	0:f269e3021894	742	}
elessair	0:f269e3021894	743
elessair	0:f269e3021894	744	#if defined(MBEDTLS_SSL_PROTO_SSL3) \|\| defined(MBEDTLS_SSL_PROTO_TLS1)
elessair	0:f269e3021894	745	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 \|\|
elessair	0:f269e3021894	746	ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 )
elessair	0:f269e3021894	747	; /* No need to adjust minlen */
elessair	0:f269e3021894	748	else
elessair	0:f269e3021894	749	#endif
elessair	0:f269e3021894	750	#if defined(MBEDTLS_SSL_PROTO_TLS1_1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	751	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 \|\|
elessair	0:f269e3021894	752	ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
elessair	0:f269e3021894	753	{
elessair	0:f269e3021894	754	transform->minlen += transform->ivlen;
elessair	0:f269e3021894	755	}
elessair	0:f269e3021894	756	else
elessair	0:f269e3021894	757	#endif
elessair	0:f269e3021894	758	{
elessair	0:f269e3021894	759	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	760	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	761	}
elessair	0:f269e3021894	762	}
elessair	0:f269e3021894	763	}
elessair	0:f269e3021894	764
elessair	0:f269e3021894	765	MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
elessair	0:f269e3021894	766	transform->keylen, transform->minlen, transform->ivlen,
elessair	0:f269e3021894	767	transform->maclen ) );
elessair	0:f269e3021894	768
elessair	0:f269e3021894	769	/*
elessair	0:f269e3021894	770	* Finally setup the cipher contexts, IVs and MAC secrets.
elessair	0:f269e3021894	771	*/
elessair	0:f269e3021894	772	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	773	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
elessair	0:f269e3021894	774	{
elessair	0:f269e3021894	775	key1 = keyblk + transform->maclen * 2;
elessair	0:f269e3021894	776	key2 = keyblk + transform->maclen * 2 + transform->keylen;
elessair	0:f269e3021894	777
elessair	0:f269e3021894	778	mac_enc = keyblk;
elessair	0:f269e3021894	779	mac_dec = keyblk + transform->maclen;
elessair	0:f269e3021894	780
elessair	0:f269e3021894	781	/*
elessair	0:f269e3021894	782	* This is not used in TLS v1.1.
elessair	0:f269e3021894	783	*/
elessair	0:f269e3021894	784	iv_copy_len = ( transform->fixed_ivlen ) ?
elessair	0:f269e3021894	785	transform->fixed_ivlen : transform->ivlen;
elessair	0:f269e3021894	786	memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len );
elessair	0:f269e3021894	787	memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
elessair	0:f269e3021894	788	iv_copy_len );
elessair	0:f269e3021894	789	}
elessair	0:f269e3021894	790	else
elessair	0:f269e3021894	791	#endif /* MBEDTLS_SSL_CLI_C */
elessair	0:f269e3021894	792	#if defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	793	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
elessair	0:f269e3021894	794	{
elessair	0:f269e3021894	795	key1 = keyblk + transform->maclen * 2 + transform->keylen;
elessair	0:f269e3021894	796	key2 = keyblk + transform->maclen * 2;
elessair	0:f269e3021894	797
elessair	0:f269e3021894	798	mac_enc = keyblk + transform->maclen;
elessair	0:f269e3021894	799	mac_dec = keyblk;
elessair	0:f269e3021894	800
elessair	0:f269e3021894	801	/*
elessair	0:f269e3021894	802	* This is not used in TLS v1.1.
elessair	0:f269e3021894	803	*/
elessair	0:f269e3021894	804	iv_copy_len = ( transform->fixed_ivlen ) ?
elessair	0:f269e3021894	805	transform->fixed_ivlen : transform->ivlen;
elessair	0:f269e3021894	806	memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len );
elessair	0:f269e3021894	807	memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
elessair	0:f269e3021894	808	iv_copy_len );
elessair	0:f269e3021894	809	}
elessair	0:f269e3021894	810	else
elessair	0:f269e3021894	811	#endif /* MBEDTLS_SSL_SRV_C */
elessair	0:f269e3021894	812	{
elessair	0:f269e3021894	813	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	814	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	815	}
elessair	0:f269e3021894	816
elessair	0:f269e3021894	817	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	818	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
elessair	0:f269e3021894	819	{
elessair	0:f269e3021894	820	if( transform->maclen > sizeof transform->mac_enc )
elessair	0:f269e3021894	821	{
elessair	0:f269e3021894	822	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	823	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	824	}
elessair	0:f269e3021894	825
elessair	0:f269e3021894	826	memcpy( transform->mac_enc, mac_enc, transform->maclen );
elessair	0:f269e3021894	827	memcpy( transform->mac_dec, mac_dec, transform->maclen );
elessair	0:f269e3021894	828	}
elessair	0:f269e3021894	829	else
elessair	0:f269e3021894	830	#endif /* MBEDTLS_SSL_PROTO_SSL3 */
elessair	0:f269e3021894	831	#if defined(MBEDTLS_SSL_PROTO_TLS1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_1) \|\| \
elessair	0:f269e3021894	832	defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	833	if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
elessair	0:f269e3021894	834	{
elessair	0:f269e3021894	835	mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen );
elessair	0:f269e3021894	836	mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen );
elessair	0:f269e3021894	837	}
elessair	0:f269e3021894	838	else
elessair	0:f269e3021894	839	#endif
elessair	0:f269e3021894	840	{
elessair	0:f269e3021894	841	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	842	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	843	}
elessair	0:f269e3021894	844
elessair	0:f269e3021894	845	#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
elessair	0:f269e3021894	846	if( mbedtls_ssl_hw_record_init != NULL )
elessair	0:f269e3021894	847	{
elessair	0:f269e3021894	848	int ret = 0;
elessair	0:f269e3021894	849
elessair	0:f269e3021894	850	MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) );
elessair	0:f269e3021894	851
elessair	0:f269e3021894	852	if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen,
elessair	0:f269e3021894	853	transform->iv_enc, transform->iv_dec,
elessair	0:f269e3021894	854	iv_copy_len,
elessair	0:f269e3021894	855	mac_enc, mac_dec,
elessair	0:f269e3021894	856	transform->maclen ) ) != 0 )
elessair	0:f269e3021894	857	{
elessair	0:f269e3021894	858	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret );
elessair	0:f269e3021894	859	return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
elessair	0:f269e3021894	860	}
elessair	0:f269e3021894	861	}
elessair	0:f269e3021894	862	#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
elessair	0:f269e3021894	863
elessair	0:f269e3021894	864	#if defined(MBEDTLS_SSL_EXPORT_KEYS)
elessair	0:f269e3021894	865	if( ssl->conf->f_export_keys != NULL )
elessair	0:f269e3021894	866	{
elessair	0:f269e3021894	867	ssl->conf->f_export_keys( ssl->conf->p_export_keys,
elessair	0:f269e3021894	868	session->master, keyblk,
elessair	0:f269e3021894	869	transform->maclen, transform->keylen,
elessair	0:f269e3021894	870	iv_copy_len );
elessair	0:f269e3021894	871	}
elessair	0:f269e3021894	872	#endif
elessair	0:f269e3021894	873
elessair	0:f269e3021894	874	if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
elessair	0:f269e3021894	875	cipher_info ) ) != 0 )
elessair	0:f269e3021894	876	{
elessair	0:f269e3021894	877	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
elessair	0:f269e3021894	878	return( ret );
elessair	0:f269e3021894	879	}
elessair	0:f269e3021894	880
elessair	0:f269e3021894	881	if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
elessair	0:f269e3021894	882	cipher_info ) ) != 0 )
elessair	0:f269e3021894	883	{
elessair	0:f269e3021894	884	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
elessair	0:f269e3021894	885	return( ret );
elessair	0:f269e3021894	886	}
elessair	0:f269e3021894	887
elessair	0:f269e3021894	888	if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
elessair	0:f269e3021894	889	cipher_info->key_bitlen,
elessair	0:f269e3021894	890	MBEDTLS_ENCRYPT ) ) != 0 )
elessair	0:f269e3021894	891	{
elessair	0:f269e3021894	892	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
elessair	0:f269e3021894	893	return( ret );
elessair	0:f269e3021894	894	}
elessair	0:f269e3021894	895
elessair	0:f269e3021894	896	if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
elessair	0:f269e3021894	897	cipher_info->key_bitlen,
elessair	0:f269e3021894	898	MBEDTLS_DECRYPT ) ) != 0 )
elessair	0:f269e3021894	899	{
elessair	0:f269e3021894	900	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
elessair	0:f269e3021894	901	return( ret );
elessair	0:f269e3021894	902	}
elessair	0:f269e3021894	903
elessair	0:f269e3021894	904	#if defined(MBEDTLS_CIPHER_MODE_CBC)
elessair	0:f269e3021894	905	if( cipher_info->mode == MBEDTLS_MODE_CBC )
elessair	0:f269e3021894	906	{
elessair	0:f269e3021894	907	if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
elessair	0:f269e3021894	908	MBEDTLS_PADDING_NONE ) ) != 0 )
elessair	0:f269e3021894	909	{
elessair	0:f269e3021894	910	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
elessair	0:f269e3021894	911	return( ret );
elessair	0:f269e3021894	912	}
elessair	0:f269e3021894	913
elessair	0:f269e3021894	914	if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec,
elessair	0:f269e3021894	915	MBEDTLS_PADDING_NONE ) ) != 0 )
elessair	0:f269e3021894	916	{
elessair	0:f269e3021894	917	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
elessair	0:f269e3021894	918	return( ret );
elessair	0:f269e3021894	919	}
elessair	0:f269e3021894	920	}
elessair	0:f269e3021894	921	#endif /* MBEDTLS_CIPHER_MODE_CBC */
elessair	0:f269e3021894	922
elessair	0:f269e3021894	923	mbedtls_zeroize( keyblk, sizeof( keyblk ) );
elessair	0:f269e3021894	924
elessair	0:f269e3021894	925	#if defined(MBEDTLS_ZLIB_SUPPORT)
elessair	0:f269e3021894	926	// Initialize compression
elessair	0:f269e3021894	927	//
elessair	0:f269e3021894	928	if( session->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
elessair	0:f269e3021894	929	{
elessair	0:f269e3021894	930	if( ssl->compress_buf == NULL )
elessair	0:f269e3021894	931	{
elessair	0:f269e3021894	932	MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) );
elessair	0:f269e3021894	933	ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_BUFFER_LEN );
elessair	0:f269e3021894	934	if( ssl->compress_buf == NULL )
elessair	0:f269e3021894	935	{
elessair	0:f269e3021894	936	MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
elessair	0:f269e3021894	937	MBEDTLS_SSL_BUFFER_LEN ) );
elessair	0:f269e3021894	938	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
elessair	0:f269e3021894	939	}
elessair	0:f269e3021894	940	}
elessair	0:f269e3021894	941
elessair	0:f269e3021894	942	MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) );
elessair	0:f269e3021894	943
elessair	0:f269e3021894	944	memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) );
elessair	0:f269e3021894	945	memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) );
elessair	0:f269e3021894	946
elessair	0:f269e3021894	947	if( deflateInit( &transform->ctx_deflate,
elessair	0:f269e3021894	948	Z_DEFAULT_COMPRESSION ) != Z_OK \|\|
elessair	0:f269e3021894	949	inflateInit( &transform->ctx_inflate ) != Z_OK )
elessair	0:f269e3021894	950	{
elessair	0:f269e3021894	951	MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) );
elessair	0:f269e3021894	952	return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
elessair	0:f269e3021894	953	}
elessair	0:f269e3021894	954	}
elessair	0:f269e3021894	955	#endif /* MBEDTLS_ZLIB_SUPPORT */
elessair	0:f269e3021894	956
elessair	0:f269e3021894	957	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
elessair	0:f269e3021894	958
elessair	0:f269e3021894	959	return( 0 );
elessair	0:f269e3021894	960	}
elessair	0:f269e3021894	961
elessair	0:f269e3021894	962	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	963	void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] )
elessair	0:f269e3021894	964	{
elessair	0:f269e3021894	965	mbedtls_md5_context md5;
elessair	0:f269e3021894	966	mbedtls_sha1_context sha1;
elessair	0:f269e3021894	967	unsigned char pad_1[48];
elessair	0:f269e3021894	968	unsigned char pad_2[48];
elessair	0:f269e3021894	969
elessair	0:f269e3021894	970	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) );
elessair	0:f269e3021894	971
elessair	0:f269e3021894	972	mbedtls_md5_init( &md5 );
elessair	0:f269e3021894	973	mbedtls_sha1_init( &sha1 );
elessair	0:f269e3021894	974
elessair	0:f269e3021894	975	mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
elessair	0:f269e3021894	976	mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
elessair	0:f269e3021894	977
elessair	0:f269e3021894	978	memset( pad_1, 0x36, 48 );
elessair	0:f269e3021894	979	memset( pad_2, 0x5C, 48 );
elessair	0:f269e3021894	980
elessair	0:f269e3021894	981	mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 );
elessair	0:f269e3021894	982	mbedtls_md5_update( &md5, pad_1, 48 );
elessair	0:f269e3021894	983	mbedtls_md5_finish( &md5, hash );
elessair	0:f269e3021894	984
elessair	0:f269e3021894	985	mbedtls_md5_starts( &md5 );
elessair	0:f269e3021894	986	mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 );
elessair	0:f269e3021894	987	mbedtls_md5_update( &md5, pad_2, 48 );
elessair	0:f269e3021894	988	mbedtls_md5_update( &md5, hash, 16 );
elessair	0:f269e3021894	989	mbedtls_md5_finish( &md5, hash );
elessair	0:f269e3021894	990
elessair	0:f269e3021894	991	mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 );
elessair	0:f269e3021894	992	mbedtls_sha1_update( &sha1, pad_1, 40 );
elessair	0:f269e3021894	993	mbedtls_sha1_finish( &sha1, hash + 16 );
elessair	0:f269e3021894	994
elessair	0:f269e3021894	995	mbedtls_sha1_starts( &sha1 );
elessair	0:f269e3021894	996	mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 );
elessair	0:f269e3021894	997	mbedtls_sha1_update( &sha1, pad_2, 40 );
elessair	0:f269e3021894	998	mbedtls_sha1_update( &sha1, hash + 16, 20 );
elessair	0:f269e3021894	999	mbedtls_sha1_finish( &sha1, hash + 16 );
elessair	0:f269e3021894	1000
elessair	0:f269e3021894	1001	MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
elessair	0:f269e3021894	1002	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
elessair	0:f269e3021894	1003
elessair	0:f269e3021894	1004	mbedtls_md5_free( &md5 );
elessair	0:f269e3021894	1005	mbedtls_sha1_free( &sha1 );
elessair	0:f269e3021894	1006
elessair	0:f269e3021894	1007	return;
elessair	0:f269e3021894	1008	}
elessair	0:f269e3021894	1009	#endif /* MBEDTLS_SSL_PROTO_SSL3 */
elessair	0:f269e3021894	1010
elessair	0:f269e3021894	1011	#if defined(MBEDTLS_SSL_PROTO_TLS1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_1)
elessair	0:f269e3021894	1012	void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] )
elessair	0:f269e3021894	1013	{
elessair	0:f269e3021894	1014	mbedtls_md5_context md5;
elessair	0:f269e3021894	1015	mbedtls_sha1_context sha1;
elessair	0:f269e3021894	1016
elessair	0:f269e3021894	1017	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) );
elessair	0:f269e3021894	1018
elessair	0:f269e3021894	1019	mbedtls_md5_init( &md5 );
elessair	0:f269e3021894	1020	mbedtls_sha1_init( &sha1 );
elessair	0:f269e3021894	1021
elessair	0:f269e3021894	1022	mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
elessair	0:f269e3021894	1023	mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
elessair	0:f269e3021894	1024
elessair	0:f269e3021894	1025	mbedtls_md5_finish( &md5, hash );
elessair	0:f269e3021894	1026	mbedtls_sha1_finish( &sha1, hash + 16 );
elessair	0:f269e3021894	1027
elessair	0:f269e3021894	1028	MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
elessair	0:f269e3021894	1029	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
elessair	0:f269e3021894	1030
elessair	0:f269e3021894	1031	mbedtls_md5_free( &md5 );
elessair	0:f269e3021894	1032	mbedtls_sha1_free( &sha1 );
elessair	0:f269e3021894	1033
elessair	0:f269e3021894	1034	return;
elessair	0:f269e3021894	1035	}
elessair	0:f269e3021894	1036	#endif /* MBEDTLS_SSL_PROTO_TLS1 \|\| MBEDTLS_SSL_PROTO_TLS1_1 */
elessair	0:f269e3021894	1037
elessair	0:f269e3021894	1038	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	1039	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	1040	void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] )
elessair	0:f269e3021894	1041	{
elessair	0:f269e3021894	1042	mbedtls_sha256_context sha256;
elessair	0:f269e3021894	1043
elessair	0:f269e3021894	1044	mbedtls_sha256_init( &sha256 );
elessair	0:f269e3021894	1045
elessair	0:f269e3021894	1046	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
elessair	0:f269e3021894	1047
elessair	0:f269e3021894	1048	mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
elessair	0:f269e3021894	1049	mbedtls_sha256_finish( &sha256, hash );
elessair	0:f269e3021894	1050
elessair	0:f269e3021894	1051	MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 );
elessair	0:f269e3021894	1052	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
elessair	0:f269e3021894	1053
elessair	0:f269e3021894	1054	mbedtls_sha256_free( &sha256 );
elessair	0:f269e3021894	1055
elessair	0:f269e3021894	1056	return;
elessair	0:f269e3021894	1057	}
elessair	0:f269e3021894	1058	#endif /* MBEDTLS_SHA256_C */
elessair	0:f269e3021894	1059
elessair	0:f269e3021894	1060	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	1061	void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] )
elessair	0:f269e3021894	1062	{
elessair	0:f269e3021894	1063	mbedtls_sha512_context sha512;
elessair	0:f269e3021894	1064
elessair	0:f269e3021894	1065	mbedtls_sha512_init( &sha512 );
elessair	0:f269e3021894	1066
elessair	0:f269e3021894	1067	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
elessair	0:f269e3021894	1068
elessair	0:f269e3021894	1069	mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
elessair	0:f269e3021894	1070	mbedtls_sha512_finish( &sha512, hash );
elessair	0:f269e3021894	1071
elessair	0:f269e3021894	1072	MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 );
elessair	0:f269e3021894	1073	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
elessair	0:f269e3021894	1074
elessair	0:f269e3021894	1075	mbedtls_sha512_free( &sha512 );
elessair	0:f269e3021894	1076
elessair	0:f269e3021894	1077	return;
elessair	0:f269e3021894	1078	}
elessair	0:f269e3021894	1079	#endif /* MBEDTLS_SHA512_C */
elessair	0:f269e3021894	1080	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	1081
elessair	0:f269e3021894	1082	#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
elessair	0:f269e3021894	1083	int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
elessair	0:f269e3021894	1084	{
elessair	0:f269e3021894	1085	unsigned char *p = ssl->handshake->premaster;
elessair	0:f269e3021894	1086	unsigned char *end = p + sizeof( ssl->handshake->premaster );
elessair	0:f269e3021894	1087	const unsigned char *psk = ssl->conf->psk;
elessair	0:f269e3021894	1088	size_t psk_len = ssl->conf->psk_len;
elessair	0:f269e3021894	1089
elessair	0:f269e3021894	1090	/* If the psk callback was called, use its result */
elessair	0:f269e3021894	1091	if( ssl->handshake->psk != NULL )
elessair	0:f269e3021894	1092	{
elessair	0:f269e3021894	1093	psk = ssl->handshake->psk;
elessair	0:f269e3021894	1094	psk_len = ssl->handshake->psk_len;
elessair	0:f269e3021894	1095	}
elessair	0:f269e3021894	1096
elessair	0:f269e3021894	1097	/*
elessair	0:f269e3021894	1098	* PMS = struct {
elessair	0:f269e3021894	1099	* opaque other_secret<0..2^16-1>;
elessair	0:f269e3021894	1100	* opaque psk<0..2^16-1>;
elessair	0:f269e3021894	1101	* };
elessair	0:f269e3021894	1102	* with "other_secret" depending on the particular key exchange
elessair	0:f269e3021894	1103	*/
elessair	0:f269e3021894	1104	#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
elessair	0:f269e3021894	1105	if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK )
elessair	0:f269e3021894	1106	{
elessair	0:f269e3021894	1107	if( end - p < 2 )
elessair	0:f269e3021894	1108	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	1109
elessair	0:f269e3021894	1110	*(p++) = (unsigned char)( psk_len >> 8 );
elessair	0:f269e3021894	1111	*(p++) = (unsigned char)( psk_len );
elessair	0:f269e3021894	1112
elessair	0:f269e3021894	1113	if( end < p \|\| (size_t)( end - p ) < psk_len )
elessair	0:f269e3021894	1114	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	1115
elessair	0:f269e3021894	1116	memset( p, 0, psk_len );
elessair	0:f269e3021894	1117	p += psk_len;
elessair	0:f269e3021894	1118	}
elessair	0:f269e3021894	1119	else
elessair	0:f269e3021894	1120	#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
elessair	0:f269e3021894	1121	#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
elessair	0:f269e3021894	1122	if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
elessair	0:f269e3021894	1123	{
elessair	0:f269e3021894	1124	/*
elessair	0:f269e3021894	1125	* other_secret already set by the ClientKeyExchange message,
elessair	0:f269e3021894	1126	* and is 48 bytes long
elessair	0:f269e3021894	1127	*/
elessair	0:f269e3021894	1128	*p++ = 0;
elessair	0:f269e3021894	1129	*p++ = 48;
elessair	0:f269e3021894	1130	p += 48;
elessair	0:f269e3021894	1131	}
elessair	0:f269e3021894	1132	else
elessair	0:f269e3021894	1133	#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
elessair	0:f269e3021894	1134	#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
elessair	0:f269e3021894	1135	if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
elessair	0:f269e3021894	1136	{
elessair	0:f269e3021894	1137	int ret;
elessair	0:f269e3021894	1138	size_t len;
elessair	0:f269e3021894	1139
elessair	0:f269e3021894	1140	/* Write length only when we know the actual value */
elessair	0:f269e3021894	1141	if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
elessair	0:f269e3021894	1142	p + 2, end - ( p + 2 ), &len,
elessair	0:f269e3021894	1143	ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
elessair	0:f269e3021894	1144	{
elessair	0:f269e3021894	1145	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
elessair	0:f269e3021894	1146	return( ret );
elessair	0:f269e3021894	1147	}
elessair	0:f269e3021894	1148	*(p++) = (unsigned char)( len >> 8 );
elessair	0:f269e3021894	1149	*(p++) = (unsigned char)( len );
elessair	0:f269e3021894	1150	p += len;
elessair	0:f269e3021894	1151
elessair	0:f269e3021894	1152	MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
elessair	0:f269e3021894	1153	}
elessair	0:f269e3021894	1154	else
elessair	0:f269e3021894	1155	#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
elessair	0:f269e3021894	1156	#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
elessair	0:f269e3021894	1157	if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
elessair	0:f269e3021894	1158	{
elessair	0:f269e3021894	1159	int ret;
elessair	0:f269e3021894	1160	size_t zlen;
elessair	0:f269e3021894	1161
elessair	0:f269e3021894	1162	if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
elessair	0:f269e3021894	1163	p + 2, end - ( p + 2 ),
elessair	0:f269e3021894	1164	ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
elessair	0:f269e3021894	1165	{
elessair	0:f269e3021894	1166	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
elessair	0:f269e3021894	1167	return( ret );
elessair	0:f269e3021894	1168	}
elessair	0:f269e3021894	1169
elessair	0:f269e3021894	1170	*(p++) = (unsigned char)( zlen >> 8 );
elessair	0:f269e3021894	1171	*(p++) = (unsigned char)( zlen );
elessair	0:f269e3021894	1172	p += zlen;
elessair	0:f269e3021894	1173
elessair	0:f269e3021894	1174	MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
elessair	0:f269e3021894	1175	}
elessair	0:f269e3021894	1176	else
elessair	0:f269e3021894	1177	#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
elessair	0:f269e3021894	1178	{
elessair	0:f269e3021894	1179	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1180	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1181	}
elessair	0:f269e3021894	1182
elessair	0:f269e3021894	1183	/* opaque psk<0..2^16-1>; */
elessair	0:f269e3021894	1184	if( end - p < 2 )
elessair	0:f269e3021894	1185	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	1186
elessair	0:f269e3021894	1187	*(p++) = (unsigned char)( psk_len >> 8 );
elessair	0:f269e3021894	1188	*(p++) = (unsigned char)( psk_len );
elessair	0:f269e3021894	1189
elessair	0:f269e3021894	1190	if( end < p \|\| (size_t)( end - p ) < psk_len )
elessair	0:f269e3021894	1191	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	1192
elessair	0:f269e3021894	1193	memcpy( p, psk, psk_len );
elessair	0:f269e3021894	1194	p += psk_len;
elessair	0:f269e3021894	1195
elessair	0:f269e3021894	1196	ssl->handshake->pmslen = p - ssl->handshake->premaster;
elessair	0:f269e3021894	1197
elessair	0:f269e3021894	1198	return( 0 );
elessair	0:f269e3021894	1199	}
elessair	0:f269e3021894	1200	#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
elessair	0:f269e3021894	1201
elessair	0:f269e3021894	1202	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	1203	/*
elessair	0:f269e3021894	1204	* SSLv3.0 MAC functions
elessair	0:f269e3021894	1205	*/
elessair	0:f269e3021894	1206	static void ssl_mac( mbedtls_md_context_t md_ctx, unsigned char secret,
elessair	0:f269e3021894	1207	unsigned char *buf, size_t len,
elessair	0:f269e3021894	1208	unsigned char *ctr, int type )
elessair	0:f269e3021894	1209	{
elessair	0:f269e3021894	1210	unsigned char header[11];
elessair	0:f269e3021894	1211	unsigned char padding[48];
elessair	0:f269e3021894	1212	int padlen;
elessair	0:f269e3021894	1213	int md_size = mbedtls_md_get_size( md_ctx->md_info );
elessair	0:f269e3021894	1214	int md_type = mbedtls_md_get_type( md_ctx->md_info );
elessair	0:f269e3021894	1215
elessair	0:f269e3021894	1216	/* Only MD5 and SHA-1 supported */
elessair	0:f269e3021894	1217	if( md_type == MBEDTLS_MD_MD5 )
elessair	0:f269e3021894	1218	padlen = 48;
elessair	0:f269e3021894	1219	else
elessair	0:f269e3021894	1220	padlen = 40;
elessair	0:f269e3021894	1221
elessair	0:f269e3021894	1222	memcpy( header, ctr, 8 );
elessair	0:f269e3021894	1223	header[ 8] = (unsigned char) type;
elessair	0:f269e3021894	1224	header[ 9] = (unsigned char)( len >> 8 );
elessair	0:f269e3021894	1225	header[10] = (unsigned char)( len );
elessair	0:f269e3021894	1226
elessair	0:f269e3021894	1227	memset( padding, 0x36, padlen );
elessair	0:f269e3021894	1228	mbedtls_md_starts( md_ctx );
elessair	0:f269e3021894	1229	mbedtls_md_update( md_ctx, secret, md_size );
elessair	0:f269e3021894	1230	mbedtls_md_update( md_ctx, padding, padlen );
elessair	0:f269e3021894	1231	mbedtls_md_update( md_ctx, header, 11 );
elessair	0:f269e3021894	1232	mbedtls_md_update( md_ctx, buf, len );
elessair	0:f269e3021894	1233	mbedtls_md_finish( md_ctx, buf + len );
elessair	0:f269e3021894	1234
elessair	0:f269e3021894	1235	memset( padding, 0x5C, padlen );
elessair	0:f269e3021894	1236	mbedtls_md_starts( md_ctx );
elessair	0:f269e3021894	1237	mbedtls_md_update( md_ctx, secret, md_size );
elessair	0:f269e3021894	1238	mbedtls_md_update( md_ctx, padding, padlen );
elessair	0:f269e3021894	1239	mbedtls_md_update( md_ctx, buf + len, md_size );
elessair	0:f269e3021894	1240	mbedtls_md_finish( md_ctx, buf + len );
elessair	0:f269e3021894	1241	}
elessair	0:f269e3021894	1242	#endif /* MBEDTLS_SSL_PROTO_SSL3 */
elessair	0:f269e3021894	1243
elessair	0:f269e3021894	1244	#if defined(MBEDTLS_ARC4_C) \|\| defined(MBEDTLS_CIPHER_NULL_CIPHER) \|\| \
elessair	0:f269e3021894	1245	( defined(MBEDTLS_CIPHER_MODE_CBC) && \
elessair	0:f269e3021894	1246	( defined(MBEDTLS_AES_C) \|\| defined(MBEDTLS_CAMELLIA_C) ) )
elessair	0:f269e3021894	1247	#define SSL_SOME_MODES_USE_MAC
elessair	0:f269e3021894	1248	#endif
elessair	0:f269e3021894	1249
elessair	0:f269e3021894	1250	/*
elessair	0:f269e3021894	1251	* Encryption/decryption functions
elessair	0:f269e3021894	1252	*/
elessair	0:f269e3021894	1253	static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	1254	{
elessair	0:f269e3021894	1255	mbedtls_cipher_mode_t mode;
elessair	0:f269e3021894	1256	int auth_done = 0;
elessair	0:f269e3021894	1257
elessair	0:f269e3021894	1258	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
elessair	0:f269e3021894	1259
elessair	0:f269e3021894	1260	if( ssl->session_out == NULL \|\| ssl->transform_out == NULL )
elessair	0:f269e3021894	1261	{
elessair	0:f269e3021894	1262	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1263	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1264	}
elessair	0:f269e3021894	1265
elessair	0:f269e3021894	1266	mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc );
elessair	0:f269e3021894	1267
elessair	0:f269e3021894	1268	MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
elessair	0:f269e3021894	1269	ssl->out_msg, ssl->out_msglen );
elessair	0:f269e3021894	1270
elessair	0:f269e3021894	1271	/*
elessair	0:f269e3021894	1272	* Add MAC before if needed
elessair	0:f269e3021894	1273	*/
elessair	0:f269e3021894	1274	#if defined(SSL_SOME_MODES_USE_MAC)
elessair	0:f269e3021894	1275	if( mode == MBEDTLS_MODE_STREAM \|\|
elessair	0:f269e3021894	1276	( mode == MBEDTLS_MODE_CBC
elessair	0:f269e3021894	1277	#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
elessair	0:f269e3021894	1278	&& ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
elessair	0:f269e3021894	1279	#endif
elessair	0:f269e3021894	1280	) )
elessair	0:f269e3021894	1281	{
elessair	0:f269e3021894	1282	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	1283	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
elessair	0:f269e3021894	1284	{
elessair	0:f269e3021894	1285	ssl_mac( &ssl->transform_out->md_ctx_enc,
elessair	0:f269e3021894	1286	ssl->transform_out->mac_enc,
elessair	0:f269e3021894	1287	ssl->out_msg, ssl->out_msglen,
elessair	0:f269e3021894	1288	ssl->out_ctr, ssl->out_msgtype );
elessair	0:f269e3021894	1289	}
elessair	0:f269e3021894	1290	else
elessair	0:f269e3021894	1291	#endif
elessair	0:f269e3021894	1292	#if defined(MBEDTLS_SSL_PROTO_TLS1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_1) \|\| \
elessair	0:f269e3021894	1293	defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	1294	if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
elessair	0:f269e3021894	1295	{
elessair	0:f269e3021894	1296	mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 );
elessair	0:f269e3021894	1297	mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 );
elessair	0:f269e3021894	1298	mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 );
elessair	0:f269e3021894	1299	mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
elessair	0:f269e3021894	1300	ssl->out_msg, ssl->out_msglen );
elessair	0:f269e3021894	1301	mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc,
elessair	0:f269e3021894	1302	ssl->out_msg + ssl->out_msglen );
elessair	0:f269e3021894	1303	mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
elessair	0:f269e3021894	1304	}
elessair	0:f269e3021894	1305	else
elessair	0:f269e3021894	1306	#endif
elessair	0:f269e3021894	1307	{
elessair	0:f269e3021894	1308	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1309	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1310	}
elessair	0:f269e3021894	1311
elessair	0:f269e3021894	1312	MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac",
elessair	0:f269e3021894	1313	ssl->out_msg + ssl->out_msglen,
elessair	0:f269e3021894	1314	ssl->transform_out->maclen );
elessair	0:f269e3021894	1315
elessair	0:f269e3021894	1316	ssl->out_msglen += ssl->transform_out->maclen;
elessair	0:f269e3021894	1317	auth_done++;
elessair	0:f269e3021894	1318	}
elessair	0:f269e3021894	1319	#endif /* AEAD not the only option */
elessair	0:f269e3021894	1320
elessair	0:f269e3021894	1321	/*
elessair	0:f269e3021894	1322	* Encrypt
elessair	0:f269e3021894	1323	*/
elessair	0:f269e3021894	1324	#if defined(MBEDTLS_ARC4_C) \|\| defined(MBEDTLS_CIPHER_NULL_CIPHER)
elessair	0:f269e3021894	1325	if( mode == MBEDTLS_MODE_STREAM )
elessair	0:f269e3021894	1326	{
elessair	0:f269e3021894	1327	int ret;
elessair	0:f269e3021894	1328	size_t olen = 0;
elessair	0:f269e3021894	1329
elessair	0:f269e3021894	1330	MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
elessair	0:f269e3021894	1331	"including %d bytes of padding",
elessair	0:f269e3021894	1332	ssl->out_msglen, 0 ) );
elessair	0:f269e3021894	1333
elessair	0:f269e3021894	1334	if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
elessair	0:f269e3021894	1335	ssl->transform_out->iv_enc,
elessair	0:f269e3021894	1336	ssl->transform_out->ivlen,
elessair	0:f269e3021894	1337	ssl->out_msg, ssl->out_msglen,
elessair	0:f269e3021894	1338	ssl->out_msg, &olen ) ) != 0 )
elessair	0:f269e3021894	1339	{
elessair	0:f269e3021894	1340	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
elessair	0:f269e3021894	1341	return( ret );
elessair	0:f269e3021894	1342	}
elessair	0:f269e3021894	1343
elessair	0:f269e3021894	1344	if( ssl->out_msglen != olen )
elessair	0:f269e3021894	1345	{
elessair	0:f269e3021894	1346	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1347	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1348	}
elessair	0:f269e3021894	1349	}
elessair	0:f269e3021894	1350	else
elessair	0:f269e3021894	1351	#endif /* MBEDTLS_ARC4_C \|\| MBEDTLS_CIPHER_NULL_CIPHER */
elessair	0:f269e3021894	1352	#if defined(MBEDTLS_GCM_C) \|\| defined(MBEDTLS_CCM_C)
elessair	0:f269e3021894	1353	if( mode == MBEDTLS_MODE_GCM \|\|
elessair	0:f269e3021894	1354	mode == MBEDTLS_MODE_CCM )
elessair	0:f269e3021894	1355	{
elessair	0:f269e3021894	1356	int ret;
elessair	0:f269e3021894	1357	size_t enc_msglen, olen;
elessair	0:f269e3021894	1358	unsigned char *enc_msg;
elessair	0:f269e3021894	1359	unsigned char add_data[13];
elessair	0:f269e3021894	1360	unsigned char taglen = ssl->transform_out->ciphersuite_info->flags &
elessair	0:f269e3021894	1361	MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
elessair	0:f269e3021894	1362
elessair	0:f269e3021894	1363	memcpy( add_data, ssl->out_ctr, 8 );
elessair	0:f269e3021894	1364	add_data[8] = ssl->out_msgtype;
elessair	0:f269e3021894	1365	mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
elessair	0:f269e3021894	1366	ssl->conf->transport, add_data + 9 );
elessair	0:f269e3021894	1367	add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF;
elessair	0:f269e3021894	1368	add_data[12] = ssl->out_msglen & 0xFF;
elessair	0:f269e3021894	1369
elessair	0:f269e3021894	1370	MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
elessair	0:f269e3021894	1371	add_data, 13 );
elessair	0:f269e3021894	1372
elessair	0:f269e3021894	1373	/*
elessair	0:f269e3021894	1374	* Generate IV
elessair	0:f269e3021894	1375	*/
elessair	0:f269e3021894	1376	if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 )
elessair	0:f269e3021894	1377	{
elessair	0:f269e3021894	1378	/* Reminder if we ever add an AEAD mode with a different size */
elessair	0:f269e3021894	1379	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1380	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1381	}
elessair	0:f269e3021894	1382
elessair	0:f269e3021894	1383	memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
elessair	0:f269e3021894	1384	ssl->out_ctr, 8 );
elessair	0:f269e3021894	1385	memcpy( ssl->out_iv, ssl->out_ctr, 8 );
elessair	0:f269e3021894	1386
elessair	0:f269e3021894	1387	MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
elessair	0:f269e3021894	1388	ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
elessair	0:f269e3021894	1389
elessair	0:f269e3021894	1390	/*
elessair	0:f269e3021894	1391	* Fix pointer positions and message length with added IV
elessair	0:f269e3021894	1392	*/
elessair	0:f269e3021894	1393	enc_msg = ssl->out_msg;
elessair	0:f269e3021894	1394	enc_msglen = ssl->out_msglen;
elessair	0:f269e3021894	1395	ssl->out_msglen += ssl->transform_out->ivlen -
elessair	0:f269e3021894	1396	ssl->transform_out->fixed_ivlen;
elessair	0:f269e3021894	1397
elessair	0:f269e3021894	1398	MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
elessair	0:f269e3021894	1399	"including %d bytes of padding",
elessair	0:f269e3021894	1400	ssl->out_msglen, 0 ) );
elessair	0:f269e3021894	1401
elessair	0:f269e3021894	1402	/*
elessair	0:f269e3021894	1403	* Encrypt and authenticate
elessair	0:f269e3021894	1404	*/
elessair	0:f269e3021894	1405	if( ( ret = mbedtls_cipher_auth_encrypt( &ssl->transform_out->cipher_ctx_enc,
elessair	0:f269e3021894	1406	ssl->transform_out->iv_enc,
elessair	0:f269e3021894	1407	ssl->transform_out->ivlen,
elessair	0:f269e3021894	1408	add_data, 13,
elessair	0:f269e3021894	1409	enc_msg, enc_msglen,
elessair	0:f269e3021894	1410	enc_msg, &olen,
elessair	0:f269e3021894	1411	enc_msg + enc_msglen, taglen ) ) != 0 )
elessair	0:f269e3021894	1412	{
elessair	0:f269e3021894	1413	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret );
elessair	0:f269e3021894	1414	return( ret );
elessair	0:f269e3021894	1415	}
elessair	0:f269e3021894	1416
elessair	0:f269e3021894	1417	if( olen != enc_msglen )
elessair	0:f269e3021894	1418	{
elessair	0:f269e3021894	1419	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1420	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1421	}
elessair	0:f269e3021894	1422
elessair	0:f269e3021894	1423	ssl->out_msglen += taglen;
elessair	0:f269e3021894	1424	auth_done++;
elessair	0:f269e3021894	1425
elessair	0:f269e3021894	1426	MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen );
elessair	0:f269e3021894	1427	}
elessair	0:f269e3021894	1428	else
elessair	0:f269e3021894	1429	#endif /* MBEDTLS_GCM_C \|\| MBEDTLS_CCM_C */
elessair	0:f269e3021894	1430	#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
elessair	0:f269e3021894	1431	( defined(MBEDTLS_AES_C) \|\| defined(MBEDTLS_CAMELLIA_C) )
elessair	0:f269e3021894	1432	if( mode == MBEDTLS_MODE_CBC )
elessair	0:f269e3021894	1433	{
elessair	0:f269e3021894	1434	int ret;
elessair	0:f269e3021894	1435	unsigned char *enc_msg;
elessair	0:f269e3021894	1436	size_t enc_msglen, padlen, olen = 0, i;
elessair	0:f269e3021894	1437
elessair	0:f269e3021894	1438	padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) %
elessair	0:f269e3021894	1439	ssl->transform_out->ivlen;
elessair	0:f269e3021894	1440	if( padlen == ssl->transform_out->ivlen )
elessair	0:f269e3021894	1441	padlen = 0;
elessair	0:f269e3021894	1442
elessair	0:f269e3021894	1443	for( i = 0; i <= padlen; i++ )
elessair	0:f269e3021894	1444	ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen;
elessair	0:f269e3021894	1445
elessair	0:f269e3021894	1446	ssl->out_msglen += padlen + 1;
elessair	0:f269e3021894	1447
elessair	0:f269e3021894	1448	enc_msglen = ssl->out_msglen;
elessair	0:f269e3021894	1449	enc_msg = ssl->out_msg;
elessair	0:f269e3021894	1450
elessair	0:f269e3021894	1451	#if defined(MBEDTLS_SSL_PROTO_TLS1_1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	1452	/*
elessair	0:f269e3021894	1453	* Prepend per-record IV for block cipher in TLS v1.1 and up as per
elessair	0:f269e3021894	1454	* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
elessair	0:f269e3021894	1455	*/
elessair	0:f269e3021894	1456	if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
elessair	0:f269e3021894	1457	{
elessair	0:f269e3021894	1458	/*
elessair	0:f269e3021894	1459	* Generate IV
elessair	0:f269e3021894	1460	*/
elessair	0:f269e3021894	1461	ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc,
elessair	0:f269e3021894	1462	ssl->transform_out->ivlen );
elessair	0:f269e3021894	1463	if( ret != 0 )
elessair	0:f269e3021894	1464	return( ret );
elessair	0:f269e3021894	1465
elessair	0:f269e3021894	1466	memcpy( ssl->out_iv, ssl->transform_out->iv_enc,
elessair	0:f269e3021894	1467	ssl->transform_out->ivlen );
elessair	0:f269e3021894	1468
elessair	0:f269e3021894	1469	/*
elessair	0:f269e3021894	1470	* Fix pointer positions and message length with added IV
elessair	0:f269e3021894	1471	*/
elessair	0:f269e3021894	1472	enc_msg = ssl->out_msg;
elessair	0:f269e3021894	1473	enc_msglen = ssl->out_msglen;
elessair	0:f269e3021894	1474	ssl->out_msglen += ssl->transform_out->ivlen;
elessair	0:f269e3021894	1475	}
elessair	0:f269e3021894	1476	#endif /* MBEDTLS_SSL_PROTO_TLS1_1 \|\| MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	1477
elessair	0:f269e3021894	1478	MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
elessair	0:f269e3021894	1479	"including %d bytes of IV and %d bytes of padding",
elessair	0:f269e3021894	1480	ssl->out_msglen, ssl->transform_out->ivlen,
elessair	0:f269e3021894	1481	padlen + 1 ) );
elessair	0:f269e3021894	1482
elessair	0:f269e3021894	1483	if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
elessair	0:f269e3021894	1484	ssl->transform_out->iv_enc,
elessair	0:f269e3021894	1485	ssl->transform_out->ivlen,
elessair	0:f269e3021894	1486	enc_msg, enc_msglen,
elessair	0:f269e3021894	1487	enc_msg, &olen ) ) != 0 )
elessair	0:f269e3021894	1488	{
elessair	0:f269e3021894	1489	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
elessair	0:f269e3021894	1490	return( ret );
elessair	0:f269e3021894	1491	}
elessair	0:f269e3021894	1492
elessair	0:f269e3021894	1493	if( enc_msglen != olen )
elessair	0:f269e3021894	1494	{
elessair	0:f269e3021894	1495	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1496	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1497	}
elessair	0:f269e3021894	1498
elessair	0:f269e3021894	1499	#if defined(MBEDTLS_SSL_PROTO_SSL3) \|\| defined(MBEDTLS_SSL_PROTO_TLS1)
elessair	0:f269e3021894	1500	if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
elessair	0:f269e3021894	1501	{
elessair	0:f269e3021894	1502	/*
elessair	0:f269e3021894	1503	* Save IV in SSL3 and TLS1
elessair	0:f269e3021894	1504	*/
elessair	0:f269e3021894	1505	memcpy( ssl->transform_out->iv_enc,
elessair	0:f269e3021894	1506	ssl->transform_out->cipher_ctx_enc.iv,
elessair	0:f269e3021894	1507	ssl->transform_out->ivlen );
elessair	0:f269e3021894	1508	}
elessair	0:f269e3021894	1509	#endif
elessair	0:f269e3021894	1510
elessair	0:f269e3021894	1511	#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
elessair	0:f269e3021894	1512	if( auth_done == 0 )
elessair	0:f269e3021894	1513	{
elessair	0:f269e3021894	1514	/*
elessair	0:f269e3021894	1515	* MAC(MAC_write_key, seq_num +
elessair	0:f269e3021894	1516	* TLSCipherText.type +
elessair	0:f269e3021894	1517	* TLSCipherText.version +
elessair	0:f269e3021894	1518	* length_of( (IV +) ENC(...) ) +
elessair	0:f269e3021894	1519	* IV + // except for TLS 1.0
elessair	0:f269e3021894	1520	* ENC(content + padding + padding_length));
elessair	0:f269e3021894	1521	*/
elessair	0:f269e3021894	1522	unsigned char pseudo_hdr[13];
elessair	0:f269e3021894	1523
elessair	0:f269e3021894	1524	MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
elessair	0:f269e3021894	1525
elessair	0:f269e3021894	1526	memcpy( pseudo_hdr + 0, ssl->out_ctr, 8 );
elessair	0:f269e3021894	1527	memcpy( pseudo_hdr + 8, ssl->out_hdr, 3 );
elessair	0:f269e3021894	1528	pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF );
elessair	0:f269e3021894	1529	pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen ) & 0xFF );
elessair	0:f269e3021894	1530
elessair	0:f269e3021894	1531	MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
elessair	0:f269e3021894	1532
elessair	0:f269e3021894	1533	mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 );
elessair	0:f269e3021894	1534	mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
elessair	0:f269e3021894	1535	ssl->out_iv, ssl->out_msglen );
elessair	0:f269e3021894	1536	mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc,
elessair	0:f269e3021894	1537	ssl->out_iv + ssl->out_msglen );
elessair	0:f269e3021894	1538	mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
elessair	0:f269e3021894	1539
elessair	0:f269e3021894	1540	ssl->out_msglen += ssl->transform_out->maclen;
elessair	0:f269e3021894	1541	auth_done++;
elessair	0:f269e3021894	1542	}
elessair	0:f269e3021894	1543	#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
elessair	0:f269e3021894	1544	}
elessair	0:f269e3021894	1545	else
elessair	0:f269e3021894	1546	#endif /* MBEDTLS_CIPHER_MODE_CBC &&
elessair	0:f269e3021894	1547	( MBEDTLS_AES_C \|\| MBEDTLS_CAMELLIA_C ) */
elessair	0:f269e3021894	1548	{
elessair	0:f269e3021894	1549	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1550	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1551	}
elessair	0:f269e3021894	1552
elessair	0:f269e3021894	1553	/* Make extra sure authentication was performed, exactly once */
elessair	0:f269e3021894	1554	if( auth_done != 1 )
elessair	0:f269e3021894	1555	{
elessair	0:f269e3021894	1556	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1557	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1558	}
elessair	0:f269e3021894	1559
elessair	0:f269e3021894	1560	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
elessair	0:f269e3021894	1561
elessair	0:f269e3021894	1562	return( 0 );
elessair	0:f269e3021894	1563	}
elessair	0:f269e3021894	1564
elessair	0:f269e3021894	1565	#define SSL_MAX_MAC_SIZE 48
elessair	0:f269e3021894	1566
elessair	0:f269e3021894	1567	static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	1568	{
elessair	0:f269e3021894	1569	size_t i;
elessair	0:f269e3021894	1570	mbedtls_cipher_mode_t mode;
elessair	0:f269e3021894	1571	int auth_done = 0;
elessair	0:f269e3021894	1572	#if defined(SSL_SOME_MODES_USE_MAC)
elessair	0:f269e3021894	1573	size_t padlen = 0, correct = 1;
elessair	0:f269e3021894	1574	#endif
elessair	0:f269e3021894	1575
elessair	0:f269e3021894	1576	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
elessair	0:f269e3021894	1577
elessair	0:f269e3021894	1578	if( ssl->session_in == NULL \|\| ssl->transform_in == NULL )
elessair	0:f269e3021894	1579	{
elessair	0:f269e3021894	1580	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1581	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1582	}
elessair	0:f269e3021894	1583
elessair	0:f269e3021894	1584	mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec );
elessair	0:f269e3021894	1585
elessair	0:f269e3021894	1586	if( ssl->in_msglen < ssl->transform_in->minlen )
elessair	0:f269e3021894	1587	{
elessair	0:f269e3021894	1588	MBEDTLS_SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
elessair	0:f269e3021894	1589	ssl->in_msglen, ssl->transform_in->minlen ) );
elessair	0:f269e3021894	1590	return( MBEDTLS_ERR_SSL_INVALID_MAC );
elessair	0:f269e3021894	1591	}
elessair	0:f269e3021894	1592
elessair	0:f269e3021894	1593	#if defined(MBEDTLS_ARC4_C) \|\| defined(MBEDTLS_CIPHER_NULL_CIPHER)
elessair	0:f269e3021894	1594	if( mode == MBEDTLS_MODE_STREAM )
elessair	0:f269e3021894	1595	{
elessair	0:f269e3021894	1596	int ret;
elessair	0:f269e3021894	1597	size_t olen = 0;
elessair	0:f269e3021894	1598
elessair	0:f269e3021894	1599	padlen = 0;
elessair	0:f269e3021894	1600
elessair	0:f269e3021894	1601	if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
elessair	0:f269e3021894	1602	ssl->transform_in->iv_dec,
elessair	0:f269e3021894	1603	ssl->transform_in->ivlen,
elessair	0:f269e3021894	1604	ssl->in_msg, ssl->in_msglen,
elessair	0:f269e3021894	1605	ssl->in_msg, &olen ) ) != 0 )
elessair	0:f269e3021894	1606	{
elessair	0:f269e3021894	1607	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
elessair	0:f269e3021894	1608	return( ret );
elessair	0:f269e3021894	1609	}
elessair	0:f269e3021894	1610
elessair	0:f269e3021894	1611	if( ssl->in_msglen != olen )
elessair	0:f269e3021894	1612	{
elessair	0:f269e3021894	1613	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1614	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1615	}
elessair	0:f269e3021894	1616	}
elessair	0:f269e3021894	1617	else
elessair	0:f269e3021894	1618	#endif /* MBEDTLS_ARC4_C \|\| MBEDTLS_CIPHER_NULL_CIPHER */
elessair	0:f269e3021894	1619	#if defined(MBEDTLS_GCM_C) \|\| defined(MBEDTLS_CCM_C)
elessair	0:f269e3021894	1620	if( mode == MBEDTLS_MODE_GCM \|\|
elessair	0:f269e3021894	1621	mode == MBEDTLS_MODE_CCM )
elessair	0:f269e3021894	1622	{
elessair	0:f269e3021894	1623	int ret;
elessair	0:f269e3021894	1624	size_t dec_msglen, olen;
elessair	0:f269e3021894	1625	unsigned char *dec_msg;
elessair	0:f269e3021894	1626	unsigned char *dec_msg_result;
elessair	0:f269e3021894	1627	unsigned char add_data[13];
elessair	0:f269e3021894	1628	unsigned char taglen = ssl->transform_in->ciphersuite_info->flags &
elessair	0:f269e3021894	1629	MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
elessair	0:f269e3021894	1630	size_t explicit_iv_len = ssl->transform_in->ivlen -
elessair	0:f269e3021894	1631	ssl->transform_in->fixed_ivlen;
elessair	0:f269e3021894	1632
elessair	0:f269e3021894	1633	if( ssl->in_msglen < explicit_iv_len + taglen )
elessair	0:f269e3021894	1634	{
elessair	0:f269e3021894	1635	MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
elessair	0:f269e3021894	1636	"+ taglen (%d)", ssl->in_msglen,
elessair	0:f269e3021894	1637	explicit_iv_len, taglen ) );
elessair	0:f269e3021894	1638	return( MBEDTLS_ERR_SSL_INVALID_MAC );
elessair	0:f269e3021894	1639	}
elessair	0:f269e3021894	1640	dec_msglen = ssl->in_msglen - explicit_iv_len - taglen;
elessair	0:f269e3021894	1641
elessair	0:f269e3021894	1642	dec_msg = ssl->in_msg;
elessair	0:f269e3021894	1643	dec_msg_result = ssl->in_msg;
elessair	0:f269e3021894	1644	ssl->in_msglen = dec_msglen;
elessair	0:f269e3021894	1645
elessair	0:f269e3021894	1646	memcpy( add_data, ssl->in_ctr, 8 );
elessair	0:f269e3021894	1647	add_data[8] = ssl->in_msgtype;
elessair	0:f269e3021894	1648	mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
elessair	0:f269e3021894	1649	ssl->conf->transport, add_data + 9 );
elessair	0:f269e3021894	1650	add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF;
elessair	0:f269e3021894	1651	add_data[12] = ssl->in_msglen & 0xFF;
elessair	0:f269e3021894	1652
elessair	0:f269e3021894	1653	MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
elessair	0:f269e3021894	1654	add_data, 13 );
elessair	0:f269e3021894	1655
elessair	0:f269e3021894	1656	memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
elessair	0:f269e3021894	1657	ssl->in_iv,
elessair	0:f269e3021894	1658	ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen );
elessair	0:f269e3021894	1659
elessair	0:f269e3021894	1660	MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec,
elessair	0:f269e3021894	1661	ssl->transform_in->ivlen );
elessair	0:f269e3021894	1662	MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen );
elessair	0:f269e3021894	1663
elessair	0:f269e3021894	1664	/*
elessair	0:f269e3021894	1665	* Decrypt and authenticate
elessair	0:f269e3021894	1666	*/
elessair	0:f269e3021894	1667	if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec,
elessair	0:f269e3021894	1668	ssl->transform_in->iv_dec,
elessair	0:f269e3021894	1669	ssl->transform_in->ivlen,
elessair	0:f269e3021894	1670	add_data, 13,
elessair	0:f269e3021894	1671	dec_msg, dec_msglen,
elessair	0:f269e3021894	1672	dec_msg_result, &olen,
elessair	0:f269e3021894	1673	dec_msg + dec_msglen, taglen ) ) != 0 )
elessair	0:f269e3021894	1674	{
elessair	0:f269e3021894	1675	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret );
elessair	0:f269e3021894	1676
elessair	0:f269e3021894	1677	if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
elessair	0:f269e3021894	1678	return( MBEDTLS_ERR_SSL_INVALID_MAC );
elessair	0:f269e3021894	1679
elessair	0:f269e3021894	1680	return( ret );
elessair	0:f269e3021894	1681	}
elessair	0:f269e3021894	1682	auth_done++;
elessair	0:f269e3021894	1683
elessair	0:f269e3021894	1684	if( olen != dec_msglen )
elessair	0:f269e3021894	1685	{
elessair	0:f269e3021894	1686	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1687	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1688	}
elessair	0:f269e3021894	1689	}
elessair	0:f269e3021894	1690	else
elessair	0:f269e3021894	1691	#endif /* MBEDTLS_GCM_C \|\| MBEDTLS_CCM_C */
elessair	0:f269e3021894	1692	#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
elessair	0:f269e3021894	1693	( defined(MBEDTLS_AES_C) \|\| defined(MBEDTLS_CAMELLIA_C) )
elessair	0:f269e3021894	1694	if( mode == MBEDTLS_MODE_CBC )
elessair	0:f269e3021894	1695	{
elessair	0:f269e3021894	1696	/*
elessair	0:f269e3021894	1697	* Decrypt and check the padding
elessair	0:f269e3021894	1698	*/
elessair	0:f269e3021894	1699	int ret;
elessair	0:f269e3021894	1700	unsigned char *dec_msg;
elessair	0:f269e3021894	1701	unsigned char *dec_msg_result;
elessair	0:f269e3021894	1702	size_t dec_msglen;
elessair	0:f269e3021894	1703	size_t minlen = 0;
elessair	0:f269e3021894	1704	size_t olen = 0;
elessair	0:f269e3021894	1705
elessair	0:f269e3021894	1706	/*
elessair	0:f269e3021894	1707	* Check immediate ciphertext sanity
elessair	0:f269e3021894	1708	*/
elessair	0:f269e3021894	1709	#if defined(MBEDTLS_SSL_PROTO_TLS1_1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	1710	if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
elessair	0:f269e3021894	1711	minlen += ssl->transform_in->ivlen;
elessair	0:f269e3021894	1712	#endif
elessair	0:f269e3021894	1713
elessair	0:f269e3021894	1714	if( ssl->in_msglen < minlen + ssl->transform_in->ivlen \|\|
elessair	0:f269e3021894	1715	ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 )
elessair	0:f269e3021894	1716	{
elessair	0:f269e3021894	1717	MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) "
elessair	0:f269e3021894	1718	"+ 1 ) ( + expl IV )", ssl->in_msglen,
elessair	0:f269e3021894	1719	ssl->transform_in->ivlen,
elessair	0:f269e3021894	1720	ssl->transform_in->maclen ) );
elessair	0:f269e3021894	1721	return( MBEDTLS_ERR_SSL_INVALID_MAC );
elessair	0:f269e3021894	1722	}
elessair	0:f269e3021894	1723
elessair	0:f269e3021894	1724	dec_msglen = ssl->in_msglen;
elessair	0:f269e3021894	1725	dec_msg = ssl->in_msg;
elessair	0:f269e3021894	1726	dec_msg_result = ssl->in_msg;
elessair	0:f269e3021894	1727
elessair	0:f269e3021894	1728	/*
elessair	0:f269e3021894	1729	* Authenticate before decrypt if enabled
elessair	0:f269e3021894	1730	*/
elessair	0:f269e3021894	1731	#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
elessair	0:f269e3021894	1732	if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
elessair	0:f269e3021894	1733	{
elessair	0:f269e3021894	1734	unsigned char computed_mac[SSL_MAX_MAC_SIZE];
elessair	0:f269e3021894	1735	unsigned char pseudo_hdr[13];
elessair	0:f269e3021894	1736
elessair	0:f269e3021894	1737	MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
elessair	0:f269e3021894	1738
elessair	0:f269e3021894	1739	dec_msglen -= ssl->transform_in->maclen;
elessair	0:f269e3021894	1740	ssl->in_msglen -= ssl->transform_in->maclen;
elessair	0:f269e3021894	1741
elessair	0:f269e3021894	1742	memcpy( pseudo_hdr + 0, ssl->in_ctr, 8 );
elessair	0:f269e3021894	1743	memcpy( pseudo_hdr + 8, ssl->in_hdr, 3 );
elessair	0:f269e3021894	1744	pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF );
elessair	0:f269e3021894	1745	pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen ) & 0xFF );
elessair	0:f269e3021894	1746
elessair	0:f269e3021894	1747	MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
elessair	0:f269e3021894	1748
elessair	0:f269e3021894	1749	mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 );
elessair	0:f269e3021894	1750	mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec,
elessair	0:f269e3021894	1751	ssl->in_iv, ssl->in_msglen );
elessair	0:f269e3021894	1752	mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, computed_mac );
elessair	0:f269e3021894	1753	mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
elessair	0:f269e3021894	1754
elessair	0:f269e3021894	1755	MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen,
elessair	0:f269e3021894	1756	ssl->transform_in->maclen );
elessair	0:f269e3021894	1757	MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", computed_mac,
elessair	0:f269e3021894	1758	ssl->transform_in->maclen );
elessair	0:f269e3021894	1759
elessair	0:f269e3021894	1760	if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, computed_mac,
elessair	0:f269e3021894	1761	ssl->transform_in->maclen ) != 0 )
elessair	0:f269e3021894	1762	{
elessair	0:f269e3021894	1763	MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
elessair	0:f269e3021894	1764
elessair	0:f269e3021894	1765	return( MBEDTLS_ERR_SSL_INVALID_MAC );
elessair	0:f269e3021894	1766	}
elessair	0:f269e3021894	1767	auth_done++;
elessair	0:f269e3021894	1768	}
elessair	0:f269e3021894	1769	#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
elessair	0:f269e3021894	1770
elessair	0:f269e3021894	1771	/*
elessair	0:f269e3021894	1772	* Check length sanity
elessair	0:f269e3021894	1773	*/
elessair	0:f269e3021894	1774	if( ssl->in_msglen % ssl->transform_in->ivlen != 0 )
elessair	0:f269e3021894	1775	{
elessair	0:f269e3021894	1776	MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
elessair	0:f269e3021894	1777	ssl->in_msglen, ssl->transform_in->ivlen ) );
elessair	0:f269e3021894	1778	return( MBEDTLS_ERR_SSL_INVALID_MAC );
elessair	0:f269e3021894	1779	}
elessair	0:f269e3021894	1780
elessair	0:f269e3021894	1781	#if defined(MBEDTLS_SSL_PROTO_TLS1_1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	1782	/*
elessair	0:f269e3021894	1783	* Initialize for prepended IV for block cipher in TLS v1.1 and up
elessair	0:f269e3021894	1784	*/
elessair	0:f269e3021894	1785	if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
elessair	0:f269e3021894	1786	{
elessair	0:f269e3021894	1787	dec_msglen -= ssl->transform_in->ivlen;
elessair	0:f269e3021894	1788	ssl->in_msglen -= ssl->transform_in->ivlen;
elessair	0:f269e3021894	1789
elessair	0:f269e3021894	1790	for( i = 0; i < ssl->transform_in->ivlen; i++ )
elessair	0:f269e3021894	1791	ssl->transform_in->iv_dec[i] = ssl->in_iv[i];
elessair	0:f269e3021894	1792	}
elessair	0:f269e3021894	1793	#endif /* MBEDTLS_SSL_PROTO_TLS1_1 \|\| MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	1794
elessair	0:f269e3021894	1795	if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
elessair	0:f269e3021894	1796	ssl->transform_in->iv_dec,
elessair	0:f269e3021894	1797	ssl->transform_in->ivlen,
elessair	0:f269e3021894	1798	dec_msg, dec_msglen,
elessair	0:f269e3021894	1799	dec_msg_result, &olen ) ) != 0 )
elessair	0:f269e3021894	1800	{
elessair	0:f269e3021894	1801	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
elessair	0:f269e3021894	1802	return( ret );
elessair	0:f269e3021894	1803	}
elessair	0:f269e3021894	1804
elessair	0:f269e3021894	1805	if( dec_msglen != olen )
elessair	0:f269e3021894	1806	{
elessair	0:f269e3021894	1807	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1808	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1809	}
elessair	0:f269e3021894	1810
elessair	0:f269e3021894	1811	#if defined(MBEDTLS_SSL_PROTO_SSL3) \|\| defined(MBEDTLS_SSL_PROTO_TLS1)
elessair	0:f269e3021894	1812	if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
elessair	0:f269e3021894	1813	{
elessair	0:f269e3021894	1814	/*
elessair	0:f269e3021894	1815	* Save IV in SSL3 and TLS1
elessair	0:f269e3021894	1816	*/
elessair	0:f269e3021894	1817	memcpy( ssl->transform_in->iv_dec,
elessair	0:f269e3021894	1818	ssl->transform_in->cipher_ctx_dec.iv,
elessair	0:f269e3021894	1819	ssl->transform_in->ivlen );
elessair	0:f269e3021894	1820	}
elessair	0:f269e3021894	1821	#endif
elessair	0:f269e3021894	1822
elessair	0:f269e3021894	1823	padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
elessair	0:f269e3021894	1824
elessair	0:f269e3021894	1825	if( ssl->in_msglen < ssl->transform_in->maclen + padlen &&
elessair	0:f269e3021894	1826	auth_done == 0 )
elessair	0:f269e3021894	1827	{
elessair	0:f269e3021894	1828	#if defined(MBEDTLS_SSL_DEBUG_ALL)
elessair	0:f269e3021894	1829	MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
elessair	0:f269e3021894	1830	ssl->in_msglen, ssl->transform_in->maclen, padlen ) );
elessair	0:f269e3021894	1831	#endif
elessair	0:f269e3021894	1832	padlen = 0;
elessair	0:f269e3021894	1833	correct = 0;
elessair	0:f269e3021894	1834	}
elessair	0:f269e3021894	1835
elessair	0:f269e3021894	1836	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	1837	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
elessair	0:f269e3021894	1838	{
elessair	0:f269e3021894	1839	if( padlen > ssl->transform_in->ivlen )
elessair	0:f269e3021894	1840	{
elessair	0:f269e3021894	1841	#if defined(MBEDTLS_SSL_DEBUG_ALL)
elessair	0:f269e3021894	1842	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
elessair	0:f269e3021894	1843	"should be no more than %d",
elessair	0:f269e3021894	1844	padlen, ssl->transform_in->ivlen ) );
elessair	0:f269e3021894	1845	#endif
elessair	0:f269e3021894	1846	correct = 0;
elessair	0:f269e3021894	1847	}
elessair	0:f269e3021894	1848	}
elessair	0:f269e3021894	1849	else
elessair	0:f269e3021894	1850	#endif /* MBEDTLS_SSL_PROTO_SSL3 */
elessair	0:f269e3021894	1851	#if defined(MBEDTLS_SSL_PROTO_TLS1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_1) \|\| \
elessair	0:f269e3021894	1852	defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	1853	if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
elessair	0:f269e3021894	1854	{
elessair	0:f269e3021894	1855	/*
elessair	0:f269e3021894	1856	* TLSv1+: always check the padding up to the first failure
elessair	0:f269e3021894	1857	* and fake check up to 256 bytes of padding
elessair	0:f269e3021894	1858	*/
elessair	0:f269e3021894	1859	size_t pad_count = 0, real_count = 1;
elessair	0:f269e3021894	1860	size_t padding_idx = ssl->in_msglen - padlen - 1;
elessair	0:f269e3021894	1861
elessair	0:f269e3021894	1862	/*
elessair	0:f269e3021894	1863	* Padding is guaranteed to be incorrect if:
elessair	0:f269e3021894	1864	* 1. padlen >= ssl->in_msglen
elessair	0:f269e3021894	1865	*
elessair	0:f269e3021894	1866	* 2. padding_idx >= MBEDTLS_SSL_MAX_CONTENT_LEN +
elessair	0:f269e3021894	1867	* ssl->transform_in->maclen
elessair	0:f269e3021894	1868	*
elessair	0:f269e3021894	1869	* In both cases we reset padding_idx to a safe value (0) to
elessair	0:f269e3021894	1870	* prevent out-of-buffer reads.
elessair	0:f269e3021894	1871	*/
elessair	0:f269e3021894	1872	correct &= ( ssl->in_msglen >= padlen + 1 );
elessair	0:f269e3021894	1873	correct &= ( padding_idx < MBEDTLS_SSL_MAX_CONTENT_LEN +
elessair	0:f269e3021894	1874	ssl->transform_in->maclen );
elessair	0:f269e3021894	1875
elessair	0:f269e3021894	1876	padding_idx *= correct;
elessair	0:f269e3021894	1877
elessair	0:f269e3021894	1878	for( i = 1; i <= 256; i++ )
elessair	0:f269e3021894	1879	{
elessair	0:f269e3021894	1880	real_count &= ( i <= padlen );
elessair	0:f269e3021894	1881	pad_count += real_count *
elessair	0:f269e3021894	1882	( ssl->in_msg[padding_idx + i] == padlen - 1 );
elessair	0:f269e3021894	1883	}
elessair	0:f269e3021894	1884
elessair	0:f269e3021894	1885	correct &= ( pad_count == padlen ); /* Only 1 on correct padding */
elessair	0:f269e3021894	1886
elessair	0:f269e3021894	1887	#if defined(MBEDTLS_SSL_DEBUG_ALL)
elessair	0:f269e3021894	1888	if( padlen > 0 && correct == 0 )
elessair	0:f269e3021894	1889	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
elessair	0:f269e3021894	1890	#endif
elessair	0:f269e3021894	1891	padlen &= correct * 0x1FF;
elessair	0:f269e3021894	1892	}
elessair	0:f269e3021894	1893	else
elessair	0:f269e3021894	1894	#endif /* MBEDTLS_SSL_PROTO_TLS1 \|\| MBEDTLS_SSL_PROTO_TLS1_1 \|\| \
elessair	0:f269e3021894	1895	MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	1896	{
elessair	0:f269e3021894	1897	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1898	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1899	}
elessair	0:f269e3021894	1900
elessair	0:f269e3021894	1901	ssl->in_msglen -= padlen;
elessair	0:f269e3021894	1902	}
elessair	0:f269e3021894	1903	else
elessair	0:f269e3021894	1904	#endif /* MBEDTLS_CIPHER_MODE_CBC &&
elessair	0:f269e3021894	1905	( MBEDTLS_AES_C \|\| MBEDTLS_CAMELLIA_C ) */
elessair	0:f269e3021894	1906	{
elessair	0:f269e3021894	1907	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1908	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1909	}
elessair	0:f269e3021894	1910
elessair	0:f269e3021894	1911	MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption",
elessair	0:f269e3021894	1912	ssl->in_msg, ssl->in_msglen );
elessair	0:f269e3021894	1913
elessair	0:f269e3021894	1914	/*
elessair	0:f269e3021894	1915	* Authenticate if not done yet.
elessair	0:f269e3021894	1916	* Compute the MAC regardless of the padding result (RFC4346, CBCTIME).
elessair	0:f269e3021894	1917	*/
elessair	0:f269e3021894	1918	#if defined(SSL_SOME_MODES_USE_MAC)
elessair	0:f269e3021894	1919	if( auth_done == 0 )
elessair	0:f269e3021894	1920	{
elessair	0:f269e3021894	1921	unsigned char tmp[SSL_MAX_MAC_SIZE];
elessair	0:f269e3021894	1922
elessair	0:f269e3021894	1923	ssl->in_msglen -= ssl->transform_in->maclen;
elessair	0:f269e3021894	1924
elessair	0:f269e3021894	1925	ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 );
elessair	0:f269e3021894	1926	ssl->in_len[1] = (unsigned char)( ssl->in_msglen );
elessair	0:f269e3021894	1927
elessair	0:f269e3021894	1928	memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen );
elessair	0:f269e3021894	1929
elessair	0:f269e3021894	1930	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	1931	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
elessair	0:f269e3021894	1932	{
elessair	0:f269e3021894	1933	ssl_mac( &ssl->transform_in->md_ctx_dec,
elessair	0:f269e3021894	1934	ssl->transform_in->mac_dec,
elessair	0:f269e3021894	1935	ssl->in_msg, ssl->in_msglen,
elessair	0:f269e3021894	1936	ssl->in_ctr, ssl->in_msgtype );
elessair	0:f269e3021894	1937	}
elessair	0:f269e3021894	1938	else
elessair	0:f269e3021894	1939	#endif /* MBEDTLS_SSL_PROTO_SSL3 */
elessair	0:f269e3021894	1940	#if defined(MBEDTLS_SSL_PROTO_TLS1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_1) \|\| \
elessair	0:f269e3021894	1941	defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	1942	if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
elessair	0:f269e3021894	1943	{
elessair	0:f269e3021894	1944	/*
elessair	0:f269e3021894	1945	* Process MAC and always update for padlen afterwards to make
elessair	0:f269e3021894	1946	* total time independent of padlen
elessair	0:f269e3021894	1947	*
elessair	0:f269e3021894	1948	* extra_run compensates MAC check for padlen
elessair	0:f269e3021894	1949	*
elessair	0:f269e3021894	1950	* Known timing attacks:
elessair	0:f269e3021894	1951	* - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf)
elessair	0:f269e3021894	1952	*
elessair	0:f269e3021894	1953	* We use ( ( Lx + 8 ) / 64 ) to handle 'negative Lx' values
elessair	0:f269e3021894	1954	* correctly. (We round down instead of up, so -56 is the correct
elessair	0:f269e3021894	1955	* value for our calculations instead of -55)
elessair	0:f269e3021894	1956	*/
elessair	0:f269e3021894	1957	size_t j, extra_run = 0;
elessair	0:f269e3021894	1958	extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
elessair	0:f269e3021894	1959	( 13 + ssl->in_msglen + 8 ) / 64;
elessair	0:f269e3021894	1960
elessair	0:f269e3021894	1961	extra_run &= correct * 0xFF;
elessair	0:f269e3021894	1962
elessair	0:f269e3021894	1963	mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 );
elessair	0:f269e3021894	1964	mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 );
elessair	0:f269e3021894	1965	mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 );
elessair	0:f269e3021894	1966	mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg,
elessair	0:f269e3021894	1967	ssl->in_msglen );
elessair	0:f269e3021894	1968	mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec,
elessair	0:f269e3021894	1969	ssl->in_msg + ssl->in_msglen );
elessair	0:f269e3021894	1970	/* Call mbedtls_md_process at least once due to cache attacks */
elessair	0:f269e3021894	1971	for( j = 0; j < extra_run + 1; j++ )
elessair	0:f269e3021894	1972	mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
elessair	0:f269e3021894	1973
elessair	0:f269e3021894	1974	mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
elessair	0:f269e3021894	1975	}
elessair	0:f269e3021894	1976	else
elessair	0:f269e3021894	1977	#endif /* MBEDTLS_SSL_PROTO_TLS1 \|\| MBEDTLS_SSL_PROTO_TLS1_1 \|\| \
elessair	0:f269e3021894	1978	MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	1979	{
elessair	0:f269e3021894	1980	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	1981	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	1982	}
elessair	0:f269e3021894	1983
elessair	0:f269e3021894	1984	MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen );
elessair	0:f269e3021894	1985	MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
elessair	0:f269e3021894	1986	ssl->transform_in->maclen );
elessair	0:f269e3021894	1987
elessair	0:f269e3021894	1988	if( mbedtls_ssl_safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen,
elessair	0:f269e3021894	1989	ssl->transform_in->maclen ) != 0 )
elessair	0:f269e3021894	1990	{
elessair	0:f269e3021894	1991	#if defined(MBEDTLS_SSL_DEBUG_ALL)
elessair	0:f269e3021894	1992	MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
elessair	0:f269e3021894	1993	#endif
elessair	0:f269e3021894	1994	correct = 0;
elessair	0:f269e3021894	1995	}
elessair	0:f269e3021894	1996	auth_done++;
elessair	0:f269e3021894	1997
elessair	0:f269e3021894	1998	/*
elessair	0:f269e3021894	1999	* Finally check the correct flag
elessair	0:f269e3021894	2000	*/
elessair	0:f269e3021894	2001	if( correct == 0 )
elessair	0:f269e3021894	2002	return( MBEDTLS_ERR_SSL_INVALID_MAC );
elessair	0:f269e3021894	2003	}
elessair	0:f269e3021894	2004	#endif /* SSL_SOME_MODES_USE_MAC */
elessair	0:f269e3021894	2005
elessair	0:f269e3021894	2006	/* Make extra sure authentication was performed, exactly once */
elessair	0:f269e3021894	2007	if( auth_done != 1 )
elessair	0:f269e3021894	2008	{
elessair	0:f269e3021894	2009	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	2010	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	2011	}
elessair	0:f269e3021894	2012
elessair	0:f269e3021894	2013	if( ssl->in_msglen == 0 )
elessair	0:f269e3021894	2014	{
elessair	0:f269e3021894	2015	ssl->nb_zero++;
elessair	0:f269e3021894	2016
elessair	0:f269e3021894	2017	/*
elessair	0:f269e3021894	2018	* Three or more empty messages may be a DoS attack
elessair	0:f269e3021894	2019	* (excessive CPU consumption).
elessair	0:f269e3021894	2020	*/
elessair	0:f269e3021894	2021	if( ssl->nb_zero > 3 )
elessair	0:f269e3021894	2022	{
elessair	0:f269e3021894	2023	MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
elessair	0:f269e3021894	2024	"messages, possible DoS attack" ) );
elessair	0:f269e3021894	2025	return( MBEDTLS_ERR_SSL_INVALID_MAC );
elessair	0:f269e3021894	2026	}
elessair	0:f269e3021894	2027	}
elessair	0:f269e3021894	2028	else
elessair	0:f269e3021894	2029	ssl->nb_zero = 0;
elessair	0:f269e3021894	2030
elessair	0:f269e3021894	2031	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	2032	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	2033	{
elessair	0:f269e3021894	2034	; /* in_ctr read from peer, not maintained internally */
elessair	0:f269e3021894	2035	}
elessair	0:f269e3021894	2036	else
elessair	0:f269e3021894	2037	#endif
elessair	0:f269e3021894	2038	{
elessair	0:f269e3021894	2039	for( i = 8; i > ssl_ep_len( ssl ); i-- )
elessair	0:f269e3021894	2040	if( ++ssl->in_ctr[i - 1] != 0 )
elessair	0:f269e3021894	2041	break;
elessair	0:f269e3021894	2042
elessair	0:f269e3021894	2043	/* The loop goes to its end iff the counter is wrapping */
elessair	0:f269e3021894	2044	if( i == ssl_ep_len( ssl ) )
elessair	0:f269e3021894	2045	{
elessair	0:f269e3021894	2046	MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
elessair	0:f269e3021894	2047	return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
elessair	0:f269e3021894	2048	}
elessair	0:f269e3021894	2049	}
elessair	0:f269e3021894	2050
elessair	0:f269e3021894	2051	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
elessair	0:f269e3021894	2052
elessair	0:f269e3021894	2053	return( 0 );
elessair	0:f269e3021894	2054	}
elessair	0:f269e3021894	2055
elessair	0:f269e3021894	2056	#undef MAC_NONE
elessair	0:f269e3021894	2057	#undef MAC_PLAINTEXT
elessair	0:f269e3021894	2058	#undef MAC_CIPHERTEXT
elessair	0:f269e3021894	2059
elessair	0:f269e3021894	2060	#if defined(MBEDTLS_ZLIB_SUPPORT)
elessair	0:f269e3021894	2061	/*
elessair	0:f269e3021894	2062	* Compression/decompression functions
elessair	0:f269e3021894	2063	*/
elessair	0:f269e3021894	2064	static int ssl_compress_buf( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	2065	{
elessair	0:f269e3021894	2066	int ret;
elessair	0:f269e3021894	2067	unsigned char *msg_post = ssl->out_msg;
elessair	0:f269e3021894	2068	size_t len_pre = ssl->out_msglen;
elessair	0:f269e3021894	2069	unsigned char *msg_pre = ssl->compress_buf;
elessair	0:f269e3021894	2070
elessair	0:f269e3021894	2071	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> compress buf" ) );
elessair	0:f269e3021894	2072
elessair	0:f269e3021894	2073	if( len_pre == 0 )
elessair	0:f269e3021894	2074	return( 0 );
elessair	0:f269e3021894	2075
elessair	0:f269e3021894	2076	memcpy( msg_pre, ssl->out_msg, len_pre );
elessair	0:f269e3021894	2077
elessair	0:f269e3021894	2078	MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
elessair	0:f269e3021894	2079	ssl->out_msglen ) );
elessair	0:f269e3021894	2080
elessair	0:f269e3021894	2081	MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
elessair	0:f269e3021894	2082	ssl->out_msg, ssl->out_msglen );
elessair	0:f269e3021894	2083
elessair	0:f269e3021894	2084	ssl->transform_out->ctx_deflate.next_in = msg_pre;
elessair	0:f269e3021894	2085	ssl->transform_out->ctx_deflate.avail_in = len_pre;
elessair	0:f269e3021894	2086	ssl->transform_out->ctx_deflate.next_out = msg_post;
elessair	0:f269e3021894	2087	ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN;
elessair	0:f269e3021894	2088
elessair	0:f269e3021894	2089	ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
elessair	0:f269e3021894	2090	if( ret != Z_OK )
elessair	0:f269e3021894	2091	{
elessair	0:f269e3021894	2092	MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) );
elessair	0:f269e3021894	2093	return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
elessair	0:f269e3021894	2094	}
elessair	0:f269e3021894	2095
elessair	0:f269e3021894	2096	ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN -
elessair	0:f269e3021894	2097	ssl->transform_out->ctx_deflate.avail_out;
elessair	0:f269e3021894	2098
elessair	0:f269e3021894	2099	MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
elessair	0:f269e3021894	2100	ssl->out_msglen ) );
elessair	0:f269e3021894	2101
elessair	0:f269e3021894	2102	MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
elessair	0:f269e3021894	2103	ssl->out_msg, ssl->out_msglen );
elessair	0:f269e3021894	2104
elessair	0:f269e3021894	2105	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= compress buf" ) );
elessair	0:f269e3021894	2106
elessair	0:f269e3021894	2107	return( 0 );
elessair	0:f269e3021894	2108	}
elessair	0:f269e3021894	2109
elessair	0:f269e3021894	2110	static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	2111	{
elessair	0:f269e3021894	2112	int ret;
elessair	0:f269e3021894	2113	unsigned char *msg_post = ssl->in_msg;
elessair	0:f269e3021894	2114	size_t len_pre = ssl->in_msglen;
elessair	0:f269e3021894	2115	unsigned char *msg_pre = ssl->compress_buf;
elessair	0:f269e3021894	2116
elessair	0:f269e3021894	2117	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) );
elessair	0:f269e3021894	2118
elessair	0:f269e3021894	2119	if( len_pre == 0 )
elessair	0:f269e3021894	2120	return( 0 );
elessair	0:f269e3021894	2121
elessair	0:f269e3021894	2122	memcpy( msg_pre, ssl->in_msg, len_pre );
elessair	0:f269e3021894	2123
elessair	0:f269e3021894	2124	MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
elessair	0:f269e3021894	2125	ssl->in_msglen ) );
elessair	0:f269e3021894	2126
elessair	0:f269e3021894	2127	MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
elessair	0:f269e3021894	2128	ssl->in_msg, ssl->in_msglen );
elessair	0:f269e3021894	2129
elessair	0:f269e3021894	2130	ssl->transform_in->ctx_inflate.next_in = msg_pre;
elessair	0:f269e3021894	2131	ssl->transform_in->ctx_inflate.avail_in = len_pre;
elessair	0:f269e3021894	2132	ssl->transform_in->ctx_inflate.next_out = msg_post;
elessair	0:f269e3021894	2133	ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_MAX_CONTENT_LEN;
elessair	0:f269e3021894	2134
elessair	0:f269e3021894	2135	ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
elessair	0:f269e3021894	2136	if( ret != Z_OK )
elessair	0:f269e3021894	2137	{
elessair	0:f269e3021894	2138	MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) );
elessair	0:f269e3021894	2139	return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
elessair	0:f269e3021894	2140	}
elessair	0:f269e3021894	2141
elessair	0:f269e3021894	2142	ssl->in_msglen = MBEDTLS_SSL_MAX_CONTENT_LEN -
elessair	0:f269e3021894	2143	ssl->transform_in->ctx_inflate.avail_out;
elessair	0:f269e3021894	2144
elessair	0:f269e3021894	2145	MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
elessair	0:f269e3021894	2146	ssl->in_msglen ) );
elessair	0:f269e3021894	2147
elessair	0:f269e3021894	2148	MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
elessair	0:f269e3021894	2149	ssl->in_msg, ssl->in_msglen );
elessair	0:f269e3021894	2150
elessair	0:f269e3021894	2151	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) );
elessair	0:f269e3021894	2152
elessair	0:f269e3021894	2153	return( 0 );
elessair	0:f269e3021894	2154	}
elessair	0:f269e3021894	2155	#endif /* MBEDTLS_ZLIB_SUPPORT */
elessair	0:f269e3021894	2156
elessair	0:f269e3021894	2157	#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	2158	static int ssl_write_hello_request( mbedtls_ssl_context *ssl );
elessair	0:f269e3021894	2159
elessair	0:f269e3021894	2160	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	2161	static int ssl_resend_hello_request( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	2162	{
elessair	0:f269e3021894	2163	/* If renegotiation is not enforced, retransmit until we would reach max
elessair	0:f269e3021894	2164	* timeout if we were using the usual handshake doubling scheme */
elessair	0:f269e3021894	2165	if( ssl->conf->renego_max_records < 0 )
elessair	0:f269e3021894	2166	{
elessair	0:f269e3021894	2167	uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1;
elessair	0:f269e3021894	2168	unsigned char doublings = 1;
elessair	0:f269e3021894	2169
elessair	0:f269e3021894	2170	while( ratio != 0 )
elessair	0:f269e3021894	2171	{
elessair	0:f269e3021894	2172	++doublings;
elessair	0:f269e3021894	2173	ratio >>= 1;
elessair	0:f269e3021894	2174	}
elessair	0:f269e3021894	2175
elessair	0:f269e3021894	2176	if( ++ssl->renego_records_seen > doublings )
elessair	0:f269e3021894	2177	{
elessair	0:f269e3021894	2178	MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) );
elessair	0:f269e3021894	2179	return( 0 );
elessair	0:f269e3021894	2180	}
elessair	0:f269e3021894	2181	}
elessair	0:f269e3021894	2182
elessair	0:f269e3021894	2183	return( ssl_write_hello_request( ssl ) );
elessair	0:f269e3021894	2184	}
elessair	0:f269e3021894	2185	#endif
elessair	0:f269e3021894	2186	#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
elessair	0:f269e3021894	2187
elessair	0:f269e3021894	2188	/*
elessair	0:f269e3021894	2189	* Fill the input message buffer by appending data to it.
elessair	0:f269e3021894	2190	* The amount of data already fetched is in ssl->in_left.
elessair	0:f269e3021894	2191	*
elessair	0:f269e3021894	2192	* If we return 0, is it guaranteed that (at least) nb_want bytes are
elessair	0:f269e3021894	2193	* available (from this read and/or a previous one). Otherwise, an error code
elessair	0:f269e3021894	2194	* is returned (possibly EOF or WANT_READ).
elessair	0:f269e3021894	2195	*
elessair	0:f269e3021894	2196	* With stream transport (TLS) on success ssl->in_left == nb_want, but
elessair	0:f269e3021894	2197	* with datagram transport (DTLS) on success ssl->in_left >= nb_want,
elessair	0:f269e3021894	2198	* since we always read a whole datagram at once.
elessair	0:f269e3021894	2199	*
elessair	0:f269e3021894	2200	* For DTLS, it is up to the caller to set ssl->next_record_offset when
elessair	0:f269e3021894	2201	* they're done reading a record.
elessair	0:f269e3021894	2202	*/
elessair	0:f269e3021894	2203	int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
elessair	0:f269e3021894	2204	{
elessair	0:f269e3021894	2205	int ret;
elessair	0:f269e3021894	2206	size_t len;
elessair	0:f269e3021894	2207
elessair	0:f269e3021894	2208	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
elessair	0:f269e3021894	2209
elessair	0:f269e3021894	2210	if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
elessair	0:f269e3021894	2211	{
elessair	0:f269e3021894	2212	MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
elessair	0:f269e3021894	2213	"or mbedtls_ssl_set_bio()" ) );
elessair	0:f269e3021894	2214	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	2215	}
elessair	0:f269e3021894	2216
elessair	0:f269e3021894	2217	if( nb_want > MBEDTLS_SSL_BUFFER_LEN - (size_t)( ssl->in_hdr - ssl->in_buf ) )
elessair	0:f269e3021894	2218	{
elessair	0:f269e3021894	2219	MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) );
elessair	0:f269e3021894	2220	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	2221	}
elessair	0:f269e3021894	2222
elessair	0:f269e3021894	2223	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	2224	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	2225	{
elessair	0:f269e3021894	2226	uint32_t timeout;
elessair	0:f269e3021894	2227
elessair	0:f269e3021894	2228	/* Just to be sure */
elessair	0:f269e3021894	2229	if( ssl->f_set_timer == NULL \|\| ssl->f_get_timer == NULL )
elessair	0:f269e3021894	2230	{
elessair	0:f269e3021894	2231	MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use "
elessair	0:f269e3021894	2232	"mbedtls_ssl_set_timer_cb() for DTLS" ) );
elessair	0:f269e3021894	2233	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	2234	}
elessair	0:f269e3021894	2235
elessair	0:f269e3021894	2236	/*
elessair	0:f269e3021894	2237	* The point is, we need to always read a full datagram at once, so we
elessair	0:f269e3021894	2238	* sometimes read more then requested, and handle the additional data.
elessair	0:f269e3021894	2239	* It could be the rest of the current record (while fetching the
elessair	0:f269e3021894	2240	* header) and/or some other records in the same datagram.
elessair	0:f269e3021894	2241	*/
elessair	0:f269e3021894	2242
elessair	0:f269e3021894	2243	/*
elessair	0:f269e3021894	2244	* Move to the next record in the already read datagram if applicable
elessair	0:f269e3021894	2245	*/
elessair	0:f269e3021894	2246	if( ssl->next_record_offset != 0 )
elessair	0:f269e3021894	2247	{
elessair	0:f269e3021894	2248	if( ssl->in_left < ssl->next_record_offset )
elessair	0:f269e3021894	2249	{
elessair	0:f269e3021894	2250	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	2251	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	2252	}
elessair	0:f269e3021894	2253
elessair	0:f269e3021894	2254	ssl->in_left -= ssl->next_record_offset;
elessair	0:f269e3021894	2255
elessair	0:f269e3021894	2256	if( ssl->in_left != 0 )
elessair	0:f269e3021894	2257	{
elessair	0:f269e3021894	2258	MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d",
elessair	0:f269e3021894	2259	ssl->next_record_offset ) );
elessair	0:f269e3021894	2260	memmove( ssl->in_hdr,
elessair	0:f269e3021894	2261	ssl->in_hdr + ssl->next_record_offset,
elessair	0:f269e3021894	2262	ssl->in_left );
elessair	0:f269e3021894	2263	}
elessair	0:f269e3021894	2264
elessair	0:f269e3021894	2265	ssl->next_record_offset = 0;
elessair	0:f269e3021894	2266	}
elessair	0:f269e3021894	2267
elessair	0:f269e3021894	2268	MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
elessair	0:f269e3021894	2269	ssl->in_left, nb_want ) );
elessair	0:f269e3021894	2270
elessair	0:f269e3021894	2271	/*
elessair	0:f269e3021894	2272	* Done if we already have enough data.
elessair	0:f269e3021894	2273	*/
elessair	0:f269e3021894	2274	if( nb_want <= ssl->in_left)
elessair	0:f269e3021894	2275	{
elessair	0:f269e3021894	2276	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
elessair	0:f269e3021894	2277	return( 0 );
elessair	0:f269e3021894	2278	}
elessair	0:f269e3021894	2279
elessair	0:f269e3021894	2280	/*
elessair	0:f269e3021894	2281	* A record can't be split accross datagrams. If we need to read but
elessair	0:f269e3021894	2282	* are not at the beginning of a new record, the caller did something
elessair	0:f269e3021894	2283	* wrong.
elessair	0:f269e3021894	2284	*/
elessair	0:f269e3021894	2285	if( ssl->in_left != 0 )
elessair	0:f269e3021894	2286	{
elessair	0:f269e3021894	2287	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	2288	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	2289	}
elessair	0:f269e3021894	2290
elessair	0:f269e3021894	2291	/*
elessair	0:f269e3021894	2292	* Don't even try to read if time's out already.
elessair	0:f269e3021894	2293	* This avoids by-passing the timer when repeatedly receiving messages
elessair	0:f269e3021894	2294	* that will end up being dropped.
elessair	0:f269e3021894	2295	*/
elessair	0:f269e3021894	2296	if( ssl_check_timer( ssl ) != 0 )
elessair	0:f269e3021894	2297	ret = MBEDTLS_ERR_SSL_TIMEOUT;
elessair	0:f269e3021894	2298	else
elessair	0:f269e3021894	2299	{
elessair	0:f269e3021894	2300	len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf );
elessair	0:f269e3021894	2301
elessair	0:f269e3021894	2302	if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
elessair	0:f269e3021894	2303	timeout = ssl->handshake->retransmit_timeout;
elessair	0:f269e3021894	2304	else
elessair	0:f269e3021894	2305	timeout = ssl->conf->read_timeout;
elessair	0:f269e3021894	2306
elessair	0:f269e3021894	2307	MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) );
elessair	0:f269e3021894	2308
elessair	0:f269e3021894	2309	if( ssl->f_recv_timeout != NULL )
elessair	0:f269e3021894	2310	ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
elessair	0:f269e3021894	2311	timeout );
elessair	0:f269e3021894	2312	else
elessair	0:f269e3021894	2313	ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len );
elessair	0:f269e3021894	2314
elessair	0:f269e3021894	2315	MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
elessair	0:f269e3021894	2316
elessair	0:f269e3021894	2317	if( ret == 0 )
elessair	0:f269e3021894	2318	return( MBEDTLS_ERR_SSL_CONN_EOF );
elessair	0:f269e3021894	2319	}
elessair	0:f269e3021894	2320
elessair	0:f269e3021894	2321	if( ret == MBEDTLS_ERR_SSL_TIMEOUT )
elessair	0:f269e3021894	2322	{
elessair	0:f269e3021894	2323	MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) );
elessair	0:f269e3021894	2324	ssl_set_timer( ssl, 0 );
elessair	0:f269e3021894	2325
elessair	0:f269e3021894	2326	if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
elessair	0:f269e3021894	2327	{
elessair	0:f269e3021894	2328	if( ssl_double_retransmit_timeout( ssl ) != 0 )
elessair	0:f269e3021894	2329	{
elessair	0:f269e3021894	2330	MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) );
elessair	0:f269e3021894	2331	return( MBEDTLS_ERR_SSL_TIMEOUT );
elessair	0:f269e3021894	2332	}
elessair	0:f269e3021894	2333
elessair	0:f269e3021894	2334	if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
elessair	0:f269e3021894	2335	{
elessair	0:f269e3021894	2336	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
elessair	0:f269e3021894	2337	return( ret );
elessair	0:f269e3021894	2338	}
elessair	0:f269e3021894	2339
elessair	0:f269e3021894	2340	return( MBEDTLS_ERR_SSL_WANT_READ );
elessair	0:f269e3021894	2341	}
elessair	0:f269e3021894	2342	#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	2343	else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
elessair	0:f269e3021894	2344	ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
elessair	0:f269e3021894	2345	{
elessair	0:f269e3021894	2346	if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
elessair	0:f269e3021894	2347	{
elessair	0:f269e3021894	2348	MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
elessair	0:f269e3021894	2349	return( ret );
elessair	0:f269e3021894	2350	}
elessair	0:f269e3021894	2351
elessair	0:f269e3021894	2352	return( MBEDTLS_ERR_SSL_WANT_READ );
elessair	0:f269e3021894	2353	}
elessair	0:f269e3021894	2354	#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
elessair	0:f269e3021894	2355	}
elessair	0:f269e3021894	2356
elessair	0:f269e3021894	2357	if( ret < 0 )
elessair	0:f269e3021894	2358	return( ret );
elessair	0:f269e3021894	2359
elessair	0:f269e3021894	2360	ssl->in_left = ret;
elessair	0:f269e3021894	2361	}
elessair	0:f269e3021894	2362	else
elessair	0:f269e3021894	2363	#endif
elessair	0:f269e3021894	2364	{
elessair	0:f269e3021894	2365	MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
elessair	0:f269e3021894	2366	ssl->in_left, nb_want ) );
elessair	0:f269e3021894	2367
elessair	0:f269e3021894	2368	while( ssl->in_left < nb_want )
elessair	0:f269e3021894	2369	{
elessair	0:f269e3021894	2370	len = nb_want - ssl->in_left;
elessair	0:f269e3021894	2371
elessair	0:f269e3021894	2372	if( ssl_check_timer( ssl ) != 0 )
elessair	0:f269e3021894	2373	ret = MBEDTLS_ERR_SSL_TIMEOUT;
elessair	0:f269e3021894	2374	else
elessair	0:f269e3021894	2375	{
elessair	0:f269e3021894	2376	if( ssl->f_recv_timeout != NULL )
elessair	0:f269e3021894	2377	{
elessair	0:f269e3021894	2378	ret = ssl->f_recv_timeout( ssl->p_bio,
elessair	0:f269e3021894	2379	ssl->in_hdr + ssl->in_left, len,
elessair	0:f269e3021894	2380	ssl->conf->read_timeout );
elessair	0:f269e3021894	2381	}
elessair	0:f269e3021894	2382	else
elessair	0:f269e3021894	2383	{
elessair	0:f269e3021894	2384	ret = ssl->f_recv( ssl->p_bio,
elessair	0:f269e3021894	2385	ssl->in_hdr + ssl->in_left, len );
elessair	0:f269e3021894	2386	}
elessair	0:f269e3021894	2387	}
elessair	0:f269e3021894	2388
elessair	0:f269e3021894	2389	MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
elessair	0:f269e3021894	2390	ssl->in_left, nb_want ) );
elessair	0:f269e3021894	2391	MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
elessair	0:f269e3021894	2392
elessair	0:f269e3021894	2393	if( ret == 0 )
elessair	0:f269e3021894	2394	return( MBEDTLS_ERR_SSL_CONN_EOF );
elessair	0:f269e3021894	2395
elessair	0:f269e3021894	2396	if( ret < 0 )
elessair	0:f269e3021894	2397	return( ret );
elessair	0:f269e3021894	2398
elessair	0:f269e3021894	2399	ssl->in_left += ret;
elessair	0:f269e3021894	2400	}
elessair	0:f269e3021894	2401	}
elessair	0:f269e3021894	2402
elessair	0:f269e3021894	2403	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
elessair	0:f269e3021894	2404
elessair	0:f269e3021894	2405	return( 0 );
elessair	0:f269e3021894	2406	}
elessair	0:f269e3021894	2407
elessair	0:f269e3021894	2408	/*
elessair	0:f269e3021894	2409	* Flush any data not yet written
elessair	0:f269e3021894	2410	*/
elessair	0:f269e3021894	2411	int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	2412	{
elessair	0:f269e3021894	2413	int ret;
elessair	0:f269e3021894	2414	unsigned char *buf, i;
elessair	0:f269e3021894	2415
elessair	0:f269e3021894	2416	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
elessair	0:f269e3021894	2417
elessair	0:f269e3021894	2418	if( ssl->f_send == NULL )
elessair	0:f269e3021894	2419	{
elessair	0:f269e3021894	2420	MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
elessair	0:f269e3021894	2421	"or mbedtls_ssl_set_bio()" ) );
elessair	0:f269e3021894	2422	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	2423	}
elessair	0:f269e3021894	2424
elessair	0:f269e3021894	2425	/* Avoid incrementing counter if data is flushed */
elessair	0:f269e3021894	2426	if( ssl->out_left == 0 )
elessair	0:f269e3021894	2427	{
elessair	0:f269e3021894	2428	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
elessair	0:f269e3021894	2429	return( 0 );
elessair	0:f269e3021894	2430	}
elessair	0:f269e3021894	2431
elessair	0:f269e3021894	2432	while( ssl->out_left > 0 )
elessair	0:f269e3021894	2433	{
elessair	0:f269e3021894	2434	MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
elessair	0:f269e3021894	2435	mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
elessair	0:f269e3021894	2436
elessair	0:f269e3021894	2437	buf = ssl->out_hdr + mbedtls_ssl_hdr_len( ssl ) +
elessair	0:f269e3021894	2438	ssl->out_msglen - ssl->out_left;
elessair	0:f269e3021894	2439	ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
elessair	0:f269e3021894	2440
elessair	0:f269e3021894	2441	MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret );
elessair	0:f269e3021894	2442
elessair	0:f269e3021894	2443	if( ret <= 0 )
elessair	0:f269e3021894	2444	return( ret );
elessair	0:f269e3021894	2445
elessair	0:f269e3021894	2446	ssl->out_left -= ret;
elessair	0:f269e3021894	2447	}
elessair	0:f269e3021894	2448
elessair	0:f269e3021894	2449	for( i = 8; i > ssl_ep_len( ssl ); i-- )
elessair	0:f269e3021894	2450	if( ++ssl->out_ctr[i - 1] != 0 )
elessair	0:f269e3021894	2451	break;
elessair	0:f269e3021894	2452
elessair	0:f269e3021894	2453	/* The loop goes to its end iff the counter is wrapping */
elessair	0:f269e3021894	2454	if( i == ssl_ep_len( ssl ) )
elessair	0:f269e3021894	2455	{
elessair	0:f269e3021894	2456	MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
elessair	0:f269e3021894	2457	return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
elessair	0:f269e3021894	2458	}
elessair	0:f269e3021894	2459
elessair	0:f269e3021894	2460	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
elessair	0:f269e3021894	2461
elessair	0:f269e3021894	2462	return( 0 );
elessair	0:f269e3021894	2463	}
elessair	0:f269e3021894	2464
elessair	0:f269e3021894	2465	/*
elessair	0:f269e3021894	2466	* Functions to handle the DTLS retransmission state machine
elessair	0:f269e3021894	2467	*/
elessair	0:f269e3021894	2468	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	2469	/*
elessair	0:f269e3021894	2470	* Append current handshake message to current outgoing flight
elessair	0:f269e3021894	2471	*/
elessair	0:f269e3021894	2472	static int ssl_flight_append( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	2473	{
elessair	0:f269e3021894	2474	mbedtls_ssl_flight_item *msg;
elessair	0:f269e3021894	2475
elessair	0:f269e3021894	2476	/* Allocate space for current message */
elessair	0:f269e3021894	2477	if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL )
elessair	0:f269e3021894	2478	{
elessair	0:f269e3021894	2479	MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed",
elessair	0:f269e3021894	2480	sizeof( mbedtls_ssl_flight_item ) ) );
elessair	0:f269e3021894	2481	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
elessair	0:f269e3021894	2482	}
elessair	0:f269e3021894	2483
elessair	0:f269e3021894	2484	if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
elessair	0:f269e3021894	2485	{
elessair	0:f269e3021894	2486	MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) );
elessair	0:f269e3021894	2487	mbedtls_free( msg );
elessair	0:f269e3021894	2488	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
elessair	0:f269e3021894	2489	}
elessair	0:f269e3021894	2490
elessair	0:f269e3021894	2491	/* Copy current handshake message with headers */
elessair	0:f269e3021894	2492	memcpy( msg->p, ssl->out_msg, ssl->out_msglen );
elessair	0:f269e3021894	2493	msg->len = ssl->out_msglen;
elessair	0:f269e3021894	2494	msg->type = ssl->out_msgtype;
elessair	0:f269e3021894	2495	msg->next = NULL;
elessair	0:f269e3021894	2496
elessair	0:f269e3021894	2497	/* Append to the current flight */
elessair	0:f269e3021894	2498	if( ssl->handshake->flight == NULL )
elessair	0:f269e3021894	2499	ssl->handshake->flight = msg;
elessair	0:f269e3021894	2500	else
elessair	0:f269e3021894	2501	{
elessair	0:f269e3021894	2502	mbedtls_ssl_flight_item *cur = ssl->handshake->flight;
elessair	0:f269e3021894	2503	while( cur->next != NULL )
elessair	0:f269e3021894	2504	cur = cur->next;
elessair	0:f269e3021894	2505	cur->next = msg;
elessair	0:f269e3021894	2506	}
elessair	0:f269e3021894	2507
elessair	0:f269e3021894	2508	return( 0 );
elessair	0:f269e3021894	2509	}
elessair	0:f269e3021894	2510
elessair	0:f269e3021894	2511	/*
elessair	0:f269e3021894	2512	* Free the current flight of handshake messages
elessair	0:f269e3021894	2513	*/
elessair	0:f269e3021894	2514	static void ssl_flight_free( mbedtls_ssl_flight_item *flight )
elessair	0:f269e3021894	2515	{
elessair	0:f269e3021894	2516	mbedtls_ssl_flight_item *cur = flight;
elessair	0:f269e3021894	2517	mbedtls_ssl_flight_item *next;
elessair	0:f269e3021894	2518
elessair	0:f269e3021894	2519	while( cur != NULL )
elessair	0:f269e3021894	2520	{
elessair	0:f269e3021894	2521	next = cur->next;
elessair	0:f269e3021894	2522
elessair	0:f269e3021894	2523	mbedtls_free( cur->p );
elessair	0:f269e3021894	2524	mbedtls_free( cur );
elessair	0:f269e3021894	2525
elessair	0:f269e3021894	2526	cur = next;
elessair	0:f269e3021894	2527	}
elessair	0:f269e3021894	2528	}
elessair	0:f269e3021894	2529
elessair	0:f269e3021894	2530	#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
elessair	0:f269e3021894	2531	static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
elessair	0:f269e3021894	2532	#endif
elessair	0:f269e3021894	2533
elessair	0:f269e3021894	2534	/*
elessair	0:f269e3021894	2535	* Swap transform_out and out_ctr with the alternative ones
elessair	0:f269e3021894	2536	*/
elessair	0:f269e3021894	2537	static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	2538	{
elessair	0:f269e3021894	2539	mbedtls_ssl_transform *tmp_transform;
elessair	0:f269e3021894	2540	unsigned char tmp_out_ctr[8];
elessair	0:f269e3021894	2541
elessair	0:f269e3021894	2542	if( ssl->transform_out == ssl->handshake->alt_transform_out )
elessair	0:f269e3021894	2543	{
elessair	0:f269e3021894	2544	MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) );
elessair	0:f269e3021894	2545	return;
elessair	0:f269e3021894	2546	}
elessair	0:f269e3021894	2547
elessair	0:f269e3021894	2548	MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
elessair	0:f269e3021894	2549
elessair	0:f269e3021894	2550	/* Swap transforms */
elessair	0:f269e3021894	2551	tmp_transform = ssl->transform_out;
elessair	0:f269e3021894	2552	ssl->transform_out = ssl->handshake->alt_transform_out;
elessair	0:f269e3021894	2553	ssl->handshake->alt_transform_out = tmp_transform;
elessair	0:f269e3021894	2554
elessair	0:f269e3021894	2555	/* Swap epoch + sequence_number */
elessair	0:f269e3021894	2556	memcpy( tmp_out_ctr, ssl->out_ctr, 8 );
elessair	0:f269e3021894	2557	memcpy( ssl->out_ctr, ssl->handshake->alt_out_ctr, 8 );
elessair	0:f269e3021894	2558	memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 );
elessair	0:f269e3021894	2559
elessair	0:f269e3021894	2560	/* Adjust to the newly activated transform */
elessair	0:f269e3021894	2561	if( ssl->transform_out != NULL &&
elessair	0:f269e3021894	2562	ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
elessair	0:f269e3021894	2563	{
elessair	0:f269e3021894	2564	ssl->out_msg = ssl->out_iv + ssl->transform_out->ivlen -
elessair	0:f269e3021894	2565	ssl->transform_out->fixed_ivlen;
elessair	0:f269e3021894	2566	}
elessair	0:f269e3021894	2567	else
elessair	0:f269e3021894	2568	ssl->out_msg = ssl->out_iv;
elessair	0:f269e3021894	2569
elessair	0:f269e3021894	2570	#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
elessair	0:f269e3021894	2571	if( mbedtls_ssl_hw_record_activate != NULL )
elessair	0:f269e3021894	2572	{
elessair	0:f269e3021894	2573	if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
elessair	0:f269e3021894	2574	{
elessair	0:f269e3021894	2575	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
elessair	0:f269e3021894	2576	return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
elessair	0:f269e3021894	2577	}
elessair	0:f269e3021894	2578	}
elessair	0:f269e3021894	2579	#endif
elessair	0:f269e3021894	2580	}
elessair	0:f269e3021894	2581
elessair	0:f269e3021894	2582	/*
elessair	0:f269e3021894	2583	* Retransmit the current flight of messages.
elessair	0:f269e3021894	2584	*
elessair	0:f269e3021894	2585	* Need to remember the current message in case flush_output returns
elessair	0:f269e3021894	2586	* WANT_WRITE, causing us to exit this function and come back later.
elessair	0:f269e3021894	2587	* This function must be called until state is no longer SENDING.
elessair	0:f269e3021894	2588	*/
elessair	0:f269e3021894	2589	int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	2590	{
elessair	0:f269e3021894	2591	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) );
elessair	0:f269e3021894	2592
elessair	0:f269e3021894	2593	if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
elessair	0:f269e3021894	2594	{
elessair	0:f269e3021894	2595	MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise resending" ) );
elessair	0:f269e3021894	2596
elessair	0:f269e3021894	2597	ssl->handshake->cur_msg = ssl->handshake->flight;
elessair	0:f269e3021894	2598	ssl_swap_epochs( ssl );
elessair	0:f269e3021894	2599
elessair	0:f269e3021894	2600	ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
elessair	0:f269e3021894	2601	}
elessair	0:f269e3021894	2602
elessair	0:f269e3021894	2603	while( ssl->handshake->cur_msg != NULL )
elessair	0:f269e3021894	2604	{
elessair	0:f269e3021894	2605	int ret;
elessair	0:f269e3021894	2606	mbedtls_ssl_flight_item *cur = ssl->handshake->cur_msg;
elessair	0:f269e3021894	2607
elessair	0:f269e3021894	2608	/* Swap epochs before sending Finished: we can't do it after
elessair	0:f269e3021894	2609	* sending ChangeCipherSpec, in case write returns WANT_READ.
elessair	0:f269e3021894	2610	* Must be done before copying, may change out_msg pointer */
elessair	0:f269e3021894	2611	if( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
elessair	0:f269e3021894	2612	cur->p[0] == MBEDTLS_SSL_HS_FINISHED )
elessair	0:f269e3021894	2613	{
elessair	0:f269e3021894	2614	ssl_swap_epochs( ssl );
elessair	0:f269e3021894	2615	}
elessair	0:f269e3021894	2616
elessair	0:f269e3021894	2617	memcpy( ssl->out_msg, cur->p, cur->len );
elessair	0:f269e3021894	2618	ssl->out_msglen = cur->len;
elessair	0:f269e3021894	2619	ssl->out_msgtype = cur->type;
elessair	0:f269e3021894	2620
elessair	0:f269e3021894	2621	ssl->handshake->cur_msg = cur->next;
elessair	0:f269e3021894	2622
elessair	0:f269e3021894	2623	MBEDTLS_SSL_DEBUG_BUF( 3, "resent handshake message header", ssl->out_msg, 12 );
elessair	0:f269e3021894	2624
elessair	0:f269e3021894	2625	if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
elessair	0:f269e3021894	2626	{
elessair	0:f269e3021894	2627	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
elessair	0:f269e3021894	2628	return( ret );
elessair	0:f269e3021894	2629	}
elessair	0:f269e3021894	2630	}
elessair	0:f269e3021894	2631
elessair	0:f269e3021894	2632	if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
elessair	0:f269e3021894	2633	ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
elessair	0:f269e3021894	2634	else
elessair	0:f269e3021894	2635	{
elessair	0:f269e3021894	2636	ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
elessair	0:f269e3021894	2637	ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
elessair	0:f269e3021894	2638	}
elessair	0:f269e3021894	2639
elessair	0:f269e3021894	2640	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) );
elessair	0:f269e3021894	2641
elessair	0:f269e3021894	2642	return( 0 );
elessair	0:f269e3021894	2643	}
elessair	0:f269e3021894	2644
elessair	0:f269e3021894	2645	/*
elessair	0:f269e3021894	2646	* To be called when the last message of an incoming flight is received.
elessair	0:f269e3021894	2647	*/
elessair	0:f269e3021894	2648	void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	2649	{
elessair	0:f269e3021894	2650	/* We won't need to resend that one any more */
elessair	0:f269e3021894	2651	ssl_flight_free( ssl->handshake->flight );
elessair	0:f269e3021894	2652	ssl->handshake->flight = NULL;
elessair	0:f269e3021894	2653	ssl->handshake->cur_msg = NULL;
elessair	0:f269e3021894	2654
elessair	0:f269e3021894	2655	/* The next incoming flight will start with this msg_seq */
elessair	0:f269e3021894	2656	ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq;
elessair	0:f269e3021894	2657
elessair	0:f269e3021894	2658	/* Cancel timer */
elessair	0:f269e3021894	2659	ssl_set_timer( ssl, 0 );
elessair	0:f269e3021894	2660
elessair	0:f269e3021894	2661	if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
elessair	0:f269e3021894	2662	ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
elessair	0:f269e3021894	2663	{
elessair	0:f269e3021894	2664	ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
elessair	0:f269e3021894	2665	}
elessair	0:f269e3021894	2666	else
elessair	0:f269e3021894	2667	ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
elessair	0:f269e3021894	2668	}
elessair	0:f269e3021894	2669
elessair	0:f269e3021894	2670	/*
elessair	0:f269e3021894	2671	* To be called when the last message of an outgoing flight is send.
elessair	0:f269e3021894	2672	*/
elessair	0:f269e3021894	2673	void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	2674	{
elessair	0:f269e3021894	2675	ssl_reset_retransmit_timeout( ssl );
elessair	0:f269e3021894	2676	ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
elessair	0:f269e3021894	2677
elessair	0:f269e3021894	2678	if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
elessair	0:f269e3021894	2679	ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
elessair	0:f269e3021894	2680	{
elessair	0:f269e3021894	2681	ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
elessair	0:f269e3021894	2682	}
elessair	0:f269e3021894	2683	else
elessair	0:f269e3021894	2684	ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
elessair	0:f269e3021894	2685	}
elessair	0:f269e3021894	2686	#endif /* MBEDTLS_SSL_PROTO_DTLS */
elessair	0:f269e3021894	2687
elessair	0:f269e3021894	2688	/*
elessair	0:f269e3021894	2689	* Record layer functions
elessair	0:f269e3021894	2690	*/
elessair	0:f269e3021894	2691
elessair	0:f269e3021894	2692	/*
elessair	0:f269e3021894	2693	* Write current record.
elessair	0:f269e3021894	2694	* Uses ssl->out_msgtype, ssl->out_msglen and bytes at ssl->out_msg.
elessair	0:f269e3021894	2695	*/
elessair	0:f269e3021894	2696	int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	2697	{
elessair	0:f269e3021894	2698	int ret, done = 0, out_msg_type;
elessair	0:f269e3021894	2699	size_t len = ssl->out_msglen;
elessair	0:f269e3021894	2700
elessair	0:f269e3021894	2701	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
elessair	0:f269e3021894	2702
elessair	0:f269e3021894	2703	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	2704	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
elessair	0:f269e3021894	2705	ssl->handshake != NULL &&
elessair	0:f269e3021894	2706	ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
elessair	0:f269e3021894	2707	{
elessair	0:f269e3021894	2708	; /* Skip special handshake treatment when resending */
elessair	0:f269e3021894	2709	}
elessair	0:f269e3021894	2710	else
elessair	0:f269e3021894	2711	#endif
elessair	0:f269e3021894	2712	if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
elessair	0:f269e3021894	2713	{
elessair	0:f269e3021894	2714	out_msg_type = ssl->out_msg[0];
elessair	0:f269e3021894	2715
elessair	0:f269e3021894	2716	if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST &&
elessair	0:f269e3021894	2717	ssl->handshake == NULL )
elessair	0:f269e3021894	2718	{
elessair	0:f269e3021894	2719	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	2720	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	2721	}
elessair	0:f269e3021894	2722
elessair	0:f269e3021894	2723	ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 );
elessair	0:f269e3021894	2724	ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 );
elessair	0:f269e3021894	2725	ssl->out_msg[3] = (unsigned char)( ( len - 4 ) );
elessair	0:f269e3021894	2726
elessair	0:f269e3021894	2727	/*
elessair	0:f269e3021894	2728	* DTLS has additional fields in the Handshake layer,
elessair	0:f269e3021894	2729	* between the length field and the actual payload:
elessair	0:f269e3021894	2730	* uint16 message_seq;
elessair	0:f269e3021894	2731	* uint24 fragment_offset;
elessair	0:f269e3021894	2732	* uint24 fragment_length;
elessair	0:f269e3021894	2733	*/
elessair	0:f269e3021894	2734	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	2735	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	2736	{
elessair	0:f269e3021894	2737	/* Make room for the additional DTLS fields */
elessair	0:f269e3021894	2738	memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 );
elessair	0:f269e3021894	2739	ssl->out_msglen += 8;
elessair	0:f269e3021894	2740	len += 8;
elessair	0:f269e3021894	2741
elessair	0:f269e3021894	2742	/* Write message_seq and update it, except for HelloRequest */
elessair	0:f269e3021894	2743	if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
elessair	0:f269e3021894	2744	{
elessair	0:f269e3021894	2745	ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
elessair	0:f269e3021894	2746	ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
elessair	0:f269e3021894	2747	++( ssl->handshake->out_msg_seq );
elessair	0:f269e3021894	2748	}
elessair	0:f269e3021894	2749	else
elessair	0:f269e3021894	2750	{
elessair	0:f269e3021894	2751	ssl->out_msg[4] = 0;
elessair	0:f269e3021894	2752	ssl->out_msg[5] = 0;
elessair	0:f269e3021894	2753	}
elessair	0:f269e3021894	2754
elessair	0:f269e3021894	2755	/* We don't fragment, so frag_offset = 0 and frag_len = len */
elessair	0:f269e3021894	2756	memset( ssl->out_msg + 6, 0x00, 3 );
elessair	0:f269e3021894	2757	memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
elessair	0:f269e3021894	2758	}
elessair	0:f269e3021894	2759	#endif /* MBEDTLS_SSL_PROTO_DTLS */
elessair	0:f269e3021894	2760
elessair	0:f269e3021894	2761	if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
elessair	0:f269e3021894	2762	ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
elessair	0:f269e3021894	2763	}
elessair	0:f269e3021894	2764
elessair	0:f269e3021894	2765	/* Save handshake and CCS messages for resending */
elessair	0:f269e3021894	2766	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	2767	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
elessair	0:f269e3021894	2768	ssl->handshake != NULL &&
elessair	0:f269e3021894	2769	ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING &&
elessair	0:f269e3021894	2770	( ssl->out_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC \|\|
elessair	0:f269e3021894	2771	ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) )
elessair	0:f269e3021894	2772	{
elessair	0:f269e3021894	2773	if( ( ret = ssl_flight_append( ssl ) ) != 0 )
elessair	0:f269e3021894	2774	{
elessair	0:f269e3021894	2775	MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret );
elessair	0:f269e3021894	2776	return( ret );
elessair	0:f269e3021894	2777	}
elessair	0:f269e3021894	2778	}
elessair	0:f269e3021894	2779	#endif
elessair	0:f269e3021894	2780
elessair	0:f269e3021894	2781	#if defined(MBEDTLS_ZLIB_SUPPORT)
elessair	0:f269e3021894	2782	if( ssl->transform_out != NULL &&
elessair	0:f269e3021894	2783	ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
elessair	0:f269e3021894	2784	{
elessair	0:f269e3021894	2785	if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
elessair	0:f269e3021894	2786	{
elessair	0:f269e3021894	2787	MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compress_buf", ret );
elessair	0:f269e3021894	2788	return( ret );
elessair	0:f269e3021894	2789	}
elessair	0:f269e3021894	2790
elessair	0:f269e3021894	2791	len = ssl->out_msglen;
elessair	0:f269e3021894	2792	}
elessair	0:f269e3021894	2793	#endif /MBEDTLS_ZLIB_SUPPORT /
elessair	0:f269e3021894	2794
elessair	0:f269e3021894	2795	#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
elessair	0:f269e3021894	2796	if( mbedtls_ssl_hw_record_write != NULL )
elessair	0:f269e3021894	2797	{
elessair	0:f269e3021894	2798	MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_write()" ) );
elessair	0:f269e3021894	2799
elessair	0:f269e3021894	2800	ret = mbedtls_ssl_hw_record_write( ssl );
elessair	0:f269e3021894	2801	if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH )
elessair	0:f269e3021894	2802	{
elessair	0:f269e3021894	2803	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_write", ret );
elessair	0:f269e3021894	2804	return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
elessair	0:f269e3021894	2805	}
elessair	0:f269e3021894	2806
elessair	0:f269e3021894	2807	if( ret == 0 )
elessair	0:f269e3021894	2808	done = 1;
elessair	0:f269e3021894	2809	}
elessair	0:f269e3021894	2810	#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
elessair	0:f269e3021894	2811	if( !done )
elessair	0:f269e3021894	2812	{
elessair	0:f269e3021894	2813	ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
elessair	0:f269e3021894	2814	mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
elessair	0:f269e3021894	2815	ssl->conf->transport, ssl->out_hdr + 1 );
elessair	0:f269e3021894	2816
elessair	0:f269e3021894	2817	ssl->out_len[0] = (unsigned char)( len >> 8 );
elessair	0:f269e3021894	2818	ssl->out_len[1] = (unsigned char)( len );
elessair	0:f269e3021894	2819
elessair	0:f269e3021894	2820	if( ssl->transform_out != NULL )
elessair	0:f269e3021894	2821	{
elessair	0:f269e3021894	2822	if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
elessair	0:f269e3021894	2823	{
elessair	0:f269e3021894	2824	MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
elessair	0:f269e3021894	2825	return( ret );
elessair	0:f269e3021894	2826	}
elessair	0:f269e3021894	2827
elessair	0:f269e3021894	2828	len = ssl->out_msglen;
elessair	0:f269e3021894	2829	ssl->out_len[0] = (unsigned char)( len >> 8 );
elessair	0:f269e3021894	2830	ssl->out_len[1] = (unsigned char)( len );
elessair	0:f269e3021894	2831	}
elessair	0:f269e3021894	2832
elessair	0:f269e3021894	2833	ssl->out_left = mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen;
elessair	0:f269e3021894	2834
elessair	0:f269e3021894	2835	MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
elessair	0:f269e3021894	2836	"version = [%d:%d], msglen = %d",
elessair	0:f269e3021894	2837	ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2],
elessair	0:f269e3021894	2838	( ssl->out_len[0] << 8 ) \| ssl->out_len[1] ) );
elessair	0:f269e3021894	2839
elessair	0:f269e3021894	2840	MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
elessair	0:f269e3021894	2841	ssl->out_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen );
elessair	0:f269e3021894	2842	}
elessair	0:f269e3021894	2843
elessair	0:f269e3021894	2844	if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
elessair	0:f269e3021894	2845	{
elessair	0:f269e3021894	2846	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
elessair	0:f269e3021894	2847	return( ret );
elessair	0:f269e3021894	2848	}
elessair	0:f269e3021894	2849
elessair	0:f269e3021894	2850	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) );
elessair	0:f269e3021894	2851
elessair	0:f269e3021894	2852	return( 0 );
elessair	0:f269e3021894	2853	}
elessair	0:f269e3021894	2854
elessair	0:f269e3021894	2855	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	2856	/*
elessair	0:f269e3021894	2857	* Mark bits in bitmask (used for DTLS HS reassembly)
elessair	0:f269e3021894	2858	*/
elessair	0:f269e3021894	2859	static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len )
elessair	0:f269e3021894	2860	{
elessair	0:f269e3021894	2861	unsigned int start_bits, end_bits;
elessair	0:f269e3021894	2862
elessair	0:f269e3021894	2863	start_bits = 8 - ( offset % 8 );
elessair	0:f269e3021894	2864	if( start_bits != 8 )
elessair	0:f269e3021894	2865	{
elessair	0:f269e3021894	2866	size_t first_byte_idx = offset / 8;
elessair	0:f269e3021894	2867
elessair	0:f269e3021894	2868	/* Special case */
elessair	0:f269e3021894	2869	if( len <= start_bits )
elessair	0:f269e3021894	2870	{
elessair	0:f269e3021894	2871	for( ; len != 0; len-- )
elessair	0:f269e3021894	2872	mask[first_byte_idx] \|= 1 << ( start_bits - len );
elessair	0:f269e3021894	2873
elessair	0:f269e3021894	2874	/* Avoid potential issues with offset or len becoming invalid */
elessair	0:f269e3021894	2875	return;
elessair	0:f269e3021894	2876	}
elessair	0:f269e3021894	2877
elessair	0:f269e3021894	2878	offset += start_bits; /* Now offset % 8 == 0 */
elessair	0:f269e3021894	2879	len -= start_bits;
elessair	0:f269e3021894	2880
elessair	0:f269e3021894	2881	for( ; start_bits != 0; start_bits-- )
elessair	0:f269e3021894	2882	mask[first_byte_idx] \|= 1 << ( start_bits - 1 );
elessair	0:f269e3021894	2883	}
elessair	0:f269e3021894	2884
elessair	0:f269e3021894	2885	end_bits = len % 8;
elessair	0:f269e3021894	2886	if( end_bits != 0 )
elessair	0:f269e3021894	2887	{
elessair	0:f269e3021894	2888	size_t last_byte_idx = ( offset + len ) / 8;
elessair	0:f269e3021894	2889
elessair	0:f269e3021894	2890	len -= end_bits; /* Now len % 8 == 0 */
elessair	0:f269e3021894	2891
elessair	0:f269e3021894	2892	for( ; end_bits != 0; end_bits-- )
elessair	0:f269e3021894	2893	mask[last_byte_idx] \|= 1 << ( 8 - end_bits );
elessair	0:f269e3021894	2894	}
elessair	0:f269e3021894	2895
elessair	0:f269e3021894	2896	memset( mask + offset / 8, 0xFF, len / 8 );
elessair	0:f269e3021894	2897	}
elessair	0:f269e3021894	2898
elessair	0:f269e3021894	2899	/*
elessair	0:f269e3021894	2900	* Check that bitmask is full
elessair	0:f269e3021894	2901	*/
elessair	0:f269e3021894	2902	static int ssl_bitmask_check( unsigned char *mask, size_t len )
elessair	0:f269e3021894	2903	{
elessair	0:f269e3021894	2904	size_t i;
elessair	0:f269e3021894	2905
elessair	0:f269e3021894	2906	for( i = 0; i < len / 8; i++ )
elessair	0:f269e3021894	2907	if( mask[i] != 0xFF )
elessair	0:f269e3021894	2908	return( -1 );
elessair	0:f269e3021894	2909
elessair	0:f269e3021894	2910	for( i = 0; i < len % 8; i++ )
elessair	0:f269e3021894	2911	if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 )
elessair	0:f269e3021894	2912	return( -1 );
elessair	0:f269e3021894	2913
elessair	0:f269e3021894	2914	return( 0 );
elessair	0:f269e3021894	2915	}
elessair	0:f269e3021894	2916
elessair	0:f269e3021894	2917	/*
elessair	0:f269e3021894	2918	* Reassemble fragmented DTLS handshake messages.
elessair	0:f269e3021894	2919	*
elessair	0:f269e3021894	2920	* Use a temporary buffer for reassembly, divided in two parts:
elessair	0:f269e3021894	2921	* - the first holds the reassembled message (including handshake header),
elessair	0:f269e3021894	2922	* - the second holds a bitmask indicating which parts of the message
elessair	0:f269e3021894	2923	* (excluding headers) have been received so far.
elessair	0:f269e3021894	2924	*/
elessair	0:f269e3021894	2925	static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	2926	{
elessair	0:f269e3021894	2927	unsigned char msg, bitmask;
elessair	0:f269e3021894	2928	size_t frag_len, frag_off;
elessair	0:f269e3021894	2929	size_t msg_len = ssl->in_hslen - 12; /* Without headers */
elessair	0:f269e3021894	2930
elessair	0:f269e3021894	2931	if( ssl->handshake == NULL )
elessair	0:f269e3021894	2932	{
elessair	0:f269e3021894	2933	MBEDTLS_SSL_DEBUG_MSG( 1, ( "not supported outside handshake (for now)" ) );
elessair	0:f269e3021894	2934	return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
elessair	0:f269e3021894	2935	}
elessair	0:f269e3021894	2936
elessair	0:f269e3021894	2937	/*
elessair	0:f269e3021894	2938	* For first fragment, check size and allocate buffer
elessair	0:f269e3021894	2939	*/
elessair	0:f269e3021894	2940	if( ssl->handshake->hs_msg == NULL )
elessair	0:f269e3021894	2941	{
elessair	0:f269e3021894	2942	size_t alloc_len;
elessair	0:f269e3021894	2943
elessair	0:f269e3021894	2944	MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
elessair	0:f269e3021894	2945	msg_len ) );
elessair	0:f269e3021894	2946
elessair	0:f269e3021894	2947	if( ssl->in_hslen > MBEDTLS_SSL_MAX_CONTENT_LEN )
elessair	0:f269e3021894	2948	{
elessair	0:f269e3021894	2949	MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too large" ) );
elessair	0:f269e3021894	2950	return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
elessair	0:f269e3021894	2951	}
elessair	0:f269e3021894	2952
elessair	0:f269e3021894	2953	/* The bitmask needs one bit per byte of message excluding header */
elessair	0:f269e3021894	2954	alloc_len = 12 + msg_len + msg_len / 8 + ( msg_len % 8 != 0 );
elessair	0:f269e3021894	2955
elessair	0:f269e3021894	2956	ssl->handshake->hs_msg = mbedtls_calloc( 1, alloc_len );
elessair	0:f269e3021894	2957	if( ssl->handshake->hs_msg == NULL )
elessair	0:f269e3021894	2958	{
elessair	0:f269e3021894	2959	MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", alloc_len ) );
elessair	0:f269e3021894	2960	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
elessair	0:f269e3021894	2961	}
elessair	0:f269e3021894	2962
elessair	0:f269e3021894	2963	/* Prepare final header: copy msg_type, length and message_seq,
elessair	0:f269e3021894	2964	* then add standardised fragment_offset and fragment_length */
elessair	0:f269e3021894	2965	memcpy( ssl->handshake->hs_msg, ssl->in_msg, 6 );
elessair	0:f269e3021894	2966	memset( ssl->handshake->hs_msg + 6, 0, 3 );
elessair	0:f269e3021894	2967	memcpy( ssl->handshake->hs_msg + 9,
elessair	0:f269e3021894	2968	ssl->handshake->hs_msg + 1, 3 );
elessair	0:f269e3021894	2969	}
elessair	0:f269e3021894	2970	else
elessair	0:f269e3021894	2971	{
elessair	0:f269e3021894	2972	/* Make sure msg_type and length are consistent */
elessair	0:f269e3021894	2973	if( memcmp( ssl->handshake->hs_msg, ssl->in_msg, 4 ) != 0 )
elessair	0:f269e3021894	2974	{
elessair	0:f269e3021894	2975	MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment header mismatch" ) );
elessair	0:f269e3021894	2976	return( MBEDTLS_ERR_SSL_INVALID_RECORD );
elessair	0:f269e3021894	2977	}
elessair	0:f269e3021894	2978	}
elessair	0:f269e3021894	2979
elessair	0:f269e3021894	2980	msg = ssl->handshake->hs_msg + 12;
elessair	0:f269e3021894	2981	bitmask = msg + msg_len;
elessair	0:f269e3021894	2982
elessair	0:f269e3021894	2983	/*
elessair	0:f269e3021894	2984	* Check and copy current fragment
elessair	0:f269e3021894	2985	*/
elessair	0:f269e3021894	2986	frag_off = ( ssl->in_msg[6] << 16 ) \|
elessair	0:f269e3021894	2987	( ssl->in_msg[7] << 8 ) \|
elessair	0:f269e3021894	2988	ssl->in_msg[8];
elessair	0:f269e3021894	2989	frag_len = ( ssl->in_msg[9] << 16 ) \|
elessair	0:f269e3021894	2990	( ssl->in_msg[10] << 8 ) \|
elessair	0:f269e3021894	2991	ssl->in_msg[11];
elessair	0:f269e3021894	2992
elessair	0:f269e3021894	2993	if( frag_off + frag_len > msg_len )
elessair	0:f269e3021894	2994	{
elessair	0:f269e3021894	2995	MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment offset/len: %d + %d > %d",
elessair	0:f269e3021894	2996	frag_off, frag_len, msg_len ) );
elessair	0:f269e3021894	2997	return( MBEDTLS_ERR_SSL_INVALID_RECORD );
elessair	0:f269e3021894	2998	}
elessair	0:f269e3021894	2999
elessair	0:f269e3021894	3000	if( frag_len + 12 > ssl->in_msglen )
elessair	0:f269e3021894	3001	{
elessair	0:f269e3021894	3002	MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment length: %d + 12 > %d",
elessair	0:f269e3021894	3003	frag_len, ssl->in_msglen ) );
elessair	0:f269e3021894	3004	return( MBEDTLS_ERR_SSL_INVALID_RECORD );
elessair	0:f269e3021894	3005	}
elessair	0:f269e3021894	3006
elessair	0:f269e3021894	3007	MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
elessair	0:f269e3021894	3008	frag_off, frag_len ) );
elessair	0:f269e3021894	3009
elessair	0:f269e3021894	3010	memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
elessair	0:f269e3021894	3011	ssl_bitmask_set( bitmask, frag_off, frag_len );
elessair	0:f269e3021894	3012
elessair	0:f269e3021894	3013	/*
elessair	0:f269e3021894	3014	* Do we have the complete message by now?
elessair	0:f269e3021894	3015	* If yes, finalize it, else ask to read the next record.
elessair	0:f269e3021894	3016	*/
elessair	0:f269e3021894	3017	if( ssl_bitmask_check( bitmask, msg_len ) != 0 )
elessair	0:f269e3021894	3018	{
elessair	0:f269e3021894	3019	MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) );
elessair	0:f269e3021894	3020	return( MBEDTLS_ERR_SSL_WANT_READ );
elessair	0:f269e3021894	3021	}
elessair	0:f269e3021894	3022
elessair	0:f269e3021894	3023	MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) );
elessair	0:f269e3021894	3024
elessair	0:f269e3021894	3025	if( frag_len + 12 < ssl->in_msglen )
elessair	0:f269e3021894	3026	{
elessair	0:f269e3021894	3027	/*
elessair	0:f269e3021894	3028	* We'got more handshake messages in the same record.
elessair	0:f269e3021894	3029	* This case is not handled now because no know implementation does
elessair	0:f269e3021894	3030	* that and it's hard to test, so we prefer to fail cleanly for now.
elessair	0:f269e3021894	3031	*/
elessair	0:f269e3021894	3032	MBEDTLS_SSL_DEBUG_MSG( 1, ( "last fragment not alone in its record" ) );
elessair	0:f269e3021894	3033	return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
elessair	0:f269e3021894	3034	}
elessair	0:f269e3021894	3035
elessair	0:f269e3021894	3036	if( ssl->in_left > ssl->next_record_offset )
elessair	0:f269e3021894	3037	{
elessair	0:f269e3021894	3038	/*
elessair	0:f269e3021894	3039	* We've got more data in the buffer after the current record,
elessair	0:f269e3021894	3040	* that we don't want to overwrite. Move it before writing the
elessair	0:f269e3021894	3041	* reassembled message, and adjust in_left and next_record_offset.
elessair	0:f269e3021894	3042	*/
elessair	0:f269e3021894	3043	unsigned char *cur_remain = ssl->in_hdr + ssl->next_record_offset;
elessair	0:f269e3021894	3044	unsigned char *new_remain = ssl->in_msg + ssl->in_hslen;
elessair	0:f269e3021894	3045	size_t remain_len = ssl->in_left - ssl->next_record_offset;
elessair	0:f269e3021894	3046
elessair	0:f269e3021894	3047	/* First compute and check new lengths */
elessair	0:f269e3021894	3048	ssl->next_record_offset = new_remain - ssl->in_hdr;
elessair	0:f269e3021894	3049	ssl->in_left = ssl->next_record_offset + remain_len;
elessair	0:f269e3021894	3050
elessair	0:f269e3021894	3051	if( ssl->in_left > MBEDTLS_SSL_BUFFER_LEN -
elessair	0:f269e3021894	3052	(size_t)( ssl->in_hdr - ssl->in_buf ) )
elessair	0:f269e3021894	3053	{
elessair	0:f269e3021894	3054	MBEDTLS_SSL_DEBUG_MSG( 1, ( "reassembled message too large for buffer" ) );
elessair	0:f269e3021894	3055	return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
elessair	0:f269e3021894	3056	}
elessair	0:f269e3021894	3057
elessair	0:f269e3021894	3058	memmove( new_remain, cur_remain, remain_len );
elessair	0:f269e3021894	3059	}
elessair	0:f269e3021894	3060
elessair	0:f269e3021894	3061	memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen );
elessair	0:f269e3021894	3062
elessair	0:f269e3021894	3063	mbedtls_free( ssl->handshake->hs_msg );
elessair	0:f269e3021894	3064	ssl->handshake->hs_msg = NULL;
elessair	0:f269e3021894	3065
elessair	0:f269e3021894	3066	MBEDTLS_SSL_DEBUG_BUF( 3, "reassembled handshake message",
elessair	0:f269e3021894	3067	ssl->in_msg, ssl->in_hslen );
elessair	0:f269e3021894	3068
elessair	0:f269e3021894	3069	return( 0 );
elessair	0:f269e3021894	3070	}
elessair	0:f269e3021894	3071	#endif /* MBEDTLS_SSL_PROTO_DTLS */
elessair	0:f269e3021894	3072
elessair	0:f269e3021894	3073	int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	3074	{
elessair	0:f269e3021894	3075	if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
elessair	0:f269e3021894	3076	{
elessair	0:f269e3021894	3077	MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d",
elessair	0:f269e3021894	3078	ssl->in_msglen ) );
elessair	0:f269e3021894	3079	return( MBEDTLS_ERR_SSL_INVALID_RECORD );
elessair	0:f269e3021894	3080	}
elessair	0:f269e3021894	3081
elessair	0:f269e3021894	3082	ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + (
elessair	0:f269e3021894	3083	( ssl->in_msg[1] << 16 ) \|
elessair	0:f269e3021894	3084	( ssl->in_msg[2] << 8 ) \|
elessair	0:f269e3021894	3085	ssl->in_msg[3] );
elessair	0:f269e3021894	3086
elessair	0:f269e3021894	3087	MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
elessair	0:f269e3021894	3088	" %d, type = %d, hslen = %d",
elessair	0:f269e3021894	3089	ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
elessair	0:f269e3021894	3090
elessair	0:f269e3021894	3091	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	3092	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	3093	{
elessair	0:f269e3021894	3094	int ret;
elessair	0:f269e3021894	3095	unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) \| ssl->in_msg[5];
elessair	0:f269e3021894	3096
elessair	0:f269e3021894	3097	/* ssl->handshake is NULL when receiving ClientHello for renego */
elessair	0:f269e3021894	3098	if( ssl->handshake != NULL &&
elessair	0:f269e3021894	3099	recv_msg_seq != ssl->handshake->in_msg_seq )
elessair	0:f269e3021894	3100	{
elessair	0:f269e3021894	3101	/* Retransmit only on last message from previous flight, to avoid
elessair	0:f269e3021894	3102	* too many retransmissions.
elessair	0:f269e3021894	3103	* Besides, No sane server ever retransmits HelloVerifyRequest */
elessair	0:f269e3021894	3104	if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 &&
elessair	0:f269e3021894	3105	ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
elessair	0:f269e3021894	3106	{
elessair	0:f269e3021894	3107	MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
elessair	0:f269e3021894	3108	"message_seq = %d, start_of_flight = %d",
elessair	0:f269e3021894	3109	recv_msg_seq,
elessair	0:f269e3021894	3110	ssl->handshake->in_flight_start_seq ) );
elessair	0:f269e3021894	3111
elessair	0:f269e3021894	3112	if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
elessair	0:f269e3021894	3113	{
elessair	0:f269e3021894	3114	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
elessair	0:f269e3021894	3115	return( ret );
elessair	0:f269e3021894	3116	}
elessair	0:f269e3021894	3117	}
elessair	0:f269e3021894	3118	else
elessair	0:f269e3021894	3119	{
elessair	0:f269e3021894	3120	MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
elessair	0:f269e3021894	3121	"message_seq = %d, expected = %d",
elessair	0:f269e3021894	3122	recv_msg_seq,
elessair	0:f269e3021894	3123	ssl->handshake->in_msg_seq ) );
elessair	0:f269e3021894	3124	}
elessair	0:f269e3021894	3125
elessair	0:f269e3021894	3126	return( MBEDTLS_ERR_SSL_WANT_READ );
elessair	0:f269e3021894	3127	}
elessair	0:f269e3021894	3128	/* Wait until message completion to increment in_msg_seq */
elessair	0:f269e3021894	3129
elessair	0:f269e3021894	3130	/* Reassemble if current message is fragmented or reassembly is
elessair	0:f269e3021894	3131	* already in progress */
elessair	0:f269e3021894	3132	if( ssl->in_msglen < ssl->in_hslen \|\|
elessair	0:f269e3021894	3133	memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 \|\|
elessair	0:f269e3021894	3134	memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 \|\|
elessair	0:f269e3021894	3135	( ssl->handshake != NULL && ssl->handshake->hs_msg != NULL ) )
elessair	0:f269e3021894	3136	{
elessair	0:f269e3021894	3137	MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) );
elessair	0:f269e3021894	3138
elessair	0:f269e3021894	3139	if( ( ret = ssl_reassemble_dtls_handshake( ssl ) ) != 0 )
elessair	0:f269e3021894	3140	{
elessair	0:f269e3021894	3141	MBEDTLS_SSL_DEBUG_RET( 1, "ssl_reassemble_dtls_handshake", ret );
elessair	0:f269e3021894	3142	return( ret );
elessair	0:f269e3021894	3143	}
elessair	0:f269e3021894	3144	}
elessair	0:f269e3021894	3145	}
elessair	0:f269e3021894	3146	else
elessair	0:f269e3021894	3147	#endif /* MBEDTLS_SSL_PROTO_DTLS */
elessair	0:f269e3021894	3148	/* With TLS we don't handle fragmentation (for now) */
elessair	0:f269e3021894	3149	if( ssl->in_msglen < ssl->in_hslen )
elessair	0:f269e3021894	3150	{
elessair	0:f269e3021894	3151	MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
elessair	0:f269e3021894	3152	return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
elessair	0:f269e3021894	3153	}
elessair	0:f269e3021894	3154
elessair	0:f269e3021894	3155	return( 0 );
elessair	0:f269e3021894	3156	}
elessair	0:f269e3021894	3157
elessair	0:f269e3021894	3158	void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	3159	{
elessair	0:f269e3021894	3160
elessair	0:f269e3021894	3161	if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
elessair	0:f269e3021894	3162	ssl->handshake != NULL )
elessair	0:f269e3021894	3163	{
elessair	0:f269e3021894	3164	ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
elessair	0:f269e3021894	3165	}
elessair	0:f269e3021894	3166
elessair	0:f269e3021894	3167	/* Handshake message is complete, increment counter */
elessair	0:f269e3021894	3168	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	3169	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
elessair	0:f269e3021894	3170	ssl->handshake != NULL )
elessair	0:f269e3021894	3171	{
elessair	0:f269e3021894	3172	ssl->handshake->in_msg_seq++;
elessair	0:f269e3021894	3173	}
elessair	0:f269e3021894	3174	#endif
elessair	0:f269e3021894	3175	}
elessair	0:f269e3021894	3176
elessair	0:f269e3021894	3177	/*
elessair	0:f269e3021894	3178	* DTLS anti-replay: RFC 6347 4.1.2.6
elessair	0:f269e3021894	3179	*
elessair	0:f269e3021894	3180	* in_window is a field of bits numbered from 0 (lsb) to 63 (msb).
elessair	0:f269e3021894	3181	* Bit n is set iff record number in_window_top - n has been seen.
elessair	0:f269e3021894	3182	*
elessair	0:f269e3021894	3183	* Usually, in_window_top is the last record number seen and the lsb of
elessair	0:f269e3021894	3184	* in_window is set. The only exception is the initial state (record number 0
elessair	0:f269e3021894	3185	* not seen yet).
elessair	0:f269e3021894	3186	*/
elessair	0:f269e3021894	3187	#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
elessair	0:f269e3021894	3188	static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	3189	{
elessair	0:f269e3021894	3190	ssl->in_window_top = 0;
elessair	0:f269e3021894	3191	ssl->in_window = 0;
elessair	0:f269e3021894	3192	}
elessair	0:f269e3021894	3193
elessair	0:f269e3021894	3194	static inline uint64_t ssl_load_six_bytes( unsigned char *buf )
elessair	0:f269e3021894	3195	{
elessair	0:f269e3021894	3196	return( ( (uint64_t) buf[0] << 40 ) \|
elessair	0:f269e3021894	3197	( (uint64_t) buf[1] << 32 ) \|
elessair	0:f269e3021894	3198	( (uint64_t) buf[2] << 24 ) \|
elessair	0:f269e3021894	3199	( (uint64_t) buf[3] << 16 ) \|
elessair	0:f269e3021894	3200	( (uint64_t) buf[4] << 8 ) \|
elessair	0:f269e3021894	3201	( (uint64_t) buf[5] ) );
elessair	0:f269e3021894	3202	}
elessair	0:f269e3021894	3203
elessair	0:f269e3021894	3204	/*
elessair	0:f269e3021894	3205	* Return 0 if sequence number is acceptable, -1 otherwise
elessair	0:f269e3021894	3206	*/
elessair	0:f269e3021894	3207	int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	3208	{
elessair	0:f269e3021894	3209	uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
elessair	0:f269e3021894	3210	uint64_t bit;
elessair	0:f269e3021894	3211
elessair	0:f269e3021894	3212	if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
elessair	0:f269e3021894	3213	return( 0 );
elessair	0:f269e3021894	3214
elessair	0:f269e3021894	3215	if( rec_seqnum > ssl->in_window_top )
elessair	0:f269e3021894	3216	return( 0 );
elessair	0:f269e3021894	3217
elessair	0:f269e3021894	3218	bit = ssl->in_window_top - rec_seqnum;
elessair	0:f269e3021894	3219
elessair	0:f269e3021894	3220	if( bit >= 64 )
elessair	0:f269e3021894	3221	return( -1 );
elessair	0:f269e3021894	3222
elessair	0:f269e3021894	3223	if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 )
elessair	0:f269e3021894	3224	return( -1 );
elessair	0:f269e3021894	3225
elessair	0:f269e3021894	3226	return( 0 );
elessair	0:f269e3021894	3227	}
elessair	0:f269e3021894	3228
elessair	0:f269e3021894	3229	/*
elessair	0:f269e3021894	3230	* Update replay window on new validated record
elessair	0:f269e3021894	3231	*/
elessair	0:f269e3021894	3232	void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	3233	{
elessair	0:f269e3021894	3234	uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
elessair	0:f269e3021894	3235
elessair	0:f269e3021894	3236	if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
elessair	0:f269e3021894	3237	return;
elessair	0:f269e3021894	3238
elessair	0:f269e3021894	3239	if( rec_seqnum > ssl->in_window_top )
elessair	0:f269e3021894	3240	{
elessair	0:f269e3021894	3241	/* Update window_top and the contents of the window */
elessair	0:f269e3021894	3242	uint64_t shift = rec_seqnum - ssl->in_window_top;
elessair	0:f269e3021894	3243
elessair	0:f269e3021894	3244	if( shift >= 64 )
elessair	0:f269e3021894	3245	ssl->in_window = 1;
elessair	0:f269e3021894	3246	else
elessair	0:f269e3021894	3247	{
elessair	0:f269e3021894	3248	ssl->in_window <<= shift;
elessair	0:f269e3021894	3249	ssl->in_window \|= 1;
elessair	0:f269e3021894	3250	}
elessair	0:f269e3021894	3251
elessair	0:f269e3021894	3252	ssl->in_window_top = rec_seqnum;
elessair	0:f269e3021894	3253	}
elessair	0:f269e3021894	3254	else
elessair	0:f269e3021894	3255	{
elessair	0:f269e3021894	3256	/* Mark that number as seen in the current window */
elessair	0:f269e3021894	3257	uint64_t bit = ssl->in_window_top - rec_seqnum;
elessair	0:f269e3021894	3258
elessair	0:f269e3021894	3259	if( bit < 64 ) /* Always true, but be extra sure */
elessair	0:f269e3021894	3260	ssl->in_window \|= (uint64_t) 1 << bit;
elessair	0:f269e3021894	3261	}
elessair	0:f269e3021894	3262	}
elessair	0:f269e3021894	3263	#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
elessair	0:f269e3021894	3264
elessair	0:f269e3021894	3265	#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	3266	/* Forward declaration */
elessair	0:f269e3021894	3267	static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
elessair	0:f269e3021894	3268
elessair	0:f269e3021894	3269	/*
elessair	0:f269e3021894	3270	* Without any SSL context, check if a datagram looks like a ClientHello with
elessair	0:f269e3021894	3271	* a valid cookie, and if it doesn't, generate a HelloVerifyRequest message.
elessair	0:f269e3021894	3272	* Both input and output include full DTLS headers.
elessair	0:f269e3021894	3273	*
elessair	0:f269e3021894	3274	* - if cookie is valid, return 0
elessair	0:f269e3021894	3275	* - if ClientHello looks superficially valid but cookie is not,
elessair	0:f269e3021894	3276	* fill obuf and set olen, then
elessair	0:f269e3021894	3277	* return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
elessair	0:f269e3021894	3278	* - otherwise return a specific error code
elessair	0:f269e3021894	3279	*/
elessair	0:f269e3021894	3280	static int ssl_check_dtls_clihlo_cookie(
elessair	0:f269e3021894	3281	mbedtls_ssl_cookie_write_t *f_cookie_write,
elessair	0:f269e3021894	3282	mbedtls_ssl_cookie_check_t *f_cookie_check,
elessair	0:f269e3021894	3283	void *p_cookie,
elessair	0:f269e3021894	3284	const unsigned char *cli_id, size_t cli_id_len,
elessair	0:f269e3021894	3285	const unsigned char *in, size_t in_len,
elessair	0:f269e3021894	3286	unsigned char obuf, size_t buf_len, size_t olen )
elessair	0:f269e3021894	3287	{
elessair	0:f269e3021894	3288	size_t sid_len, cookie_len;
elessair	0:f269e3021894	3289	unsigned char *p;
elessair	0:f269e3021894	3290
elessair	0:f269e3021894	3291	if( f_cookie_write == NULL \|\| f_cookie_check == NULL )
elessair	0:f269e3021894	3292	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	3293
elessair	0:f269e3021894	3294	/*
elessair	0:f269e3021894	3295	* Structure of ClientHello with record and handshake headers,
elessair	0:f269e3021894	3296	* and expected values. We don't need to check a lot, more checks will be
elessair	0:f269e3021894	3297	* done when actually parsing the ClientHello - skipping those checks
elessair	0:f269e3021894	3298	* avoids code duplication and does not make cookie forging any easier.
elessair	0:f269e3021894	3299	*
elessair	0:f269e3021894	3300	* 0-0 ContentType type; copied, must be handshake
elessair	0:f269e3021894	3301	* 1-2 ProtocolVersion version; copied
elessair	0:f269e3021894	3302	* 3-4 uint16 epoch; copied, must be 0
elessair	0:f269e3021894	3303	* 5-10 uint48 sequence_number; copied
elessair	0:f269e3021894	3304	* 11-12 uint16 length; (ignored)
elessair	0:f269e3021894	3305	*
elessair	0:f269e3021894	3306	* 13-13 HandshakeType msg_type; (ignored)
elessair	0:f269e3021894	3307	* 14-16 uint24 length; (ignored)
elessair	0:f269e3021894	3308	* 17-18 uint16 message_seq; copied
elessair	0:f269e3021894	3309	* 19-21 uint24 fragment_offset; copied, must be 0
elessair	0:f269e3021894	3310	* 22-24 uint24 fragment_length; (ignored)
elessair	0:f269e3021894	3311	*
elessair	0:f269e3021894	3312	* 25-26 ProtocolVersion client_version; (ignored)
elessair	0:f269e3021894	3313	* 27-58 Random random; (ignored)
elessair	0:f269e3021894	3314	* 59-xx SessionID session_id; 1 byte len + sid_len content
elessair	0:f269e3021894	3315	* 60+ opaque cookie<0..2^8-1>; 1 byte len + content
elessair	0:f269e3021894	3316	* ...
elessair	0:f269e3021894	3317	*
elessair	0:f269e3021894	3318	* Minimum length is 61 bytes.
elessair	0:f269e3021894	3319	*/
elessair	0:f269e3021894	3320	if( in_len < 61 \|\|
elessair	0:f269e3021894	3321	in[0] != MBEDTLS_SSL_MSG_HANDSHAKE \|\|
elessair	0:f269e3021894	3322	in[3] != 0 \|\| in[4] != 0 \|\|
elessair	0:f269e3021894	3323	in[19] != 0 \|\| in[20] != 0 \|\| in[21] != 0 )
elessair	0:f269e3021894	3324	{
elessair	0:f269e3021894	3325	return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
elessair	0:f269e3021894	3326	}
elessair	0:f269e3021894	3327
elessair	0:f269e3021894	3328	sid_len = in[59];
elessair	0:f269e3021894	3329	if( sid_len > in_len - 61 )
elessair	0:f269e3021894	3330	return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
elessair	0:f269e3021894	3331
elessair	0:f269e3021894	3332	cookie_len = in[60 + sid_len];
elessair	0:f269e3021894	3333	if( cookie_len > in_len - 60 )
elessair	0:f269e3021894	3334	return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
elessair	0:f269e3021894	3335
elessair	0:f269e3021894	3336	if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len,
elessair	0:f269e3021894	3337	cli_id, cli_id_len ) == 0 )
elessair	0:f269e3021894	3338	{
elessair	0:f269e3021894	3339	/* Valid cookie */
elessair	0:f269e3021894	3340	return( 0 );
elessair	0:f269e3021894	3341	}
elessair	0:f269e3021894	3342
elessair	0:f269e3021894	3343	/*
elessair	0:f269e3021894	3344	* If we get here, we've got an invalid cookie, let's prepare HVR.
elessair	0:f269e3021894	3345	*
elessair	0:f269e3021894	3346	* 0-0 ContentType type; copied
elessair	0:f269e3021894	3347	* 1-2 ProtocolVersion version; copied
elessair	0:f269e3021894	3348	* 3-4 uint16 epoch; copied
elessair	0:f269e3021894	3349	* 5-10 uint48 sequence_number; copied
elessair	0:f269e3021894	3350	* 11-12 uint16 length; olen - 13
elessair	0:f269e3021894	3351	*
elessair	0:f269e3021894	3352	* 13-13 HandshakeType msg_type; hello_verify_request
elessair	0:f269e3021894	3353	* 14-16 uint24 length; olen - 25
elessair	0:f269e3021894	3354	* 17-18 uint16 message_seq; copied
elessair	0:f269e3021894	3355	* 19-21 uint24 fragment_offset; copied
elessair	0:f269e3021894	3356	* 22-24 uint24 fragment_length; olen - 25
elessair	0:f269e3021894	3357	*
elessair	0:f269e3021894	3358	* 25-26 ProtocolVersion server_version; 0xfe 0xff
elessair	0:f269e3021894	3359	* 27-27 opaque cookie<0..2^8-1>; cookie_len = olen - 27, cookie
elessair	0:f269e3021894	3360	*
elessair	0:f269e3021894	3361	* Minimum length is 28.
elessair	0:f269e3021894	3362	*/
elessair	0:f269e3021894	3363	if( buf_len < 28 )
elessair	0:f269e3021894	3364	return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
elessair	0:f269e3021894	3365
elessair	0:f269e3021894	3366	/* Copy most fields and adapt others */
elessair	0:f269e3021894	3367	memcpy( obuf, in, 25 );
elessair	0:f269e3021894	3368	obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST;
elessair	0:f269e3021894	3369	obuf[25] = 0xfe;
elessair	0:f269e3021894	3370	obuf[26] = 0xff;
elessair	0:f269e3021894	3371
elessair	0:f269e3021894	3372	/* Generate and write actual cookie */
elessair	0:f269e3021894	3373	p = obuf + 28;
elessair	0:f269e3021894	3374	if( f_cookie_write( p_cookie,
elessair	0:f269e3021894	3375	&p, obuf + buf_len, cli_id, cli_id_len ) != 0 )
elessair	0:f269e3021894	3376	{
elessair	0:f269e3021894	3377	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	3378	}
elessair	0:f269e3021894	3379
elessair	0:f269e3021894	3380	*olen = p - obuf;
elessair	0:f269e3021894	3381
elessair	0:f269e3021894	3382	/* Go back and fill length fields */
elessair	0:f269e3021894	3383	obuf[27] = (unsigned char)( *olen - 28 );
elessair	0:f269e3021894	3384
elessair	0:f269e3021894	3385	obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 );
elessair	0:f269e3021894	3386	obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 );
elessair	0:f269e3021894	3387	obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) );
elessair	0:f269e3021894	3388
elessair	0:f269e3021894	3389	obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 );
elessair	0:f269e3021894	3390	obuf[12] = (unsigned char)( ( *olen - 13 ) );
elessair	0:f269e3021894	3391
elessair	0:f269e3021894	3392	return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
elessair	0:f269e3021894	3393	}
elessair	0:f269e3021894	3394
elessair	0:f269e3021894	3395	/*
elessair	0:f269e3021894	3396	* Handle possible client reconnect with the same UDP quadruplet
elessair	0:f269e3021894	3397	* (RFC 6347 Section 4.2.8).
elessair	0:f269e3021894	3398	*
elessair	0:f269e3021894	3399	* Called by ssl_parse_record_header() in case we receive an epoch 0 record
elessair	0:f269e3021894	3400	* that looks like a ClientHello.
elessair	0:f269e3021894	3401	*
elessair	0:f269e3021894	3402	* - if the input looks like a ClientHello without cookies,
elessair	0:f269e3021894	3403	* send back HelloVerifyRequest, then
elessair	0:f269e3021894	3404	* return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
elessair	0:f269e3021894	3405	* - if the input looks like a ClientHello with a valid cookie,
elessair	0:f269e3021894	3406	* reset the session of the current context, and
elessair	0:f269e3021894	3407	* return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
elessair	0:f269e3021894	3408	* - if anything goes wrong, return a specific error code
elessair	0:f269e3021894	3409	*
elessair	0:f269e3021894	3410	* mbedtls_ssl_read_record() will ignore the record if anything else than
elessair	0:f269e3021894	3411	* MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function
elessair	0:f269e3021894	3412	* cannot not return 0.
elessair	0:f269e3021894	3413	*/
elessair	0:f269e3021894	3414	static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	3415	{
elessair	0:f269e3021894	3416	int ret;
elessair	0:f269e3021894	3417	size_t len;
elessair	0:f269e3021894	3418
elessair	0:f269e3021894	3419	ret = ssl_check_dtls_clihlo_cookie(
elessair	0:f269e3021894	3420	ssl->conf->f_cookie_write,
elessair	0:f269e3021894	3421	ssl->conf->f_cookie_check,
elessair	0:f269e3021894	3422	ssl->conf->p_cookie,
elessair	0:f269e3021894	3423	ssl->cli_id, ssl->cli_id_len,
elessair	0:f269e3021894	3424	ssl->in_buf, ssl->in_left,
elessair	0:f269e3021894	3425	ssl->out_buf, MBEDTLS_SSL_MAX_CONTENT_LEN, &len );
elessair	0:f269e3021894	3426
elessair	0:f269e3021894	3427	MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret );
elessair	0:f269e3021894	3428
elessair	0:f269e3021894	3429	if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
elessair	0:f269e3021894	3430	{
elessair	0:f269e3021894	3431	/* Dont check write errors as we can't do anything here.
elessair	0:f269e3021894	3432	* If the error is permanent we'll catch it later,
elessair	0:f269e3021894	3433	* if it's not, then hopefully it'll work next time. */
elessair	0:f269e3021894	3434	(void) ssl->f_send( ssl->p_bio, ssl->out_buf, len );
elessair	0:f269e3021894	3435
elessair	0:f269e3021894	3436	return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
elessair	0:f269e3021894	3437	}
elessair	0:f269e3021894	3438
elessair	0:f269e3021894	3439	if( ret == 0 )
elessair	0:f269e3021894	3440	{
elessair	0:f269e3021894	3441	/* Got a valid cookie, partially reset context */
elessair	0:f269e3021894	3442	if( ( ret = ssl_session_reset_int( ssl, 1 ) ) != 0 )
elessair	0:f269e3021894	3443	{
elessair	0:f269e3021894	3444	MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret );
elessair	0:f269e3021894	3445	return( ret );
elessair	0:f269e3021894	3446	}
elessair	0:f269e3021894	3447
elessair	0:f269e3021894	3448	return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT );
elessair	0:f269e3021894	3449	}
elessair	0:f269e3021894	3450
elessair	0:f269e3021894	3451	return( ret );
elessair	0:f269e3021894	3452	}
elessair	0:f269e3021894	3453	#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
elessair	0:f269e3021894	3454
elessair	0:f269e3021894	3455	/*
elessair	0:f269e3021894	3456	* ContentType type;
elessair	0:f269e3021894	3457	* ProtocolVersion version;
elessair	0:f269e3021894	3458	* uint16 epoch; // DTLS only
elessair	0:f269e3021894	3459	* uint48 sequence_number; // DTLS only
elessair	0:f269e3021894	3460	* uint16 length;
elessair	0:f269e3021894	3461	*
elessair	0:f269e3021894	3462	* Return 0 if header looks sane (and, for DTLS, the record is expected)
elessair	0:f269e3021894	3463	* MBEDTLS_ERR_SSL_INVALID_RECORD if the header looks bad,
elessair	0:f269e3021894	3464	* MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected.
elessair	0:f269e3021894	3465	*
elessair	0:f269e3021894	3466	* With DTLS, mbedtls_ssl_read_record() will:
elessair	0:f269e3021894	3467	* 1. proceed with the record if this function returns 0
elessair	0:f269e3021894	3468	* 2. drop only the current record if this function returns UNEXPECTED_RECORD
elessair	0:f269e3021894	3469	* 3. return CLIENT_RECONNECT if this function return that value
elessair	0:f269e3021894	3470	* 4. drop the whole datagram if this function returns anything else.
elessair	0:f269e3021894	3471	* Point 2 is needed when the peer is resending, and we have already received
elessair	0:f269e3021894	3472	* the first record from a datagram but are still waiting for the others.
elessair	0:f269e3021894	3473	*/
elessair	0:f269e3021894	3474	static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	3475	{
elessair	0:f269e3021894	3476	int ret;
elessair	0:f269e3021894	3477	int major_ver, minor_ver;
elessair	0:f269e3021894	3478
elessair	0:f269e3021894	3479	MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) );
elessair	0:f269e3021894	3480
elessair	0:f269e3021894	3481	ssl->in_msgtype = ssl->in_hdr[0];
elessair	0:f269e3021894	3482	ssl->in_msglen = ( ssl->in_len[0] << 8 ) \| ssl->in_len[1];
elessair	0:f269e3021894	3483	mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 );
elessair	0:f269e3021894	3484
elessair	0:f269e3021894	3485	MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
elessair	0:f269e3021894	3486	"version = [%d:%d], msglen = %d",
elessair	0:f269e3021894	3487	ssl->in_msgtype,
elessair	0:f269e3021894	3488	major_ver, minor_ver, ssl->in_msglen ) );
elessair	0:f269e3021894	3489
elessair	0:f269e3021894	3490	/* Check record type */
elessair	0:f269e3021894	3491	if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
elessair	0:f269e3021894	3492	ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT &&
elessair	0:f269e3021894	3493	ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
elessair	0:f269e3021894	3494	ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
elessair	0:f269e3021894	3495	{
elessair	0:f269e3021894	3496	MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
elessair	0:f269e3021894	3497
elessair	0:f269e3021894	3498	if( ( ret = mbedtls_ssl_send_alert_message( ssl,
elessair	0:f269e3021894	3499	MBEDTLS_SSL_ALERT_LEVEL_FATAL,
elessair	0:f269e3021894	3500	MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
elessair	0:f269e3021894	3501	{
elessair	0:f269e3021894	3502	return( ret );
elessair	0:f269e3021894	3503	}
elessair	0:f269e3021894	3504
elessair	0:f269e3021894	3505	return( MBEDTLS_ERR_SSL_INVALID_RECORD );
elessair	0:f269e3021894	3506	}
elessair	0:f269e3021894	3507
elessair	0:f269e3021894	3508	/* Check version */
elessair	0:f269e3021894	3509	if( major_ver != ssl->major_ver )
elessair	0:f269e3021894	3510	{
elessair	0:f269e3021894	3511	MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
elessair	0:f269e3021894	3512	return( MBEDTLS_ERR_SSL_INVALID_RECORD );
elessair	0:f269e3021894	3513	}
elessair	0:f269e3021894	3514
elessair	0:f269e3021894	3515	if( minor_ver > ssl->conf->max_minor_ver )
elessair	0:f269e3021894	3516	{
elessair	0:f269e3021894	3517	MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
elessair	0:f269e3021894	3518	return( MBEDTLS_ERR_SSL_INVALID_RECORD );
elessair	0:f269e3021894	3519	}
elessair	0:f269e3021894	3520
elessair	0:f269e3021894	3521	/* Check length against the size of our buffer */
elessair	0:f269e3021894	3522	if( ssl->in_msglen > MBEDTLS_SSL_BUFFER_LEN
elessair	0:f269e3021894	3523	- (size_t)( ssl->in_msg - ssl->in_buf ) )
elessair	0:f269e3021894	3524	{
elessair	0:f269e3021894	3525	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
elessair	0:f269e3021894	3526	return( MBEDTLS_ERR_SSL_INVALID_RECORD );
elessair	0:f269e3021894	3527	}
elessair	0:f269e3021894	3528
elessair	0:f269e3021894	3529	/* Check length against bounds of the current transform and version */
elessair	0:f269e3021894	3530	if( ssl->transform_in == NULL )
elessair	0:f269e3021894	3531	{
elessair	0:f269e3021894	3532	if( ssl->in_msglen < 1 \|\|
elessair	0:f269e3021894	3533	ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
elessair	0:f269e3021894	3534	{
elessair	0:f269e3021894	3535	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
elessair	0:f269e3021894	3536	return( MBEDTLS_ERR_SSL_INVALID_RECORD );
elessair	0:f269e3021894	3537	}
elessair	0:f269e3021894	3538	}
elessair	0:f269e3021894	3539	else
elessair	0:f269e3021894	3540	{
elessair	0:f269e3021894	3541	if( ssl->in_msglen < ssl->transform_in->minlen )
elessair	0:f269e3021894	3542	{
elessair	0:f269e3021894	3543	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
elessair	0:f269e3021894	3544	return( MBEDTLS_ERR_SSL_INVALID_RECORD );
elessair	0:f269e3021894	3545	}
elessair	0:f269e3021894	3546
elessair	0:f269e3021894	3547	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	3548	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
elessair	0:f269e3021894	3549	ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN )
elessair	0:f269e3021894	3550	{
elessair	0:f269e3021894	3551	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
elessair	0:f269e3021894	3552	return( MBEDTLS_ERR_SSL_INVALID_RECORD );
elessair	0:f269e3021894	3553	}
elessair	0:f269e3021894	3554	#endif
elessair	0:f269e3021894	3555	#if defined(MBEDTLS_SSL_PROTO_TLS1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_1) \|\| \
elessair	0:f269e3021894	3556	defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	3557	/*
elessair	0:f269e3021894	3558	* TLS encrypted messages can have up to 256 bytes of padding
elessair	0:f269e3021894	3559	*/
elessair	0:f269e3021894	3560	if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 &&
elessair	0:f269e3021894	3561	ssl->in_msglen > ssl->transform_in->minlen +
elessair	0:f269e3021894	3562	MBEDTLS_SSL_MAX_CONTENT_LEN + 256 )
elessair	0:f269e3021894	3563	{
elessair	0:f269e3021894	3564	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
elessair	0:f269e3021894	3565	return( MBEDTLS_ERR_SSL_INVALID_RECORD );
elessair	0:f269e3021894	3566	}
elessair	0:f269e3021894	3567	#endif
elessair	0:f269e3021894	3568	}
elessair	0:f269e3021894	3569
elessair	0:f269e3021894	3570	/*
elessair	0:f269e3021894	3571	* DTLS-related tests done last, because most of them may result in
elessair	0:f269e3021894	3572	* silently dropping the record (but not the whole datagram), and we only
elessair	0:f269e3021894	3573	* want to consider that after ensuring that the "basic" fields (type,
elessair	0:f269e3021894	3574	* version, length) are sane.
elessair	0:f269e3021894	3575	*/
elessair	0:f269e3021894	3576	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	3577	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	3578	{
elessair	0:f269e3021894	3579	unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) \| ssl->in_ctr[1];
elessair	0:f269e3021894	3580
elessair	0:f269e3021894	3581	/* Drop unexpected ChangeCipherSpec messages */
elessair	0:f269e3021894	3582	if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
elessair	0:f269e3021894	3583	ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
elessair	0:f269e3021894	3584	ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
elessair	0:f269e3021894	3585	{
elessair	0:f269e3021894	3586	MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
elessair	0:f269e3021894	3587	return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
elessair	0:f269e3021894	3588	}
elessair	0:f269e3021894	3589
elessair	0:f269e3021894	3590	/* Drop unexpected ApplicationData records,
elessair	0:f269e3021894	3591	* except at the beginning of renegotiations */
elessair	0:f269e3021894	3592	if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
elessair	0:f269e3021894	3593	ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
elessair	0:f269e3021894	3594	#if defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	3595	&& ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
elessair	0:f269e3021894	3596	ssl->state == MBEDTLS_SSL_SERVER_HELLO )
elessair	0:f269e3021894	3597	#endif
elessair	0:f269e3021894	3598	)
elessair	0:f269e3021894	3599	{
elessair	0:f269e3021894	3600	MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
elessair	0:f269e3021894	3601	return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
elessair	0:f269e3021894	3602	}
elessair	0:f269e3021894	3603
elessair	0:f269e3021894	3604	/* Check epoch (and sequence number) with DTLS */
elessair	0:f269e3021894	3605	if( rec_epoch != ssl->in_epoch )
elessair	0:f269e3021894	3606	{
elessair	0:f269e3021894	3607	MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
elessair	0:f269e3021894	3608	"expected %d, received %d",
elessair	0:f269e3021894	3609	ssl->in_epoch, rec_epoch ) );
elessair	0:f269e3021894	3610
elessair	0:f269e3021894	3611	#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	3612	/*
elessair	0:f269e3021894	3613	* Check for an epoch 0 ClientHello. We can't use in_msg here to
elessair	0:f269e3021894	3614	* access the first byte of record content (handshake type), as we
elessair	0:f269e3021894	3615	* have an active transform (possibly iv_len != 0), so use the
elessair	0:f269e3021894	3616	* fact that the record header len is 13 instead.
elessair	0:f269e3021894	3617	*/
elessair	0:f269e3021894	3618	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
elessair	0:f269e3021894	3619	ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
elessair	0:f269e3021894	3620	rec_epoch == 0 &&
elessair	0:f269e3021894	3621	ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
elessair	0:f269e3021894	3622	ssl->in_left > 13 &&
elessair	0:f269e3021894	3623	ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO )
elessair	0:f269e3021894	3624	{
elessair	0:f269e3021894	3625	MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect "
elessair	0:f269e3021894	3626	"from the same port" ) );
elessair	0:f269e3021894	3627	return( ssl_handle_possible_reconnect( ssl ) );
elessair	0:f269e3021894	3628	}
elessair	0:f269e3021894	3629	else
elessair	0:f269e3021894	3630	#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
elessair	0:f269e3021894	3631	return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
elessair	0:f269e3021894	3632	}
elessair	0:f269e3021894	3633
elessair	0:f269e3021894	3634	#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
elessair	0:f269e3021894	3635	/* Replay detection only works for the current epoch */
elessair	0:f269e3021894	3636	if( rec_epoch == ssl->in_epoch &&
elessair	0:f269e3021894	3637	mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
elessair	0:f269e3021894	3638	{
elessair	0:f269e3021894	3639	MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) );
elessair	0:f269e3021894	3640	return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
elessair	0:f269e3021894	3641	}
elessair	0:f269e3021894	3642	#endif
elessair	0:f269e3021894	3643	}
elessair	0:f269e3021894	3644	#endif /* MBEDTLS_SSL_PROTO_DTLS */
elessair	0:f269e3021894	3645
elessair	0:f269e3021894	3646	return( 0 );
elessair	0:f269e3021894	3647	}
elessair	0:f269e3021894	3648
elessair	0:f269e3021894	3649	/*
elessair	0:f269e3021894	3650	* If applicable, decrypt (and decompress) record content
elessair	0:f269e3021894	3651	*/
elessair	0:f269e3021894	3652	static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	3653	{
elessair	0:f269e3021894	3654	int ret, done = 0;
elessair	0:f269e3021894	3655
elessair	0:f269e3021894	3656	MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
elessair	0:f269e3021894	3657	ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen );
elessair	0:f269e3021894	3658
elessair	0:f269e3021894	3659	#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
elessair	0:f269e3021894	3660	if( mbedtls_ssl_hw_record_read != NULL )
elessair	0:f269e3021894	3661	{
elessair	0:f269e3021894	3662	MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_read()" ) );
elessair	0:f269e3021894	3663
elessair	0:f269e3021894	3664	ret = mbedtls_ssl_hw_record_read( ssl );
elessair	0:f269e3021894	3665	if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH )
elessair	0:f269e3021894	3666	{
elessair	0:f269e3021894	3667	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_read", ret );
elessair	0:f269e3021894	3668	return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
elessair	0:f269e3021894	3669	}
elessair	0:f269e3021894	3670
elessair	0:f269e3021894	3671	if( ret == 0 )
elessair	0:f269e3021894	3672	done = 1;
elessair	0:f269e3021894	3673	}
elessair	0:f269e3021894	3674	#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
elessair	0:f269e3021894	3675	if( !done && ssl->transform_in != NULL )
elessair	0:f269e3021894	3676	{
elessair	0:f269e3021894	3677	if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
elessair	0:f269e3021894	3678	{
elessair	0:f269e3021894	3679	MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
elessair	0:f269e3021894	3680	return( ret );
elessair	0:f269e3021894	3681	}
elessair	0:f269e3021894	3682
elessair	0:f269e3021894	3683	MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
elessair	0:f269e3021894	3684	ssl->in_msg, ssl->in_msglen );
elessair	0:f269e3021894	3685
elessair	0:f269e3021894	3686	if( ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
elessair	0:f269e3021894	3687	{
elessair	0:f269e3021894	3688	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
elessair	0:f269e3021894	3689	return( MBEDTLS_ERR_SSL_INVALID_RECORD );
elessair	0:f269e3021894	3690	}
elessair	0:f269e3021894	3691	}
elessair	0:f269e3021894	3692
elessair	0:f269e3021894	3693	#if defined(MBEDTLS_ZLIB_SUPPORT)
elessair	0:f269e3021894	3694	if( ssl->transform_in != NULL &&
elessair	0:f269e3021894	3695	ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
elessair	0:f269e3021894	3696	{
elessair	0:f269e3021894	3697	if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
elessair	0:f269e3021894	3698	{
elessair	0:f269e3021894	3699	MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret );
elessair	0:f269e3021894	3700	return( ret );
elessair	0:f269e3021894	3701	}
elessair	0:f269e3021894	3702	}
elessair	0:f269e3021894	3703	#endif /* MBEDTLS_ZLIB_SUPPORT */
elessair	0:f269e3021894	3704
elessair	0:f269e3021894	3705	#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
elessair	0:f269e3021894	3706	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	3707	{
elessair	0:f269e3021894	3708	mbedtls_ssl_dtls_replay_update( ssl );
elessair	0:f269e3021894	3709	}
elessair	0:f269e3021894	3710	#endif
elessair	0:f269e3021894	3711
elessair	0:f269e3021894	3712	return( 0 );
elessair	0:f269e3021894	3713	}
elessair	0:f269e3021894	3714
elessair	0:f269e3021894	3715	static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
elessair	0:f269e3021894	3716
elessair	0:f269e3021894	3717	/*
elessair	0:f269e3021894	3718	* Read a record.
elessair	0:f269e3021894	3719	*
elessair	0:f269e3021894	3720	* Silently ignore non-fatal alert (and for DTLS, invalid records as well,
elessair	0:f269e3021894	3721	* RFC 6347 4.1.2.7) and continue reading until a valid record is found.
elessair	0:f269e3021894	3722	*
elessair	0:f269e3021894	3723	*/
elessair	0:f269e3021894	3724	int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	3725	{
elessair	0:f269e3021894	3726	int ret;
elessair	0:f269e3021894	3727
elessair	0:f269e3021894	3728	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) );
elessair	0:f269e3021894	3729
elessair	0:f269e3021894	3730	do {
elessair	0:f269e3021894	3731
elessair	0:f269e3021894	3732	if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 )
elessair	0:f269e3021894	3733	{
elessair	0:f269e3021894	3734	MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
elessair	0:f269e3021894	3735	return( ret );
elessair	0:f269e3021894	3736	}
elessair	0:f269e3021894	3737
elessair	0:f269e3021894	3738	ret = mbedtls_ssl_handle_message_type( ssl );
elessair	0:f269e3021894	3739
elessair	0:f269e3021894	3740	} while( MBEDTLS_ERR_SSL_NON_FATAL == ret );
elessair	0:f269e3021894	3741
elessair	0:f269e3021894	3742	if( 0 != ret )
elessair	0:f269e3021894	3743	{
elessair	0:f269e3021894	3744	MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret );
elessair	0:f269e3021894	3745	return( ret );
elessair	0:f269e3021894	3746	}
elessair	0:f269e3021894	3747
elessair	0:f269e3021894	3748	if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
elessair	0:f269e3021894	3749	{
elessair	0:f269e3021894	3750	mbedtls_ssl_update_handshake_status( ssl );
elessair	0:f269e3021894	3751	}
elessair	0:f269e3021894	3752
elessair	0:f269e3021894	3753	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) );
elessair	0:f269e3021894	3754
elessair	0:f269e3021894	3755	return( 0 );
elessair	0:f269e3021894	3756	}
elessair	0:f269e3021894	3757
elessair	0:f269e3021894	3758	int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	3759	{
elessair	0:f269e3021894	3760	int ret;
elessair	0:f269e3021894	3761
elessair	0:f269e3021894	3762	if( ssl->in_hslen != 0 && ssl->in_hslen < ssl->in_msglen )
elessair	0:f269e3021894	3763	{
elessair	0:f269e3021894	3764	/*
elessair	0:f269e3021894	3765	* Get next Handshake message in the current record
elessair	0:f269e3021894	3766	*/
elessair	0:f269e3021894	3767	ssl->in_msglen -= ssl->in_hslen;
elessair	0:f269e3021894	3768
elessair	0:f269e3021894	3769	memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
elessair	0:f269e3021894	3770	ssl->in_msglen );
elessair	0:f269e3021894	3771
elessair	0:f269e3021894	3772	MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record",
elessair	0:f269e3021894	3773	ssl->in_msg, ssl->in_msglen );
elessair	0:f269e3021894	3774
elessair	0:f269e3021894	3775	return( 0 );
elessair	0:f269e3021894	3776	}
elessair	0:f269e3021894	3777
elessair	0:f269e3021894	3778	ssl->in_hslen = 0;
elessair	0:f269e3021894	3779
elessair	0:f269e3021894	3780	/*
elessair	0:f269e3021894	3781	* Read the record header and parse it
elessair	0:f269e3021894	3782	*/
elessair	0:f269e3021894	3783	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	3784	read_record_header:
elessair	0:f269e3021894	3785	#endif
elessair	0:f269e3021894	3786
elessair	0:f269e3021894	3787	if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
elessair	0:f269e3021894	3788	{
elessair	0:f269e3021894	3789	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
elessair	0:f269e3021894	3790	return( ret );
elessair	0:f269e3021894	3791	}
elessair	0:f269e3021894	3792
elessair	0:f269e3021894	3793	if( ( ret = ssl_parse_record_header( ssl ) ) != 0 )
elessair	0:f269e3021894	3794	{
elessair	0:f269e3021894	3795	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	3796	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
elessair	0:f269e3021894	3797	ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
elessair	0:f269e3021894	3798	{
elessair	0:f269e3021894	3799	if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD )
elessair	0:f269e3021894	3800	{
elessair	0:f269e3021894	3801	/* Skip unexpected record (but not whole datagram) */
elessair	0:f269e3021894	3802	ssl->next_record_offset = ssl->in_msglen
elessair	0:f269e3021894	3803	+ mbedtls_ssl_hdr_len( ssl );
elessair	0:f269e3021894	3804
elessair	0:f269e3021894	3805	MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record "
elessair	0:f269e3021894	3806	"(header)" ) );
elessair	0:f269e3021894	3807	}
elessair	0:f269e3021894	3808	else
elessair	0:f269e3021894	3809	{
elessair	0:f269e3021894	3810	/* Skip invalid record and the rest of the datagram */
elessair	0:f269e3021894	3811	ssl->next_record_offset = 0;
elessair	0:f269e3021894	3812	ssl->in_left = 0;
elessair	0:f269e3021894	3813
elessair	0:f269e3021894	3814	MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record "
elessair	0:f269e3021894	3815	"(header)" ) );
elessair	0:f269e3021894	3816	}
elessair	0:f269e3021894	3817
elessair	0:f269e3021894	3818	/* Get next record */
elessair	0:f269e3021894	3819	goto read_record_header;
elessair	0:f269e3021894	3820	}
elessair	0:f269e3021894	3821	#endif
elessair	0:f269e3021894	3822	return( ret );
elessair	0:f269e3021894	3823	}
elessair	0:f269e3021894	3824
elessair	0:f269e3021894	3825	/*
elessair	0:f269e3021894	3826	* Read and optionally decrypt the message contents
elessair	0:f269e3021894	3827	*/
elessair	0:f269e3021894	3828	if( ( ret = mbedtls_ssl_fetch_input( ssl,
elessair	0:f269e3021894	3829	mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
elessair	0:f269e3021894	3830	{
elessair	0:f269e3021894	3831	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
elessair	0:f269e3021894	3832	return( ret );
elessair	0:f269e3021894	3833	}
elessair	0:f269e3021894	3834
elessair	0:f269e3021894	3835	/* Done reading this record, get ready for the next one */
elessair	0:f269e3021894	3836	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	3837	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	3838	ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
elessair	0:f269e3021894	3839	else
elessair	0:f269e3021894	3840	#endif
elessair	0:f269e3021894	3841	ssl->in_left = 0;
elessair	0:f269e3021894	3842
elessair	0:f269e3021894	3843	if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
elessair	0:f269e3021894	3844	{
elessair	0:f269e3021894	3845	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	3846	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	3847	{
elessair	0:f269e3021894	3848	/* Silently discard invalid records */
elessair	0:f269e3021894	3849	if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD \|\|
elessair	0:f269e3021894	3850	ret == MBEDTLS_ERR_SSL_INVALID_MAC )
elessair	0:f269e3021894	3851	{
elessair	0:f269e3021894	3852	/* Except when waiting for Finished as a bad mac here
elessair	0:f269e3021894	3853	* probably means something went wrong in the handshake
elessair	0:f269e3021894	3854	* (eg wrong psk used, mitm downgrade attempt, etc.) */
elessair	0:f269e3021894	3855	if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED \|\|
elessair	0:f269e3021894	3856	ssl->state == MBEDTLS_SSL_SERVER_FINISHED )
elessair	0:f269e3021894	3857	{
elessair	0:f269e3021894	3858	#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
elessair	0:f269e3021894	3859	if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
elessair	0:f269e3021894	3860	{
elessair	0:f269e3021894	3861	mbedtls_ssl_send_alert_message( ssl,
elessair	0:f269e3021894	3862	MBEDTLS_SSL_ALERT_LEVEL_FATAL,
elessair	0:f269e3021894	3863	MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
elessair	0:f269e3021894	3864	}
elessair	0:f269e3021894	3865	#endif
elessair	0:f269e3021894	3866	return( ret );
elessair	0:f269e3021894	3867	}
elessair	0:f269e3021894	3868
elessair	0:f269e3021894	3869	#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
elessair	0:f269e3021894	3870	if( ssl->conf->badmac_limit != 0 &&
elessair	0:f269e3021894	3871	++ssl->badmac_seen >= ssl->conf->badmac_limit )
elessair	0:f269e3021894	3872	{
elessair	0:f269e3021894	3873	MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) );
elessair	0:f269e3021894	3874	return( MBEDTLS_ERR_SSL_INVALID_MAC );
elessair	0:f269e3021894	3875	}
elessair	0:f269e3021894	3876	#endif
elessair	0:f269e3021894	3877
elessair	0:f269e3021894	3878	MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) );
elessair	0:f269e3021894	3879	goto read_record_header;
elessair	0:f269e3021894	3880	}
elessair	0:f269e3021894	3881
elessair	0:f269e3021894	3882	return( ret );
elessair	0:f269e3021894	3883	}
elessair	0:f269e3021894	3884	else
elessair	0:f269e3021894	3885	#endif
elessair	0:f269e3021894	3886	{
elessair	0:f269e3021894	3887	/* Error out (and send alert) on invalid records */
elessair	0:f269e3021894	3888	#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
elessair	0:f269e3021894	3889	if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
elessair	0:f269e3021894	3890	{
elessair	0:f269e3021894	3891	mbedtls_ssl_send_alert_message( ssl,
elessair	0:f269e3021894	3892	MBEDTLS_SSL_ALERT_LEVEL_FATAL,
elessair	0:f269e3021894	3893	MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
elessair	0:f269e3021894	3894	}
elessair	0:f269e3021894	3895	#endif
elessair	0:f269e3021894	3896	return( ret );
elessair	0:f269e3021894	3897	}
elessair	0:f269e3021894	3898	}
elessair	0:f269e3021894	3899
elessair	0:f269e3021894	3900	/*
elessair	0:f269e3021894	3901	* When we sent the last flight of the handshake, we MUST respond to a
elessair	0:f269e3021894	3902	* retransmit of the peer's previous flight with a retransmit. (In
elessair	0:f269e3021894	3903	* practice, only the Finished message will make it, other messages
elessair	0:f269e3021894	3904	* including CCS use the old transform so they're dropped as invalid.)
elessair	0:f269e3021894	3905	*
elessair	0:f269e3021894	3906	* If the record we received is not a handshake message, however, it
elessair	0:f269e3021894	3907	* means the peer received our last flight so we can clean up
elessair	0:f269e3021894	3908	* handshake info.
elessair	0:f269e3021894	3909	*
elessair	0:f269e3021894	3910	* This check needs to be done before prepare_handshake() due to an edge
elessair	0:f269e3021894	3911	* case: if the client immediately requests renegotiation, this
elessair	0:f269e3021894	3912	* finishes the current handshake first, avoiding the new ClientHello
elessair	0:f269e3021894	3913	* being mistaken for an ancient message in the current handshake.
elessair	0:f269e3021894	3914	*/
elessair	0:f269e3021894	3915	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	3916	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
elessair	0:f269e3021894	3917	ssl->handshake != NULL &&
elessair	0:f269e3021894	3918	ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
elessair	0:f269e3021894	3919	{
elessair	0:f269e3021894	3920	if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
elessair	0:f269e3021894	3921	ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
elessair	0:f269e3021894	3922	{
elessair	0:f269e3021894	3923	MBEDTLS_SSL_DEBUG_MSG( 2, ( "received retransmit of last flight" ) );
elessair	0:f269e3021894	3924
elessair	0:f269e3021894	3925	if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
elessair	0:f269e3021894	3926	{
elessair	0:f269e3021894	3927	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
elessair	0:f269e3021894	3928	return( ret );
elessair	0:f269e3021894	3929	}
elessair	0:f269e3021894	3930
elessair	0:f269e3021894	3931	return( MBEDTLS_ERR_SSL_WANT_READ );
elessair	0:f269e3021894	3932	}
elessair	0:f269e3021894	3933	else
elessair	0:f269e3021894	3934	{
elessair	0:f269e3021894	3935	ssl_handshake_wrapup_free_hs_transform( ssl );
elessair	0:f269e3021894	3936	}
elessair	0:f269e3021894	3937	}
elessair	0:f269e3021894	3938	#endif
elessair	0:f269e3021894	3939
elessair	0:f269e3021894	3940	return( 0 );
elessair	0:f269e3021894	3941	}
elessair	0:f269e3021894	3942
elessair	0:f269e3021894	3943	int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	3944	{
elessair	0:f269e3021894	3945	int ret;
elessair	0:f269e3021894	3946
elessair	0:f269e3021894	3947	/*
elessair	0:f269e3021894	3948	* Handle particular types of records
elessair	0:f269e3021894	3949	*/
elessair	0:f269e3021894	3950	if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
elessair	0:f269e3021894	3951	{
elessair	0:f269e3021894	3952	if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 )
elessair	0:f269e3021894	3953	{
elessair	0:f269e3021894	3954	return( ret );
elessair	0:f269e3021894	3955	}
elessair	0:f269e3021894	3956	}
elessair	0:f269e3021894	3957
elessair	0:f269e3021894	3958	if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
elessair	0:f269e3021894	3959	{
elessair	0:f269e3021894	3960	MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
elessair	0:f269e3021894	3961	ssl->in_msg[0], ssl->in_msg[1] ) );
elessair	0:f269e3021894	3962
elessair	0:f269e3021894	3963	/*
elessair	0:f269e3021894	3964	* Ignore non-fatal alerts, except close_notify and no_renegotiation
elessair	0:f269e3021894	3965	*/
elessair	0:f269e3021894	3966	if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL )
elessair	0:f269e3021894	3967	{
elessair	0:f269e3021894	3968	MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)",
elessair	0:f269e3021894	3969	ssl->in_msg[1] ) );
elessair	0:f269e3021894	3970	return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE );
elessair	0:f269e3021894	3971	}
elessair	0:f269e3021894	3972
elessair	0:f269e3021894	3973	if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
elessair	0:f269e3021894	3974	ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY )
elessair	0:f269e3021894	3975	{
elessair	0:f269e3021894	3976	MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
elessair	0:f269e3021894	3977	return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY );
elessair	0:f269e3021894	3978	}
elessair	0:f269e3021894	3979
elessair	0:f269e3021894	3980	#if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED)
elessair	0:f269e3021894	3981	if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
elessair	0:f269e3021894	3982	ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION )
elessair	0:f269e3021894	3983	{
elessair	0:f269e3021894	3984	MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
elessair	0:f269e3021894	3985	/* Will be handled when trying to parse ServerHello */
elessair	0:f269e3021894	3986	return( 0 );
elessair	0:f269e3021894	3987	}
elessair	0:f269e3021894	3988	#endif
elessair	0:f269e3021894	3989
elessair	0:f269e3021894	3990	#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	3991	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
elessair	0:f269e3021894	3992	ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
elessair	0:f269e3021894	3993	ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
elessair	0:f269e3021894	3994	ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
elessair	0:f269e3021894	3995	{
elessair	0:f269e3021894	3996	MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
elessair	0:f269e3021894	3997	/* Will be handled in mbedtls_ssl_parse_certificate() */
elessair	0:f269e3021894	3998	return( 0 );
elessair	0:f269e3021894	3999	}
elessair	0:f269e3021894	4000	#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
elessair	0:f269e3021894	4001
elessair	0:f269e3021894	4002	/* Silently ignore: fetch new message */
elessair	0:f269e3021894	4003	return MBEDTLS_ERR_SSL_NON_FATAL;
elessair	0:f269e3021894	4004	}
elessair	0:f269e3021894	4005
elessair	0:f269e3021894	4006	return( 0 );
elessair	0:f269e3021894	4007	}
elessair	0:f269e3021894	4008
elessair	0:f269e3021894	4009	int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	4010	{
elessair	0:f269e3021894	4011	int ret;
elessair	0:f269e3021894	4012
elessair	0:f269e3021894	4013	if( ( ret = mbedtls_ssl_send_alert_message( ssl,
elessair	0:f269e3021894	4014	MBEDTLS_SSL_ALERT_LEVEL_FATAL,
elessair	0:f269e3021894	4015	MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 )
elessair	0:f269e3021894	4016	{
elessair	0:f269e3021894	4017	return( ret );
elessair	0:f269e3021894	4018	}
elessair	0:f269e3021894	4019
elessair	0:f269e3021894	4020	return( 0 );
elessair	0:f269e3021894	4021	}
elessair	0:f269e3021894	4022
elessair	0:f269e3021894	4023	int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	4024	unsigned char level,
elessair	0:f269e3021894	4025	unsigned char message )
elessair	0:f269e3021894	4026	{
elessair	0:f269e3021894	4027	int ret;
elessair	0:f269e3021894	4028
elessair	0:f269e3021894	4029	if( ssl == NULL \|\| ssl->conf == NULL )
elessair	0:f269e3021894	4030	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	4031
elessair	0:f269e3021894	4032	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
elessair	0:f269e3021894	4033
elessair	0:f269e3021894	4034	ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
elessair	0:f269e3021894	4035	ssl->out_msglen = 2;
elessair	0:f269e3021894	4036	ssl->out_msg[0] = level;
elessair	0:f269e3021894	4037	ssl->out_msg[1] = message;
elessair	0:f269e3021894	4038
elessair	0:f269e3021894	4039	if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
elessair	0:f269e3021894	4040	{
elessair	0:f269e3021894	4041	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
elessair	0:f269e3021894	4042	return( ret );
elessair	0:f269e3021894	4043	}
elessair	0:f269e3021894	4044
elessair	0:f269e3021894	4045	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) );
elessair	0:f269e3021894	4046
elessair	0:f269e3021894	4047	return( 0 );
elessair	0:f269e3021894	4048	}
elessair	0:f269e3021894	4049
elessair	0:f269e3021894	4050	/*
elessair	0:f269e3021894	4051	* Handshake functions
elessair	0:f269e3021894	4052	*/
elessair	0:f269e3021894	4053	#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
elessair	0:f269e3021894	4054	!defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
elessair	0:f269e3021894	4055	!defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
elessair	0:f269e3021894	4056	!defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
elessair	0:f269e3021894	4057	!defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
elessair	0:f269e3021894	4058	!defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
elessair	0:f269e3021894	4059	!defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
elessair	0:f269e3021894	4060	int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	4061	{
elessair	0:f269e3021894	4062	const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
elessair	0:f269e3021894	4063
elessair	0:f269e3021894	4064	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
elessair	0:f269e3021894	4065
elessair	0:f269e3021894	4066	if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK \|\|
elessair	0:f269e3021894	4067	ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK \|\|
elessair	0:f269e3021894	4068	ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK \|\|
elessair	0:f269e3021894	4069	ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
elessair	0:f269e3021894	4070	{
elessair	0:f269e3021894	4071	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
elessair	0:f269e3021894	4072	ssl->state++;
elessair	0:f269e3021894	4073	return( 0 );
elessair	0:f269e3021894	4074	}
elessair	0:f269e3021894	4075
elessair	0:f269e3021894	4076	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	4077	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	4078	}
elessair	0:f269e3021894	4079
elessair	0:f269e3021894	4080	int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	4081	{
elessair	0:f269e3021894	4082	const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
elessair	0:f269e3021894	4083
elessair	0:f269e3021894	4084	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
elessair	0:f269e3021894	4085
elessair	0:f269e3021894	4086	if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK \|\|
elessair	0:f269e3021894	4087	ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK \|\|
elessair	0:f269e3021894	4088	ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK \|\|
elessair	0:f269e3021894	4089	ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
elessair	0:f269e3021894	4090	{
elessair	0:f269e3021894	4091	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
elessair	0:f269e3021894	4092	ssl->state++;
elessair	0:f269e3021894	4093	return( 0 );
elessair	0:f269e3021894	4094	}
elessair	0:f269e3021894	4095
elessair	0:f269e3021894	4096	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	4097	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	4098	}
elessair	0:f269e3021894	4099	#else
elessair	0:f269e3021894	4100	int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	4101	{
elessair	0:f269e3021894	4102	int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
elessair	0:f269e3021894	4103	size_t i, n;
elessair	0:f269e3021894	4104	const mbedtls_x509_crt *crt;
elessair	0:f269e3021894	4105	const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
elessair	0:f269e3021894	4106
elessair	0:f269e3021894	4107	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
elessair	0:f269e3021894	4108
elessair	0:f269e3021894	4109	if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK \|\|
elessair	0:f269e3021894	4110	ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK \|\|
elessair	0:f269e3021894	4111	ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK \|\|
elessair	0:f269e3021894	4112	ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
elessair	0:f269e3021894	4113	{
elessair	0:f269e3021894	4114	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
elessair	0:f269e3021894	4115	ssl->state++;
elessair	0:f269e3021894	4116	return( 0 );
elessair	0:f269e3021894	4117	}
elessair	0:f269e3021894	4118
elessair	0:f269e3021894	4119	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	4120	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
elessair	0:f269e3021894	4121	{
elessair	0:f269e3021894	4122	if( ssl->client_auth == 0 )
elessair	0:f269e3021894	4123	{
elessair	0:f269e3021894	4124	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
elessair	0:f269e3021894	4125	ssl->state++;
elessair	0:f269e3021894	4126	return( 0 );
elessair	0:f269e3021894	4127	}
elessair	0:f269e3021894	4128
elessair	0:f269e3021894	4129	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	4130	/*
elessair	0:f269e3021894	4131	* If using SSLv3 and got no cert, send an Alert message
elessair	0:f269e3021894	4132	* (otherwise an empty Certificate message will be sent).
elessair	0:f269e3021894	4133	*/
elessair	0:f269e3021894	4134	if( mbedtls_ssl_own_cert( ssl ) == NULL &&
elessair	0:f269e3021894	4135	ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
elessair	0:f269e3021894	4136	{
elessair	0:f269e3021894	4137	ssl->out_msglen = 2;
elessair	0:f269e3021894	4138	ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
elessair	0:f269e3021894	4139	ssl->out_msg[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING;
elessair	0:f269e3021894	4140	ssl->out_msg[1] = MBEDTLS_SSL_ALERT_MSG_NO_CERT;
elessair	0:f269e3021894	4141
elessair	0:f269e3021894	4142	MBEDTLS_SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) );
elessair	0:f269e3021894	4143	goto write_msg;
elessair	0:f269e3021894	4144	}
elessair	0:f269e3021894	4145	#endif /* MBEDTLS_SSL_PROTO_SSL3 */
elessair	0:f269e3021894	4146	}
elessair	0:f269e3021894	4147	#endif /* MBEDTLS_SSL_CLI_C */
elessair	0:f269e3021894	4148	#if defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	4149	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
elessair	0:f269e3021894	4150	{
elessair	0:f269e3021894	4151	if( mbedtls_ssl_own_cert( ssl ) == NULL )
elessair	0:f269e3021894	4152	{
elessair	0:f269e3021894	4153	MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
elessair	0:f269e3021894	4154	return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED );
elessair	0:f269e3021894	4155	}
elessair	0:f269e3021894	4156	}
elessair	0:f269e3021894	4157	#endif
elessair	0:f269e3021894	4158
elessair	0:f269e3021894	4159	MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) );
elessair	0:f269e3021894	4160
elessair	0:f269e3021894	4161	/*
elessair	0:f269e3021894	4162	* 0 . 0 handshake type
elessair	0:f269e3021894	4163	* 1 . 3 handshake length
elessair	0:f269e3021894	4164	* 4 . 6 length of all certs
elessair	0:f269e3021894	4165	* 7 . 9 length of cert. 1
elessair	0:f269e3021894	4166	* 10 . n-1 peer certificate
elessair	0:f269e3021894	4167	* n . n+2 length of cert. 2
elessair	0:f269e3021894	4168	* n+3 . ... upper level cert, etc.
elessair	0:f269e3021894	4169	*/
elessair	0:f269e3021894	4170	i = 7;
elessair	0:f269e3021894	4171	crt = mbedtls_ssl_own_cert( ssl );
elessair	0:f269e3021894	4172
elessair	0:f269e3021894	4173	while( crt != NULL )
elessair	0:f269e3021894	4174	{
elessair	0:f269e3021894	4175	n = crt->raw.len;
elessair	0:f269e3021894	4176	if( n > MBEDTLS_SSL_MAX_CONTENT_LEN - 3 - i )
elessair	0:f269e3021894	4177	{
elessair	0:f269e3021894	4178	MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
elessair	0:f269e3021894	4179	i + 3 + n, MBEDTLS_SSL_MAX_CONTENT_LEN ) );
elessair	0:f269e3021894	4180	return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
elessair	0:f269e3021894	4181	}
elessair	0:f269e3021894	4182
elessair	0:f269e3021894	4183	ssl->out_msg[i ] = (unsigned char)( n >> 16 );
elessair	0:f269e3021894	4184	ssl->out_msg[i + 1] = (unsigned char)( n >> 8 );
elessair	0:f269e3021894	4185	ssl->out_msg[i + 2] = (unsigned char)( n );
elessair	0:f269e3021894	4186
elessair	0:f269e3021894	4187	i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
elessair	0:f269e3021894	4188	i += n; crt = crt->next;
elessair	0:f269e3021894	4189	}
elessair	0:f269e3021894	4190
elessair	0:f269e3021894	4191	ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 );
elessair	0:f269e3021894	4192	ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 );
elessair	0:f269e3021894	4193	ssl->out_msg[6] = (unsigned char)( ( i - 7 ) );
elessair	0:f269e3021894	4194
elessair	0:f269e3021894	4195	ssl->out_msglen = i;
elessair	0:f269e3021894	4196	ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
elessair	0:f269e3021894	4197	ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE;
elessair	0:f269e3021894	4198
elessair	0:f269e3021894	4199	#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	4200	write_msg:
elessair	0:f269e3021894	4201	#endif
elessair	0:f269e3021894	4202
elessair	0:f269e3021894	4203	ssl->state++;
elessair	0:f269e3021894	4204
elessair	0:f269e3021894	4205	if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
elessair	0:f269e3021894	4206	{
elessair	0:f269e3021894	4207	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
elessair	0:f269e3021894	4208	return( ret );
elessair	0:f269e3021894	4209	}
elessair	0:f269e3021894	4210
elessair	0:f269e3021894	4211	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
elessair	0:f269e3021894	4212
elessair	0:f269e3021894	4213	return( ret );
elessair	0:f269e3021894	4214	}
elessair	0:f269e3021894	4215
elessair	0:f269e3021894	4216	int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	4217	{
elessair	0:f269e3021894	4218	int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
elessair	0:f269e3021894	4219	size_t i, n;
elessair	0:f269e3021894	4220	const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
elessair	0:f269e3021894	4221	int authmode = ssl->conf->authmode;
elessair	0:f269e3021894	4222
elessair	0:f269e3021894	4223	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
elessair	0:f269e3021894	4224
elessair	0:f269e3021894	4225	if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK \|\|
elessair	0:f269e3021894	4226	ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK \|\|
elessair	0:f269e3021894	4227	ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK \|\|
elessair	0:f269e3021894	4228	ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
elessair	0:f269e3021894	4229	{
elessair	0:f269e3021894	4230	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
elessair	0:f269e3021894	4231	ssl->state++;
elessair	0:f269e3021894	4232	return( 0 );
elessair	0:f269e3021894	4233	}
elessair	0:f269e3021894	4234
elessair	0:f269e3021894	4235	#if defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	4236	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
elessair	0:f269e3021894	4237	ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
elessair	0:f269e3021894	4238	{
elessair	0:f269e3021894	4239	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
elessair	0:f269e3021894	4240	ssl->state++;
elessair	0:f269e3021894	4241	return( 0 );
elessair	0:f269e3021894	4242	}
elessair	0:f269e3021894	4243
elessair	0:f269e3021894	4244	#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
elessair	0:f269e3021894	4245	if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
elessair	0:f269e3021894	4246	authmode = ssl->handshake->sni_authmode;
elessair	0:f269e3021894	4247	#endif
elessair	0:f269e3021894	4248
elessair	0:f269e3021894	4249	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
elessair	0:f269e3021894	4250	authmode == MBEDTLS_SSL_VERIFY_NONE )
elessair	0:f269e3021894	4251	{
elessair	0:f269e3021894	4252	ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
elessair	0:f269e3021894	4253	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
elessair	0:f269e3021894	4254	ssl->state++;
elessair	0:f269e3021894	4255	return( 0 );
elessair	0:f269e3021894	4256	}
elessair	0:f269e3021894	4257	#endif
elessair	0:f269e3021894	4258
elessair	0:f269e3021894	4259	if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
elessair	0:f269e3021894	4260	{
elessair	0:f269e3021894	4261	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
elessair	0:f269e3021894	4262	return( ret );
elessair	0:f269e3021894	4263	}
elessair	0:f269e3021894	4264
elessair	0:f269e3021894	4265	ssl->state++;
elessair	0:f269e3021894	4266
elessair	0:f269e3021894	4267	#if defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	4268	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	4269	/*
elessair	0:f269e3021894	4270	* Check if the client sent an empty certificate
elessair	0:f269e3021894	4271	*/
elessair	0:f269e3021894	4272	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
elessair	0:f269e3021894	4273	ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
elessair	0:f269e3021894	4274	{
elessair	0:f269e3021894	4275	if( ssl->in_msglen == 2 &&
elessair	0:f269e3021894	4276	ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT &&
elessair	0:f269e3021894	4277	ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
elessair	0:f269e3021894	4278	ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
elessair	0:f269e3021894	4279	{
elessair	0:f269e3021894	4280	MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
elessair	0:f269e3021894	4281
elessair	0:f269e3021894	4282	ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
elessair	0:f269e3021894	4283	if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
elessair	0:f269e3021894	4284	return( 0 );
elessair	0:f269e3021894	4285	else
elessair	0:f269e3021894	4286	return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
elessair	0:f269e3021894	4287	}
elessair	0:f269e3021894	4288	}
elessair	0:f269e3021894	4289	#endif /* MBEDTLS_SSL_PROTO_SSL3 */
elessair	0:f269e3021894	4290
elessair	0:f269e3021894	4291	#if defined(MBEDTLS_SSL_PROTO_TLS1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_1) \|\| \
elessair	0:f269e3021894	4292	defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	4293	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
elessair	0:f269e3021894	4294	ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
elessair	0:f269e3021894	4295	{
elessair	0:f269e3021894	4296	if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
elessair	0:f269e3021894	4297	ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
elessair	0:f269e3021894	4298	ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
elessair	0:f269e3021894	4299	memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
elessair	0:f269e3021894	4300	{
elessair	0:f269e3021894	4301	MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
elessair	0:f269e3021894	4302
elessair	0:f269e3021894	4303	ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
elessair	0:f269e3021894	4304	if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
elessair	0:f269e3021894	4305	return( 0 );
elessair	0:f269e3021894	4306	else
elessair	0:f269e3021894	4307	return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
elessair	0:f269e3021894	4308	}
elessair	0:f269e3021894	4309	}
elessair	0:f269e3021894	4310	#endif /* MBEDTLS_SSL_PROTO_TLS1 \|\| MBEDTLS_SSL_PROTO_TLS1_1 \|\| \
elessair	0:f269e3021894	4311	MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	4312	#endif /* MBEDTLS_SSL_SRV_C */
elessair	0:f269e3021894	4313
elessair	0:f269e3021894	4314	if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
elessair	0:f269e3021894	4315	{
elessair	0:f269e3021894	4316	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
elessair	0:f269e3021894	4317	return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
elessair	0:f269e3021894	4318	}
elessair	0:f269e3021894	4319
elessair	0:f269e3021894	4320	if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE \|\|
elessair	0:f269e3021894	4321	ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 )
elessair	0:f269e3021894	4322	{
elessair	0:f269e3021894	4323	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
elessair	0:f269e3021894	4324	return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
elessair	0:f269e3021894	4325	}
elessair	0:f269e3021894	4326
elessair	0:f269e3021894	4327	i = mbedtls_ssl_hs_hdr_len( ssl );
elessair	0:f269e3021894	4328
elessair	0:f269e3021894	4329	/*
elessair	0:f269e3021894	4330	* Same message structure as in mbedtls_ssl_write_certificate()
elessair	0:f269e3021894	4331	*/
elessair	0:f269e3021894	4332	n = ( ssl->in_msg[i+1] << 8 ) \| ssl->in_msg[i+2];
elessair	0:f269e3021894	4333
elessair	0:f269e3021894	4334	if( ssl->in_msg[i] != 0 \|\|
elessair	0:f269e3021894	4335	ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) )
elessair	0:f269e3021894	4336	{
elessair	0:f269e3021894	4337	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
elessair	0:f269e3021894	4338	return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
elessair	0:f269e3021894	4339	}
elessair	0:f269e3021894	4340
elessair	0:f269e3021894	4341	/* In case we tried to reuse a session but it failed */
elessair	0:f269e3021894	4342	if( ssl->session_negotiate->peer_cert != NULL )
elessair	0:f269e3021894	4343	{
elessair	0:f269e3021894	4344	mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
elessair	0:f269e3021894	4345	mbedtls_free( ssl->session_negotiate->peer_cert );
elessair	0:f269e3021894	4346	}
elessair	0:f269e3021894	4347
elessair	0:f269e3021894	4348	if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1,
elessair	0:f269e3021894	4349	sizeof( mbedtls_x509_crt ) ) ) == NULL )
elessair	0:f269e3021894	4350	{
elessair	0:f269e3021894	4351	MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
elessair	0:f269e3021894	4352	sizeof( mbedtls_x509_crt ) ) );
elessair	0:f269e3021894	4353	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
elessair	0:f269e3021894	4354	}
elessair	0:f269e3021894	4355
elessair	0:f269e3021894	4356	mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
elessair	0:f269e3021894	4357
elessair	0:f269e3021894	4358	i += 3;
elessair	0:f269e3021894	4359
elessair	0:f269e3021894	4360	while( i < ssl->in_hslen )
elessair	0:f269e3021894	4361	{
elessair	0:f269e3021894	4362	if( ssl->in_msg[i] != 0 )
elessair	0:f269e3021894	4363	{
elessair	0:f269e3021894	4364	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
elessair	0:f269e3021894	4365	return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
elessair	0:f269e3021894	4366	}
elessair	0:f269e3021894	4367
elessair	0:f269e3021894	4368	n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
elessair	0:f269e3021894	4369	\| (unsigned int) ssl->in_msg[i + 2];
elessair	0:f269e3021894	4370	i += 3;
elessair	0:f269e3021894	4371
elessair	0:f269e3021894	4372	if( n < 128 \|\| i + n > ssl->in_hslen )
elessair	0:f269e3021894	4373	{
elessair	0:f269e3021894	4374	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
elessair	0:f269e3021894	4375	return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
elessair	0:f269e3021894	4376	}
elessair	0:f269e3021894	4377
elessair	0:f269e3021894	4378	ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
elessair	0:f269e3021894	4379	ssl->in_msg + i, n );
elessair	0:f269e3021894	4380	if( 0 != ret && ( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND ) != ret )
elessair	0:f269e3021894	4381	{
elessair	0:f269e3021894	4382	MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
elessair	0:f269e3021894	4383	return( ret );
elessair	0:f269e3021894	4384	}
elessair	0:f269e3021894	4385
elessair	0:f269e3021894	4386	i += n;
elessair	0:f269e3021894	4387	}
elessair	0:f269e3021894	4388
elessair	0:f269e3021894	4389	MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
elessair	0:f269e3021894	4390
elessair	0:f269e3021894	4391	/*
elessair	0:f269e3021894	4392	* On client, make sure the server cert doesn't change during renego to
elessair	0:f269e3021894	4393	* avoid "triple handshake" attack: https://secure-resumption.com/
elessair	0:f269e3021894	4394	*/
elessair	0:f269e3021894	4395	#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	4396	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
elessair	0:f269e3021894	4397	ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
elessair	0:f269e3021894	4398	{
elessair	0:f269e3021894	4399	if( ssl->session->peer_cert == NULL )
elessair	0:f269e3021894	4400	{
elessair	0:f269e3021894	4401	MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
elessair	0:f269e3021894	4402	return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
elessair	0:f269e3021894	4403	}
elessair	0:f269e3021894	4404
elessair	0:f269e3021894	4405	if( ssl->session->peer_cert->raw.len !=
elessair	0:f269e3021894	4406	ssl->session_negotiate->peer_cert->raw.len \|\|
elessair	0:f269e3021894	4407	memcmp( ssl->session->peer_cert->raw.p,
elessair	0:f269e3021894	4408	ssl->session_negotiate->peer_cert->raw.p,
elessair	0:f269e3021894	4409	ssl->session->peer_cert->raw.len ) != 0 )
elessair	0:f269e3021894	4410	{
elessair	0:f269e3021894	4411	MBEDTLS_SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) );
elessair	0:f269e3021894	4412	return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
elessair	0:f269e3021894	4413	}
elessair	0:f269e3021894	4414	}
elessair	0:f269e3021894	4415	#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
elessair	0:f269e3021894	4416
elessair	0:f269e3021894	4417	if( authmode != MBEDTLS_SSL_VERIFY_NONE )
elessair	0:f269e3021894	4418	{
elessair	0:f269e3021894	4419	mbedtls_x509_crt *ca_chain;
elessair	0:f269e3021894	4420	mbedtls_x509_crl *ca_crl;
elessair	0:f269e3021894	4421
elessair	0:f269e3021894	4422	#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
elessair	0:f269e3021894	4423	if( ssl->handshake->sni_ca_chain != NULL )
elessair	0:f269e3021894	4424	{
elessair	0:f269e3021894	4425	ca_chain = ssl->handshake->sni_ca_chain;
elessair	0:f269e3021894	4426	ca_crl = ssl->handshake->sni_ca_crl;
elessair	0:f269e3021894	4427	}
elessair	0:f269e3021894	4428	else
elessair	0:f269e3021894	4429	#endif
elessair	0:f269e3021894	4430	{
elessair	0:f269e3021894	4431	ca_chain = ssl->conf->ca_chain;
elessair	0:f269e3021894	4432	ca_crl = ssl->conf->ca_crl;
elessair	0:f269e3021894	4433	}
elessair	0:f269e3021894	4434
elessair	0:f269e3021894	4435	if( ca_chain == NULL )
elessair	0:f269e3021894	4436	{
elessair	0:f269e3021894	4437	MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
elessair	0:f269e3021894	4438	return( MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED );
elessair	0:f269e3021894	4439	}
elessair	0:f269e3021894	4440
elessair	0:f269e3021894	4441	/*
elessair	0:f269e3021894	4442	* Main check: verify certificate
elessair	0:f269e3021894	4443	*/
elessair	0:f269e3021894	4444	ret = mbedtls_x509_crt_verify_with_profile(
elessair	0:f269e3021894	4445	ssl->session_negotiate->peer_cert,
elessair	0:f269e3021894	4446	ca_chain, ca_crl,
elessair	0:f269e3021894	4447	ssl->conf->cert_profile,
elessair	0:f269e3021894	4448	ssl->hostname,
elessair	0:f269e3021894	4449	&ssl->session_negotiate->verify_result,
elessair	0:f269e3021894	4450	ssl->conf->f_vrfy, ssl->conf->p_vrfy );
elessair	0:f269e3021894	4451
elessair	0:f269e3021894	4452	if( ret != 0 )
elessair	0:f269e3021894	4453	{
elessair	0:f269e3021894	4454	MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
elessair	0:f269e3021894	4455	}
elessair	0:f269e3021894	4456
elessair	0:f269e3021894	4457	/*
elessair	0:f269e3021894	4458	* Secondary checks: always done, but change 'ret' only if it was 0
elessair	0:f269e3021894	4459	*/
elessair	0:f269e3021894	4460
elessair	0:f269e3021894	4461	#if defined(MBEDTLS_ECP_C)
elessair	0:f269e3021894	4462	{
elessair	0:f269e3021894	4463	const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk;
elessair	0:f269e3021894	4464
elessair	0:f269e3021894	4465	/* If certificate uses an EC key, make sure the curve is OK */
elessair	0:f269e3021894	4466	if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
elessair	0:f269e3021894	4467	mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
elessair	0:f269e3021894	4468	{
elessair	0:f269e3021894	4469	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
elessair	0:f269e3021894	4470	if( ret == 0 )
elessair	0:f269e3021894	4471	ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
elessair	0:f269e3021894	4472	}
elessair	0:f269e3021894	4473	}
elessair	0:f269e3021894	4474	#endif /* MBEDTLS_ECP_C */
elessair	0:f269e3021894	4475
elessair	0:f269e3021894	4476	if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
elessair	0:f269e3021894	4477	ciphersuite_info,
elessair	0:f269e3021894	4478	! ssl->conf->endpoint,
elessair	0:f269e3021894	4479	&ssl->session_negotiate->verify_result ) != 0 )
elessair	0:f269e3021894	4480	{
elessair	0:f269e3021894	4481	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
elessair	0:f269e3021894	4482	if( ret == 0 )
elessair	0:f269e3021894	4483	ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
elessair	0:f269e3021894	4484	}
elessair	0:f269e3021894	4485
elessair	0:f269e3021894	4486	if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
elessair	0:f269e3021894	4487	ret = 0;
elessair	0:f269e3021894	4488	}
elessair	0:f269e3021894	4489
elessair	0:f269e3021894	4490	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
elessair	0:f269e3021894	4491
elessair	0:f269e3021894	4492	return( ret );
elessair	0:f269e3021894	4493	}
elessair	0:f269e3021894	4494	#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
elessair	0:f269e3021894	4495	!MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
elessair	0:f269e3021894	4496	!MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
elessair	0:f269e3021894	4497	!MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
elessair	0:f269e3021894	4498	!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
elessair	0:f269e3021894	4499	!MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
elessair	0:f269e3021894	4500	!MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
elessair	0:f269e3021894	4501
elessair	0:f269e3021894	4502	int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	4503	{
elessair	0:f269e3021894	4504	int ret;
elessair	0:f269e3021894	4505
elessair	0:f269e3021894	4506	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
elessair	0:f269e3021894	4507
elessair	0:f269e3021894	4508	ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
elessair	0:f269e3021894	4509	ssl->out_msglen = 1;
elessair	0:f269e3021894	4510	ssl->out_msg[0] = 1;
elessair	0:f269e3021894	4511
elessair	0:f269e3021894	4512	ssl->state++;
elessair	0:f269e3021894	4513
elessair	0:f269e3021894	4514	if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
elessair	0:f269e3021894	4515	{
elessair	0:f269e3021894	4516	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
elessair	0:f269e3021894	4517	return( ret );
elessair	0:f269e3021894	4518	}
elessair	0:f269e3021894	4519
elessair	0:f269e3021894	4520	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
elessair	0:f269e3021894	4521
elessair	0:f269e3021894	4522	return( 0 );
elessair	0:f269e3021894	4523	}
elessair	0:f269e3021894	4524
elessair	0:f269e3021894	4525	int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	4526	{
elessair	0:f269e3021894	4527	int ret;
elessair	0:f269e3021894	4528
elessair	0:f269e3021894	4529	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
elessair	0:f269e3021894	4530
elessair	0:f269e3021894	4531	if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
elessair	0:f269e3021894	4532	{
elessair	0:f269e3021894	4533	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
elessair	0:f269e3021894	4534	return( ret );
elessair	0:f269e3021894	4535	}
elessair	0:f269e3021894	4536
elessair	0:f269e3021894	4537	if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
elessair	0:f269e3021894	4538	{
elessair	0:f269e3021894	4539	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
elessair	0:f269e3021894	4540	return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
elessair	0:f269e3021894	4541	}
elessair	0:f269e3021894	4542
elessair	0:f269e3021894	4543	if( ssl->in_msglen != 1 \|\| ssl->in_msg[0] != 1 )
elessair	0:f269e3021894	4544	{
elessair	0:f269e3021894	4545	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
elessair	0:f269e3021894	4546	return( MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
elessair	0:f269e3021894	4547	}
elessair	0:f269e3021894	4548
elessair	0:f269e3021894	4549	/*
elessair	0:f269e3021894	4550	* Switch to our negotiated transform and session parameters for inbound
elessair	0:f269e3021894	4551	* data.
elessair	0:f269e3021894	4552	*/
elessair	0:f269e3021894	4553	MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
elessair	0:f269e3021894	4554	ssl->transform_in = ssl->transform_negotiate;
elessair	0:f269e3021894	4555	ssl->session_in = ssl->session_negotiate;
elessair	0:f269e3021894	4556
elessair	0:f269e3021894	4557	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	4558	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	4559	{
elessair	0:f269e3021894	4560	#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
elessair	0:f269e3021894	4561	ssl_dtls_replay_reset( ssl );
elessair	0:f269e3021894	4562	#endif
elessair	0:f269e3021894	4563
elessair	0:f269e3021894	4564	/* Increment epoch */
elessair	0:f269e3021894	4565	if( ++ssl->in_epoch == 0 )
elessair	0:f269e3021894	4566	{
elessair	0:f269e3021894	4567	MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
elessair	0:f269e3021894	4568	return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
elessair	0:f269e3021894	4569	}
elessair	0:f269e3021894	4570	}
elessair	0:f269e3021894	4571	else
elessair	0:f269e3021894	4572	#endif /* MBEDTLS_SSL_PROTO_DTLS */
elessair	0:f269e3021894	4573	memset( ssl->in_ctr, 0, 8 );
elessair	0:f269e3021894	4574
elessair	0:f269e3021894	4575	/*
elessair	0:f269e3021894	4576	* Set the in_msg pointer to the correct location based on IV length
elessair	0:f269e3021894	4577	*/
elessair	0:f269e3021894	4578	if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
elessair	0:f269e3021894	4579	{
elessair	0:f269e3021894	4580	ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen -
elessair	0:f269e3021894	4581	ssl->transform_negotiate->fixed_ivlen;
elessair	0:f269e3021894	4582	}
elessair	0:f269e3021894	4583	else
elessair	0:f269e3021894	4584	ssl->in_msg = ssl->in_iv;
elessair	0:f269e3021894	4585
elessair	0:f269e3021894	4586	#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
elessair	0:f269e3021894	4587	if( mbedtls_ssl_hw_record_activate != NULL )
elessair	0:f269e3021894	4588	{
elessair	0:f269e3021894	4589	if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 )
elessair	0:f269e3021894	4590	{
elessair	0:f269e3021894	4591	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
elessair	0:f269e3021894	4592	return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
elessair	0:f269e3021894	4593	}
elessair	0:f269e3021894	4594	}
elessair	0:f269e3021894	4595	#endif
elessair	0:f269e3021894	4596
elessair	0:f269e3021894	4597	ssl->state++;
elessair	0:f269e3021894	4598
elessair	0:f269e3021894	4599	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
elessair	0:f269e3021894	4600
elessair	0:f269e3021894	4601	return( 0 );
elessair	0:f269e3021894	4602	}
elessair	0:f269e3021894	4603
elessair	0:f269e3021894	4604	void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	4605	const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
elessair	0:f269e3021894	4606	{
elessair	0:f269e3021894	4607	((void) ciphersuite_info);
elessair	0:f269e3021894	4608
elessair	0:f269e3021894	4609	#if defined(MBEDTLS_SSL_PROTO_SSL3) \|\| defined(MBEDTLS_SSL_PROTO_TLS1) \|\| \
elessair	0:f269e3021894	4610	defined(MBEDTLS_SSL_PROTO_TLS1_1)
elessair	0:f269e3021894	4611	if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
elessair	0:f269e3021894	4612	ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
elessair	0:f269e3021894	4613	else
elessair	0:f269e3021894	4614	#endif
elessair	0:f269e3021894	4615	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	4616	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	4617	if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
elessair	0:f269e3021894	4618	ssl->handshake->update_checksum = ssl_update_checksum_sha384;
elessair	0:f269e3021894	4619	else
elessair	0:f269e3021894	4620	#endif
elessair	0:f269e3021894	4621	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	4622	if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 )
elessair	0:f269e3021894	4623	ssl->handshake->update_checksum = ssl_update_checksum_sha256;
elessair	0:f269e3021894	4624	else
elessair	0:f269e3021894	4625	#endif
elessair	0:f269e3021894	4626	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	4627	{
elessair	0:f269e3021894	4628	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	4629	return;
elessair	0:f269e3021894	4630	}
elessair	0:f269e3021894	4631	}
elessair	0:f269e3021894	4632
elessair	0:f269e3021894	4633	void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	4634	{
elessair	0:f269e3021894	4635	#if defined(MBEDTLS_SSL_PROTO_SSL3) \|\| defined(MBEDTLS_SSL_PROTO_TLS1) \|\| \
elessair	0:f269e3021894	4636	defined(MBEDTLS_SSL_PROTO_TLS1_1)
elessair	0:f269e3021894	4637	mbedtls_md5_starts( &ssl->handshake->fin_md5 );
elessair	0:f269e3021894	4638	mbedtls_sha1_starts( &ssl->handshake->fin_sha1 );
elessair	0:f269e3021894	4639	#endif
elessair	0:f269e3021894	4640	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	4641	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	4642	mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
elessair	0:f269e3021894	4643	#endif
elessair	0:f269e3021894	4644	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	4645	mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 );
elessair	0:f269e3021894	4646	#endif
elessair	0:f269e3021894	4647	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	4648	}
elessair	0:f269e3021894	4649
elessair	0:f269e3021894	4650	static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	4651	const unsigned char *buf, size_t len )
elessair	0:f269e3021894	4652	{
elessair	0:f269e3021894	4653	#if defined(MBEDTLS_SSL_PROTO_SSL3) \|\| defined(MBEDTLS_SSL_PROTO_TLS1) \|\| \
elessair	0:f269e3021894	4654	defined(MBEDTLS_SSL_PROTO_TLS1_1)
elessair	0:f269e3021894	4655	mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len );
elessair	0:f269e3021894	4656	mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len );
elessair	0:f269e3021894	4657	#endif
elessair	0:f269e3021894	4658	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	4659	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	4660	mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
elessair	0:f269e3021894	4661	#endif
elessair	0:f269e3021894	4662	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	4663	mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
elessair	0:f269e3021894	4664	#endif
elessair	0:f269e3021894	4665	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	4666	}
elessair	0:f269e3021894	4667
elessair	0:f269e3021894	4668	#if defined(MBEDTLS_SSL_PROTO_SSL3) \|\| defined(MBEDTLS_SSL_PROTO_TLS1) \|\| \
elessair	0:f269e3021894	4669	defined(MBEDTLS_SSL_PROTO_TLS1_1)
elessair	0:f269e3021894	4670	static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	4671	const unsigned char *buf, size_t len )
elessair	0:f269e3021894	4672	{
elessair	0:f269e3021894	4673	mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len );
elessair	0:f269e3021894	4674	mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len );
elessair	0:f269e3021894	4675	}
elessair	0:f269e3021894	4676	#endif
elessair	0:f269e3021894	4677
elessair	0:f269e3021894	4678	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	4679	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	4680	static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	4681	const unsigned char *buf, size_t len )
elessair	0:f269e3021894	4682	{
elessair	0:f269e3021894	4683	mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
elessair	0:f269e3021894	4684	}
elessair	0:f269e3021894	4685	#endif
elessair	0:f269e3021894	4686
elessair	0:f269e3021894	4687	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	4688	static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	4689	const unsigned char *buf, size_t len )
elessair	0:f269e3021894	4690	{
elessair	0:f269e3021894	4691	mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
elessair	0:f269e3021894	4692	}
elessair	0:f269e3021894	4693	#endif
elessair	0:f269e3021894	4694	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	4695
elessair	0:f269e3021894	4696	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	4697	static void ssl_calc_finished_ssl(
elessair	0:f269e3021894	4698	mbedtls_ssl_context ssl, unsigned char buf, int from )
elessair	0:f269e3021894	4699	{
elessair	0:f269e3021894	4700	const char *sender;
elessair	0:f269e3021894	4701	mbedtls_md5_context md5;
elessair	0:f269e3021894	4702	mbedtls_sha1_context sha1;
elessair	0:f269e3021894	4703
elessair	0:f269e3021894	4704	unsigned char padbuf[48];
elessair	0:f269e3021894	4705	unsigned char md5sum[16];
elessair	0:f269e3021894	4706	unsigned char sha1sum[20];
elessair	0:f269e3021894	4707
elessair	0:f269e3021894	4708	mbedtls_ssl_session *session = ssl->session_negotiate;
elessair	0:f269e3021894	4709	if( !session )
elessair	0:f269e3021894	4710	session = ssl->session;
elessair	0:f269e3021894	4711
elessair	0:f269e3021894	4712	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) );
elessair	0:f269e3021894	4713
elessair	0:f269e3021894	4714	mbedtls_md5_init( &md5 );
elessair	0:f269e3021894	4715	mbedtls_sha1_init( &sha1 );
elessair	0:f269e3021894	4716
elessair	0:f269e3021894	4717	mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
elessair	0:f269e3021894	4718	mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
elessair	0:f269e3021894	4719
elessair	0:f269e3021894	4720	/*
elessair	0:f269e3021894	4721	* SSLv3:
elessair	0:f269e3021894	4722	* hash =
elessair	0:f269e3021894	4723	* MD5( master + pad2 +
elessair	0:f269e3021894	4724	* MD5( handshake + sender + master + pad1 ) )
elessair	0:f269e3021894	4725	* + SHA1( master + pad2 +
elessair	0:f269e3021894	4726	* SHA1( handshake + sender + master + pad1 ) )
elessair	0:f269e3021894	4727	*/
elessair	0:f269e3021894	4728
elessair	0:f269e3021894	4729	#if !defined(MBEDTLS_MD5_ALT)
elessair	0:f269e3021894	4730	MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
elessair	0:f269e3021894	4731	md5.state, sizeof( md5.state ) );
elessair	0:f269e3021894	4732	#endif
elessair	0:f269e3021894	4733
elessair	0:f269e3021894	4734	#if !defined(MBEDTLS_SHA1_ALT)
elessair	0:f269e3021894	4735	MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
elessair	0:f269e3021894	4736	sha1.state, sizeof( sha1.state ) );
elessair	0:f269e3021894	4737	#endif
elessair	0:f269e3021894	4738
elessair	0:f269e3021894	4739	sender = ( from == MBEDTLS_SSL_IS_CLIENT ) ? "CLNT"
elessair	0:f269e3021894	4740	: "SRVR";
elessair	0:f269e3021894	4741
elessair	0:f269e3021894	4742	memset( padbuf, 0x36, 48 );
elessair	0:f269e3021894	4743
elessair	0:f269e3021894	4744	mbedtls_md5_update( &md5, (const unsigned char *) sender, 4 );
elessair	0:f269e3021894	4745	mbedtls_md5_update( &md5, session->master, 48 );
elessair	0:f269e3021894	4746	mbedtls_md5_update( &md5, padbuf, 48 );
elessair	0:f269e3021894	4747	mbedtls_md5_finish( &md5, md5sum );
elessair	0:f269e3021894	4748
elessair	0:f269e3021894	4749	mbedtls_sha1_update( &sha1, (const unsigned char *) sender, 4 );
elessair	0:f269e3021894	4750	mbedtls_sha1_update( &sha1, session->master, 48 );
elessair	0:f269e3021894	4751	mbedtls_sha1_update( &sha1, padbuf, 40 );
elessair	0:f269e3021894	4752	mbedtls_sha1_finish( &sha1, sha1sum );
elessair	0:f269e3021894	4753
elessair	0:f269e3021894	4754	memset( padbuf, 0x5C, 48 );
elessair	0:f269e3021894	4755
elessair	0:f269e3021894	4756	mbedtls_md5_starts( &md5 );
elessair	0:f269e3021894	4757	mbedtls_md5_update( &md5, session->master, 48 );
elessair	0:f269e3021894	4758	mbedtls_md5_update( &md5, padbuf, 48 );
elessair	0:f269e3021894	4759	mbedtls_md5_update( &md5, md5sum, 16 );
elessair	0:f269e3021894	4760	mbedtls_md5_finish( &md5, buf );
elessair	0:f269e3021894	4761
elessair	0:f269e3021894	4762	mbedtls_sha1_starts( &sha1 );
elessair	0:f269e3021894	4763	mbedtls_sha1_update( &sha1, session->master, 48 );
elessair	0:f269e3021894	4764	mbedtls_sha1_update( &sha1, padbuf , 40 );
elessair	0:f269e3021894	4765	mbedtls_sha1_update( &sha1, sha1sum, 20 );
elessair	0:f269e3021894	4766	mbedtls_sha1_finish( &sha1, buf + 16 );
elessair	0:f269e3021894	4767
elessair	0:f269e3021894	4768	MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 );
elessair	0:f269e3021894	4769
elessair	0:f269e3021894	4770	mbedtls_md5_free( &md5 );
elessair	0:f269e3021894	4771	mbedtls_sha1_free( &sha1 );
elessair	0:f269e3021894	4772
elessair	0:f269e3021894	4773	mbedtls_zeroize( padbuf, sizeof( padbuf ) );
elessair	0:f269e3021894	4774	mbedtls_zeroize( md5sum, sizeof( md5sum ) );
elessair	0:f269e3021894	4775	mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
elessair	0:f269e3021894	4776
elessair	0:f269e3021894	4777	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
elessair	0:f269e3021894	4778	}
elessair	0:f269e3021894	4779	#endif /* MBEDTLS_SSL_PROTO_SSL3 */
elessair	0:f269e3021894	4780
elessair	0:f269e3021894	4781	#if defined(MBEDTLS_SSL_PROTO_TLS1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_1)
elessair	0:f269e3021894	4782	static void ssl_calc_finished_tls(
elessair	0:f269e3021894	4783	mbedtls_ssl_context ssl, unsigned char buf, int from )
elessair	0:f269e3021894	4784	{
elessair	0:f269e3021894	4785	int len = 12;
elessair	0:f269e3021894	4786	const char *sender;
elessair	0:f269e3021894	4787	mbedtls_md5_context md5;
elessair	0:f269e3021894	4788	mbedtls_sha1_context sha1;
elessair	0:f269e3021894	4789	unsigned char padbuf[36];
elessair	0:f269e3021894	4790
elessair	0:f269e3021894	4791	mbedtls_ssl_session *session = ssl->session_negotiate;
elessair	0:f269e3021894	4792	if( !session )
elessair	0:f269e3021894	4793	session = ssl->session;
elessair	0:f269e3021894	4794
elessair	0:f269e3021894	4795	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) );
elessair	0:f269e3021894	4796
elessair	0:f269e3021894	4797	mbedtls_md5_init( &md5 );
elessair	0:f269e3021894	4798	mbedtls_sha1_init( &sha1 );
elessair	0:f269e3021894	4799
elessair	0:f269e3021894	4800	mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
elessair	0:f269e3021894	4801	mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
elessair	0:f269e3021894	4802
elessair	0:f269e3021894	4803	/*
elessair	0:f269e3021894	4804	* TLSv1:
elessair	0:f269e3021894	4805	* hash = PRF( master, finished_label,
elessair	0:f269e3021894	4806	* MD5( handshake ) + SHA1( handshake ) )[0..11]
elessair	0:f269e3021894	4807	*/
elessair	0:f269e3021894	4808
elessair	0:f269e3021894	4809	#if !defined(MBEDTLS_MD5_ALT)
elessair	0:f269e3021894	4810	MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
elessair	0:f269e3021894	4811	md5.state, sizeof( md5.state ) );
elessair	0:f269e3021894	4812	#endif
elessair	0:f269e3021894	4813
elessair	0:f269e3021894	4814	#if !defined(MBEDTLS_SHA1_ALT)
elessair	0:f269e3021894	4815	MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
elessair	0:f269e3021894	4816	sha1.state, sizeof( sha1.state ) );
elessair	0:f269e3021894	4817	#endif
elessair	0:f269e3021894	4818
elessair	0:f269e3021894	4819	sender = ( from == MBEDTLS_SSL_IS_CLIENT )
elessair	0:f269e3021894	4820	? "client finished"
elessair	0:f269e3021894	4821	: "server finished";
elessair	0:f269e3021894	4822
elessair	0:f269e3021894	4823	mbedtls_md5_finish( &md5, padbuf );
elessair	0:f269e3021894	4824	mbedtls_sha1_finish( &sha1, padbuf + 16 );
elessair	0:f269e3021894	4825
elessair	0:f269e3021894	4826	ssl->handshake->tls_prf( session->master, 48, sender,
elessair	0:f269e3021894	4827	padbuf, 36, buf, len );
elessair	0:f269e3021894	4828
elessair	0:f269e3021894	4829	MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
elessair	0:f269e3021894	4830
elessair	0:f269e3021894	4831	mbedtls_md5_free( &md5 );
elessair	0:f269e3021894	4832	mbedtls_sha1_free( &sha1 );
elessair	0:f269e3021894	4833
elessair	0:f269e3021894	4834	mbedtls_zeroize( padbuf, sizeof( padbuf ) );
elessair	0:f269e3021894	4835
elessair	0:f269e3021894	4836	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
elessair	0:f269e3021894	4837	}
elessair	0:f269e3021894	4838	#endif /* MBEDTLS_SSL_PROTO_TLS1 \|\| MBEDTLS_SSL_PROTO_TLS1_1 */
elessair	0:f269e3021894	4839
elessair	0:f269e3021894	4840	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	4841	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	4842	static void ssl_calc_finished_tls_sha256(
elessair	0:f269e3021894	4843	mbedtls_ssl_context ssl, unsigned char buf, int from )
elessair	0:f269e3021894	4844	{
elessair	0:f269e3021894	4845	int len = 12;
elessair	0:f269e3021894	4846	const char *sender;
elessair	0:f269e3021894	4847	mbedtls_sha256_context sha256;
elessair	0:f269e3021894	4848	unsigned char padbuf[32];
elessair	0:f269e3021894	4849
elessair	0:f269e3021894	4850	mbedtls_ssl_session *session = ssl->session_negotiate;
elessair	0:f269e3021894	4851	if( !session )
elessair	0:f269e3021894	4852	session = ssl->session;
elessair	0:f269e3021894	4853
elessair	0:f269e3021894	4854	mbedtls_sha256_init( &sha256 );
elessair	0:f269e3021894	4855
elessair	0:f269e3021894	4856	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) );
elessair	0:f269e3021894	4857
elessair	0:f269e3021894	4858	mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
elessair	0:f269e3021894	4859
elessair	0:f269e3021894	4860	/*
elessair	0:f269e3021894	4861	* TLSv1.2:
elessair	0:f269e3021894	4862	* hash = PRF( master, finished_label,
elessair	0:f269e3021894	4863	* Hash( handshake ) )[0.11]
elessair	0:f269e3021894	4864	*/
elessair	0:f269e3021894	4865
elessair	0:f269e3021894	4866	#if !defined(MBEDTLS_SHA256_ALT)
elessair	0:f269e3021894	4867	MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
elessair	0:f269e3021894	4868	sha256.state, sizeof( sha256.state ) );
elessair	0:f269e3021894	4869	#endif
elessair	0:f269e3021894	4870
elessair	0:f269e3021894	4871	sender = ( from == MBEDTLS_SSL_IS_CLIENT )
elessair	0:f269e3021894	4872	? "client finished"
elessair	0:f269e3021894	4873	: "server finished";
elessair	0:f269e3021894	4874
elessair	0:f269e3021894	4875	mbedtls_sha256_finish( &sha256, padbuf );
elessair	0:f269e3021894	4876
elessair	0:f269e3021894	4877	ssl->handshake->tls_prf( session->master, 48, sender,
elessair	0:f269e3021894	4878	padbuf, 32, buf, len );
elessair	0:f269e3021894	4879
elessair	0:f269e3021894	4880	MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
elessair	0:f269e3021894	4881
elessair	0:f269e3021894	4882	mbedtls_sha256_free( &sha256 );
elessair	0:f269e3021894	4883
elessair	0:f269e3021894	4884	mbedtls_zeroize( padbuf, sizeof( padbuf ) );
elessair	0:f269e3021894	4885
elessair	0:f269e3021894	4886	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
elessair	0:f269e3021894	4887	}
elessair	0:f269e3021894	4888	#endif /* MBEDTLS_SHA256_C */
elessair	0:f269e3021894	4889
elessair	0:f269e3021894	4890	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	4891	static void ssl_calc_finished_tls_sha384(
elessair	0:f269e3021894	4892	mbedtls_ssl_context ssl, unsigned char buf, int from )
elessair	0:f269e3021894	4893	{
elessair	0:f269e3021894	4894	int len = 12;
elessair	0:f269e3021894	4895	const char *sender;
elessair	0:f269e3021894	4896	mbedtls_sha512_context sha512;
elessair	0:f269e3021894	4897	unsigned char padbuf[48];
elessair	0:f269e3021894	4898
elessair	0:f269e3021894	4899	mbedtls_ssl_session *session = ssl->session_negotiate;
elessair	0:f269e3021894	4900	if( !session )
elessair	0:f269e3021894	4901	session = ssl->session;
elessair	0:f269e3021894	4902
elessair	0:f269e3021894	4903	mbedtls_sha512_init( &sha512 );
elessair	0:f269e3021894	4904
elessair	0:f269e3021894	4905	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) );
elessair	0:f269e3021894	4906
elessair	0:f269e3021894	4907	mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
elessair	0:f269e3021894	4908
elessair	0:f269e3021894	4909	/*
elessair	0:f269e3021894	4910	* TLSv1.2:
elessair	0:f269e3021894	4911	* hash = PRF( master, finished_label,
elessair	0:f269e3021894	4912	* Hash( handshake ) )[0.11]
elessair	0:f269e3021894	4913	*/
elessair	0:f269e3021894	4914
elessair	0:f269e3021894	4915	#if !defined(MBEDTLS_SHA512_ALT)
elessair	0:f269e3021894	4916	MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
elessair	0:f269e3021894	4917	sha512.state, sizeof( sha512.state ) );
elessair	0:f269e3021894	4918	#endif
elessair	0:f269e3021894	4919
elessair	0:f269e3021894	4920	sender = ( from == MBEDTLS_SSL_IS_CLIENT )
elessair	0:f269e3021894	4921	? "client finished"
elessair	0:f269e3021894	4922	: "server finished";
elessair	0:f269e3021894	4923
elessair	0:f269e3021894	4924	mbedtls_sha512_finish( &sha512, padbuf );
elessair	0:f269e3021894	4925
elessair	0:f269e3021894	4926	ssl->handshake->tls_prf( session->master, 48, sender,
elessair	0:f269e3021894	4927	padbuf, 48, buf, len );
elessair	0:f269e3021894	4928
elessair	0:f269e3021894	4929	MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
elessair	0:f269e3021894	4930
elessair	0:f269e3021894	4931	mbedtls_sha512_free( &sha512 );
elessair	0:f269e3021894	4932
elessair	0:f269e3021894	4933	mbedtls_zeroize( padbuf, sizeof( padbuf ) );
elessair	0:f269e3021894	4934
elessair	0:f269e3021894	4935	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
elessair	0:f269e3021894	4936	}
elessair	0:f269e3021894	4937	#endif /* MBEDTLS_SHA512_C */
elessair	0:f269e3021894	4938	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	4939
elessair	0:f269e3021894	4940	static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	4941	{
elessair	0:f269e3021894	4942	MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) );
elessair	0:f269e3021894	4943
elessair	0:f269e3021894	4944	/*
elessair	0:f269e3021894	4945	* Free our handshake params
elessair	0:f269e3021894	4946	*/
elessair	0:f269e3021894	4947	mbedtls_ssl_handshake_free( ssl->handshake );
elessair	0:f269e3021894	4948	mbedtls_free( ssl->handshake );
elessair	0:f269e3021894	4949	ssl->handshake = NULL;
elessair	0:f269e3021894	4950
elessair	0:f269e3021894	4951	/*
elessair	0:f269e3021894	4952	* Free the previous transform and swith in the current one
elessair	0:f269e3021894	4953	*/
elessair	0:f269e3021894	4954	if( ssl->transform )
elessair	0:f269e3021894	4955	{
elessair	0:f269e3021894	4956	mbedtls_ssl_transform_free( ssl->transform );
elessair	0:f269e3021894	4957	mbedtls_free( ssl->transform );
elessair	0:f269e3021894	4958	}
elessair	0:f269e3021894	4959	ssl->transform = ssl->transform_negotiate;
elessair	0:f269e3021894	4960	ssl->transform_negotiate = NULL;
elessair	0:f269e3021894	4961
elessair	0:f269e3021894	4962	MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) );
elessair	0:f269e3021894	4963	}
elessair	0:f269e3021894	4964
elessair	0:f269e3021894	4965	void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	4966	{
elessair	0:f269e3021894	4967	int resume = ssl->handshake->resume;
elessair	0:f269e3021894	4968
elessair	0:f269e3021894	4969	MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
elessair	0:f269e3021894	4970
elessair	0:f269e3021894	4971	#if defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	4972	if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
elessair	0:f269e3021894	4973	{
elessair	0:f269e3021894	4974	ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE;
elessair	0:f269e3021894	4975	ssl->renego_records_seen = 0;
elessair	0:f269e3021894	4976	}
elessair	0:f269e3021894	4977	#endif
elessair	0:f269e3021894	4978
elessair	0:f269e3021894	4979	/*
elessair	0:f269e3021894	4980	* Free the previous session and switch in the current one
elessair	0:f269e3021894	4981	*/
elessair	0:f269e3021894	4982	if( ssl->session )
elessair	0:f269e3021894	4983	{
elessair	0:f269e3021894	4984	#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
elessair	0:f269e3021894	4985	/* RFC 7366 3.1: keep the EtM state */
elessair	0:f269e3021894	4986	ssl->session_negotiate->encrypt_then_mac =
elessair	0:f269e3021894	4987	ssl->session->encrypt_then_mac;
elessair	0:f269e3021894	4988	#endif
elessair	0:f269e3021894	4989
elessair	0:f269e3021894	4990	mbedtls_ssl_session_free( ssl->session );
elessair	0:f269e3021894	4991	mbedtls_free( ssl->session );
elessair	0:f269e3021894	4992	}
elessair	0:f269e3021894	4993	ssl->session = ssl->session_negotiate;
elessair	0:f269e3021894	4994	ssl->session_negotiate = NULL;
elessair	0:f269e3021894	4995
elessair	0:f269e3021894	4996	/*
elessair	0:f269e3021894	4997	* Add cache entry
elessair	0:f269e3021894	4998	*/
elessair	0:f269e3021894	4999	if( ssl->conf->f_set_cache != NULL &&
elessair	0:f269e3021894	5000	ssl->session->id_len != 0 &&
elessair	0:f269e3021894	5001	resume == 0 )
elessair	0:f269e3021894	5002	{
elessair	0:f269e3021894	5003	if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 )
elessair	0:f269e3021894	5004	MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
elessair	0:f269e3021894	5005	}
elessair	0:f269e3021894	5006
elessair	0:f269e3021894	5007	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	5008	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
elessair	0:f269e3021894	5009	ssl->handshake->flight != NULL )
elessair	0:f269e3021894	5010	{
elessair	0:f269e3021894	5011	/* Cancel handshake timer */
elessair	0:f269e3021894	5012	ssl_set_timer( ssl, 0 );
elessair	0:f269e3021894	5013
elessair	0:f269e3021894	5014	/* Keep last flight around in case we need to resend it:
elessair	0:f269e3021894	5015	* we need the handshake and transform structures for that */
elessair	0:f269e3021894	5016	MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) );
elessair	0:f269e3021894	5017	}
elessair	0:f269e3021894	5018	else
elessair	0:f269e3021894	5019	#endif
elessair	0:f269e3021894	5020	ssl_handshake_wrapup_free_hs_transform( ssl );
elessair	0:f269e3021894	5021
elessair	0:f269e3021894	5022	ssl->state++;
elessair	0:f269e3021894	5023
elessair	0:f269e3021894	5024	MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
elessair	0:f269e3021894	5025	}
elessair	0:f269e3021894	5026
elessair	0:f269e3021894	5027	int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	5028	{
elessair	0:f269e3021894	5029	int ret, hash_len;
elessair	0:f269e3021894	5030
elessair	0:f269e3021894	5031	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
elessair	0:f269e3021894	5032
elessair	0:f269e3021894	5033	/*
elessair	0:f269e3021894	5034	* Set the out_msg pointer to the correct location based on IV length
elessair	0:f269e3021894	5035	*/
elessair	0:f269e3021894	5036	if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
elessair	0:f269e3021894	5037	{
elessair	0:f269e3021894	5038	ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen -
elessair	0:f269e3021894	5039	ssl->transform_negotiate->fixed_ivlen;
elessair	0:f269e3021894	5040	}
elessair	0:f269e3021894	5041	else
elessair	0:f269e3021894	5042	ssl->out_msg = ssl->out_iv;
elessair	0:f269e3021894	5043
elessair	0:f269e3021894	5044	ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
elessair	0:f269e3021894	5045
elessair	0:f269e3021894	5046	/*
elessair	0:f269e3021894	5047	* RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
elessair	0:f269e3021894	5048	* may define some other value. Currently (early 2016), no defined
elessair	0:f269e3021894	5049	* ciphersuite does this (and this is unlikely to change as activity has
elessair	0:f269e3021894	5050	* moved to TLS 1.3 now) so we can keep the hardcoded 12 here.
elessair	0:f269e3021894	5051	*/
elessair	0:f269e3021894	5052	hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12;
elessair	0:f269e3021894	5053
elessair	0:f269e3021894	5054	#if defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	5055	ssl->verify_data_len = hash_len;
elessair	0:f269e3021894	5056	memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
elessair	0:f269e3021894	5057	#endif
elessair	0:f269e3021894	5058
elessair	0:f269e3021894	5059	ssl->out_msglen = 4 + hash_len;
elessair	0:f269e3021894	5060	ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
elessair	0:f269e3021894	5061	ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED;
elessair	0:f269e3021894	5062
elessair	0:f269e3021894	5063	/*
elessair	0:f269e3021894	5064	* In case of session resuming, invert the client and server
elessair	0:f269e3021894	5065	* ChangeCipherSpec messages order.
elessair	0:f269e3021894	5066	*/
elessair	0:f269e3021894	5067	if( ssl->handshake->resume != 0 )
elessair	0:f269e3021894	5068	{
elessair	0:f269e3021894	5069	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	5070	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
elessair	0:f269e3021894	5071	ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
elessair	0:f269e3021894	5072	#endif
elessair	0:f269e3021894	5073	#if defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	5074	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
elessair	0:f269e3021894	5075	ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
elessair	0:f269e3021894	5076	#endif
elessair	0:f269e3021894	5077	}
elessair	0:f269e3021894	5078	else
elessair	0:f269e3021894	5079	ssl->state++;
elessair	0:f269e3021894	5080
elessair	0:f269e3021894	5081	/*
elessair	0:f269e3021894	5082	* Switch to our negotiated transform and session parameters for outbound
elessair	0:f269e3021894	5083	* data.
elessair	0:f269e3021894	5084	*/
elessair	0:f269e3021894	5085	MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
elessair	0:f269e3021894	5086
elessair	0:f269e3021894	5087	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	5088	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	5089	{
elessair	0:f269e3021894	5090	unsigned char i;
elessair	0:f269e3021894	5091
elessair	0:f269e3021894	5092	/* Remember current epoch settings for resending */
elessair	0:f269e3021894	5093	ssl->handshake->alt_transform_out = ssl->transform_out;
elessair	0:f269e3021894	5094	memcpy( ssl->handshake->alt_out_ctr, ssl->out_ctr, 8 );
elessair	0:f269e3021894	5095
elessair	0:f269e3021894	5096	/* Set sequence_number to zero */
elessair	0:f269e3021894	5097	memset( ssl->out_ctr + 2, 0, 6 );
elessair	0:f269e3021894	5098
elessair	0:f269e3021894	5099	/* Increment epoch */
elessair	0:f269e3021894	5100	for( i = 2; i > 0; i-- )
elessair	0:f269e3021894	5101	if( ++ssl->out_ctr[i - 1] != 0 )
elessair	0:f269e3021894	5102	break;
elessair	0:f269e3021894	5103
elessair	0:f269e3021894	5104	/* The loop goes to its end iff the counter is wrapping */
elessair	0:f269e3021894	5105	if( i == 0 )
elessair	0:f269e3021894	5106	{
elessair	0:f269e3021894	5107	MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
elessair	0:f269e3021894	5108	return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
elessair	0:f269e3021894	5109	}
elessair	0:f269e3021894	5110	}
elessair	0:f269e3021894	5111	else
elessair	0:f269e3021894	5112	#endif /* MBEDTLS_SSL_PROTO_DTLS */
elessair	0:f269e3021894	5113	memset( ssl->out_ctr, 0, 8 );
elessair	0:f269e3021894	5114
elessair	0:f269e3021894	5115	ssl->transform_out = ssl->transform_negotiate;
elessair	0:f269e3021894	5116	ssl->session_out = ssl->session_negotiate;
elessair	0:f269e3021894	5117
elessair	0:f269e3021894	5118	#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
elessair	0:f269e3021894	5119	if( mbedtls_ssl_hw_record_activate != NULL )
elessair	0:f269e3021894	5120	{
elessair	0:f269e3021894	5121	if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
elessair	0:f269e3021894	5122	{
elessair	0:f269e3021894	5123	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
elessair	0:f269e3021894	5124	return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
elessair	0:f269e3021894	5125	}
elessair	0:f269e3021894	5126	}
elessair	0:f269e3021894	5127	#endif
elessair	0:f269e3021894	5128
elessair	0:f269e3021894	5129	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	5130	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	5131	mbedtls_ssl_send_flight_completed( ssl );
elessair	0:f269e3021894	5132	#endif
elessair	0:f269e3021894	5133
elessair	0:f269e3021894	5134	if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
elessair	0:f269e3021894	5135	{
elessair	0:f269e3021894	5136	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
elessair	0:f269e3021894	5137	return( ret );
elessair	0:f269e3021894	5138	}
elessair	0:f269e3021894	5139
elessair	0:f269e3021894	5140	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
elessair	0:f269e3021894	5141
elessair	0:f269e3021894	5142	return( 0 );
elessair	0:f269e3021894	5143	}
elessair	0:f269e3021894	5144
elessair	0:f269e3021894	5145	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	5146	#define SSL_MAX_HASH_LEN 36
elessair	0:f269e3021894	5147	#else
elessair	0:f269e3021894	5148	#define SSL_MAX_HASH_LEN 12
elessair	0:f269e3021894	5149	#endif
elessair	0:f269e3021894	5150
elessair	0:f269e3021894	5151	int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	5152	{
elessair	0:f269e3021894	5153	int ret;
elessair	0:f269e3021894	5154	unsigned int hash_len;
elessair	0:f269e3021894	5155	unsigned char buf[SSL_MAX_HASH_LEN];
elessair	0:f269e3021894	5156
elessair	0:f269e3021894	5157	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
elessair	0:f269e3021894	5158
elessair	0:f269e3021894	5159	ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
elessair	0:f269e3021894	5160
elessair	0:f269e3021894	5161	if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
elessair	0:f269e3021894	5162	{
elessair	0:f269e3021894	5163	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
elessair	0:f269e3021894	5164	return( ret );
elessair	0:f269e3021894	5165	}
elessair	0:f269e3021894	5166
elessair	0:f269e3021894	5167	if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
elessair	0:f269e3021894	5168	{
elessair	0:f269e3021894	5169	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
elessair	0:f269e3021894	5170	return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
elessair	0:f269e3021894	5171	}
elessair	0:f269e3021894	5172
elessair	0:f269e3021894	5173	/* There is currently no ciphersuite using another length with TLS 1.2 */
elessair	0:f269e3021894	5174	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	5175	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
elessair	0:f269e3021894	5176	hash_len = 36;
elessair	0:f269e3021894	5177	else
elessair	0:f269e3021894	5178	#endif
elessair	0:f269e3021894	5179	hash_len = 12;
elessair	0:f269e3021894	5180
elessair	0:f269e3021894	5181	if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED \|\|
elessair	0:f269e3021894	5182	ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len )
elessair	0:f269e3021894	5183	{
elessair	0:f269e3021894	5184	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
elessair	0:f269e3021894	5185	return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
elessair	0:f269e3021894	5186	}
elessair	0:f269e3021894	5187
elessair	0:f269e3021894	5188	if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
elessair	0:f269e3021894	5189	buf, hash_len ) != 0 )
elessair	0:f269e3021894	5190	{
elessair	0:f269e3021894	5191	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
elessair	0:f269e3021894	5192	return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
elessair	0:f269e3021894	5193	}
elessair	0:f269e3021894	5194
elessair	0:f269e3021894	5195	#if defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	5196	ssl->verify_data_len = hash_len;
elessair	0:f269e3021894	5197	memcpy( ssl->peer_verify_data, buf, hash_len );
elessair	0:f269e3021894	5198	#endif
elessair	0:f269e3021894	5199
elessair	0:f269e3021894	5200	if( ssl->handshake->resume != 0 )
elessair	0:f269e3021894	5201	{
elessair	0:f269e3021894	5202	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	5203	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
elessair	0:f269e3021894	5204	ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
elessair	0:f269e3021894	5205	#endif
elessair	0:f269e3021894	5206	#if defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	5207	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
elessair	0:f269e3021894	5208	ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
elessair	0:f269e3021894	5209	#endif
elessair	0:f269e3021894	5210	}
elessair	0:f269e3021894	5211	else
elessair	0:f269e3021894	5212	ssl->state++;
elessair	0:f269e3021894	5213
elessair	0:f269e3021894	5214	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	5215	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	5216	mbedtls_ssl_recv_flight_completed( ssl );
elessair	0:f269e3021894	5217	#endif
elessair	0:f269e3021894	5218
elessair	0:f269e3021894	5219	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
elessair	0:f269e3021894	5220
elessair	0:f269e3021894	5221	return( 0 );
elessair	0:f269e3021894	5222	}
elessair	0:f269e3021894	5223
elessair	0:f269e3021894	5224	static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
elessair	0:f269e3021894	5225	{
elessair	0:f269e3021894	5226	memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
elessair	0:f269e3021894	5227
elessair	0:f269e3021894	5228	#if defined(MBEDTLS_SSL_PROTO_SSL3) \|\| defined(MBEDTLS_SSL_PROTO_TLS1) \|\| \
elessair	0:f269e3021894	5229	defined(MBEDTLS_SSL_PROTO_TLS1_1)
elessair	0:f269e3021894	5230	mbedtls_md5_init( &handshake->fin_md5 );
elessair	0:f269e3021894	5231	mbedtls_sha1_init( &handshake->fin_sha1 );
elessair	0:f269e3021894	5232	mbedtls_md5_starts( &handshake->fin_md5 );
elessair	0:f269e3021894	5233	mbedtls_sha1_starts( &handshake->fin_sha1 );
elessair	0:f269e3021894	5234	#endif
elessair	0:f269e3021894	5235	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	5236	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	5237	mbedtls_sha256_init( &handshake->fin_sha256 );
elessair	0:f269e3021894	5238	mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
elessair	0:f269e3021894	5239	#endif
elessair	0:f269e3021894	5240	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	5241	mbedtls_sha512_init( &handshake->fin_sha512 );
elessair	0:f269e3021894	5242	mbedtls_sha512_starts( &handshake->fin_sha512, 1 );
elessair	0:f269e3021894	5243	#endif
elessair	0:f269e3021894	5244	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	5245
elessair	0:f269e3021894	5246	handshake->update_checksum = ssl_update_checksum_start;
elessair	0:f269e3021894	5247	handshake->sig_alg = MBEDTLS_SSL_HASH_SHA1;
elessair	0:f269e3021894	5248
elessair	0:f269e3021894	5249	#if defined(MBEDTLS_DHM_C)
elessair	0:f269e3021894	5250	mbedtls_dhm_init( &handshake->dhm_ctx );
elessair	0:f269e3021894	5251	#endif
elessair	0:f269e3021894	5252	#if defined(MBEDTLS_ECDH_C)
elessair	0:f269e3021894	5253	mbedtls_ecdh_init( &handshake->ecdh_ctx );
elessair	0:f269e3021894	5254	#endif
elessair	0:f269e3021894	5255	#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
elessair	0:f269e3021894	5256	mbedtls_ecjpake_init( &handshake->ecjpake_ctx );
elessair	0:f269e3021894	5257	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	5258	handshake->ecjpake_cache = NULL;
elessair	0:f269e3021894	5259	handshake->ecjpake_cache_len = 0;
elessair	0:f269e3021894	5260	#endif
elessair	0:f269e3021894	5261	#endif
elessair	0:f269e3021894	5262
elessair	0:f269e3021894	5263	#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
elessair	0:f269e3021894	5264	handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET;
elessair	0:f269e3021894	5265	#endif
elessair	0:f269e3021894	5266	}
elessair	0:f269e3021894	5267
elessair	0:f269e3021894	5268	static void ssl_transform_init( mbedtls_ssl_transform *transform )
elessair	0:f269e3021894	5269	{
elessair	0:f269e3021894	5270	memset( transform, 0, sizeof(mbedtls_ssl_transform) );
elessair	0:f269e3021894	5271
elessair	0:f269e3021894	5272	mbedtls_cipher_init( &transform->cipher_ctx_enc );
elessair	0:f269e3021894	5273	mbedtls_cipher_init( &transform->cipher_ctx_dec );
elessair	0:f269e3021894	5274
elessair	0:f269e3021894	5275	mbedtls_md_init( &transform->md_ctx_enc );
elessair	0:f269e3021894	5276	mbedtls_md_init( &transform->md_ctx_dec );
elessair	0:f269e3021894	5277	}
elessair	0:f269e3021894	5278
elessair	0:f269e3021894	5279	void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
elessair	0:f269e3021894	5280	{
elessair	0:f269e3021894	5281	memset( session, 0, sizeof(mbedtls_ssl_session) );
elessair	0:f269e3021894	5282	}
elessair	0:f269e3021894	5283
elessair	0:f269e3021894	5284	static int ssl_handshake_init( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	5285	{
elessair	0:f269e3021894	5286	/* Clear old handshake information if present */
elessair	0:f269e3021894	5287	if( ssl->transform_negotiate )
elessair	0:f269e3021894	5288	mbedtls_ssl_transform_free( ssl->transform_negotiate );
elessair	0:f269e3021894	5289	if( ssl->session_negotiate )
elessair	0:f269e3021894	5290	mbedtls_ssl_session_free( ssl->session_negotiate );
elessair	0:f269e3021894	5291	if( ssl->handshake )
elessair	0:f269e3021894	5292	mbedtls_ssl_handshake_free( ssl->handshake );
elessair	0:f269e3021894	5293
elessair	0:f269e3021894	5294	/*
elessair	0:f269e3021894	5295	* Either the pointers are now NULL or cleared properly and can be freed.
elessair	0:f269e3021894	5296	* Now allocate missing structures.
elessair	0:f269e3021894	5297	*/
elessair	0:f269e3021894	5298	if( ssl->transform_negotiate == NULL )
elessair	0:f269e3021894	5299	{
elessair	0:f269e3021894	5300	ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) );
elessair	0:f269e3021894	5301	}
elessair	0:f269e3021894	5302
elessair	0:f269e3021894	5303	if( ssl->session_negotiate == NULL )
elessair	0:f269e3021894	5304	{
elessair	0:f269e3021894	5305	ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) );
elessair	0:f269e3021894	5306	}
elessair	0:f269e3021894	5307
elessair	0:f269e3021894	5308	if( ssl->handshake == NULL )
elessair	0:f269e3021894	5309	{
elessair	0:f269e3021894	5310	ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) );
elessair	0:f269e3021894	5311	}
elessair	0:f269e3021894	5312
elessair	0:f269e3021894	5313	/* All pointers should exist and can be directly freed without issue */
elessair	0:f269e3021894	5314	if( ssl->handshake == NULL \|\|
elessair	0:f269e3021894	5315	ssl->transform_negotiate == NULL \|\|
elessair	0:f269e3021894	5316	ssl->session_negotiate == NULL )
elessair	0:f269e3021894	5317	{
elessair	0:f269e3021894	5318	MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) );
elessair	0:f269e3021894	5319
elessair	0:f269e3021894	5320	mbedtls_free( ssl->handshake );
elessair	0:f269e3021894	5321	mbedtls_free( ssl->transform_negotiate );
elessair	0:f269e3021894	5322	mbedtls_free( ssl->session_negotiate );
elessair	0:f269e3021894	5323
elessair	0:f269e3021894	5324	ssl->handshake = NULL;
elessair	0:f269e3021894	5325	ssl->transform_negotiate = NULL;
elessair	0:f269e3021894	5326	ssl->session_negotiate = NULL;
elessair	0:f269e3021894	5327
elessair	0:f269e3021894	5328	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
elessair	0:f269e3021894	5329	}
elessair	0:f269e3021894	5330
elessair	0:f269e3021894	5331	/* Initialize structures */
elessair	0:f269e3021894	5332	mbedtls_ssl_session_init( ssl->session_negotiate );
elessair	0:f269e3021894	5333	ssl_transform_init( ssl->transform_negotiate );
elessair	0:f269e3021894	5334	ssl_handshake_params_init( ssl->handshake );
elessair	0:f269e3021894	5335
elessair	0:f269e3021894	5336	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	5337	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	5338	{
elessair	0:f269e3021894	5339	ssl->handshake->alt_transform_out = ssl->transform_out;
elessair	0:f269e3021894	5340
elessair	0:f269e3021894	5341	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
elessair	0:f269e3021894	5342	ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
elessair	0:f269e3021894	5343	else
elessair	0:f269e3021894	5344	ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
elessair	0:f269e3021894	5345
elessair	0:f269e3021894	5346	ssl_set_timer( ssl, 0 );
elessair	0:f269e3021894	5347	}
elessair	0:f269e3021894	5348	#endif
elessair	0:f269e3021894	5349
elessair	0:f269e3021894	5350	return( 0 );
elessair	0:f269e3021894	5351	}
elessair	0:f269e3021894	5352
elessair	0:f269e3021894	5353	#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	5354	/* Dummy cookie callbacks for defaults */
elessair	0:f269e3021894	5355	static int ssl_cookie_write_dummy( void *ctx,
elessair	0:f269e3021894	5356	unsigned char *p, unsigned char end,
elessair	0:f269e3021894	5357	const unsigned char *cli_id, size_t cli_id_len )
elessair	0:f269e3021894	5358	{
elessair	0:f269e3021894	5359	((void) ctx);
elessair	0:f269e3021894	5360	((void) p);
elessair	0:f269e3021894	5361	((void) end);
elessair	0:f269e3021894	5362	((void) cli_id);
elessair	0:f269e3021894	5363	((void) cli_id_len);
elessair	0:f269e3021894	5364
elessair	0:f269e3021894	5365	return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
elessair	0:f269e3021894	5366	}
elessair	0:f269e3021894	5367
elessair	0:f269e3021894	5368	static int ssl_cookie_check_dummy( void *ctx,
elessair	0:f269e3021894	5369	const unsigned char *cookie, size_t cookie_len,
elessair	0:f269e3021894	5370	const unsigned char *cli_id, size_t cli_id_len )
elessair	0:f269e3021894	5371	{
elessair	0:f269e3021894	5372	((void) ctx);
elessair	0:f269e3021894	5373	((void) cookie);
elessair	0:f269e3021894	5374	((void) cookie_len);
elessair	0:f269e3021894	5375	((void) cli_id);
elessair	0:f269e3021894	5376	((void) cli_id_len);
elessair	0:f269e3021894	5377
elessair	0:f269e3021894	5378	return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
elessair	0:f269e3021894	5379	}
elessair	0:f269e3021894	5380	#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
elessair	0:f269e3021894	5381
elessair	0:f269e3021894	5382	/*
elessair	0:f269e3021894	5383	* Initialize an SSL context
elessair	0:f269e3021894	5384	*/
elessair	0:f269e3021894	5385	void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	5386	{
elessair	0:f269e3021894	5387	memset( ssl, 0, sizeof( mbedtls_ssl_context ) );
elessair	0:f269e3021894	5388	}
elessair	0:f269e3021894	5389
elessair	0:f269e3021894	5390	/*
elessair	0:f269e3021894	5391	* Setup an SSL context
elessair	0:f269e3021894	5392	*/
elessair	0:f269e3021894	5393	int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	5394	const mbedtls_ssl_config *conf )
elessair	0:f269e3021894	5395	{
elessair	0:f269e3021894	5396	int ret;
elessair	0:f269e3021894	5397	const size_t len = MBEDTLS_SSL_BUFFER_LEN;
elessair	0:f269e3021894	5398
elessair	0:f269e3021894	5399	ssl->conf = conf;
elessair	0:f269e3021894	5400
elessair	0:f269e3021894	5401	/*
elessair	0:f269e3021894	5402	* Prepare base structures
elessair	0:f269e3021894	5403	*/
elessair	0:f269e3021894	5404	if( ( ssl-> in_buf = mbedtls_calloc( 1, len ) ) == NULL \|\|
elessair	0:f269e3021894	5405	( ssl->out_buf = mbedtls_calloc( 1, len ) ) == NULL )
elessair	0:f269e3021894	5406	{
elessair	0:f269e3021894	5407	MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", len ) );
elessair	0:f269e3021894	5408	mbedtls_free( ssl->in_buf );
elessair	0:f269e3021894	5409	ssl->in_buf = NULL;
elessair	0:f269e3021894	5410	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
elessair	0:f269e3021894	5411	}
elessair	0:f269e3021894	5412
elessair	0:f269e3021894	5413	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	5414	if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	5415	{
elessair	0:f269e3021894	5416	ssl->out_hdr = ssl->out_buf;
elessair	0:f269e3021894	5417	ssl->out_ctr = ssl->out_buf + 3;
elessair	0:f269e3021894	5418	ssl->out_len = ssl->out_buf + 11;
elessair	0:f269e3021894	5419	ssl->out_iv = ssl->out_buf + 13;
elessair	0:f269e3021894	5420	ssl->out_msg = ssl->out_buf + 13;
elessair	0:f269e3021894	5421
elessair	0:f269e3021894	5422	ssl->in_hdr = ssl->in_buf;
elessair	0:f269e3021894	5423	ssl->in_ctr = ssl->in_buf + 3;
elessair	0:f269e3021894	5424	ssl->in_len = ssl->in_buf + 11;
elessair	0:f269e3021894	5425	ssl->in_iv = ssl->in_buf + 13;
elessair	0:f269e3021894	5426	ssl->in_msg = ssl->in_buf + 13;
elessair	0:f269e3021894	5427	}
elessair	0:f269e3021894	5428	else
elessair	0:f269e3021894	5429	#endif
elessair	0:f269e3021894	5430	{
elessair	0:f269e3021894	5431	ssl->out_ctr = ssl->out_buf;
elessair	0:f269e3021894	5432	ssl->out_hdr = ssl->out_buf + 8;
elessair	0:f269e3021894	5433	ssl->out_len = ssl->out_buf + 11;
elessair	0:f269e3021894	5434	ssl->out_iv = ssl->out_buf + 13;
elessair	0:f269e3021894	5435	ssl->out_msg = ssl->out_buf + 13;
elessair	0:f269e3021894	5436
elessair	0:f269e3021894	5437	ssl->in_ctr = ssl->in_buf;
elessair	0:f269e3021894	5438	ssl->in_hdr = ssl->in_buf + 8;
elessair	0:f269e3021894	5439	ssl->in_len = ssl->in_buf + 11;
elessair	0:f269e3021894	5440	ssl->in_iv = ssl->in_buf + 13;
elessair	0:f269e3021894	5441	ssl->in_msg = ssl->in_buf + 13;
elessair	0:f269e3021894	5442	}
elessair	0:f269e3021894	5443
elessair	0:f269e3021894	5444	if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
elessair	0:f269e3021894	5445	return( ret );
elessair	0:f269e3021894	5446
elessair	0:f269e3021894	5447	return( 0 );
elessair	0:f269e3021894	5448	}
elessair	0:f269e3021894	5449
elessair	0:f269e3021894	5450	/*
elessair	0:f269e3021894	5451	* Reset an initialized and used SSL context for re-use while retaining
elessair	0:f269e3021894	5452	* all application-set variables, function pointers and data.
elessair	0:f269e3021894	5453	*
elessair	0:f269e3021894	5454	* If partial is non-zero, keep data in the input buffer and client ID.
elessair	0:f269e3021894	5455	* (Use when a DTLS client reconnects from the same port.)
elessair	0:f269e3021894	5456	*/
elessair	0:f269e3021894	5457	static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
elessair	0:f269e3021894	5458	{
elessair	0:f269e3021894	5459	int ret;
elessair	0:f269e3021894	5460
elessair	0:f269e3021894	5461	ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
elessair	0:f269e3021894	5462
elessair	0:f269e3021894	5463	/* Cancel any possibly running timer */
elessair	0:f269e3021894	5464	ssl_set_timer( ssl, 0 );
elessair	0:f269e3021894	5465
elessair	0:f269e3021894	5466	#if defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	5467	ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
elessair	0:f269e3021894	5468	ssl->renego_records_seen = 0;
elessair	0:f269e3021894	5469
elessair	0:f269e3021894	5470	ssl->verify_data_len = 0;
elessair	0:f269e3021894	5471	memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
elessair	0:f269e3021894	5472	memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
elessair	0:f269e3021894	5473	#endif
elessair	0:f269e3021894	5474	ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
elessair	0:f269e3021894	5475
elessair	0:f269e3021894	5476	ssl->in_offt = NULL;
elessair	0:f269e3021894	5477
elessair	0:f269e3021894	5478	ssl->in_msg = ssl->in_buf + 13;
elessair	0:f269e3021894	5479	ssl->in_msgtype = 0;
elessair	0:f269e3021894	5480	ssl->in_msglen = 0;
elessair	0:f269e3021894	5481	if( partial == 0 )
elessair	0:f269e3021894	5482	ssl->in_left = 0;
elessair	0:f269e3021894	5483	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	5484	ssl->next_record_offset = 0;
elessair	0:f269e3021894	5485	ssl->in_epoch = 0;
elessair	0:f269e3021894	5486	#endif
elessair	0:f269e3021894	5487	#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
elessair	0:f269e3021894	5488	ssl_dtls_replay_reset( ssl );
elessair	0:f269e3021894	5489	#endif
elessair	0:f269e3021894	5490
elessair	0:f269e3021894	5491	ssl->in_hslen = 0;
elessair	0:f269e3021894	5492	ssl->nb_zero = 0;
elessair	0:f269e3021894	5493	ssl->record_read = 0;
elessair	0:f269e3021894	5494
elessair	0:f269e3021894	5495	ssl->out_msg = ssl->out_buf + 13;
elessair	0:f269e3021894	5496	ssl->out_msgtype = 0;
elessair	0:f269e3021894	5497	ssl->out_msglen = 0;
elessair	0:f269e3021894	5498	ssl->out_left = 0;
elessair	0:f269e3021894	5499	#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
elessair	0:f269e3021894	5500	if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED )
elessair	0:f269e3021894	5501	ssl->split_done = 0;
elessair	0:f269e3021894	5502	#endif
elessair	0:f269e3021894	5503
elessair	0:f269e3021894	5504	ssl->transform_in = NULL;
elessair	0:f269e3021894	5505	ssl->transform_out = NULL;
elessair	0:f269e3021894	5506
elessair	0:f269e3021894	5507	memset( ssl->out_buf, 0, MBEDTLS_SSL_BUFFER_LEN );
elessair	0:f269e3021894	5508	if( partial == 0 )
elessair	0:f269e3021894	5509	memset( ssl->in_buf, 0, MBEDTLS_SSL_BUFFER_LEN );
elessair	0:f269e3021894	5510
elessair	0:f269e3021894	5511	#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
elessair	0:f269e3021894	5512	if( mbedtls_ssl_hw_record_reset != NULL )
elessair	0:f269e3021894	5513	{
elessair	0:f269e3021894	5514	MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_reset()" ) );
elessair	0:f269e3021894	5515	if( ( ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 )
elessair	0:f269e3021894	5516	{
elessair	0:f269e3021894	5517	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_reset", ret );
elessair	0:f269e3021894	5518	return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
elessair	0:f269e3021894	5519	}
elessair	0:f269e3021894	5520	}
elessair	0:f269e3021894	5521	#endif
elessair	0:f269e3021894	5522
elessair	0:f269e3021894	5523	if( ssl->transform )
elessair	0:f269e3021894	5524	{
elessair	0:f269e3021894	5525	mbedtls_ssl_transform_free( ssl->transform );
elessair	0:f269e3021894	5526	mbedtls_free( ssl->transform );
elessair	0:f269e3021894	5527	ssl->transform = NULL;
elessair	0:f269e3021894	5528	}
elessair	0:f269e3021894	5529
elessair	0:f269e3021894	5530	if( ssl->session )
elessair	0:f269e3021894	5531	{
elessair	0:f269e3021894	5532	mbedtls_ssl_session_free( ssl->session );
elessair	0:f269e3021894	5533	mbedtls_free( ssl->session );
elessair	0:f269e3021894	5534	ssl->session = NULL;
elessair	0:f269e3021894	5535	}
elessair	0:f269e3021894	5536
elessair	0:f269e3021894	5537	#if defined(MBEDTLS_SSL_ALPN)
elessair	0:f269e3021894	5538	ssl->alpn_chosen = NULL;
elessair	0:f269e3021894	5539	#endif
elessair	0:f269e3021894	5540
elessair	0:f269e3021894	5541	#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	5542	if( partial == 0 )
elessair	0:f269e3021894	5543	{
elessair	0:f269e3021894	5544	mbedtls_free( ssl->cli_id );
elessair	0:f269e3021894	5545	ssl->cli_id = NULL;
elessair	0:f269e3021894	5546	ssl->cli_id_len = 0;
elessair	0:f269e3021894	5547	}
elessair	0:f269e3021894	5548	#endif
elessair	0:f269e3021894	5549
elessair	0:f269e3021894	5550	if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
elessair	0:f269e3021894	5551	return( ret );
elessair	0:f269e3021894	5552
elessair	0:f269e3021894	5553	return( 0 );
elessair	0:f269e3021894	5554	}
elessair	0:f269e3021894	5555
elessair	0:f269e3021894	5556	/*
elessair	0:f269e3021894	5557	* Reset an initialized and used SSL context for re-use while retaining
elessair	0:f269e3021894	5558	* all application-set variables, function pointers and data.
elessair	0:f269e3021894	5559	*/
elessair	0:f269e3021894	5560	int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	5561	{
elessair	0:f269e3021894	5562	return( ssl_session_reset_int( ssl, 0 ) );
elessair	0:f269e3021894	5563	}
elessair	0:f269e3021894	5564
elessair	0:f269e3021894	5565	/*
elessair	0:f269e3021894	5566	* SSL set accessors
elessair	0:f269e3021894	5567	*/
elessair	0:f269e3021894	5568	void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint )
elessair	0:f269e3021894	5569	{
elessair	0:f269e3021894	5570	conf->endpoint = endpoint;
elessair	0:f269e3021894	5571	}
elessair	0:f269e3021894	5572
elessair	0:f269e3021894	5573	void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport )
elessair	0:f269e3021894	5574	{
elessair	0:f269e3021894	5575	conf->transport = transport;
elessair	0:f269e3021894	5576	}
elessair	0:f269e3021894	5577
elessair	0:f269e3021894	5578	#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
elessair	0:f269e3021894	5579	void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
elessair	0:f269e3021894	5580	{
elessair	0:f269e3021894	5581	conf->anti_replay = mode;
elessair	0:f269e3021894	5582	}
elessair	0:f269e3021894	5583	#endif
elessair	0:f269e3021894	5584
elessair	0:f269e3021894	5585	#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
elessair	0:f269e3021894	5586	void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
elessair	0:f269e3021894	5587	{
elessair	0:f269e3021894	5588	conf->badmac_limit = limit;
elessair	0:f269e3021894	5589	}
elessair	0:f269e3021894	5590	#endif
elessair	0:f269e3021894	5591
elessair	0:f269e3021894	5592	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	5593	void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max )
elessair	0:f269e3021894	5594	{
elessair	0:f269e3021894	5595	conf->hs_timeout_min = min;
elessair	0:f269e3021894	5596	conf->hs_timeout_max = max;
elessair	0:f269e3021894	5597	}
elessair	0:f269e3021894	5598	#endif
elessair	0:f269e3021894	5599
elessair	0:f269e3021894	5600	void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode )
elessair	0:f269e3021894	5601	{
elessair	0:f269e3021894	5602	conf->authmode = authmode;
elessair	0:f269e3021894	5603	}
elessair	0:f269e3021894	5604
elessair	0:f269e3021894	5605	#if defined(MBEDTLS_X509_CRT_PARSE_C)
elessair	0:f269e3021894	5606	void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5607	int (f_vrfy)(void , mbedtls_x509_crt , int, uint32_t ),
elessair	0:f269e3021894	5608	void *p_vrfy )
elessair	0:f269e3021894	5609	{
elessair	0:f269e3021894	5610	conf->f_vrfy = f_vrfy;
elessair	0:f269e3021894	5611	conf->p_vrfy = p_vrfy;
elessair	0:f269e3021894	5612	}
elessair	0:f269e3021894	5613	#endif /* MBEDTLS_X509_CRT_PARSE_C */
elessair	0:f269e3021894	5614
elessair	0:f269e3021894	5615	void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5616	int (f_rng)(void , unsigned char *, size_t),
elessair	0:f269e3021894	5617	void *p_rng )
elessair	0:f269e3021894	5618	{
elessair	0:f269e3021894	5619	conf->f_rng = f_rng;
elessair	0:f269e3021894	5620	conf->p_rng = p_rng;
elessair	0:f269e3021894	5621	}
elessair	0:f269e3021894	5622
elessair	0:f269e3021894	5623	void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5624	void (f_dbg)(void , int, const char , int, const char ),
elessair	0:f269e3021894	5625	void *p_dbg )
elessair	0:f269e3021894	5626	{
elessair	0:f269e3021894	5627	conf->f_dbg = f_dbg;
elessair	0:f269e3021894	5628	conf->p_dbg = p_dbg;
elessair	0:f269e3021894	5629	}
elessair	0:f269e3021894	5630
elessair	0:f269e3021894	5631	void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	5632	void *p_bio,
elessair	0:f269e3021894	5633	mbedtls_ssl_send_t *f_send,
elessair	0:f269e3021894	5634	mbedtls_ssl_recv_t *f_recv,
elessair	0:f269e3021894	5635	mbedtls_ssl_recv_timeout_t *f_recv_timeout )
elessair	0:f269e3021894	5636	{
elessair	0:f269e3021894	5637	ssl->p_bio = p_bio;
elessair	0:f269e3021894	5638	ssl->f_send = f_send;
elessair	0:f269e3021894	5639	ssl->f_recv = f_recv;
elessair	0:f269e3021894	5640	ssl->f_recv_timeout = f_recv_timeout;
elessair	0:f269e3021894	5641	}
elessair	0:f269e3021894	5642
elessair	0:f269e3021894	5643	void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
elessair	0:f269e3021894	5644	{
elessair	0:f269e3021894	5645	conf->read_timeout = timeout;
elessair	0:f269e3021894	5646	}
elessair	0:f269e3021894	5647
elessair	0:f269e3021894	5648	void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	5649	void *p_timer,
elessair	0:f269e3021894	5650	mbedtls_ssl_set_timer_t *f_set_timer,
elessair	0:f269e3021894	5651	mbedtls_ssl_get_timer_t *f_get_timer )
elessair	0:f269e3021894	5652	{
elessair	0:f269e3021894	5653	ssl->p_timer = p_timer;
elessair	0:f269e3021894	5654	ssl->f_set_timer = f_set_timer;
elessair	0:f269e3021894	5655	ssl->f_get_timer = f_get_timer;
elessair	0:f269e3021894	5656
elessair	0:f269e3021894	5657	/* Make sure we start with no timer running */
elessair	0:f269e3021894	5658	ssl_set_timer( ssl, 0 );
elessair	0:f269e3021894	5659	}
elessair	0:f269e3021894	5660
elessair	0:f269e3021894	5661	#if defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	5662	void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5663	void *p_cache,
elessair	0:f269e3021894	5664	int (f_get_cache)(void , mbedtls_ssl_session *),
elessair	0:f269e3021894	5665	int (f_set_cache)(void , const mbedtls_ssl_session *) )
elessair	0:f269e3021894	5666	{
elessair	0:f269e3021894	5667	conf->p_cache = p_cache;
elessair	0:f269e3021894	5668	conf->f_get_cache = f_get_cache;
elessair	0:f269e3021894	5669	conf->f_set_cache = f_set_cache;
elessair	0:f269e3021894	5670	}
elessair	0:f269e3021894	5671	#endif /* MBEDTLS_SSL_SRV_C */
elessair	0:f269e3021894	5672
elessair	0:f269e3021894	5673	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	5674	int mbedtls_ssl_set_session( mbedtls_ssl_context ssl, const mbedtls_ssl_session session )
elessair	0:f269e3021894	5675	{
elessair	0:f269e3021894	5676	int ret;
elessair	0:f269e3021894	5677
elessair	0:f269e3021894	5678	if( ssl == NULL \|\|
elessair	0:f269e3021894	5679	session == NULL \|\|
elessair	0:f269e3021894	5680	ssl->session_negotiate == NULL \|\|
elessair	0:f269e3021894	5681	ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
elessair	0:f269e3021894	5682	{
elessair	0:f269e3021894	5683	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	5684	}
elessair	0:f269e3021894	5685
elessair	0:f269e3021894	5686	if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 )
elessair	0:f269e3021894	5687	return( ret );
elessair	0:f269e3021894	5688
elessair	0:f269e3021894	5689	ssl->handshake->resume = 1;
elessair	0:f269e3021894	5690
elessair	0:f269e3021894	5691	return( 0 );
elessair	0:f269e3021894	5692	}
elessair	0:f269e3021894	5693	#endif /* MBEDTLS_SSL_CLI_C */
elessair	0:f269e3021894	5694
elessair	0:f269e3021894	5695	void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5696	const int *ciphersuites )
elessair	0:f269e3021894	5697	{
elessair	0:f269e3021894	5698	conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
elessair	0:f269e3021894	5699	conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
elessair	0:f269e3021894	5700	conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
elessair	0:f269e3021894	5701	conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
elessair	0:f269e3021894	5702	}
elessair	0:f269e3021894	5703
elessair	0:f269e3021894	5704	void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5705	const int *ciphersuites,
elessair	0:f269e3021894	5706	int major, int minor )
elessair	0:f269e3021894	5707	{
elessair	0:f269e3021894	5708	if( major != MBEDTLS_SSL_MAJOR_VERSION_3 )
elessair	0:f269e3021894	5709	return;
elessair	0:f269e3021894	5710
elessair	0:f269e3021894	5711	if( minor < MBEDTLS_SSL_MINOR_VERSION_0 \|\| minor > MBEDTLS_SSL_MINOR_VERSION_3 )
elessair	0:f269e3021894	5712	return;
elessair	0:f269e3021894	5713
elessair	0:f269e3021894	5714	conf->ciphersuite_list[minor] = ciphersuites;
elessair	0:f269e3021894	5715	}
elessair	0:f269e3021894	5716
elessair	0:f269e3021894	5717	#if defined(MBEDTLS_X509_CRT_PARSE_C)
elessair	0:f269e3021894	5718	void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5719	const mbedtls_x509_crt_profile *profile )
elessair	0:f269e3021894	5720	{
elessair	0:f269e3021894	5721	conf->cert_profile = profile;
elessair	0:f269e3021894	5722	}
elessair	0:f269e3021894	5723
elessair	0:f269e3021894	5724	/* Append a new keycert entry to a (possibly empty) list */
elessair	0:f269e3021894	5725	static int ssl_append_key_cert( mbedtls_ssl_key_cert **head,
elessair	0:f269e3021894	5726	mbedtls_x509_crt *cert,
elessair	0:f269e3021894	5727	mbedtls_pk_context *key )
elessair	0:f269e3021894	5728	{
elessair	0:f269e3021894	5729	mbedtls_ssl_key_cert *new;
elessair	0:f269e3021894	5730
elessair	0:f269e3021894	5731	new = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
elessair	0:f269e3021894	5732	if( new == NULL )
elessair	0:f269e3021894	5733	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
elessair	0:f269e3021894	5734
elessair	0:f269e3021894	5735	new->cert = cert;
elessair	0:f269e3021894	5736	new->key = key;
elessair	0:f269e3021894	5737	new->next = NULL;
elessair	0:f269e3021894	5738
elessair	0:f269e3021894	5739	/* Update head is the list was null, else add to the end */
elessair	0:f269e3021894	5740	if( *head == NULL )
elessair	0:f269e3021894	5741	{
elessair	0:f269e3021894	5742	*head = new;
elessair	0:f269e3021894	5743	}
elessair	0:f269e3021894	5744	else
elessair	0:f269e3021894	5745	{
elessair	0:f269e3021894	5746	mbedtls_ssl_key_cert cur = head;
elessair	0:f269e3021894	5747	while( cur->next != NULL )
elessair	0:f269e3021894	5748	cur = cur->next;
elessair	0:f269e3021894	5749	cur->next = new;
elessair	0:f269e3021894	5750	}
elessair	0:f269e3021894	5751
elessair	0:f269e3021894	5752	return( 0 );
elessair	0:f269e3021894	5753	}
elessair	0:f269e3021894	5754
elessair	0:f269e3021894	5755	int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5756	mbedtls_x509_crt *own_cert,
elessair	0:f269e3021894	5757	mbedtls_pk_context *pk_key )
elessair	0:f269e3021894	5758	{
elessair	0:f269e3021894	5759	return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) );
elessair	0:f269e3021894	5760	}
elessair	0:f269e3021894	5761
elessair	0:f269e3021894	5762	void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5763	mbedtls_x509_crt *ca_chain,
elessair	0:f269e3021894	5764	mbedtls_x509_crl *ca_crl )
elessair	0:f269e3021894	5765	{
elessair	0:f269e3021894	5766	conf->ca_chain = ca_chain;
elessair	0:f269e3021894	5767	conf->ca_crl = ca_crl;
elessair	0:f269e3021894	5768	}
elessair	0:f269e3021894	5769	#endif /* MBEDTLS_X509_CRT_PARSE_C */
elessair	0:f269e3021894	5770
elessair	0:f269e3021894	5771	#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
elessair	0:f269e3021894	5772	int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	5773	mbedtls_x509_crt *own_cert,
elessair	0:f269e3021894	5774	mbedtls_pk_context *pk_key )
elessair	0:f269e3021894	5775	{
elessair	0:f269e3021894	5776	return( ssl_append_key_cert( &ssl->handshake->sni_key_cert,
elessair	0:f269e3021894	5777	own_cert, pk_key ) );
elessair	0:f269e3021894	5778	}
elessair	0:f269e3021894	5779
elessair	0:f269e3021894	5780	void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	5781	mbedtls_x509_crt *ca_chain,
elessair	0:f269e3021894	5782	mbedtls_x509_crl *ca_crl )
elessair	0:f269e3021894	5783	{
elessair	0:f269e3021894	5784	ssl->handshake->sni_ca_chain = ca_chain;
elessair	0:f269e3021894	5785	ssl->handshake->sni_ca_crl = ca_crl;
elessair	0:f269e3021894	5786	}
elessair	0:f269e3021894	5787
elessair	0:f269e3021894	5788	void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	5789	int authmode )
elessair	0:f269e3021894	5790	{
elessair	0:f269e3021894	5791	ssl->handshake->sni_authmode = authmode;
elessair	0:f269e3021894	5792	}
elessair	0:f269e3021894	5793	#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
elessair	0:f269e3021894	5794
elessair	0:f269e3021894	5795	#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
elessair	0:f269e3021894	5796	/*
elessair	0:f269e3021894	5797	* Set EC J-PAKE password for current handshake
elessair	0:f269e3021894	5798	*/
elessair	0:f269e3021894	5799	int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	5800	const unsigned char *pw,
elessair	0:f269e3021894	5801	size_t pw_len )
elessair	0:f269e3021894	5802	{
elessair	0:f269e3021894	5803	mbedtls_ecjpake_role role;
elessair	0:f269e3021894	5804
elessair	0:f269e3021894	5805	if( ssl->handshake == NULL \|\| ssl->conf == NULL )
elessair	0:f269e3021894	5806	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	5807
elessair	0:f269e3021894	5808	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
elessair	0:f269e3021894	5809	role = MBEDTLS_ECJPAKE_SERVER;
elessair	0:f269e3021894	5810	else
elessair	0:f269e3021894	5811	role = MBEDTLS_ECJPAKE_CLIENT;
elessair	0:f269e3021894	5812
elessair	0:f269e3021894	5813	return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
elessair	0:f269e3021894	5814	role,
elessair	0:f269e3021894	5815	MBEDTLS_MD_SHA256,
elessair	0:f269e3021894	5816	MBEDTLS_ECP_DP_SECP256R1,
elessair	0:f269e3021894	5817	pw, pw_len ) );
elessair	0:f269e3021894	5818	}
elessair	0:f269e3021894	5819	#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
elessair	0:f269e3021894	5820
elessair	0:f269e3021894	5821	#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
elessair	0:f269e3021894	5822	int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5823	const unsigned char *psk, size_t psk_len,
elessair	0:f269e3021894	5824	const unsigned char *psk_identity, size_t psk_identity_len )
elessair	0:f269e3021894	5825	{
elessair	0:f269e3021894	5826	if( psk == NULL \|\| psk_identity == NULL )
elessair	0:f269e3021894	5827	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	5828
elessair	0:f269e3021894	5829	if( psk_len > MBEDTLS_PSK_MAX_LEN )
elessair	0:f269e3021894	5830	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	5831
elessair	0:f269e3021894	5832	/* Identity len will be encoded on two bytes */
elessair	0:f269e3021894	5833	if( ( psk_identity_len >> 16 ) != 0 \|\|
elessair	0:f269e3021894	5834	psk_identity_len > MBEDTLS_SSL_MAX_CONTENT_LEN )
elessair	0:f269e3021894	5835	{
elessair	0:f269e3021894	5836	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	5837	}
elessair	0:f269e3021894	5838
elessair	0:f269e3021894	5839	if( conf->psk != NULL \|\| conf->psk_identity != NULL )
elessair	0:f269e3021894	5840	{
elessair	0:f269e3021894	5841	mbedtls_free( conf->psk );
elessair	0:f269e3021894	5842	mbedtls_free( conf->psk_identity );
elessair	0:f269e3021894	5843	conf->psk = NULL;
elessair	0:f269e3021894	5844	conf->psk_identity = NULL;
elessair	0:f269e3021894	5845	}
elessair	0:f269e3021894	5846
elessair	0:f269e3021894	5847	if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL \|\|
elessair	0:f269e3021894	5848	( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL )
elessair	0:f269e3021894	5849	{
elessair	0:f269e3021894	5850	mbedtls_free( conf->psk );
elessair	0:f269e3021894	5851	mbedtls_free( conf->psk_identity );
elessair	0:f269e3021894	5852	conf->psk = NULL;
elessair	0:f269e3021894	5853	conf->psk_identity = NULL;
elessair	0:f269e3021894	5854	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
elessair	0:f269e3021894	5855	}
elessair	0:f269e3021894	5856
elessair	0:f269e3021894	5857	conf->psk_len = psk_len;
elessair	0:f269e3021894	5858	conf->psk_identity_len = psk_identity_len;
elessair	0:f269e3021894	5859
elessair	0:f269e3021894	5860	memcpy( conf->psk, psk, conf->psk_len );
elessair	0:f269e3021894	5861	memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len );
elessair	0:f269e3021894	5862
elessair	0:f269e3021894	5863	return( 0 );
elessair	0:f269e3021894	5864	}
elessair	0:f269e3021894	5865
elessair	0:f269e3021894	5866	int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	5867	const unsigned char *psk, size_t psk_len )
elessair	0:f269e3021894	5868	{
elessair	0:f269e3021894	5869	if( psk == NULL \|\| ssl->handshake == NULL )
elessair	0:f269e3021894	5870	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	5871
elessair	0:f269e3021894	5872	if( psk_len > MBEDTLS_PSK_MAX_LEN )
elessair	0:f269e3021894	5873	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	5874
elessair	0:f269e3021894	5875	if( ssl->handshake->psk != NULL )
elessair	0:f269e3021894	5876	mbedtls_free( ssl->handshake->psk );
elessair	0:f269e3021894	5877
elessair	0:f269e3021894	5878	if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
elessair	0:f269e3021894	5879	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
elessair	0:f269e3021894	5880
elessair	0:f269e3021894	5881	ssl->handshake->psk_len = psk_len;
elessair	0:f269e3021894	5882	memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len );
elessair	0:f269e3021894	5883
elessair	0:f269e3021894	5884	return( 0 );
elessair	0:f269e3021894	5885	}
elessair	0:f269e3021894	5886
elessair	0:f269e3021894	5887	void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5888	int (f_psk)(void , mbedtls_ssl_context , const unsigned char ,
elessair	0:f269e3021894	5889	size_t),
elessair	0:f269e3021894	5890	void *p_psk )
elessair	0:f269e3021894	5891	{
elessair	0:f269e3021894	5892	conf->f_psk = f_psk;
elessair	0:f269e3021894	5893	conf->p_psk = p_psk;
elessair	0:f269e3021894	5894	}
elessair	0:f269e3021894	5895	#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
elessair	0:f269e3021894	5896
elessair	0:f269e3021894	5897	#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	5898	int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config conf, const char dhm_P, const char *dhm_G )
elessair	0:f269e3021894	5899	{
elessair	0:f269e3021894	5900	int ret;
elessair	0:f269e3021894	5901
elessair	0:f269e3021894	5902	if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 \|\|
elessair	0:f269e3021894	5903	( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 )
elessair	0:f269e3021894	5904	{
elessair	0:f269e3021894	5905	mbedtls_mpi_free( &conf->dhm_P );
elessair	0:f269e3021894	5906	mbedtls_mpi_free( &conf->dhm_G );
elessair	0:f269e3021894	5907	return( ret );
elessair	0:f269e3021894	5908	}
elessair	0:f269e3021894	5909
elessair	0:f269e3021894	5910	return( 0 );
elessair	0:f269e3021894	5911	}
elessair	0:f269e3021894	5912
elessair	0:f269e3021894	5913	int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config conf, mbedtls_dhm_context dhm_ctx )
elessair	0:f269e3021894	5914	{
elessair	0:f269e3021894	5915	int ret;
elessair	0:f269e3021894	5916
elessair	0:f269e3021894	5917	if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 \|\|
elessair	0:f269e3021894	5918	( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
elessair	0:f269e3021894	5919	{
elessair	0:f269e3021894	5920	mbedtls_mpi_free( &conf->dhm_P );
elessair	0:f269e3021894	5921	mbedtls_mpi_free( &conf->dhm_G );
elessair	0:f269e3021894	5922	return( ret );
elessair	0:f269e3021894	5923	}
elessair	0:f269e3021894	5924
elessair	0:f269e3021894	5925	return( 0 );
elessair	0:f269e3021894	5926	}
elessair	0:f269e3021894	5927	#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */
elessair	0:f269e3021894	5928
elessair	0:f269e3021894	5929	#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	5930	/*
elessair	0:f269e3021894	5931	* Set the minimum length for Diffie-Hellman parameters
elessair	0:f269e3021894	5932	*/
elessair	0:f269e3021894	5933	void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5934	unsigned int bitlen )
elessair	0:f269e3021894	5935	{
elessair	0:f269e3021894	5936	conf->dhm_min_bitlen = bitlen;
elessair	0:f269e3021894	5937	}
elessair	0:f269e3021894	5938	#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
elessair	0:f269e3021894	5939
elessair	0:f269e3021894	5940	#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
elessair	0:f269e3021894	5941	/*
elessair	0:f269e3021894	5942	* Set allowed/preferred hashes for handshake signatures
elessair	0:f269e3021894	5943	*/
elessair	0:f269e3021894	5944	void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5945	const int *hashes )
elessair	0:f269e3021894	5946	{
elessair	0:f269e3021894	5947	conf->sig_hashes = hashes;
elessair	0:f269e3021894	5948	}
elessair	0:f269e3021894	5949	#endif
elessair	0:f269e3021894	5950
elessair	0:f269e3021894	5951	#if defined(MBEDTLS_ECP_C)
elessair	0:f269e3021894	5952	/*
elessair	0:f269e3021894	5953	* Set the allowed elliptic curves
elessair	0:f269e3021894	5954	*/
elessair	0:f269e3021894	5955	void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5956	const mbedtls_ecp_group_id *curve_list )
elessair	0:f269e3021894	5957	{
elessair	0:f269e3021894	5958	conf->curve_list = curve_list;
elessair	0:f269e3021894	5959	}
elessair	0:f269e3021894	5960	#endif
elessair	0:f269e3021894	5961
elessair	0:f269e3021894	5962	#if defined(MBEDTLS_X509_CRT_PARSE_C)
elessair	0:f269e3021894	5963	int mbedtls_ssl_set_hostname( mbedtls_ssl_context ssl, const char hostname )
elessair	0:f269e3021894	5964	{
elessair	0:f269e3021894	5965	size_t hostname_len;
elessair	0:f269e3021894	5966
elessair	0:f269e3021894	5967	if( hostname == NULL )
elessair	0:f269e3021894	5968	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	5969
elessair	0:f269e3021894	5970	hostname_len = strlen( hostname );
elessair	0:f269e3021894	5971
elessair	0:f269e3021894	5972	if( hostname_len + 1 == 0 )
elessair	0:f269e3021894	5973	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	5974
elessair	0:f269e3021894	5975	if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
elessair	0:f269e3021894	5976	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	5977
elessair	0:f269e3021894	5978	ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
elessair	0:f269e3021894	5979
elessair	0:f269e3021894	5980	if( ssl->hostname == NULL )
elessair	0:f269e3021894	5981	return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
elessair	0:f269e3021894	5982
elessair	0:f269e3021894	5983	memcpy( ssl->hostname, hostname, hostname_len );
elessair	0:f269e3021894	5984
elessair	0:f269e3021894	5985	ssl->hostname[hostname_len] = '\0';
elessair	0:f269e3021894	5986
elessair	0:f269e3021894	5987	return( 0 );
elessair	0:f269e3021894	5988	}
elessair	0:f269e3021894	5989	#endif
elessair	0:f269e3021894	5990
elessair	0:f269e3021894	5991	#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
elessair	0:f269e3021894	5992	void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	5993	int (f_sni)(void , mbedtls_ssl_context *,
elessair	0:f269e3021894	5994	const unsigned char *, size_t),
elessair	0:f269e3021894	5995	void *p_sni )
elessair	0:f269e3021894	5996	{
elessair	0:f269e3021894	5997	conf->f_sni = f_sni;
elessair	0:f269e3021894	5998	conf->p_sni = p_sni;
elessair	0:f269e3021894	5999	}
elessair	0:f269e3021894	6000	#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
elessair	0:f269e3021894	6001
elessair	0:f269e3021894	6002	#if defined(MBEDTLS_SSL_ALPN)
elessair	0:f269e3021894	6003	int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config conf, const char *protos )
elessair	0:f269e3021894	6004	{
elessair	0:f269e3021894	6005	size_t cur_len, tot_len;
elessair	0:f269e3021894	6006	const char **p;
elessair	0:f269e3021894	6007
elessair	0:f269e3021894	6008	/*
elessair	0:f269e3021894	6009	* "Empty strings MUST NOT be included and byte strings MUST NOT be
elessair	0:f269e3021894	6010	* truncated". Check lengths now rather than later.
elessair	0:f269e3021894	6011	*/
elessair	0:f269e3021894	6012	tot_len = 0;
elessair	0:f269e3021894	6013	for( p = protos; *p != NULL; p++ )
elessair	0:f269e3021894	6014	{
elessair	0:f269e3021894	6015	cur_len = strlen( *p );
elessair	0:f269e3021894	6016	tot_len += cur_len;
elessair	0:f269e3021894	6017
elessair	0:f269e3021894	6018	if( cur_len == 0 \|\| cur_len > 255 \|\| tot_len > 65535 )
elessair	0:f269e3021894	6019	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	6020	}
elessair	0:f269e3021894	6021
elessair	0:f269e3021894	6022	conf->alpn_list = protos;
elessair	0:f269e3021894	6023
elessair	0:f269e3021894	6024	return( 0 );
elessair	0:f269e3021894	6025	}
elessair	0:f269e3021894	6026
elessair	0:f269e3021894	6027	const char mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context ssl )
elessair	0:f269e3021894	6028	{
elessair	0:f269e3021894	6029	return( ssl->alpn_chosen );
elessair	0:f269e3021894	6030	}
elessair	0:f269e3021894	6031	#endif /* MBEDTLS_SSL_ALPN */
elessair	0:f269e3021894	6032
elessair	0:f269e3021894	6033	void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor )
elessair	0:f269e3021894	6034	{
elessair	0:f269e3021894	6035	conf->max_major_ver = major;
elessair	0:f269e3021894	6036	conf->max_minor_ver = minor;
elessair	0:f269e3021894	6037	}
elessair	0:f269e3021894	6038
elessair	0:f269e3021894	6039	void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor )
elessair	0:f269e3021894	6040	{
elessair	0:f269e3021894	6041	conf->min_major_ver = major;
elessair	0:f269e3021894	6042	conf->min_minor_ver = minor;
elessair	0:f269e3021894	6043	}
elessair	0:f269e3021894	6044
elessair	0:f269e3021894	6045	#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	6046	void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback )
elessair	0:f269e3021894	6047	{
elessair	0:f269e3021894	6048	conf->fallback = fallback;
elessair	0:f269e3021894	6049	}
elessair	0:f269e3021894	6050	#endif
elessair	0:f269e3021894	6051
elessair	0:f269e3021894	6052	#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
elessair	0:f269e3021894	6053	void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
elessair	0:f269e3021894	6054	{
elessair	0:f269e3021894	6055	conf->encrypt_then_mac = etm;
elessair	0:f269e3021894	6056	}
elessair	0:f269e3021894	6057	#endif
elessair	0:f269e3021894	6058
elessair	0:f269e3021894	6059	#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
elessair	0:f269e3021894	6060	void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems )
elessair	0:f269e3021894	6061	{
elessair	0:f269e3021894	6062	conf->extended_ms = ems;
elessair	0:f269e3021894	6063	}
elessair	0:f269e3021894	6064	#endif
elessair	0:f269e3021894	6065
elessair	0:f269e3021894	6066	#if defined(MBEDTLS_ARC4_C)
elessair	0:f269e3021894	6067	void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 )
elessair	0:f269e3021894	6068	{
elessair	0:f269e3021894	6069	conf->arc4_disabled = arc4;
elessair	0:f269e3021894	6070	}
elessair	0:f269e3021894	6071	#endif
elessair	0:f269e3021894	6072
elessair	0:f269e3021894	6073	#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
elessair	0:f269e3021894	6074	int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
elessair	0:f269e3021894	6075	{
elessair	0:f269e3021894	6076	if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID \|\|
elessair	0:f269e3021894	6077	mfl_code_to_length[mfl_code] > MBEDTLS_SSL_MAX_CONTENT_LEN )
elessair	0:f269e3021894	6078	{
elessair	0:f269e3021894	6079	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	6080	}
elessair	0:f269e3021894	6081
elessair	0:f269e3021894	6082	conf->mfl_code = mfl_code;
elessair	0:f269e3021894	6083
elessair	0:f269e3021894	6084	return( 0 );
elessair	0:f269e3021894	6085	}
elessair	0:f269e3021894	6086	#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
elessair	0:f269e3021894	6087
elessair	0:f269e3021894	6088	#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
elessair	0:f269e3021894	6089	void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate )
elessair	0:f269e3021894	6090	{
elessair	0:f269e3021894	6091	conf->trunc_hmac = truncate;
elessair	0:f269e3021894	6092	}
elessair	0:f269e3021894	6093	#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
elessair	0:f269e3021894	6094
elessair	0:f269e3021894	6095	#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
elessair	0:f269e3021894	6096	void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split )
elessair	0:f269e3021894	6097	{
elessair	0:f269e3021894	6098	conf->cbc_record_splitting = split;
elessair	0:f269e3021894	6099	}
elessair	0:f269e3021894	6100	#endif
elessair	0:f269e3021894	6101
elessair	0:f269e3021894	6102	void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
elessair	0:f269e3021894	6103	{
elessair	0:f269e3021894	6104	conf->allow_legacy_renegotiation = allow_legacy;
elessair	0:f269e3021894	6105	}
elessair	0:f269e3021894	6106
elessair	0:f269e3021894	6107	#if defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	6108	void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation )
elessair	0:f269e3021894	6109	{
elessair	0:f269e3021894	6110	conf->disable_renegotiation = renegotiation;
elessair	0:f269e3021894	6111	}
elessair	0:f269e3021894	6112
elessair	0:f269e3021894	6113	void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records )
elessair	0:f269e3021894	6114	{
elessair	0:f269e3021894	6115	conf->renego_max_records = max_records;
elessair	0:f269e3021894	6116	}
elessair	0:f269e3021894	6117
elessair	0:f269e3021894	6118	void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	6119	const unsigned char period[8] )
elessair	0:f269e3021894	6120	{
elessair	0:f269e3021894	6121	memcpy( conf->renego_period, period, 8 );
elessair	0:f269e3021894	6122	}
elessair	0:f269e3021894	6123	#endif /* MBEDTLS_SSL_RENEGOTIATION */
elessair	0:f269e3021894	6124
elessair	0:f269e3021894	6125	#if defined(MBEDTLS_SSL_SESSION_TICKETS)
elessair	0:f269e3021894	6126	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	6127	void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets )
elessair	0:f269e3021894	6128	{
elessair	0:f269e3021894	6129	conf->session_tickets = use_tickets;
elessair	0:f269e3021894	6130	}
elessair	0:f269e3021894	6131	#endif
elessair	0:f269e3021894	6132
elessair	0:f269e3021894	6133	#if defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	6134	void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	6135	mbedtls_ssl_ticket_write_t *f_ticket_write,
elessair	0:f269e3021894	6136	mbedtls_ssl_ticket_parse_t *f_ticket_parse,
elessair	0:f269e3021894	6137	void *p_ticket )
elessair	0:f269e3021894	6138	{
elessair	0:f269e3021894	6139	conf->f_ticket_write = f_ticket_write;
elessair	0:f269e3021894	6140	conf->f_ticket_parse = f_ticket_parse;
elessair	0:f269e3021894	6141	conf->p_ticket = p_ticket;
elessair	0:f269e3021894	6142	}
elessair	0:f269e3021894	6143	#endif
elessair	0:f269e3021894	6144	#endif /* MBEDTLS_SSL_SESSION_TICKETS */
elessair	0:f269e3021894	6145
elessair	0:f269e3021894	6146	#if defined(MBEDTLS_SSL_EXPORT_KEYS)
elessair	0:f269e3021894	6147	void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	6148	mbedtls_ssl_export_keys_t *f_export_keys,
elessair	0:f269e3021894	6149	void *p_export_keys )
elessair	0:f269e3021894	6150	{
elessair	0:f269e3021894	6151	conf->f_export_keys = f_export_keys;
elessair	0:f269e3021894	6152	conf->p_export_keys = p_export_keys;
elessair	0:f269e3021894	6153	}
elessair	0:f269e3021894	6154	#endif
elessair	0:f269e3021894	6155
elessair	0:f269e3021894	6156	/*
elessair	0:f269e3021894	6157	* SSL get accessors
elessair	0:f269e3021894	6158	*/
elessair	0:f269e3021894	6159	size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	6160	{
elessair	0:f269e3021894	6161	return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
elessair	0:f269e3021894	6162	}
elessair	0:f269e3021894	6163
elessair	0:f269e3021894	6164	uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	6165	{
elessair	0:f269e3021894	6166	if( ssl->session != NULL )
elessair	0:f269e3021894	6167	return( ssl->session->verify_result );
elessair	0:f269e3021894	6168
elessair	0:f269e3021894	6169	if( ssl->session_negotiate != NULL )
elessair	0:f269e3021894	6170	return( ssl->session_negotiate->verify_result );
elessair	0:f269e3021894	6171
elessair	0:f269e3021894	6172	return( 0xFFFFFFFF );
elessair	0:f269e3021894	6173	}
elessair	0:f269e3021894	6174
elessair	0:f269e3021894	6175	const char mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context ssl )
elessair	0:f269e3021894	6176	{
elessair	0:f269e3021894	6177	if( ssl == NULL \|\| ssl->session == NULL )
elessair	0:f269e3021894	6178	return( NULL );
elessair	0:f269e3021894	6179
elessair	0:f269e3021894	6180	return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite );
elessair	0:f269e3021894	6181	}
elessair	0:f269e3021894	6182
elessair	0:f269e3021894	6183	const char mbedtls_ssl_get_version( const mbedtls_ssl_context ssl )
elessair	0:f269e3021894	6184	{
elessair	0:f269e3021894	6185	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	6186	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	6187	{
elessair	0:f269e3021894	6188	switch( ssl->minor_ver )
elessair	0:f269e3021894	6189	{
elessair	0:f269e3021894	6190	case MBEDTLS_SSL_MINOR_VERSION_2:
elessair	0:f269e3021894	6191	return( "DTLSv1.0" );
elessair	0:f269e3021894	6192
elessair	0:f269e3021894	6193	case MBEDTLS_SSL_MINOR_VERSION_3:
elessair	0:f269e3021894	6194	return( "DTLSv1.2" );
elessair	0:f269e3021894	6195
elessair	0:f269e3021894	6196	default:
elessair	0:f269e3021894	6197	return( "unknown (DTLS)" );
elessair	0:f269e3021894	6198	}
elessair	0:f269e3021894	6199	}
elessair	0:f269e3021894	6200	#endif
elessair	0:f269e3021894	6201
elessair	0:f269e3021894	6202	switch( ssl->minor_ver )
elessair	0:f269e3021894	6203	{
elessair	0:f269e3021894	6204	case MBEDTLS_SSL_MINOR_VERSION_0:
elessair	0:f269e3021894	6205	return( "SSLv3.0" );
elessair	0:f269e3021894	6206
elessair	0:f269e3021894	6207	case MBEDTLS_SSL_MINOR_VERSION_1:
elessair	0:f269e3021894	6208	return( "TLSv1.0" );
elessair	0:f269e3021894	6209
elessair	0:f269e3021894	6210	case MBEDTLS_SSL_MINOR_VERSION_2:
elessair	0:f269e3021894	6211	return( "TLSv1.1" );
elessair	0:f269e3021894	6212
elessair	0:f269e3021894	6213	case MBEDTLS_SSL_MINOR_VERSION_3:
elessair	0:f269e3021894	6214	return( "TLSv1.2" );
elessair	0:f269e3021894	6215
elessair	0:f269e3021894	6216	default:
elessair	0:f269e3021894	6217	return( "unknown" );
elessair	0:f269e3021894	6218	}
elessair	0:f269e3021894	6219	}
elessair	0:f269e3021894	6220
elessair	0:f269e3021894	6221	int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	6222	{
elessair	0:f269e3021894	6223	size_t transform_expansion;
elessair	0:f269e3021894	6224	const mbedtls_ssl_transform *transform = ssl->transform_out;
elessair	0:f269e3021894	6225
elessair	0:f269e3021894	6226	#if defined(MBEDTLS_ZLIB_SUPPORT)
elessair	0:f269e3021894	6227	if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
elessair	0:f269e3021894	6228	return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
elessair	0:f269e3021894	6229	#endif
elessair	0:f269e3021894	6230
elessair	0:f269e3021894	6231	if( transform == NULL )
elessair	0:f269e3021894	6232	return( (int) mbedtls_ssl_hdr_len( ssl ) );
elessair	0:f269e3021894	6233
elessair	0:f269e3021894	6234	switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
elessair	0:f269e3021894	6235	{
elessair	0:f269e3021894	6236	case MBEDTLS_MODE_GCM:
elessair	0:f269e3021894	6237	case MBEDTLS_MODE_CCM:
elessair	0:f269e3021894	6238	case MBEDTLS_MODE_STREAM:
elessair	0:f269e3021894	6239	transform_expansion = transform->minlen;
elessair	0:f269e3021894	6240	break;
elessair	0:f269e3021894	6241
elessair	0:f269e3021894	6242	case MBEDTLS_MODE_CBC:
elessair	0:f269e3021894	6243	transform_expansion = transform->maclen
elessair	0:f269e3021894	6244	+ mbedtls_cipher_get_block_size( &transform->cipher_ctx_enc );
elessair	0:f269e3021894	6245	break;
elessair	0:f269e3021894	6246
elessair	0:f269e3021894	6247	default:
elessair	0:f269e3021894	6248	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	6249	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	6250	}
elessair	0:f269e3021894	6251
elessair	0:f269e3021894	6252	return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
elessair	0:f269e3021894	6253	}
elessair	0:f269e3021894	6254
elessair	0:f269e3021894	6255	#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
elessair	0:f269e3021894	6256	size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	6257	{
elessair	0:f269e3021894	6258	size_t max_len;
elessair	0:f269e3021894	6259
elessair	0:f269e3021894	6260	/*
elessair	0:f269e3021894	6261	* Assume mfl_code is correct since it was checked when set
elessair	0:f269e3021894	6262	*/
elessair	0:f269e3021894	6263	max_len = mfl_code_to_length[ssl->conf->mfl_code];
elessair	0:f269e3021894	6264
elessair	0:f269e3021894	6265	/*
elessair	0:f269e3021894	6266	* Check if a smaller max length was negotiated
elessair	0:f269e3021894	6267	*/
elessair	0:f269e3021894	6268	if( ssl->session_out != NULL &&
elessair	0:f269e3021894	6269	mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
elessair	0:f269e3021894	6270	{
elessair	0:f269e3021894	6271	max_len = mfl_code_to_length[ssl->session_out->mfl_code];
elessair	0:f269e3021894	6272	}
elessair	0:f269e3021894	6273
elessair	0:f269e3021894	6274	return max_len;
elessair	0:f269e3021894	6275	}
elessair	0:f269e3021894	6276	#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
elessair	0:f269e3021894	6277
elessair	0:f269e3021894	6278	#if defined(MBEDTLS_X509_CRT_PARSE_C)
elessair	0:f269e3021894	6279	const mbedtls_x509_crt mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context ssl )
elessair	0:f269e3021894	6280	{
elessair	0:f269e3021894	6281	if( ssl == NULL \|\| ssl->session == NULL )
elessair	0:f269e3021894	6282	return( NULL );
elessair	0:f269e3021894	6283
elessair	0:f269e3021894	6284	return( ssl->session->peer_cert );
elessair	0:f269e3021894	6285	}
elessair	0:f269e3021894	6286	#endif /* MBEDTLS_X509_CRT_PARSE_C */
elessair	0:f269e3021894	6287
elessair	0:f269e3021894	6288	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	6289	int mbedtls_ssl_get_session( const mbedtls_ssl_context ssl, mbedtls_ssl_session dst )
elessair	0:f269e3021894	6290	{
elessair	0:f269e3021894	6291	if( ssl == NULL \|\|
elessair	0:f269e3021894	6292	dst == NULL \|\|
elessair	0:f269e3021894	6293	ssl->session == NULL \|\|
elessair	0:f269e3021894	6294	ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
elessair	0:f269e3021894	6295	{
elessair	0:f269e3021894	6296	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	6297	}
elessair	0:f269e3021894	6298
elessair	0:f269e3021894	6299	return( ssl_session_copy( dst, ssl->session ) );
elessair	0:f269e3021894	6300	}
elessair	0:f269e3021894	6301	#endif /* MBEDTLS_SSL_CLI_C */
elessair	0:f269e3021894	6302
elessair	0:f269e3021894	6303	/*
elessair	0:f269e3021894	6304	* Perform a single step of the SSL handshake
elessair	0:f269e3021894	6305	*/
elessair	0:f269e3021894	6306	int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	6307	{
elessair	0:f269e3021894	6308	int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
elessair	0:f269e3021894	6309
elessair	0:f269e3021894	6310	if( ssl == NULL \|\| ssl->conf == NULL )
elessair	0:f269e3021894	6311	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	6312
elessair	0:f269e3021894	6313	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	6314	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
elessair	0:f269e3021894	6315	ret = mbedtls_ssl_handshake_client_step( ssl );
elessair	0:f269e3021894	6316	#endif
elessair	0:f269e3021894	6317	#if defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	6318	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
elessair	0:f269e3021894	6319	ret = mbedtls_ssl_handshake_server_step( ssl );
elessair	0:f269e3021894	6320	#endif
elessair	0:f269e3021894	6321
elessair	0:f269e3021894	6322	return( ret );
elessair	0:f269e3021894	6323	}
elessair	0:f269e3021894	6324
elessair	0:f269e3021894	6325	/*
elessair	0:f269e3021894	6326	* Perform the SSL handshake
elessair	0:f269e3021894	6327	*/
elessair	0:f269e3021894	6328	int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	6329	{
elessair	0:f269e3021894	6330	int ret = 0;
elessair	0:f269e3021894	6331
elessair	0:f269e3021894	6332	if( ssl == NULL \|\| ssl->conf == NULL )
elessair	0:f269e3021894	6333	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	6334
elessair	0:f269e3021894	6335	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
elessair	0:f269e3021894	6336
elessair	0:f269e3021894	6337	while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
elessair	0:f269e3021894	6338	{
elessair	0:f269e3021894	6339	ret = mbedtls_ssl_handshake_step( ssl );
elessair	0:f269e3021894	6340
elessair	0:f269e3021894	6341	if( ret != 0 )
elessair	0:f269e3021894	6342	break;
elessair	0:f269e3021894	6343	}
elessair	0:f269e3021894	6344
elessair	0:f269e3021894	6345	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) );
elessair	0:f269e3021894	6346
elessair	0:f269e3021894	6347	return( ret );
elessair	0:f269e3021894	6348	}
elessair	0:f269e3021894	6349
elessair	0:f269e3021894	6350	#if defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	6351	#if defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	6352	/*
elessair	0:f269e3021894	6353	* Write HelloRequest to request renegotiation on server
elessair	0:f269e3021894	6354	*/
elessair	0:f269e3021894	6355	static int ssl_write_hello_request( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	6356	{
elessair	0:f269e3021894	6357	int ret;
elessair	0:f269e3021894	6358
elessair	0:f269e3021894	6359	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
elessair	0:f269e3021894	6360
elessair	0:f269e3021894	6361	ssl->out_msglen = 4;
elessair	0:f269e3021894	6362	ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
elessair	0:f269e3021894	6363	ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST;
elessair	0:f269e3021894	6364
elessair	0:f269e3021894	6365	if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
elessair	0:f269e3021894	6366	{
elessair	0:f269e3021894	6367	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
elessair	0:f269e3021894	6368	return( ret );
elessair	0:f269e3021894	6369	}
elessair	0:f269e3021894	6370
elessair	0:f269e3021894	6371	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
elessair	0:f269e3021894	6372
elessair	0:f269e3021894	6373	return( 0 );
elessair	0:f269e3021894	6374	}
elessair	0:f269e3021894	6375	#endif /* MBEDTLS_SSL_SRV_C */
elessair	0:f269e3021894	6376
elessair	0:f269e3021894	6377	/*
elessair	0:f269e3021894	6378	* Actually renegotiate current connection, triggered by either:
elessair	0:f269e3021894	6379	* - any side: calling mbedtls_ssl_renegotiate(),
elessair	0:f269e3021894	6380	* - client: receiving a HelloRequest during mbedtls_ssl_read(),
elessair	0:f269e3021894	6381	* - server: receiving any handshake message on server during mbedtls_ssl_read() after
elessair	0:f269e3021894	6382	* the initial handshake is completed.
elessair	0:f269e3021894	6383	* If the handshake doesn't complete due to waiting for I/O, it will continue
elessair	0:f269e3021894	6384	* during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively.
elessair	0:f269e3021894	6385	*/
elessair	0:f269e3021894	6386	static int ssl_start_renegotiation( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	6387	{
elessair	0:f269e3021894	6388	int ret;
elessair	0:f269e3021894	6389
elessair	0:f269e3021894	6390	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
elessair	0:f269e3021894	6391
elessair	0:f269e3021894	6392	if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
elessair	0:f269e3021894	6393	return( ret );
elessair	0:f269e3021894	6394
elessair	0:f269e3021894	6395	/* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and
elessair	0:f269e3021894	6396	* the ServerHello will have message_seq = 1" */
elessair	0:f269e3021894	6397	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	6398	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
elessair	0:f269e3021894	6399	ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
elessair	0:f269e3021894	6400	{
elessair	0:f269e3021894	6401	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
elessair	0:f269e3021894	6402	ssl->handshake->out_msg_seq = 1;
elessair	0:f269e3021894	6403	else
elessair	0:f269e3021894	6404	ssl->handshake->in_msg_seq = 1;
elessair	0:f269e3021894	6405	}
elessair	0:f269e3021894	6406	#endif
elessair	0:f269e3021894	6407
elessair	0:f269e3021894	6408	ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
elessair	0:f269e3021894	6409	ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS;
elessair	0:f269e3021894	6410
elessair	0:f269e3021894	6411	if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
elessair	0:f269e3021894	6412	{
elessair	0:f269e3021894	6413	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
elessair	0:f269e3021894	6414	return( ret );
elessair	0:f269e3021894	6415	}
elessair	0:f269e3021894	6416
elessair	0:f269e3021894	6417	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) );
elessair	0:f269e3021894	6418
elessair	0:f269e3021894	6419	return( 0 );
elessair	0:f269e3021894	6420	}
elessair	0:f269e3021894	6421
elessair	0:f269e3021894	6422	/*
elessair	0:f269e3021894	6423	* Renegotiate current connection on client,
elessair	0:f269e3021894	6424	* or request renegotiation on server
elessair	0:f269e3021894	6425	*/
elessair	0:f269e3021894	6426	int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	6427	{
elessair	0:f269e3021894	6428	int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
elessair	0:f269e3021894	6429
elessair	0:f269e3021894	6430	if( ssl == NULL \|\| ssl->conf == NULL )
elessair	0:f269e3021894	6431	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	6432
elessair	0:f269e3021894	6433	#if defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	6434	/* On server, just send the request */
elessair	0:f269e3021894	6435	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
elessair	0:f269e3021894	6436	{
elessair	0:f269e3021894	6437	if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
elessair	0:f269e3021894	6438	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	6439
elessair	0:f269e3021894	6440	ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
elessair	0:f269e3021894	6441
elessair	0:f269e3021894	6442	/* Did we already try/start sending HelloRequest? */
elessair	0:f269e3021894	6443	if( ssl->out_left != 0 )
elessair	0:f269e3021894	6444	return( mbedtls_ssl_flush_output( ssl ) );
elessair	0:f269e3021894	6445
elessair	0:f269e3021894	6446	return( ssl_write_hello_request( ssl ) );
elessair	0:f269e3021894	6447	}
elessair	0:f269e3021894	6448	#endif /* MBEDTLS_SSL_SRV_C */
elessair	0:f269e3021894	6449
elessair	0:f269e3021894	6450	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	6451	/*
elessair	0:f269e3021894	6452	* On client, either start the renegotiation process or,
elessair	0:f269e3021894	6453	* if already in progress, continue the handshake
elessair	0:f269e3021894	6454	*/
elessair	0:f269e3021894	6455	if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
elessair	0:f269e3021894	6456	{
elessair	0:f269e3021894	6457	if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
elessair	0:f269e3021894	6458	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	6459
elessair	0:f269e3021894	6460	if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
elessair	0:f269e3021894	6461	{
elessair	0:f269e3021894	6462	MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
elessair	0:f269e3021894	6463	return( ret );
elessair	0:f269e3021894	6464	}
elessair	0:f269e3021894	6465	}
elessair	0:f269e3021894	6466	else
elessair	0:f269e3021894	6467	{
elessair	0:f269e3021894	6468	if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
elessair	0:f269e3021894	6469	{
elessair	0:f269e3021894	6470	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
elessair	0:f269e3021894	6471	return( ret );
elessair	0:f269e3021894	6472	}
elessair	0:f269e3021894	6473	}
elessair	0:f269e3021894	6474	#endif /* MBEDTLS_SSL_CLI_C */
elessair	0:f269e3021894	6475
elessair	0:f269e3021894	6476	return( ret );
elessair	0:f269e3021894	6477	}
elessair	0:f269e3021894	6478
elessair	0:f269e3021894	6479	/*
elessair	0:f269e3021894	6480	* Check record counters and renegotiate if they're above the limit.
elessair	0:f269e3021894	6481	*/
elessair	0:f269e3021894	6482	static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	6483	{
elessair	0:f269e3021894	6484	if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER \|\|
elessair	0:f269e3021894	6485	ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING \|\|
elessair	0:f269e3021894	6486	ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
elessair	0:f269e3021894	6487	{
elessair	0:f269e3021894	6488	return( 0 );
elessair	0:f269e3021894	6489	}
elessair	0:f269e3021894	6490
elessair	0:f269e3021894	6491	if( memcmp( ssl->in_ctr, ssl->conf->renego_period, 8 ) <= 0 &&
elessair	0:f269e3021894	6492	memcmp( ssl->out_ctr, ssl->conf->renego_period, 8 ) <= 0 )
elessair	0:f269e3021894	6493	{
elessair	0:f269e3021894	6494	return( 0 );
elessair	0:f269e3021894	6495	}
elessair	0:f269e3021894	6496
elessair	0:f269e3021894	6497	MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) );
elessair	0:f269e3021894	6498	return( mbedtls_ssl_renegotiate( ssl ) );
elessair	0:f269e3021894	6499	}
elessair	0:f269e3021894	6500	#endif /* MBEDTLS_SSL_RENEGOTIATION */
elessair	0:f269e3021894	6501
elessair	0:f269e3021894	6502	/*
elessair	0:f269e3021894	6503	* Receive application data decrypted from the SSL layer
elessair	0:f269e3021894	6504	*/
elessair	0:f269e3021894	6505	int mbedtls_ssl_read( mbedtls_ssl_context ssl, unsigned char buf, size_t len )
elessair	0:f269e3021894	6506	{
elessair	0:f269e3021894	6507	int ret, record_read = 0;
elessair	0:f269e3021894	6508	size_t n;
elessair	0:f269e3021894	6509
elessair	0:f269e3021894	6510	if( ssl == NULL \|\| ssl->conf == NULL )
elessair	0:f269e3021894	6511	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	6512
elessair	0:f269e3021894	6513	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
elessair	0:f269e3021894	6514
elessair	0:f269e3021894	6515	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	6516	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	6517	{
elessair	0:f269e3021894	6518	if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
elessair	0:f269e3021894	6519	return( ret );
elessair	0:f269e3021894	6520
elessair	0:f269e3021894	6521	if( ssl->handshake != NULL &&
elessair	0:f269e3021894	6522	ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
elessair	0:f269e3021894	6523	{
elessair	0:f269e3021894	6524	if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
elessair	0:f269e3021894	6525	return( ret );
elessair	0:f269e3021894	6526	}
elessair	0:f269e3021894	6527	}
elessair	0:f269e3021894	6528	#endif
elessair	0:f269e3021894	6529
elessair	0:f269e3021894	6530	#if defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	6531	if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
elessair	0:f269e3021894	6532	{
elessair	0:f269e3021894	6533	MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
elessair	0:f269e3021894	6534	return( ret );
elessair	0:f269e3021894	6535	}
elessair	0:f269e3021894	6536	#endif
elessair	0:f269e3021894	6537
elessair	0:f269e3021894	6538	if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
elessair	0:f269e3021894	6539	{
elessair	0:f269e3021894	6540	ret = mbedtls_ssl_handshake( ssl );
elessair	0:f269e3021894	6541	if( ret == MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO )
elessair	0:f269e3021894	6542	{
elessair	0:f269e3021894	6543	record_read = 1;
elessair	0:f269e3021894	6544	}
elessair	0:f269e3021894	6545	else if( ret != 0 )
elessair	0:f269e3021894	6546	{
elessair	0:f269e3021894	6547	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
elessair	0:f269e3021894	6548	return( ret );
elessair	0:f269e3021894	6549	}
elessair	0:f269e3021894	6550	}
elessair	0:f269e3021894	6551
elessair	0:f269e3021894	6552	if( ssl->in_offt == NULL )
elessair	0:f269e3021894	6553	{
elessair	0:f269e3021894	6554	/* Start timer if not already running */
elessair	0:f269e3021894	6555	if( ssl->f_get_timer != NULL &&
elessair	0:f269e3021894	6556	ssl->f_get_timer( ssl->p_timer ) == -1 )
elessair	0:f269e3021894	6557	{
elessair	0:f269e3021894	6558	ssl_set_timer( ssl, ssl->conf->read_timeout );
elessair	0:f269e3021894	6559	}
elessair	0:f269e3021894	6560
elessair	0:f269e3021894	6561	if( ! record_read )
elessair	0:f269e3021894	6562	{
elessair	0:f269e3021894	6563	if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
elessair	0:f269e3021894	6564	{
elessair	0:f269e3021894	6565	if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
elessair	0:f269e3021894	6566	return( 0 );
elessair	0:f269e3021894	6567
elessair	0:f269e3021894	6568	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
elessair	0:f269e3021894	6569	return( ret );
elessair	0:f269e3021894	6570	}
elessair	0:f269e3021894	6571	}
elessair	0:f269e3021894	6572
elessair	0:f269e3021894	6573	if( ssl->in_msglen == 0 &&
elessair	0:f269e3021894	6574	ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA )
elessair	0:f269e3021894	6575	{
elessair	0:f269e3021894	6576	/*
elessair	0:f269e3021894	6577	* OpenSSL sends empty messages to randomize the IV
elessair	0:f269e3021894	6578	*/
elessair	0:f269e3021894	6579	if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
elessair	0:f269e3021894	6580	{
elessair	0:f269e3021894	6581	if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
elessair	0:f269e3021894	6582	return( 0 );
elessair	0:f269e3021894	6583
elessair	0:f269e3021894	6584	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
elessair	0:f269e3021894	6585	return( ret );
elessair	0:f269e3021894	6586	}
elessair	0:f269e3021894	6587	}
elessair	0:f269e3021894	6588
elessair	0:f269e3021894	6589	#if defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	6590	if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
elessair	0:f269e3021894	6591	{
elessair	0:f269e3021894	6592	MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
elessair	0:f269e3021894	6593
elessair	0:f269e3021894	6594	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	6595	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
elessair	0:f269e3021894	6596	( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST \|\|
elessair	0:f269e3021894	6597	ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) )
elessair	0:f269e3021894	6598	{
elessair	0:f269e3021894	6599	MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
elessair	0:f269e3021894	6600
elessair	0:f269e3021894	6601	/* With DTLS, drop the packet (probably from last handshake) */
elessair	0:f269e3021894	6602	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	6603	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	6604	return( MBEDTLS_ERR_SSL_WANT_READ );
elessair	0:f269e3021894	6605	#endif
elessair	0:f269e3021894	6606	return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
elessair	0:f269e3021894	6607	}
elessair	0:f269e3021894	6608
elessair	0:f269e3021894	6609	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
elessair	0:f269e3021894	6610	ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
elessair	0:f269e3021894	6611	{
elessair	0:f269e3021894	6612	MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) );
elessair	0:f269e3021894	6613
elessair	0:f269e3021894	6614	/* With DTLS, drop the packet (probably from last handshake) */
elessair	0:f269e3021894	6615	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	6616	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	6617	return( MBEDTLS_ERR_SSL_WANT_READ );
elessair	0:f269e3021894	6618	#endif
elessair	0:f269e3021894	6619	return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
elessair	0:f269e3021894	6620	}
elessair	0:f269e3021894	6621	#endif
elessair	0:f269e3021894	6622
elessair	0:f269e3021894	6623	if( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED \|\|
elessair	0:f269e3021894	6624	( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
elessair	0:f269e3021894	6625	ssl->conf->allow_legacy_renegotiation ==
elessair	0:f269e3021894	6626	MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) )
elessair	0:f269e3021894	6627	{
elessair	0:f269e3021894	6628	MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
elessair	0:f269e3021894	6629
elessair	0:f269e3021894	6630	#if defined(MBEDTLS_SSL_PROTO_SSL3)
elessair	0:f269e3021894	6631	if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
elessair	0:f269e3021894	6632	{
elessair	0:f269e3021894	6633	/*
elessair	0:f269e3021894	6634	* SSLv3 does not have a "no_renegotiation" alert
elessair	0:f269e3021894	6635	*/
elessair	0:f269e3021894	6636	if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
elessair	0:f269e3021894	6637	return( ret );
elessair	0:f269e3021894	6638	}
elessair	0:f269e3021894	6639	else
elessair	0:f269e3021894	6640	#endif /* MBEDTLS_SSL_PROTO_SSL3 */
elessair	0:f269e3021894	6641	#if defined(MBEDTLS_SSL_PROTO_TLS1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_1) \|\| \
elessair	0:f269e3021894	6642	defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	6643	if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
elessair	0:f269e3021894	6644	{
elessair	0:f269e3021894	6645	if( ( ret = mbedtls_ssl_send_alert_message( ssl,
elessair	0:f269e3021894	6646	MBEDTLS_SSL_ALERT_LEVEL_WARNING,
elessair	0:f269e3021894	6647	MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
elessair	0:f269e3021894	6648	{
elessair	0:f269e3021894	6649	return( ret );
elessair	0:f269e3021894	6650	}
elessair	0:f269e3021894	6651	}
elessair	0:f269e3021894	6652	else
elessair	0:f269e3021894	6653	#endif /* MBEDTLS_SSL_PROTO_TLS1 \|\| MBEDTLS_SSL_PROTO_TLS1_1 \|\|
elessair	0:f269e3021894	6654	MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	6655	{
elessair	0:f269e3021894	6656	MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
elessair	0:f269e3021894	6657	return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
elessair	0:f269e3021894	6658	}
elessair	0:f269e3021894	6659	}
elessair	0:f269e3021894	6660	else
elessair	0:f269e3021894	6661	{
elessair	0:f269e3021894	6662	/* DTLS clients need to know renego is server-initiated */
elessair	0:f269e3021894	6663	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	6664	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
elessair	0:f269e3021894	6665	ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
elessair	0:f269e3021894	6666	{
elessair	0:f269e3021894	6667	ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
elessair	0:f269e3021894	6668	}
elessair	0:f269e3021894	6669	#endif
elessair	0:f269e3021894	6670	ret = ssl_start_renegotiation( ssl );
elessair	0:f269e3021894	6671	if( ret == MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO )
elessair	0:f269e3021894	6672	{
elessair	0:f269e3021894	6673	record_read = 1;
elessair	0:f269e3021894	6674	}
elessair	0:f269e3021894	6675	else if( ret != 0 )
elessair	0:f269e3021894	6676	{
elessair	0:f269e3021894	6677	MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
elessair	0:f269e3021894	6678	return( ret );
elessair	0:f269e3021894	6679	}
elessair	0:f269e3021894	6680	}
elessair	0:f269e3021894	6681
elessair	0:f269e3021894	6682	/* If a non-handshake record was read during renego, fallthrough,
elessair	0:f269e3021894	6683	* else tell the user they should call mbedtls_ssl_read() again */
elessair	0:f269e3021894	6684	if( ! record_read )
elessair	0:f269e3021894	6685	return( MBEDTLS_ERR_SSL_WANT_READ );
elessair	0:f269e3021894	6686	}
elessair	0:f269e3021894	6687	else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
elessair	0:f269e3021894	6688	{
elessair	0:f269e3021894	6689
elessair	0:f269e3021894	6690	if( ssl->conf->renego_max_records >= 0 )
elessair	0:f269e3021894	6691	{
elessair	0:f269e3021894	6692	if( ++ssl->renego_records_seen > ssl->conf->renego_max_records )
elessair	0:f269e3021894	6693	{
elessair	0:f269e3021894	6694	MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
elessair	0:f269e3021894	6695	"but not honored by client" ) );
elessair	0:f269e3021894	6696	return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
elessair	0:f269e3021894	6697	}
elessair	0:f269e3021894	6698	}
elessair	0:f269e3021894	6699	}
elessair	0:f269e3021894	6700	#endif /* MBEDTLS_SSL_RENEGOTIATION */
elessair	0:f269e3021894	6701
elessair	0:f269e3021894	6702	/* Fatal and closure alerts handled by mbedtls_ssl_read_record() */
elessair	0:f269e3021894	6703	if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
elessair	0:f269e3021894	6704	{
elessair	0:f269e3021894	6705	MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) );
elessair	0:f269e3021894	6706	return( MBEDTLS_ERR_SSL_WANT_READ );
elessair	0:f269e3021894	6707	}
elessair	0:f269e3021894	6708
elessair	0:f269e3021894	6709	if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
elessair	0:f269e3021894	6710	{
elessair	0:f269e3021894	6711	MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
elessair	0:f269e3021894	6712	return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
elessair	0:f269e3021894	6713	}
elessair	0:f269e3021894	6714
elessair	0:f269e3021894	6715	ssl->in_offt = ssl->in_msg;
elessair	0:f269e3021894	6716
elessair	0:f269e3021894	6717	/* We're going to return something now, cancel timer,
elessair	0:f269e3021894	6718	* except if handshake (renegotiation) is in progress */
elessair	0:f269e3021894	6719	if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
elessair	0:f269e3021894	6720	ssl_set_timer( ssl, 0 );
elessair	0:f269e3021894	6721
elessair	0:f269e3021894	6722	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	6723	/* If we requested renego but received AppData, resend HelloRequest.
elessair	0:f269e3021894	6724	* Do it now, after setting in_offt, to avoid taking this branch
elessair	0:f269e3021894	6725	* again if ssl_write_hello_request() returns WANT_WRITE */
elessair	0:f269e3021894	6726	#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	6727	if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
elessair	0:f269e3021894	6728	ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
elessair	0:f269e3021894	6729	{
elessair	0:f269e3021894	6730	if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
elessair	0:f269e3021894	6731	{
elessair	0:f269e3021894	6732	MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
elessair	0:f269e3021894	6733	return( ret );
elessair	0:f269e3021894	6734	}
elessair	0:f269e3021894	6735	}
elessair	0:f269e3021894	6736	#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
elessair	0:f269e3021894	6737	#endif
elessair	0:f269e3021894	6738	}
elessair	0:f269e3021894	6739
elessair	0:f269e3021894	6740	n = ( len < ssl->in_msglen )
elessair	0:f269e3021894	6741	? len : ssl->in_msglen;
elessair	0:f269e3021894	6742
elessair	0:f269e3021894	6743	memcpy( buf, ssl->in_offt, n );
elessair	0:f269e3021894	6744	ssl->in_msglen -= n;
elessair	0:f269e3021894	6745
elessair	0:f269e3021894	6746	if( ssl->in_msglen == 0 )
elessair	0:f269e3021894	6747	/* all bytes consumed */
elessair	0:f269e3021894	6748	ssl->in_offt = NULL;
elessair	0:f269e3021894	6749	else
elessair	0:f269e3021894	6750	/* more data available */
elessair	0:f269e3021894	6751	ssl->in_offt += n;
elessair	0:f269e3021894	6752
elessair	0:f269e3021894	6753	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) );
elessair	0:f269e3021894	6754
elessair	0:f269e3021894	6755	return( (int) n );
elessair	0:f269e3021894	6756	}
elessair	0:f269e3021894	6757
elessair	0:f269e3021894	6758	/*
elessair	0:f269e3021894	6759	* Send application data to be encrypted by the SSL layer,
elessair	0:f269e3021894	6760	* taking care of max fragment length and buffer size
elessair	0:f269e3021894	6761	*/
elessair	0:f269e3021894	6762	static int ssl_write_real( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	6763	const unsigned char *buf, size_t len )
elessair	0:f269e3021894	6764	{
elessair	0:f269e3021894	6765	int ret;
elessair	0:f269e3021894	6766	#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
elessair	0:f269e3021894	6767	size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
elessair	0:f269e3021894	6768
elessair	0:f269e3021894	6769	if( len > max_len )
elessair	0:f269e3021894	6770	{
elessair	0:f269e3021894	6771	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	6772	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	6773	{
elessair	0:f269e3021894	6774	MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
elessair	0:f269e3021894	6775	"maximum fragment length: %d > %d",
elessair	0:f269e3021894	6776	len, max_len ) );
elessair	0:f269e3021894	6777	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	6778	}
elessair	0:f269e3021894	6779	else
elessair	0:f269e3021894	6780	#endif
elessair	0:f269e3021894	6781	len = max_len;
elessair	0:f269e3021894	6782	}
elessair	0:f269e3021894	6783	#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
elessair	0:f269e3021894	6784
elessair	0:f269e3021894	6785	if( ssl->out_left != 0 )
elessair	0:f269e3021894	6786	{
elessair	0:f269e3021894	6787	if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
elessair	0:f269e3021894	6788	{
elessair	0:f269e3021894	6789	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
elessair	0:f269e3021894	6790	return( ret );
elessair	0:f269e3021894	6791	}
elessair	0:f269e3021894	6792	}
elessair	0:f269e3021894	6793	else
elessair	0:f269e3021894	6794	{
elessair	0:f269e3021894	6795	ssl->out_msglen = len;
elessair	0:f269e3021894	6796	ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
elessair	0:f269e3021894	6797	memcpy( ssl->out_msg, buf, len );
elessair	0:f269e3021894	6798
elessair	0:f269e3021894	6799	if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
elessair	0:f269e3021894	6800	{
elessair	0:f269e3021894	6801	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
elessair	0:f269e3021894	6802	return( ret );
elessair	0:f269e3021894	6803	}
elessair	0:f269e3021894	6804	}
elessair	0:f269e3021894	6805
elessair	0:f269e3021894	6806	return( (int) len );
elessair	0:f269e3021894	6807	}
elessair	0:f269e3021894	6808
elessair	0:f269e3021894	6809	/*
elessair	0:f269e3021894	6810	* Write application data, doing 1/n-1 splitting if necessary.
elessair	0:f269e3021894	6811	*
elessair	0:f269e3021894	6812	* With non-blocking I/O, ssl_write_real() may return WANT_WRITE,
elessair	0:f269e3021894	6813	* then the caller will call us again with the same arguments, so
elessair	0:f269e3021894	6814	* remember wether we already did the split or not.
elessair	0:f269e3021894	6815	*/
elessair	0:f269e3021894	6816	#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
elessair	0:f269e3021894	6817	static int ssl_write_split( mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	6818	const unsigned char *buf, size_t len )
elessair	0:f269e3021894	6819	{
elessair	0:f269e3021894	6820	int ret;
elessair	0:f269e3021894	6821
elessair	0:f269e3021894	6822	if( ssl->conf->cbc_record_splitting ==
elessair	0:f269e3021894	6823	MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED \|\|
elessair	0:f269e3021894	6824	len <= 1 \|\|
elessair	0:f269e3021894	6825	ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 \|\|
elessair	0:f269e3021894	6826	mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc )
elessair	0:f269e3021894	6827	!= MBEDTLS_MODE_CBC )
elessair	0:f269e3021894	6828	{
elessair	0:f269e3021894	6829	return( ssl_write_real( ssl, buf, len ) );
elessair	0:f269e3021894	6830	}
elessair	0:f269e3021894	6831
elessair	0:f269e3021894	6832	if( ssl->split_done == 0 )
elessair	0:f269e3021894	6833	{
elessair	0:f269e3021894	6834	if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 )
elessair	0:f269e3021894	6835	return( ret );
elessair	0:f269e3021894	6836	ssl->split_done = 1;
elessair	0:f269e3021894	6837	}
elessair	0:f269e3021894	6838
elessair	0:f269e3021894	6839	if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 )
elessair	0:f269e3021894	6840	return( ret );
elessair	0:f269e3021894	6841	ssl->split_done = 0;
elessair	0:f269e3021894	6842
elessair	0:f269e3021894	6843	return( ret + 1 );
elessair	0:f269e3021894	6844	}
elessair	0:f269e3021894	6845	#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
elessair	0:f269e3021894	6846
elessair	0:f269e3021894	6847	/*
elessair	0:f269e3021894	6848	* Write application data (public-facing wrapper)
elessair	0:f269e3021894	6849	*/
elessair	0:f269e3021894	6850	int mbedtls_ssl_write( mbedtls_ssl_context ssl, const unsigned char buf, size_t len )
elessair	0:f269e3021894	6851	{
elessair	0:f269e3021894	6852	int ret;
elessair	0:f269e3021894	6853
elessair	0:f269e3021894	6854	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );
elessair	0:f269e3021894	6855
elessair	0:f269e3021894	6856	if( ssl == NULL \|\| ssl->conf == NULL )
elessair	0:f269e3021894	6857	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	6858
elessair	0:f269e3021894	6859	#if defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	6860	if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
elessair	0:f269e3021894	6861	{
elessair	0:f269e3021894	6862	MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
elessair	0:f269e3021894	6863	return( ret );
elessair	0:f269e3021894	6864	}
elessair	0:f269e3021894	6865	#endif
elessair	0:f269e3021894	6866
elessair	0:f269e3021894	6867	if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
elessair	0:f269e3021894	6868	{
elessair	0:f269e3021894	6869	if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
elessair	0:f269e3021894	6870	{
elessair	0:f269e3021894	6871	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
elessair	0:f269e3021894	6872	return( ret );
elessair	0:f269e3021894	6873	}
elessair	0:f269e3021894	6874	}
elessair	0:f269e3021894	6875
elessair	0:f269e3021894	6876	#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
elessair	0:f269e3021894	6877	ret = ssl_write_split( ssl, buf, len );
elessair	0:f269e3021894	6878	#else
elessair	0:f269e3021894	6879	ret = ssl_write_real( ssl, buf, len );
elessair	0:f269e3021894	6880	#endif
elessair	0:f269e3021894	6881
elessair	0:f269e3021894	6882	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) );
elessair	0:f269e3021894	6883
elessair	0:f269e3021894	6884	return( ret );
elessair	0:f269e3021894	6885	}
elessair	0:f269e3021894	6886
elessair	0:f269e3021894	6887	/*
elessair	0:f269e3021894	6888	* Notify the peer that the connection is being closed
elessair	0:f269e3021894	6889	*/
elessair	0:f269e3021894	6890	int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	6891	{
elessair	0:f269e3021894	6892	int ret;
elessair	0:f269e3021894	6893
elessair	0:f269e3021894	6894	if( ssl == NULL \|\| ssl->conf == NULL )
elessair	0:f269e3021894	6895	return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
elessair	0:f269e3021894	6896
elessair	0:f269e3021894	6897	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
elessair	0:f269e3021894	6898
elessair	0:f269e3021894	6899	if( ssl->out_left != 0 )
elessair	0:f269e3021894	6900	return( mbedtls_ssl_flush_output( ssl ) );
elessair	0:f269e3021894	6901
elessair	0:f269e3021894	6902	if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
elessair	0:f269e3021894	6903	{
elessair	0:f269e3021894	6904	if( ( ret = mbedtls_ssl_send_alert_message( ssl,
elessair	0:f269e3021894	6905	MBEDTLS_SSL_ALERT_LEVEL_WARNING,
elessair	0:f269e3021894	6906	MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 )
elessair	0:f269e3021894	6907	{
elessair	0:f269e3021894	6908	MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret );
elessair	0:f269e3021894	6909	return( ret );
elessair	0:f269e3021894	6910	}
elessair	0:f269e3021894	6911	}
elessair	0:f269e3021894	6912
elessair	0:f269e3021894	6913	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
elessair	0:f269e3021894	6914
elessair	0:f269e3021894	6915	return( 0 );
elessair	0:f269e3021894	6916	}
elessair	0:f269e3021894	6917
elessair	0:f269e3021894	6918	void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
elessair	0:f269e3021894	6919	{
elessair	0:f269e3021894	6920	if( transform == NULL )
elessair	0:f269e3021894	6921	return;
elessair	0:f269e3021894	6922
elessair	0:f269e3021894	6923	#if defined(MBEDTLS_ZLIB_SUPPORT)
elessair	0:f269e3021894	6924	deflateEnd( &transform->ctx_deflate );
elessair	0:f269e3021894	6925	inflateEnd( &transform->ctx_inflate );
elessair	0:f269e3021894	6926	#endif
elessair	0:f269e3021894	6927
elessair	0:f269e3021894	6928	mbedtls_cipher_free( &transform->cipher_ctx_enc );
elessair	0:f269e3021894	6929	mbedtls_cipher_free( &transform->cipher_ctx_dec );
elessair	0:f269e3021894	6930
elessair	0:f269e3021894	6931	mbedtls_md_free( &transform->md_ctx_enc );
elessair	0:f269e3021894	6932	mbedtls_md_free( &transform->md_ctx_dec );
elessair	0:f269e3021894	6933
elessair	0:f269e3021894	6934	mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
elessair	0:f269e3021894	6935	}
elessair	0:f269e3021894	6936
elessair	0:f269e3021894	6937	#if defined(MBEDTLS_X509_CRT_PARSE_C)
elessair	0:f269e3021894	6938	static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert )
elessair	0:f269e3021894	6939	{
elessair	0:f269e3021894	6940	mbedtls_ssl_key_cert cur = key_cert, next;
elessair	0:f269e3021894	6941
elessair	0:f269e3021894	6942	while( cur != NULL )
elessair	0:f269e3021894	6943	{
elessair	0:f269e3021894	6944	next = cur->next;
elessair	0:f269e3021894	6945	mbedtls_free( cur );
elessair	0:f269e3021894	6946	cur = next;
elessair	0:f269e3021894	6947	}
elessair	0:f269e3021894	6948	}
elessair	0:f269e3021894	6949	#endif /* MBEDTLS_X509_CRT_PARSE_C */
elessair	0:f269e3021894	6950
elessair	0:f269e3021894	6951	void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
elessair	0:f269e3021894	6952	{
elessair	0:f269e3021894	6953	if( handshake == NULL )
elessair	0:f269e3021894	6954	return;
elessair	0:f269e3021894	6955
elessair	0:f269e3021894	6956	#if defined(MBEDTLS_SSL_PROTO_SSL3) \|\| defined(MBEDTLS_SSL_PROTO_TLS1) \|\| \
elessair	0:f269e3021894	6957	defined(MBEDTLS_SSL_PROTO_TLS1_1)
elessair	0:f269e3021894	6958	mbedtls_md5_free( &handshake->fin_md5 );
elessair	0:f269e3021894	6959	mbedtls_sha1_free( &handshake->fin_sha1 );
elessair	0:f269e3021894	6960	#endif
elessair	0:f269e3021894	6961	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	6962	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	6963	mbedtls_sha256_free( &handshake->fin_sha256 );
elessair	0:f269e3021894	6964	#endif
elessair	0:f269e3021894	6965	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	6966	mbedtls_sha512_free( &handshake->fin_sha512 );
elessair	0:f269e3021894	6967	#endif
elessair	0:f269e3021894	6968	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	6969
elessair	0:f269e3021894	6970	#if defined(MBEDTLS_DHM_C)
elessair	0:f269e3021894	6971	mbedtls_dhm_free( &handshake->dhm_ctx );
elessair	0:f269e3021894	6972	#endif
elessair	0:f269e3021894	6973	#if defined(MBEDTLS_ECDH_C)
elessair	0:f269e3021894	6974	mbedtls_ecdh_free( &handshake->ecdh_ctx );
elessair	0:f269e3021894	6975	#endif
elessair	0:f269e3021894	6976	#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
elessair	0:f269e3021894	6977	mbedtls_ecjpake_free( &handshake->ecjpake_ctx );
elessair	0:f269e3021894	6978	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	6979	mbedtls_free( handshake->ecjpake_cache );
elessair	0:f269e3021894	6980	handshake->ecjpake_cache = NULL;
elessair	0:f269e3021894	6981	handshake->ecjpake_cache_len = 0;
elessair	0:f269e3021894	6982	#endif
elessair	0:f269e3021894	6983	#endif
elessair	0:f269e3021894	6984
elessair	0:f269e3021894	6985	#if defined(MBEDTLS_ECDH_C) \|\| defined(MBEDTLS_ECDSA_C) \|\| \
elessair	0:f269e3021894	6986	defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
elessair	0:f269e3021894	6987	/* explicit void pointer cast for buggy MS compiler */
elessair	0:f269e3021894	6988	mbedtls_free( (void *) handshake->curves );
elessair	0:f269e3021894	6989	#endif
elessair	0:f269e3021894	6990
elessair	0:f269e3021894	6991	#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
elessair	0:f269e3021894	6992	if( handshake->psk != NULL )
elessair	0:f269e3021894	6993	{
elessair	0:f269e3021894	6994	mbedtls_zeroize( handshake->psk, handshake->psk_len );
elessair	0:f269e3021894	6995	mbedtls_free( handshake->psk );
elessair	0:f269e3021894	6996	}
elessair	0:f269e3021894	6997	#endif
elessair	0:f269e3021894	6998
elessair	0:f269e3021894	6999	#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
elessair	0:f269e3021894	7000	defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
elessair	0:f269e3021894	7001	/*
elessair	0:f269e3021894	7002	* Free only the linked list wrapper, not the keys themselves
elessair	0:f269e3021894	7003	* since the belong to the SNI callback
elessair	0:f269e3021894	7004	*/
elessair	0:f269e3021894	7005	if( handshake->sni_key_cert != NULL )
elessair	0:f269e3021894	7006	{
elessair	0:f269e3021894	7007	mbedtls_ssl_key_cert cur = handshake->sni_key_cert, next;
elessair	0:f269e3021894	7008
elessair	0:f269e3021894	7009	while( cur != NULL )
elessair	0:f269e3021894	7010	{
elessair	0:f269e3021894	7011	next = cur->next;
elessair	0:f269e3021894	7012	mbedtls_free( cur );
elessair	0:f269e3021894	7013	cur = next;
elessair	0:f269e3021894	7014	}
elessair	0:f269e3021894	7015	}
elessair	0:f269e3021894	7016	#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
elessair	0:f269e3021894	7017
elessair	0:f269e3021894	7018	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	7019	mbedtls_free( handshake->verify_cookie );
elessair	0:f269e3021894	7020	mbedtls_free( handshake->hs_msg );
elessair	0:f269e3021894	7021	ssl_flight_free( handshake->flight );
elessair	0:f269e3021894	7022	#endif
elessair	0:f269e3021894	7023
elessair	0:f269e3021894	7024	mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) );
elessair	0:f269e3021894	7025	}
elessair	0:f269e3021894	7026
elessair	0:f269e3021894	7027	void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
elessair	0:f269e3021894	7028	{
elessair	0:f269e3021894	7029	if( session == NULL )
elessair	0:f269e3021894	7030	return;
elessair	0:f269e3021894	7031
elessair	0:f269e3021894	7032	#if defined(MBEDTLS_X509_CRT_PARSE_C)
elessair	0:f269e3021894	7033	if( session->peer_cert != NULL )
elessair	0:f269e3021894	7034	{
elessair	0:f269e3021894	7035	mbedtls_x509_crt_free( session->peer_cert );
elessair	0:f269e3021894	7036	mbedtls_free( session->peer_cert );
elessair	0:f269e3021894	7037	}
elessair	0:f269e3021894	7038	#endif
elessair	0:f269e3021894	7039
elessair	0:f269e3021894	7040	#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	7041	mbedtls_free( session->ticket );
elessair	0:f269e3021894	7042	#endif
elessair	0:f269e3021894	7043
elessair	0:f269e3021894	7044	mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) );
elessair	0:f269e3021894	7045	}
elessair	0:f269e3021894	7046
elessair	0:f269e3021894	7047	/*
elessair	0:f269e3021894	7048	* Free an SSL context
elessair	0:f269e3021894	7049	*/
elessair	0:f269e3021894	7050	void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
elessair	0:f269e3021894	7051	{
elessair	0:f269e3021894	7052	if( ssl == NULL )
elessair	0:f269e3021894	7053	return;
elessair	0:f269e3021894	7054
elessair	0:f269e3021894	7055	MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) );
elessair	0:f269e3021894	7056
elessair	0:f269e3021894	7057	if( ssl->out_buf != NULL )
elessair	0:f269e3021894	7058	{
elessair	0:f269e3021894	7059	mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN );
elessair	0:f269e3021894	7060	mbedtls_free( ssl->out_buf );
elessair	0:f269e3021894	7061	}
elessair	0:f269e3021894	7062
elessair	0:f269e3021894	7063	if( ssl->in_buf != NULL )
elessair	0:f269e3021894	7064	{
elessair	0:f269e3021894	7065	mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN );
elessair	0:f269e3021894	7066	mbedtls_free( ssl->in_buf );
elessair	0:f269e3021894	7067	}
elessair	0:f269e3021894	7068
elessair	0:f269e3021894	7069	#if defined(MBEDTLS_ZLIB_SUPPORT)
elessair	0:f269e3021894	7070	if( ssl->compress_buf != NULL )
elessair	0:f269e3021894	7071	{
elessair	0:f269e3021894	7072	mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN );
elessair	0:f269e3021894	7073	mbedtls_free( ssl->compress_buf );
elessair	0:f269e3021894	7074	}
elessair	0:f269e3021894	7075	#endif
elessair	0:f269e3021894	7076
elessair	0:f269e3021894	7077	if( ssl->transform )
elessair	0:f269e3021894	7078	{
elessair	0:f269e3021894	7079	mbedtls_ssl_transform_free( ssl->transform );
elessair	0:f269e3021894	7080	mbedtls_free( ssl->transform );
elessair	0:f269e3021894	7081	}
elessair	0:f269e3021894	7082
elessair	0:f269e3021894	7083	if( ssl->handshake )
elessair	0:f269e3021894	7084	{
elessair	0:f269e3021894	7085	mbedtls_ssl_handshake_free( ssl->handshake );
elessair	0:f269e3021894	7086	mbedtls_ssl_transform_free( ssl->transform_negotiate );
elessair	0:f269e3021894	7087	mbedtls_ssl_session_free( ssl->session_negotiate );
elessair	0:f269e3021894	7088
elessair	0:f269e3021894	7089	mbedtls_free( ssl->handshake );
elessair	0:f269e3021894	7090	mbedtls_free( ssl->transform_negotiate );
elessair	0:f269e3021894	7091	mbedtls_free( ssl->session_negotiate );
elessair	0:f269e3021894	7092	}
elessair	0:f269e3021894	7093
elessair	0:f269e3021894	7094	if( ssl->session )
elessair	0:f269e3021894	7095	{
elessair	0:f269e3021894	7096	mbedtls_ssl_session_free( ssl->session );
elessair	0:f269e3021894	7097	mbedtls_free( ssl->session );
elessair	0:f269e3021894	7098	}
elessair	0:f269e3021894	7099
elessair	0:f269e3021894	7100	#if defined(MBEDTLS_X509_CRT_PARSE_C)
elessair	0:f269e3021894	7101	if( ssl->hostname != NULL )
elessair	0:f269e3021894	7102	{
elessair	0:f269e3021894	7103	mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
elessair	0:f269e3021894	7104	mbedtls_free( ssl->hostname );
elessair	0:f269e3021894	7105	}
elessair	0:f269e3021894	7106	#endif
elessair	0:f269e3021894	7107
elessair	0:f269e3021894	7108	#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
elessair	0:f269e3021894	7109	if( mbedtls_ssl_hw_record_finish != NULL )
elessair	0:f269e3021894	7110	{
elessair	0:f269e3021894	7111	MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_finish()" ) );
elessair	0:f269e3021894	7112	mbedtls_ssl_hw_record_finish( ssl );
elessair	0:f269e3021894	7113	}
elessair	0:f269e3021894	7114	#endif
elessair	0:f269e3021894	7115
elessair	0:f269e3021894	7116	#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	7117	mbedtls_free( ssl->cli_id );
elessair	0:f269e3021894	7118	#endif
elessair	0:f269e3021894	7119
elessair	0:f269e3021894	7120	MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );
elessair	0:f269e3021894	7121
elessair	0:f269e3021894	7122	/* Actually clear after last debug message */
elessair	0:f269e3021894	7123	mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
elessair	0:f269e3021894	7124	}
elessair	0:f269e3021894	7125
elessair	0:f269e3021894	7126	/*
elessair	0:f269e3021894	7127	* Initialze mbedtls_ssl_config
elessair	0:f269e3021894	7128	*/
elessair	0:f269e3021894	7129	void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
elessair	0:f269e3021894	7130	{
elessair	0:f269e3021894	7131	memset( conf, 0, sizeof( mbedtls_ssl_config ) );
elessair	0:f269e3021894	7132	}
elessair	0:f269e3021894	7133
elessair	0:f269e3021894	7134	#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
elessair	0:f269e3021894	7135	static int ssl_preset_default_hashes[] = {
elessair	0:f269e3021894	7136	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	7137	MBEDTLS_MD_SHA512,
elessair	0:f269e3021894	7138	MBEDTLS_MD_SHA384,
elessair	0:f269e3021894	7139	#endif
elessair	0:f269e3021894	7140	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	7141	MBEDTLS_MD_SHA256,
elessair	0:f269e3021894	7142	MBEDTLS_MD_SHA224,
elessair	0:f269e3021894	7143	#endif
elessair	0:f269e3021894	7144	#if defined(MBEDTLS_SHA1_C)
elessair	0:f269e3021894	7145	MBEDTLS_MD_SHA1,
elessair	0:f269e3021894	7146	#endif
elessair	0:f269e3021894	7147	MBEDTLS_MD_NONE
elessair	0:f269e3021894	7148	};
elessair	0:f269e3021894	7149	#endif
elessair	0:f269e3021894	7150
elessair	0:f269e3021894	7151	static int ssl_preset_suiteb_ciphersuites[] = {
elessair	0:f269e3021894	7152	MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
elessair	0:f269e3021894	7153	MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
elessair	0:f269e3021894	7154	0
elessair	0:f269e3021894	7155	};
elessair	0:f269e3021894	7156
elessair	0:f269e3021894	7157	#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
elessair	0:f269e3021894	7158	static int ssl_preset_suiteb_hashes[] = {
elessair	0:f269e3021894	7159	MBEDTLS_MD_SHA256,
elessair	0:f269e3021894	7160	MBEDTLS_MD_SHA384,
elessair	0:f269e3021894	7161	MBEDTLS_MD_NONE
elessair	0:f269e3021894	7162	};
elessair	0:f269e3021894	7163	#endif
elessair	0:f269e3021894	7164
elessair	0:f269e3021894	7165	#if defined(MBEDTLS_ECP_C)
elessair	0:f269e3021894	7166	static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
elessair	0:f269e3021894	7167	MBEDTLS_ECP_DP_SECP256R1,
elessair	0:f269e3021894	7168	MBEDTLS_ECP_DP_SECP384R1,
elessair	0:f269e3021894	7169	MBEDTLS_ECP_DP_NONE
elessair	0:f269e3021894	7170	};
elessair	0:f269e3021894	7171	#endif
elessair	0:f269e3021894	7172
elessair	0:f269e3021894	7173	/*
elessair	0:f269e3021894	7174	* Load default in mbedtls_ssl_config
elessair	0:f269e3021894	7175	*/
elessair	0:f269e3021894	7176	int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
elessair	0:f269e3021894	7177	int endpoint, int transport, int preset )
elessair	0:f269e3021894	7178	{
elessair	0:f269e3021894	7179	#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	7180	int ret;
elessair	0:f269e3021894	7181	#endif
elessair	0:f269e3021894	7182
elessair	0:f269e3021894	7183	/* Use the functions here so that they are covered in tests,
elessair	0:f269e3021894	7184	* but otherwise access member directly for efficiency */
elessair	0:f269e3021894	7185	mbedtls_ssl_conf_endpoint( conf, endpoint );
elessair	0:f269e3021894	7186	mbedtls_ssl_conf_transport( conf, transport );
elessair	0:f269e3021894	7187
elessair	0:f269e3021894	7188	/*
elessair	0:f269e3021894	7189	* Things that are common to all presets
elessair	0:f269e3021894	7190	*/
elessair	0:f269e3021894	7191	#if defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	7192	if( endpoint == MBEDTLS_SSL_IS_CLIENT )
elessair	0:f269e3021894	7193	{
elessair	0:f269e3021894	7194	conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
elessair	0:f269e3021894	7195	#if defined(MBEDTLS_SSL_SESSION_TICKETS)
elessair	0:f269e3021894	7196	conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
elessair	0:f269e3021894	7197	#endif
elessair	0:f269e3021894	7198	}
elessair	0:f269e3021894	7199	#endif
elessair	0:f269e3021894	7200
elessair	0:f269e3021894	7201	#if defined(MBEDTLS_ARC4_C)
elessair	0:f269e3021894	7202	conf->arc4_disabled = MBEDTLS_SSL_ARC4_DISABLED;
elessair	0:f269e3021894	7203	#endif
elessair	0:f269e3021894	7204
elessair	0:f269e3021894	7205	#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
elessair	0:f269e3021894	7206	conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
elessair	0:f269e3021894	7207	#endif
elessair	0:f269e3021894	7208
elessair	0:f269e3021894	7209	#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
elessair	0:f269e3021894	7210	conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
elessair	0:f269e3021894	7211	#endif
elessair	0:f269e3021894	7212
elessair	0:f269e3021894	7213	#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
elessair	0:f269e3021894	7214	conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED;
elessair	0:f269e3021894	7215	#endif
elessair	0:f269e3021894	7216
elessair	0:f269e3021894	7217	#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	7218	conf->f_cookie_write = ssl_cookie_write_dummy;
elessair	0:f269e3021894	7219	conf->f_cookie_check = ssl_cookie_check_dummy;
elessair	0:f269e3021894	7220	#endif
elessair	0:f269e3021894	7221
elessair	0:f269e3021894	7222	#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
elessair	0:f269e3021894	7223	conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED;
elessair	0:f269e3021894	7224	#endif
elessair	0:f269e3021894	7225
elessair	0:f269e3021894	7226	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	7227	conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN;
elessair	0:f269e3021894	7228	conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX;
elessair	0:f269e3021894	7229	#endif
elessair	0:f269e3021894	7230
elessair	0:f269e3021894	7231	#if defined(MBEDTLS_SSL_RENEGOTIATION)
elessair	0:f269e3021894	7232	conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT;
elessair	0:f269e3021894	7233	memset( conf->renego_period, 0xFF, 7 );
elessair	0:f269e3021894	7234	conf->renego_period[7] = 0x00;
elessair	0:f269e3021894	7235	#endif
elessair	0:f269e3021894	7236
elessair	0:f269e3021894	7237	#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
elessair	0:f269e3021894	7238	if( endpoint == MBEDTLS_SSL_IS_SERVER )
elessair	0:f269e3021894	7239	{
elessair	0:f269e3021894	7240	if( ( ret = mbedtls_ssl_conf_dh_param( conf,
elessair	0:f269e3021894	7241	MBEDTLS_DHM_RFC5114_MODP_2048_P,
elessair	0:f269e3021894	7242	MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 )
elessair	0:f269e3021894	7243	{
elessair	0:f269e3021894	7244	return( ret );
elessair	0:f269e3021894	7245	}
elessair	0:f269e3021894	7246	}
elessair	0:f269e3021894	7247	#endif
elessair	0:f269e3021894	7248
elessair	0:f269e3021894	7249	/*
elessair	0:f269e3021894	7250	* Preset-specific defaults
elessair	0:f269e3021894	7251	*/
elessair	0:f269e3021894	7252	switch( preset )
elessair	0:f269e3021894	7253	{
elessair	0:f269e3021894	7254	/*
elessair	0:f269e3021894	7255	* NSA Suite B
elessair	0:f269e3021894	7256	*/
elessair	0:f269e3021894	7257	case MBEDTLS_SSL_PRESET_SUITEB:
elessair	0:f269e3021894	7258	conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
elessair	0:f269e3021894	7259	conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */
elessair	0:f269e3021894	7260	conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
elessair	0:f269e3021894	7261	conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
elessair	0:f269e3021894	7262
elessair	0:f269e3021894	7263	conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
elessair	0:f269e3021894	7264	conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
elessair	0:f269e3021894	7265	conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
elessair	0:f269e3021894	7266	conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
elessair	0:f269e3021894	7267	ssl_preset_suiteb_ciphersuites;
elessair	0:f269e3021894	7268
elessair	0:f269e3021894	7269	#if defined(MBEDTLS_X509_CRT_PARSE_C)
elessair	0:f269e3021894	7270	conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
elessair	0:f269e3021894	7271	#endif
elessair	0:f269e3021894	7272
elessair	0:f269e3021894	7273	#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
elessair	0:f269e3021894	7274	conf->sig_hashes = ssl_preset_suiteb_hashes;
elessair	0:f269e3021894	7275	#endif
elessair	0:f269e3021894	7276
elessair	0:f269e3021894	7277	#if defined(MBEDTLS_ECP_C)
elessair	0:f269e3021894	7278	conf->curve_list = ssl_preset_suiteb_curves;
elessair	0:f269e3021894	7279	#endif
elessair	0:f269e3021894	7280	break;
elessair	0:f269e3021894	7281
elessair	0:f269e3021894	7282	/*
elessair	0:f269e3021894	7283	* Default
elessair	0:f269e3021894	7284	*/
elessair	0:f269e3021894	7285	default:
elessair	0:f269e3021894	7286	conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
elessair	0:f269e3021894	7287	conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
elessair	0:f269e3021894	7288	conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
elessair	0:f269e3021894	7289	conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
elessair	0:f269e3021894	7290
elessair	0:f269e3021894	7291	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	7292	if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	7293	conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
elessair	0:f269e3021894	7294	#endif
elessair	0:f269e3021894	7295
elessair	0:f269e3021894	7296	conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
elessair	0:f269e3021894	7297	conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
elessair	0:f269e3021894	7298	conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
elessair	0:f269e3021894	7299	conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
elessair	0:f269e3021894	7300	mbedtls_ssl_list_ciphersuites();
elessair	0:f269e3021894	7301
elessair	0:f269e3021894	7302	#if defined(MBEDTLS_X509_CRT_PARSE_C)
elessair	0:f269e3021894	7303	conf->cert_profile = &mbedtls_x509_crt_profile_default;
elessair	0:f269e3021894	7304	#endif
elessair	0:f269e3021894	7305
elessair	0:f269e3021894	7306	#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
elessair	0:f269e3021894	7307	conf->sig_hashes = ssl_preset_default_hashes;
elessair	0:f269e3021894	7308	#endif
elessair	0:f269e3021894	7309
elessair	0:f269e3021894	7310	#if defined(MBEDTLS_ECP_C)
elessair	0:f269e3021894	7311	conf->curve_list = mbedtls_ecp_grp_id_list();
elessair	0:f269e3021894	7312	#endif
elessair	0:f269e3021894	7313
elessair	0:f269e3021894	7314	#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
elessair	0:f269e3021894	7315	conf->dhm_min_bitlen = 1024;
elessair	0:f269e3021894	7316	#endif
elessair	0:f269e3021894	7317	}
elessair	0:f269e3021894	7318
elessair	0:f269e3021894	7319	return( 0 );
elessair	0:f269e3021894	7320	}
elessair	0:f269e3021894	7321
elessair	0:f269e3021894	7322	/*
elessair	0:f269e3021894	7323	* Free mbedtls_ssl_config
elessair	0:f269e3021894	7324	*/
elessair	0:f269e3021894	7325	void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
elessair	0:f269e3021894	7326	{
elessair	0:f269e3021894	7327	#if defined(MBEDTLS_DHM_C)
elessair	0:f269e3021894	7328	mbedtls_mpi_free( &conf->dhm_P );
elessair	0:f269e3021894	7329	mbedtls_mpi_free( &conf->dhm_G );
elessair	0:f269e3021894	7330	#endif
elessair	0:f269e3021894	7331
elessair	0:f269e3021894	7332	#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
elessair	0:f269e3021894	7333	if( conf->psk != NULL )
elessair	0:f269e3021894	7334	{
elessair	0:f269e3021894	7335	mbedtls_zeroize( conf->psk, conf->psk_len );
elessair	0:f269e3021894	7336	mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len );
elessair	0:f269e3021894	7337	mbedtls_free( conf->psk );
elessair	0:f269e3021894	7338	mbedtls_free( conf->psk_identity );
elessair	0:f269e3021894	7339	conf->psk_len = 0;
elessair	0:f269e3021894	7340	conf->psk_identity_len = 0;
elessair	0:f269e3021894	7341	}
elessair	0:f269e3021894	7342	#endif
elessair	0:f269e3021894	7343
elessair	0:f269e3021894	7344	#if defined(MBEDTLS_X509_CRT_PARSE_C)
elessair	0:f269e3021894	7345	ssl_key_cert_free( conf->key_cert );
elessair	0:f269e3021894	7346	#endif
elessair	0:f269e3021894	7347
elessair	0:f269e3021894	7348	mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) );
elessair	0:f269e3021894	7349	}
elessair	0:f269e3021894	7350
elessair	0:f269e3021894	7351	#if defined(MBEDTLS_PK_C) && \
elessair	0:f269e3021894	7352	( defined(MBEDTLS_RSA_C) \|\| defined(MBEDTLS_ECDSA_C) )
elessair	0:f269e3021894	7353	/*
elessair	0:f269e3021894	7354	* Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
elessair	0:f269e3021894	7355	*/
elessair	0:f269e3021894	7356	unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk )
elessair	0:f269e3021894	7357	{
elessair	0:f269e3021894	7358	#if defined(MBEDTLS_RSA_C)
elessair	0:f269e3021894	7359	if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) )
elessair	0:f269e3021894	7360	return( MBEDTLS_SSL_SIG_RSA );
elessair	0:f269e3021894	7361	#endif
elessair	0:f269e3021894	7362	#if defined(MBEDTLS_ECDSA_C)
elessair	0:f269e3021894	7363	if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) )
elessair	0:f269e3021894	7364	return( MBEDTLS_SSL_SIG_ECDSA );
elessair	0:f269e3021894	7365	#endif
elessair	0:f269e3021894	7366	return( MBEDTLS_SSL_SIG_ANON );
elessair	0:f269e3021894	7367	}
elessair	0:f269e3021894	7368
elessair	0:f269e3021894	7369	mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig )
elessair	0:f269e3021894	7370	{
elessair	0:f269e3021894	7371	switch( sig )
elessair	0:f269e3021894	7372	{
elessair	0:f269e3021894	7373	#if defined(MBEDTLS_RSA_C)
elessair	0:f269e3021894	7374	case MBEDTLS_SSL_SIG_RSA:
elessair	0:f269e3021894	7375	return( MBEDTLS_PK_RSA );
elessair	0:f269e3021894	7376	#endif
elessair	0:f269e3021894	7377	#if defined(MBEDTLS_ECDSA_C)
elessair	0:f269e3021894	7378	case MBEDTLS_SSL_SIG_ECDSA:
elessair	0:f269e3021894	7379	return( MBEDTLS_PK_ECDSA );
elessair	0:f269e3021894	7380	#endif
elessair	0:f269e3021894	7381	default:
elessair	0:f269e3021894	7382	return( MBEDTLS_PK_NONE );
elessair	0:f269e3021894	7383	}
elessair	0:f269e3021894	7384	}
elessair	0:f269e3021894	7385	#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C \|\| MBEDTLS_ECDSA_C ) */
elessair	0:f269e3021894	7386
elessair	0:f269e3021894	7387	/*
elessair	0:f269e3021894	7388	* Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
elessair	0:f269e3021894	7389	*/
elessair	0:f269e3021894	7390	mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash )
elessair	0:f269e3021894	7391	{
elessair	0:f269e3021894	7392	switch( hash )
elessair	0:f269e3021894	7393	{
elessair	0:f269e3021894	7394	#if defined(MBEDTLS_MD5_C)
elessair	0:f269e3021894	7395	case MBEDTLS_SSL_HASH_MD5:
elessair	0:f269e3021894	7396	return( MBEDTLS_MD_MD5 );
elessair	0:f269e3021894	7397	#endif
elessair	0:f269e3021894	7398	#if defined(MBEDTLS_SHA1_C)
elessair	0:f269e3021894	7399	case MBEDTLS_SSL_HASH_SHA1:
elessair	0:f269e3021894	7400	return( MBEDTLS_MD_SHA1 );
elessair	0:f269e3021894	7401	#endif
elessair	0:f269e3021894	7402	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	7403	case MBEDTLS_SSL_HASH_SHA224:
elessair	0:f269e3021894	7404	return( MBEDTLS_MD_SHA224 );
elessair	0:f269e3021894	7405	case MBEDTLS_SSL_HASH_SHA256:
elessair	0:f269e3021894	7406	return( MBEDTLS_MD_SHA256 );
elessair	0:f269e3021894	7407	#endif
elessair	0:f269e3021894	7408	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	7409	case MBEDTLS_SSL_HASH_SHA384:
elessair	0:f269e3021894	7410	return( MBEDTLS_MD_SHA384 );
elessair	0:f269e3021894	7411	case MBEDTLS_SSL_HASH_SHA512:
elessair	0:f269e3021894	7412	return( MBEDTLS_MD_SHA512 );
elessair	0:f269e3021894	7413	#endif
elessair	0:f269e3021894	7414	default:
elessair	0:f269e3021894	7415	return( MBEDTLS_MD_NONE );
elessair	0:f269e3021894	7416	}
elessair	0:f269e3021894	7417	}
elessair	0:f269e3021894	7418
elessair	0:f269e3021894	7419	/*
elessair	0:f269e3021894	7420	* Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX
elessair	0:f269e3021894	7421	*/
elessair	0:f269e3021894	7422	unsigned char mbedtls_ssl_hash_from_md_alg( int md )
elessair	0:f269e3021894	7423	{
elessair	0:f269e3021894	7424	switch( md )
elessair	0:f269e3021894	7425	{
elessair	0:f269e3021894	7426	#if defined(MBEDTLS_MD5_C)
elessair	0:f269e3021894	7427	case MBEDTLS_MD_MD5:
elessair	0:f269e3021894	7428	return( MBEDTLS_SSL_HASH_MD5 );
elessair	0:f269e3021894	7429	#endif
elessair	0:f269e3021894	7430	#if defined(MBEDTLS_SHA1_C)
elessair	0:f269e3021894	7431	case MBEDTLS_MD_SHA1:
elessair	0:f269e3021894	7432	return( MBEDTLS_SSL_HASH_SHA1 );
elessair	0:f269e3021894	7433	#endif
elessair	0:f269e3021894	7434	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	7435	case MBEDTLS_MD_SHA224:
elessair	0:f269e3021894	7436	return( MBEDTLS_SSL_HASH_SHA224 );
elessair	0:f269e3021894	7437	case MBEDTLS_MD_SHA256:
elessair	0:f269e3021894	7438	return( MBEDTLS_SSL_HASH_SHA256 );
elessair	0:f269e3021894	7439	#endif
elessair	0:f269e3021894	7440	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	7441	case MBEDTLS_MD_SHA384:
elessair	0:f269e3021894	7442	return( MBEDTLS_SSL_HASH_SHA384 );
elessair	0:f269e3021894	7443	case MBEDTLS_MD_SHA512:
elessair	0:f269e3021894	7444	return( MBEDTLS_SSL_HASH_SHA512 );
elessair	0:f269e3021894	7445	#endif
elessair	0:f269e3021894	7446	default:
elessair	0:f269e3021894	7447	return( MBEDTLS_SSL_HASH_NONE );
elessair	0:f269e3021894	7448	}
elessair	0:f269e3021894	7449	}
elessair	0:f269e3021894	7450
elessair	0:f269e3021894	7451	#if defined(MBEDTLS_ECP_C)
elessair	0:f269e3021894	7452	/*
elessair	0:f269e3021894	7453	* Check if a curve proposed by the peer is in our list.
elessair	0:f269e3021894	7454	* Return 0 if we're willing to use it, -1 otherwise.
elessair	0:f269e3021894	7455	*/
elessair	0:f269e3021894	7456	int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
elessair	0:f269e3021894	7457	{
elessair	0:f269e3021894	7458	const mbedtls_ecp_group_id *gid;
elessair	0:f269e3021894	7459
elessair	0:f269e3021894	7460	if( ssl->conf->curve_list == NULL )
elessair	0:f269e3021894	7461	return( -1 );
elessair	0:f269e3021894	7462
elessair	0:f269e3021894	7463	for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
elessair	0:f269e3021894	7464	if( *gid == grp_id )
elessair	0:f269e3021894	7465	return( 0 );
elessair	0:f269e3021894	7466
elessair	0:f269e3021894	7467	return( -1 );
elessair	0:f269e3021894	7468	}
elessair	0:f269e3021894	7469	#endif /* MBEDTLS_ECP_C */
elessair	0:f269e3021894	7470
elessair	0:f269e3021894	7471	#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
elessair	0:f269e3021894	7472	/*
elessair	0:f269e3021894	7473	* Check if a hash proposed by the peer is in our list.
elessair	0:f269e3021894	7474	* Return 0 if we're willing to use it, -1 otherwise.
elessair	0:f269e3021894	7475	*/
elessair	0:f269e3021894	7476	int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
elessair	0:f269e3021894	7477	mbedtls_md_type_t md )
elessair	0:f269e3021894	7478	{
elessair	0:f269e3021894	7479	const int *cur;
elessair	0:f269e3021894	7480
elessair	0:f269e3021894	7481	if( ssl->conf->sig_hashes == NULL )
elessair	0:f269e3021894	7482	return( -1 );
elessair	0:f269e3021894	7483
elessair	0:f269e3021894	7484	for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
elessair	0:f269e3021894	7485	if( *cur == (int) md )
elessair	0:f269e3021894	7486	return( 0 );
elessair	0:f269e3021894	7487
elessair	0:f269e3021894	7488	return( -1 );
elessair	0:f269e3021894	7489	}
elessair	0:f269e3021894	7490	#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
elessair	0:f269e3021894	7491
elessair	0:f269e3021894	7492	#if defined(MBEDTLS_X509_CRT_PARSE_C)
elessair	0:f269e3021894	7493	int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
elessair	0:f269e3021894	7494	const mbedtls_ssl_ciphersuite_t *ciphersuite,
elessair	0:f269e3021894	7495	int cert_endpoint,
elessair	0:f269e3021894	7496	uint32_t *flags )
elessair	0:f269e3021894	7497	{
elessair	0:f269e3021894	7498	int ret = 0;
elessair	0:f269e3021894	7499	#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
elessair	0:f269e3021894	7500	int usage = 0;
elessair	0:f269e3021894	7501	#endif
elessair	0:f269e3021894	7502	#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
elessair	0:f269e3021894	7503	const char *ext_oid;
elessair	0:f269e3021894	7504	size_t ext_len;
elessair	0:f269e3021894	7505	#endif
elessair	0:f269e3021894	7506
elessair	0:f269e3021894	7507	#if !defined(MBEDTLS_X509_CHECK_KEY_USAGE) && \
elessair	0:f269e3021894	7508	!defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
elessair	0:f269e3021894	7509	((void) cert);
elessair	0:f269e3021894	7510	((void) cert_endpoint);
elessair	0:f269e3021894	7511	((void) flags);
elessair	0:f269e3021894	7512	#endif
elessair	0:f269e3021894	7513
elessair	0:f269e3021894	7514	#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
elessair	0:f269e3021894	7515	if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
elessair	0:f269e3021894	7516	{
elessair	0:f269e3021894	7517	/* Server part of the key exchange */
elessair	0:f269e3021894	7518	switch( ciphersuite->key_exchange )
elessair	0:f269e3021894	7519	{
elessair	0:f269e3021894	7520	case MBEDTLS_KEY_EXCHANGE_RSA:
elessair	0:f269e3021894	7521	case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
elessair	0:f269e3021894	7522	usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
elessair	0:f269e3021894	7523	break;
elessair	0:f269e3021894	7524
elessair	0:f269e3021894	7525	case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
elessair	0:f269e3021894	7526	case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
elessair	0:f269e3021894	7527	case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
elessair	0:f269e3021894	7528	usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
elessair	0:f269e3021894	7529	break;
elessair	0:f269e3021894	7530
elessair	0:f269e3021894	7531	case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
elessair	0:f269e3021894	7532	case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
elessair	0:f269e3021894	7533	usage = MBEDTLS_X509_KU_KEY_AGREEMENT;
elessair	0:f269e3021894	7534	break;
elessair	0:f269e3021894	7535
elessair	0:f269e3021894	7536	/* Don't use default: we want warnings when adding new values */
elessair	0:f269e3021894	7537	case MBEDTLS_KEY_EXCHANGE_NONE:
elessair	0:f269e3021894	7538	case MBEDTLS_KEY_EXCHANGE_PSK:
elessair	0:f269e3021894	7539	case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
elessair	0:f269e3021894	7540	case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
elessair	0:f269e3021894	7541	case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
elessair	0:f269e3021894	7542	usage = 0;
elessair	0:f269e3021894	7543	}
elessair	0:f269e3021894	7544	}
elessair	0:f269e3021894	7545	else
elessair	0:f269e3021894	7546	{
elessair	0:f269e3021894	7547	/* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */
elessair	0:f269e3021894	7548	usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
elessair	0:f269e3021894	7549	}
elessair	0:f269e3021894	7550
elessair	0:f269e3021894	7551	if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 )
elessair	0:f269e3021894	7552	{
elessair	0:f269e3021894	7553	*flags \|= MBEDTLS_X509_BADCERT_KEY_USAGE;
elessair	0:f269e3021894	7554	ret = -1;
elessair	0:f269e3021894	7555	}
elessair	0:f269e3021894	7556	#else
elessair	0:f269e3021894	7557	((void) ciphersuite);
elessair	0:f269e3021894	7558	#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
elessair	0:f269e3021894	7559
elessair	0:f269e3021894	7560	#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
elessair	0:f269e3021894	7561	if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
elessair	0:f269e3021894	7562	{
elessair	0:f269e3021894	7563	ext_oid = MBEDTLS_OID_SERVER_AUTH;
elessair	0:f269e3021894	7564	ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH );
elessair	0:f269e3021894	7565	}
elessair	0:f269e3021894	7566	else
elessair	0:f269e3021894	7567	{
elessair	0:f269e3021894	7568	ext_oid = MBEDTLS_OID_CLIENT_AUTH;
elessair	0:f269e3021894	7569	ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH );
elessair	0:f269e3021894	7570	}
elessair	0:f269e3021894	7571
elessair	0:f269e3021894	7572	if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
elessair	0:f269e3021894	7573	{
elessair	0:f269e3021894	7574	*flags \|= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
elessair	0:f269e3021894	7575	ret = -1;
elessair	0:f269e3021894	7576	}
elessair	0:f269e3021894	7577	#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
elessair	0:f269e3021894	7578
elessair	0:f269e3021894	7579	return( ret );
elessair	0:f269e3021894	7580	}
elessair	0:f269e3021894	7581	#endif /* MBEDTLS_X509_CRT_PARSE_C */
elessair	0:f269e3021894	7582
elessair	0:f269e3021894	7583	/*
elessair	0:f269e3021894	7584	* Convert version numbers to/from wire format
elessair	0:f269e3021894	7585	* and, for DTLS, to/from TLS equivalent.
elessair	0:f269e3021894	7586	*
elessair	0:f269e3021894	7587	* For TLS this is the identity.
elessair	0:f269e3021894	7588	* For DTLS, use one complement (v -> 255 - v, and then map as follows:
elessair	0:f269e3021894	7589	* 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1)
elessair	0:f269e3021894	7590	* 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2)
elessair	0:f269e3021894	7591	*/
elessair	0:f269e3021894	7592	void mbedtls_ssl_write_version( int major, int minor, int transport,
elessair	0:f269e3021894	7593	unsigned char ver[2] )
elessair	0:f269e3021894	7594	{
elessair	0:f269e3021894	7595	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	7596	if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	7597	{
elessair	0:f269e3021894	7598	if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
elessair	0:f269e3021894	7599	--minor; /* DTLS 1.0 stored as TLS 1.1 internally */
elessair	0:f269e3021894	7600
elessair	0:f269e3021894	7601	ver[0] = (unsigned char)( 255 - ( major - 2 ) );
elessair	0:f269e3021894	7602	ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
elessair	0:f269e3021894	7603	}
elessair	0:f269e3021894	7604	else
elessair	0:f269e3021894	7605	#else
elessair	0:f269e3021894	7606	((void) transport);
elessair	0:f269e3021894	7607	#endif
elessair	0:f269e3021894	7608	{
elessair	0:f269e3021894	7609	ver[0] = (unsigned char) major;
elessair	0:f269e3021894	7610	ver[1] = (unsigned char) minor;
elessair	0:f269e3021894	7611	}
elessair	0:f269e3021894	7612	}
elessair	0:f269e3021894	7613
elessair	0:f269e3021894	7614	void mbedtls_ssl_read_version( int major, int minor, int transport,
elessair	0:f269e3021894	7615	const unsigned char ver[2] )
elessair	0:f269e3021894	7616	{
elessair	0:f269e3021894	7617	#if defined(MBEDTLS_SSL_PROTO_DTLS)
elessair	0:f269e3021894	7618	if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
elessair	0:f269e3021894	7619	{
elessair	0:f269e3021894	7620	*major = 255 - ver[0] + 2;
elessair	0:f269e3021894	7621	*minor = 255 - ver[1] + 1;
elessair	0:f269e3021894	7622
elessair	0:f269e3021894	7623	if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
elessair	0:f269e3021894	7624	++minor; / DTLS 1.0 stored as TLS 1.1 internally */
elessair	0:f269e3021894	7625	}
elessair	0:f269e3021894	7626	else
elessair	0:f269e3021894	7627	#else
elessair	0:f269e3021894	7628	((void) transport);
elessair	0:f269e3021894	7629	#endif
elessair	0:f269e3021894	7630	{
elessair	0:f269e3021894	7631	*major = ver[0];
elessair	0:f269e3021894	7632	*minor = ver[1];
elessair	0:f269e3021894	7633	}
elessair	0:f269e3021894	7634	}
elessair	0:f269e3021894	7635
elessair	0:f269e3021894	7636	int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
elessair	0:f269e3021894	7637	{
elessair	0:f269e3021894	7638	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
elessair	0:f269e3021894	7639	if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
elessair	0:f269e3021894	7640	return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
elessair	0:f269e3021894	7641
elessair	0:f269e3021894	7642	switch( md )
elessair	0:f269e3021894	7643	{
elessair	0:f269e3021894	7644	#if defined(MBEDTLS_SSL_PROTO_TLS1) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_1)
elessair	0:f269e3021894	7645	#if defined(MBEDTLS_MD5_C)
elessair	0:f269e3021894	7646	case MBEDTLS_SSL_HASH_MD5:
elessair	0:f269e3021894	7647	ssl->handshake->calc_verify = ssl_calc_verify_tls;
elessair	0:f269e3021894	7648	break;
elessair	0:f269e3021894	7649	#endif
elessair	0:f269e3021894	7650	#if defined(MBEDTLS_SHA1_C)
elessair	0:f269e3021894	7651	case MBEDTLS_SSL_HASH_SHA1:
elessair	0:f269e3021894	7652	ssl->handshake->calc_verify = ssl_calc_verify_tls;
elessair	0:f269e3021894	7653	break;
elessair	0:f269e3021894	7654	#endif
elessair	0:f269e3021894	7655	#endif /* MBEDTLS_SSL_PROTO_TLS1 \|\| MBEDTLS_SSL_PROTO_TLS1_1 */
elessair	0:f269e3021894	7656	#if defined(MBEDTLS_SHA512_C)
elessair	0:f269e3021894	7657	case MBEDTLS_SSL_HASH_SHA384:
elessair	0:f269e3021894	7658	ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
elessair	0:f269e3021894	7659	break;
elessair	0:f269e3021894	7660	#endif
elessair	0:f269e3021894	7661	#if defined(MBEDTLS_SHA256_C)
elessair	0:f269e3021894	7662	case MBEDTLS_SSL_HASH_SHA256:
elessair	0:f269e3021894	7663	ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256;
elessair	0:f269e3021894	7664	break;
elessair	0:f269e3021894	7665	#endif
elessair	0:f269e3021894	7666	default:
elessair	0:f269e3021894	7667	return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
elessair	0:f269e3021894	7668	}
elessair	0:f269e3021894	7669
elessair	0:f269e3021894	7670	return 0;
elessair	0:f269e3021894	7671	#else /* !MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	7672	(void) ssl;
elessair	0:f269e3021894	7673	(void) md;
elessair	0:f269e3021894	7674
elessair	0:f269e3021894	7675	return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
elessair	0:f269e3021894	7676	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
elessair	0:f269e3021894	7677	}
elessair	0:f269e3021894	7678
elessair	0:f269e3021894	7679	#endif /* MBEDTLS_SSL_TLS_C */

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	23 Oct 2016
Imports:	1689
Forks:	1
Commits:	1
Dependents:	3
Dependencies:	0
Followers:	20

features/mbedtls/src/ssl_tls.c@0:f269e3021894, 2016-10-23 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning