Rahul Dahiya
/
STM32F7 Ethernet
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
mbed-os/features/mbedtls/src/ssl_tls.c@0:fb8047b156bb, 2020-01-15 (annotated)
- Committer:
- rahul_dahiya
- Date:
- Wed Jan 15 15:57:15 2020 +0530
- Revision:
- 0:fb8047b156bb
STM32F7 LWIP
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| rahul_dahiya |
0:fb8047b156bb | 1 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2 | * SSLv3/TLSv1 shared functions |
| rahul_dahiya |
0:fb8047b156bb | 3 | * |
| rahul_dahiya |
0:fb8047b156bb | 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
| rahul_dahiya |
0:fb8047b156bb | 5 | * SPDX-License-Identifier: Apache-2.0 |
| rahul_dahiya |
0:fb8047b156bb | 6 | * |
| rahul_dahiya |
0:fb8047b156bb | 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| rahul_dahiya |
0:fb8047b156bb | 8 | * not use this file except in compliance with the License. |
| rahul_dahiya |
0:fb8047b156bb | 9 | * You may obtain a copy of the License at |
| rahul_dahiya |
0:fb8047b156bb | 10 | * |
| rahul_dahiya |
0:fb8047b156bb | 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
| rahul_dahiya |
0:fb8047b156bb | 12 | * |
| rahul_dahiya |
0:fb8047b156bb | 13 | * Unless required by applicable law or agreed to in writing, software |
| rahul_dahiya |
0:fb8047b156bb | 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| rahul_dahiya |
0:fb8047b156bb | 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| rahul_dahiya |
0:fb8047b156bb | 16 | * See the License for the specific language governing permissions and |
| rahul_dahiya |
0:fb8047b156bb | 17 | * limitations under the License. |
| rahul_dahiya |
0:fb8047b156bb | 18 | * |
| rahul_dahiya |
0:fb8047b156bb | 19 | * This file is part of mbed TLS (https://tls.mbed.org) |
| rahul_dahiya |
0:fb8047b156bb | 20 | */ |
| rahul_dahiya |
0:fb8047b156bb | 21 | /* |
| rahul_dahiya |
0:fb8047b156bb | 22 | * The SSL 3.0 specification was drafted by Netscape in 1996, |
| rahul_dahiya |
0:fb8047b156bb | 23 | * and became an IETF standard in 1999. |
| rahul_dahiya |
0:fb8047b156bb | 24 | * |
| rahul_dahiya |
0:fb8047b156bb | 25 | * http://wp.netscape.com/eng/ssl3/ |
| rahul_dahiya |
0:fb8047b156bb | 26 | * http://www.ietf.org/rfc/rfc2246.txt |
| rahul_dahiya |
0:fb8047b156bb | 27 | * http://www.ietf.org/rfc/rfc4346.txt |
| rahul_dahiya |
0:fb8047b156bb | 28 | */ |
| rahul_dahiya |
0:fb8047b156bb | 29 | |
| rahul_dahiya |
0:fb8047b156bb | 30 | #if !defined(MBEDTLS_CONFIG_FILE) |
| rahul_dahiya |
0:fb8047b156bb | 31 | #include "mbedtls/config.h" |
| rahul_dahiya |
0:fb8047b156bb | 32 | #else |
| rahul_dahiya |
0:fb8047b156bb | 33 | #include MBEDTLS_CONFIG_FILE |
| rahul_dahiya |
0:fb8047b156bb | 34 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 35 | |
| rahul_dahiya |
0:fb8047b156bb | 36 | #if defined(MBEDTLS_SSL_TLS_C) |
| rahul_dahiya |
0:fb8047b156bb | 37 | |
| rahul_dahiya |
0:fb8047b156bb | 38 | #if defined(MBEDTLS_PLATFORM_C) |
| rahul_dahiya |
0:fb8047b156bb | 39 | #include "mbedtls/platform.h" |
| rahul_dahiya |
0:fb8047b156bb | 40 | #else |
| rahul_dahiya |
0:fb8047b156bb | 41 | #include <stdlib.h> |
| rahul_dahiya |
0:fb8047b156bb | 42 | #define mbedtls_calloc calloc |
| rahul_dahiya |
0:fb8047b156bb | 43 | #define mbedtls_free free |
| rahul_dahiya |
0:fb8047b156bb | 44 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 45 | |
| rahul_dahiya |
0:fb8047b156bb | 46 | #include "mbedtls/debug.h" |
| rahul_dahiya |
0:fb8047b156bb | 47 | #include "mbedtls/ssl.h" |
| rahul_dahiya |
0:fb8047b156bb | 48 | #include "mbedtls/ssl_internal.h" |
| rahul_dahiya |
0:fb8047b156bb | 49 | |
| rahul_dahiya |
0:fb8047b156bb | 50 | #include <string.h> |
| rahul_dahiya |
0:fb8047b156bb | 51 | |
| rahul_dahiya |
0:fb8047b156bb | 52 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| rahul_dahiya |
0:fb8047b156bb | 53 | #include "mbedtls/oid.h" |
| rahul_dahiya |
0:fb8047b156bb | 54 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 55 | |
| rahul_dahiya |
0:fb8047b156bb | 56 | /* Implementation that should never be optimized out by the compiler */ |
| rahul_dahiya |
0:fb8047b156bb | 57 | static void mbedtls_zeroize( void *v, size_t n ) { |
| rahul_dahiya |
0:fb8047b156bb | 58 | volatile unsigned char *p = v; while( n-- ) *p++ = 0; |
| rahul_dahiya |
0:fb8047b156bb | 59 | } |
| rahul_dahiya |
0:fb8047b156bb | 60 | |
| rahul_dahiya |
0:fb8047b156bb | 61 | /* Length of the "epoch" field in the record header */ |
| rahul_dahiya |
0:fb8047b156bb | 62 | static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 63 | { |
| rahul_dahiya |
0:fb8047b156bb | 64 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 65 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 66 | return( 2 ); |
| rahul_dahiya |
0:fb8047b156bb | 67 | #else |
| rahul_dahiya |
0:fb8047b156bb | 68 | ((void) ssl); |
| rahul_dahiya |
0:fb8047b156bb | 69 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 70 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 71 | } |
| rahul_dahiya |
0:fb8047b156bb | 72 | |
| rahul_dahiya |
0:fb8047b156bb | 73 | /* |
| rahul_dahiya |
0:fb8047b156bb | 74 | * Start a timer. |
| rahul_dahiya |
0:fb8047b156bb | 75 | * Passing millisecs = 0 cancels a running timer. |
| rahul_dahiya |
0:fb8047b156bb | 76 | */ |
| rahul_dahiya |
0:fb8047b156bb | 77 | static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ) |
| rahul_dahiya |
0:fb8047b156bb | 78 | { |
| rahul_dahiya |
0:fb8047b156bb | 79 | if( ssl->f_set_timer == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 80 | return; |
| rahul_dahiya |
0:fb8047b156bb | 81 | |
| rahul_dahiya |
0:fb8047b156bb | 82 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) ); |
| rahul_dahiya |
0:fb8047b156bb | 83 | ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs ); |
| rahul_dahiya |
0:fb8047b156bb | 84 | } |
| rahul_dahiya |
0:fb8047b156bb | 85 | |
| rahul_dahiya |
0:fb8047b156bb | 86 | /* |
| rahul_dahiya |
0:fb8047b156bb | 87 | * Return -1 is timer is expired, 0 if it isn't. |
| rahul_dahiya |
0:fb8047b156bb | 88 | */ |
| rahul_dahiya |
0:fb8047b156bb | 89 | static int ssl_check_timer( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 90 | { |
| rahul_dahiya |
0:fb8047b156bb | 91 | if( ssl->f_get_timer == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 92 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 93 | |
| rahul_dahiya |
0:fb8047b156bb | 94 | if( ssl->f_get_timer( ssl->p_timer ) == 2 ) |
| rahul_dahiya |
0:fb8047b156bb | 95 | { |
| rahul_dahiya |
0:fb8047b156bb | 96 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 97 | return( -1 ); |
| rahul_dahiya |
0:fb8047b156bb | 98 | } |
| rahul_dahiya |
0:fb8047b156bb | 99 | |
| rahul_dahiya |
0:fb8047b156bb | 100 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 101 | } |
| rahul_dahiya |
0:fb8047b156bb | 102 | |
| rahul_dahiya |
0:fb8047b156bb | 103 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 104 | /* |
| rahul_dahiya |
0:fb8047b156bb | 105 | * Double the retransmit timeout value, within the allowed range, |
| rahul_dahiya |
0:fb8047b156bb | 106 | * returning -1 if the maximum value has already been reached. |
| rahul_dahiya |
0:fb8047b156bb | 107 | */ |
| rahul_dahiya |
0:fb8047b156bb | 108 | static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 109 | { |
| rahul_dahiya |
0:fb8047b156bb | 110 | uint32_t new_timeout; |
| rahul_dahiya |
0:fb8047b156bb | 111 | |
| rahul_dahiya |
0:fb8047b156bb | 112 | if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max ) |
| rahul_dahiya |
0:fb8047b156bb | 113 | return( -1 ); |
| rahul_dahiya |
0:fb8047b156bb | 114 | |
| rahul_dahiya |
0:fb8047b156bb | 115 | new_timeout = 2 * ssl->handshake->retransmit_timeout; |
| rahul_dahiya |
0:fb8047b156bb | 116 | |
| rahul_dahiya |
0:fb8047b156bb | 117 | /* Avoid arithmetic overflow and range overflow */ |
| rahul_dahiya |
0:fb8047b156bb | 118 | if( new_timeout < ssl->handshake->retransmit_timeout || |
| rahul_dahiya |
0:fb8047b156bb | 119 | new_timeout > ssl->conf->hs_timeout_max ) |
| rahul_dahiya |
0:fb8047b156bb | 120 | { |
| rahul_dahiya |
0:fb8047b156bb | 121 | new_timeout = ssl->conf->hs_timeout_max; |
| rahul_dahiya |
0:fb8047b156bb | 122 | } |
| rahul_dahiya |
0:fb8047b156bb | 123 | |
| rahul_dahiya |
0:fb8047b156bb | 124 | ssl->handshake->retransmit_timeout = new_timeout; |
| rahul_dahiya |
0:fb8047b156bb | 125 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", |
| rahul_dahiya |
0:fb8047b156bb | 126 | ssl->handshake->retransmit_timeout ) ); |
| rahul_dahiya |
0:fb8047b156bb | 127 | |
| rahul_dahiya |
0:fb8047b156bb | 128 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 129 | } |
| rahul_dahiya |
0:fb8047b156bb | 130 | |
| rahul_dahiya |
0:fb8047b156bb | 131 | static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 132 | { |
| rahul_dahiya |
0:fb8047b156bb | 133 | ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; |
| rahul_dahiya |
0:fb8047b156bb | 134 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", |
| rahul_dahiya |
0:fb8047b156bb | 135 | ssl->handshake->retransmit_timeout ) ); |
| rahul_dahiya |
0:fb8047b156bb | 136 | } |
| rahul_dahiya |
0:fb8047b156bb | 137 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| rahul_dahiya |
0:fb8047b156bb | 138 | |
| rahul_dahiya |
0:fb8047b156bb | 139 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| rahul_dahiya |
0:fb8047b156bb | 140 | /* |
| rahul_dahiya |
0:fb8047b156bb | 141 | * Convert max_fragment_length codes to length. |
| rahul_dahiya |
0:fb8047b156bb | 142 | * RFC 6066 says: |
| rahul_dahiya |
0:fb8047b156bb | 143 | * enum{ |
| rahul_dahiya |
0:fb8047b156bb | 144 | * 2^9(1), 2^10(2), 2^11(3), 2^12(4), (255) |
| rahul_dahiya |
0:fb8047b156bb | 145 | * } MaxFragmentLength; |
| rahul_dahiya |
0:fb8047b156bb | 146 | * and we add 0 -> extension unused |
| rahul_dahiya |
0:fb8047b156bb | 147 | */ |
| rahul_dahiya |
0:fb8047b156bb | 148 | static unsigned int mfl_code_to_length[MBEDTLS_SSL_MAX_FRAG_LEN_INVALID] = |
| rahul_dahiya |
0:fb8047b156bb | 149 | { |
| rahul_dahiya |
0:fb8047b156bb | 150 | MBEDTLS_SSL_MAX_CONTENT_LEN, /* MBEDTLS_SSL_MAX_FRAG_LEN_NONE */ |
| rahul_dahiya |
0:fb8047b156bb | 151 | 512, /* MBEDTLS_SSL_MAX_FRAG_LEN_512 */ |
| rahul_dahiya |
0:fb8047b156bb | 152 | 1024, /* MBEDTLS_SSL_MAX_FRAG_LEN_1024 */ |
| rahul_dahiya |
0:fb8047b156bb | 153 | 2048, /* MBEDTLS_SSL_MAX_FRAG_LEN_2048 */ |
| rahul_dahiya |
0:fb8047b156bb | 154 | 4096, /* MBEDTLS_SSL_MAX_FRAG_LEN_4096 */ |
| rahul_dahiya |
0:fb8047b156bb | 155 | }; |
| rahul_dahiya |
0:fb8047b156bb | 156 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
| rahul_dahiya |
0:fb8047b156bb | 157 | |
| rahul_dahiya |
0:fb8047b156bb | 158 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 159 | static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session *src ) |
| rahul_dahiya |
0:fb8047b156bb | 160 | { |
| rahul_dahiya |
0:fb8047b156bb | 161 | mbedtls_ssl_session_free( dst ); |
| rahul_dahiya |
0:fb8047b156bb | 162 | memcpy( dst, src, sizeof( mbedtls_ssl_session ) ); |
| rahul_dahiya |
0:fb8047b156bb | 163 | |
| rahul_dahiya |
0:fb8047b156bb | 164 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| rahul_dahiya |
0:fb8047b156bb | 165 | if( src->peer_cert != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 166 | { |
| rahul_dahiya |
0:fb8047b156bb | 167 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 168 | |
| rahul_dahiya |
0:fb8047b156bb | 169 | dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) ); |
| rahul_dahiya |
0:fb8047b156bb | 170 | if( dst->peer_cert == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 171 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 172 | |
| rahul_dahiya |
0:fb8047b156bb | 173 | mbedtls_x509_crt_init( dst->peer_cert ); |
| rahul_dahiya |
0:fb8047b156bb | 174 | |
| rahul_dahiya |
0:fb8047b156bb | 175 | if( ( ret = mbedtls_x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p, |
| rahul_dahiya |
0:fb8047b156bb | 176 | src->peer_cert->raw.len ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 177 | { |
| rahul_dahiya |
0:fb8047b156bb | 178 | mbedtls_free( dst->peer_cert ); |
| rahul_dahiya |
0:fb8047b156bb | 179 | dst->peer_cert = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 180 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 181 | } |
| rahul_dahiya |
0:fb8047b156bb | 182 | } |
| rahul_dahiya |
0:fb8047b156bb | 183 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| rahul_dahiya |
0:fb8047b156bb | 184 | |
| rahul_dahiya |
0:fb8047b156bb | 185 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 186 | if( src->ticket != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 187 | { |
| rahul_dahiya |
0:fb8047b156bb | 188 | dst->ticket = mbedtls_calloc( 1, src->ticket_len ); |
| rahul_dahiya |
0:fb8047b156bb | 189 | if( dst->ticket == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 190 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 191 | |
| rahul_dahiya |
0:fb8047b156bb | 192 | memcpy( dst->ticket, src->ticket, src->ticket_len ); |
| rahul_dahiya |
0:fb8047b156bb | 193 | } |
| rahul_dahiya |
0:fb8047b156bb | 194 | #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ |
| rahul_dahiya |
0:fb8047b156bb | 195 | |
| rahul_dahiya |
0:fb8047b156bb | 196 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 197 | } |
| rahul_dahiya |
0:fb8047b156bb | 198 | #endif /* MBEDTLS_SSL_CLI_C */ |
| rahul_dahiya |
0:fb8047b156bb | 199 | |
| rahul_dahiya |
0:fb8047b156bb | 200 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| rahul_dahiya |
0:fb8047b156bb | 201 | int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 202 | const unsigned char *key_enc, const unsigned char *key_dec, |
| rahul_dahiya |
0:fb8047b156bb | 203 | size_t keylen, |
| rahul_dahiya |
0:fb8047b156bb | 204 | const unsigned char *iv_enc, const unsigned char *iv_dec, |
| rahul_dahiya |
0:fb8047b156bb | 205 | size_t ivlen, |
| rahul_dahiya |
0:fb8047b156bb | 206 | const unsigned char *mac_enc, const unsigned char *mac_dec, |
| rahul_dahiya |
0:fb8047b156bb | 207 | size_t maclen ) = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 208 | int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 209 | int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 210 | int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 211 | int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 212 | int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 213 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
| rahul_dahiya |
0:fb8047b156bb | 214 | |
| rahul_dahiya |
0:fb8047b156bb | 215 | /* |
| rahul_dahiya |
0:fb8047b156bb | 216 | * Key material generation |
| rahul_dahiya |
0:fb8047b156bb | 217 | */ |
| rahul_dahiya |
0:fb8047b156bb | 218 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 219 | static int ssl3_prf( const unsigned char *secret, size_t slen, |
| rahul_dahiya |
0:fb8047b156bb | 220 | const char *label, |
| rahul_dahiya |
0:fb8047b156bb | 221 | const unsigned char *random, size_t rlen, |
| rahul_dahiya |
0:fb8047b156bb | 222 | unsigned char *dstbuf, size_t dlen ) |
| rahul_dahiya |
0:fb8047b156bb | 223 | { |
| rahul_dahiya |
0:fb8047b156bb | 224 | size_t i; |
| rahul_dahiya |
0:fb8047b156bb | 225 | mbedtls_md5_context md5; |
| rahul_dahiya |
0:fb8047b156bb | 226 | mbedtls_sha1_context sha1; |
| rahul_dahiya |
0:fb8047b156bb | 227 | unsigned char padding[16]; |
| rahul_dahiya |
0:fb8047b156bb | 228 | unsigned char sha1sum[20]; |
| rahul_dahiya |
0:fb8047b156bb | 229 | ((void)label); |
| rahul_dahiya |
0:fb8047b156bb | 230 | |
| rahul_dahiya |
0:fb8047b156bb | 231 | mbedtls_md5_init( &md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 232 | mbedtls_sha1_init( &sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 233 | |
| rahul_dahiya |
0:fb8047b156bb | 234 | /* |
| rahul_dahiya |
0:fb8047b156bb | 235 | * SSLv3: |
| rahul_dahiya |
0:fb8047b156bb | 236 | * block = |
| rahul_dahiya |
0:fb8047b156bb | 237 | * MD5( secret + SHA1( 'A' + secret + random ) ) + |
| rahul_dahiya |
0:fb8047b156bb | 238 | * MD5( secret + SHA1( 'BB' + secret + random ) ) + |
| rahul_dahiya |
0:fb8047b156bb | 239 | * MD5( secret + SHA1( 'CCC' + secret + random ) ) + |
| rahul_dahiya |
0:fb8047b156bb | 240 | * ... |
| rahul_dahiya |
0:fb8047b156bb | 241 | */ |
| rahul_dahiya |
0:fb8047b156bb | 242 | for( i = 0; i < dlen / 16; i++ ) |
| rahul_dahiya |
0:fb8047b156bb | 243 | { |
| rahul_dahiya |
0:fb8047b156bb | 244 | memset( padding, (unsigned char) ('A' + i), 1 + i ); |
| rahul_dahiya |
0:fb8047b156bb | 245 | |
| rahul_dahiya |
0:fb8047b156bb | 246 | mbedtls_sha1_starts( &sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 247 | mbedtls_sha1_update( &sha1, padding, 1 + i ); |
| rahul_dahiya |
0:fb8047b156bb | 248 | mbedtls_sha1_update( &sha1, secret, slen ); |
| rahul_dahiya |
0:fb8047b156bb | 249 | mbedtls_sha1_update( &sha1, random, rlen ); |
| rahul_dahiya |
0:fb8047b156bb | 250 | mbedtls_sha1_finish( &sha1, sha1sum ); |
| rahul_dahiya |
0:fb8047b156bb | 251 | |
| rahul_dahiya |
0:fb8047b156bb | 252 | mbedtls_md5_starts( &md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 253 | mbedtls_md5_update( &md5, secret, slen ); |
| rahul_dahiya |
0:fb8047b156bb | 254 | mbedtls_md5_update( &md5, sha1sum, 20 ); |
| rahul_dahiya |
0:fb8047b156bb | 255 | mbedtls_md5_finish( &md5, dstbuf + i * 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 256 | } |
| rahul_dahiya |
0:fb8047b156bb | 257 | |
| rahul_dahiya |
0:fb8047b156bb | 258 | mbedtls_md5_free( &md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 259 | mbedtls_sha1_free( &sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 260 | |
| rahul_dahiya |
0:fb8047b156bb | 261 | mbedtls_zeroize( padding, sizeof( padding ) ); |
| rahul_dahiya |
0:fb8047b156bb | 262 | mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); |
| rahul_dahiya |
0:fb8047b156bb | 263 | |
| rahul_dahiya |
0:fb8047b156bb | 264 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 265 | } |
| rahul_dahiya |
0:fb8047b156bb | 266 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| rahul_dahiya |
0:fb8047b156bb | 267 | |
| rahul_dahiya |
0:fb8047b156bb | 268 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 269 | static int tls1_prf( const unsigned char *secret, size_t slen, |
| rahul_dahiya |
0:fb8047b156bb | 270 | const char *label, |
| rahul_dahiya |
0:fb8047b156bb | 271 | const unsigned char *random, size_t rlen, |
| rahul_dahiya |
0:fb8047b156bb | 272 | unsigned char *dstbuf, size_t dlen ) |
| rahul_dahiya |
0:fb8047b156bb | 273 | { |
| rahul_dahiya |
0:fb8047b156bb | 274 | size_t nb, hs; |
| rahul_dahiya |
0:fb8047b156bb | 275 | size_t i, j, k; |
| rahul_dahiya |
0:fb8047b156bb | 276 | const unsigned char *S1, *S2; |
| rahul_dahiya |
0:fb8047b156bb | 277 | unsigned char tmp[128]; |
| rahul_dahiya |
0:fb8047b156bb | 278 | unsigned char h_i[20]; |
| rahul_dahiya |
0:fb8047b156bb | 279 | const mbedtls_md_info_t *md_info; |
| rahul_dahiya |
0:fb8047b156bb | 280 | mbedtls_md_context_t md_ctx; |
| rahul_dahiya |
0:fb8047b156bb | 281 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 282 | |
| rahul_dahiya |
0:fb8047b156bb | 283 | mbedtls_md_init( &md_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 284 | |
| rahul_dahiya |
0:fb8047b156bb | 285 | if( sizeof( tmp ) < 20 + strlen( label ) + rlen ) |
| rahul_dahiya |
0:fb8047b156bb | 286 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 287 | |
| rahul_dahiya |
0:fb8047b156bb | 288 | hs = ( slen + 1 ) / 2; |
| rahul_dahiya |
0:fb8047b156bb | 289 | S1 = secret; |
| rahul_dahiya |
0:fb8047b156bb | 290 | S2 = secret + slen - hs; |
| rahul_dahiya |
0:fb8047b156bb | 291 | |
| rahul_dahiya |
0:fb8047b156bb | 292 | nb = strlen( label ); |
| rahul_dahiya |
0:fb8047b156bb | 293 | memcpy( tmp + 20, label, nb ); |
| rahul_dahiya |
0:fb8047b156bb | 294 | memcpy( tmp + 20 + nb, random, rlen ); |
| rahul_dahiya |
0:fb8047b156bb | 295 | nb += rlen; |
| rahul_dahiya |
0:fb8047b156bb | 296 | |
| rahul_dahiya |
0:fb8047b156bb | 297 | /* |
| rahul_dahiya |
0:fb8047b156bb | 298 | * First compute P_md5(secret,label+random)[0..dlen] |
| rahul_dahiya |
0:fb8047b156bb | 299 | */ |
| rahul_dahiya |
0:fb8047b156bb | 300 | if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 301 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 302 | |
| rahul_dahiya |
0:fb8047b156bb | 303 | if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 304 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 305 | |
| rahul_dahiya |
0:fb8047b156bb | 306 | mbedtls_md_hmac_starts( &md_ctx, S1, hs ); |
| rahul_dahiya |
0:fb8047b156bb | 307 | mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); |
| rahul_dahiya |
0:fb8047b156bb | 308 | mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); |
| rahul_dahiya |
0:fb8047b156bb | 309 | |
| rahul_dahiya |
0:fb8047b156bb | 310 | for( i = 0; i < dlen; i += 16 ) |
| rahul_dahiya |
0:fb8047b156bb | 311 | { |
| rahul_dahiya |
0:fb8047b156bb | 312 | mbedtls_md_hmac_reset ( &md_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 313 | mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb ); |
| rahul_dahiya |
0:fb8047b156bb | 314 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
| rahul_dahiya |
0:fb8047b156bb | 315 | |
| rahul_dahiya |
0:fb8047b156bb | 316 | mbedtls_md_hmac_reset ( &md_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 317 | mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 318 | mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); |
| rahul_dahiya |
0:fb8047b156bb | 319 | |
| rahul_dahiya |
0:fb8047b156bb | 320 | k = ( i + 16 > dlen ) ? dlen % 16 : 16; |
| rahul_dahiya |
0:fb8047b156bb | 321 | |
| rahul_dahiya |
0:fb8047b156bb | 322 | for( j = 0; j < k; j++ ) |
| rahul_dahiya |
0:fb8047b156bb | 323 | dstbuf[i + j] = h_i[j]; |
| rahul_dahiya |
0:fb8047b156bb | 324 | } |
| rahul_dahiya |
0:fb8047b156bb | 325 | |
| rahul_dahiya |
0:fb8047b156bb | 326 | mbedtls_md_free( &md_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 327 | |
| rahul_dahiya |
0:fb8047b156bb | 328 | /* |
| rahul_dahiya |
0:fb8047b156bb | 329 | * XOR out with P_sha1(secret,label+random)[0..dlen] |
| rahul_dahiya |
0:fb8047b156bb | 330 | */ |
| rahul_dahiya |
0:fb8047b156bb | 331 | if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 332 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 333 | |
| rahul_dahiya |
0:fb8047b156bb | 334 | if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 335 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 336 | |
| rahul_dahiya |
0:fb8047b156bb | 337 | mbedtls_md_hmac_starts( &md_ctx, S2, hs ); |
| rahul_dahiya |
0:fb8047b156bb | 338 | mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); |
| rahul_dahiya |
0:fb8047b156bb | 339 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
| rahul_dahiya |
0:fb8047b156bb | 340 | |
| rahul_dahiya |
0:fb8047b156bb | 341 | for( i = 0; i < dlen; i += 20 ) |
| rahul_dahiya |
0:fb8047b156bb | 342 | { |
| rahul_dahiya |
0:fb8047b156bb | 343 | mbedtls_md_hmac_reset ( &md_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 344 | mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb ); |
| rahul_dahiya |
0:fb8047b156bb | 345 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
| rahul_dahiya |
0:fb8047b156bb | 346 | |
| rahul_dahiya |
0:fb8047b156bb | 347 | mbedtls_md_hmac_reset ( &md_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 348 | mbedtls_md_hmac_update( &md_ctx, tmp, 20 ); |
| rahul_dahiya |
0:fb8047b156bb | 349 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
| rahul_dahiya |
0:fb8047b156bb | 350 | |
| rahul_dahiya |
0:fb8047b156bb | 351 | k = ( i + 20 > dlen ) ? dlen % 20 : 20; |
| rahul_dahiya |
0:fb8047b156bb | 352 | |
| rahul_dahiya |
0:fb8047b156bb | 353 | for( j = 0; j < k; j++ ) |
| rahul_dahiya |
0:fb8047b156bb | 354 | dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] ); |
| rahul_dahiya |
0:fb8047b156bb | 355 | } |
| rahul_dahiya |
0:fb8047b156bb | 356 | |
| rahul_dahiya |
0:fb8047b156bb | 357 | mbedtls_md_free( &md_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 358 | |
| rahul_dahiya |
0:fb8047b156bb | 359 | mbedtls_zeroize( tmp, sizeof( tmp ) ); |
| rahul_dahiya |
0:fb8047b156bb | 360 | mbedtls_zeroize( h_i, sizeof( h_i ) ); |
| rahul_dahiya |
0:fb8047b156bb | 361 | |
| rahul_dahiya |
0:fb8047b156bb | 362 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 363 | } |
| rahul_dahiya |
0:fb8047b156bb | 364 | #endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */ |
| rahul_dahiya |
0:fb8047b156bb | 365 | |
| rahul_dahiya |
0:fb8047b156bb | 366 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 367 | static int tls_prf_generic( mbedtls_md_type_t md_type, |
| rahul_dahiya |
0:fb8047b156bb | 368 | const unsigned char *secret, size_t slen, |
| rahul_dahiya |
0:fb8047b156bb | 369 | const char *label, |
| rahul_dahiya |
0:fb8047b156bb | 370 | const unsigned char *random, size_t rlen, |
| rahul_dahiya |
0:fb8047b156bb | 371 | unsigned char *dstbuf, size_t dlen ) |
| rahul_dahiya |
0:fb8047b156bb | 372 | { |
| rahul_dahiya |
0:fb8047b156bb | 373 | size_t nb; |
| rahul_dahiya |
0:fb8047b156bb | 374 | size_t i, j, k, md_len; |
| rahul_dahiya |
0:fb8047b156bb | 375 | unsigned char tmp[128]; |
| rahul_dahiya |
0:fb8047b156bb | 376 | unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; |
| rahul_dahiya |
0:fb8047b156bb | 377 | const mbedtls_md_info_t *md_info; |
| rahul_dahiya |
0:fb8047b156bb | 378 | mbedtls_md_context_t md_ctx; |
| rahul_dahiya |
0:fb8047b156bb | 379 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 380 | |
| rahul_dahiya |
0:fb8047b156bb | 381 | mbedtls_md_init( &md_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 382 | |
| rahul_dahiya |
0:fb8047b156bb | 383 | if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 384 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 385 | |
| rahul_dahiya |
0:fb8047b156bb | 386 | md_len = mbedtls_md_get_size( md_info ); |
| rahul_dahiya |
0:fb8047b156bb | 387 | |
| rahul_dahiya |
0:fb8047b156bb | 388 | if( sizeof( tmp ) < md_len + strlen( label ) + rlen ) |
| rahul_dahiya |
0:fb8047b156bb | 389 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 390 | |
| rahul_dahiya |
0:fb8047b156bb | 391 | nb = strlen( label ); |
| rahul_dahiya |
0:fb8047b156bb | 392 | memcpy( tmp + md_len, label, nb ); |
| rahul_dahiya |
0:fb8047b156bb | 393 | memcpy( tmp + md_len + nb, random, rlen ); |
| rahul_dahiya |
0:fb8047b156bb | 394 | nb += rlen; |
| rahul_dahiya |
0:fb8047b156bb | 395 | |
| rahul_dahiya |
0:fb8047b156bb | 396 | /* |
| rahul_dahiya |
0:fb8047b156bb | 397 | * Compute P_<hash>(secret, label + random)[0..dlen] |
| rahul_dahiya |
0:fb8047b156bb | 398 | */ |
| rahul_dahiya |
0:fb8047b156bb | 399 | if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 400 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 401 | |
| rahul_dahiya |
0:fb8047b156bb | 402 | mbedtls_md_hmac_starts( &md_ctx, secret, slen ); |
| rahul_dahiya |
0:fb8047b156bb | 403 | mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb ); |
| rahul_dahiya |
0:fb8047b156bb | 404 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
| rahul_dahiya |
0:fb8047b156bb | 405 | |
| rahul_dahiya |
0:fb8047b156bb | 406 | for( i = 0; i < dlen; i += md_len ) |
| rahul_dahiya |
0:fb8047b156bb | 407 | { |
| rahul_dahiya |
0:fb8047b156bb | 408 | mbedtls_md_hmac_reset ( &md_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 409 | mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb ); |
| rahul_dahiya |
0:fb8047b156bb | 410 | mbedtls_md_hmac_finish( &md_ctx, h_i ); |
| rahul_dahiya |
0:fb8047b156bb | 411 | |
| rahul_dahiya |
0:fb8047b156bb | 412 | mbedtls_md_hmac_reset ( &md_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 413 | mbedtls_md_hmac_update( &md_ctx, tmp, md_len ); |
| rahul_dahiya |
0:fb8047b156bb | 414 | mbedtls_md_hmac_finish( &md_ctx, tmp ); |
| rahul_dahiya |
0:fb8047b156bb | 415 | |
| rahul_dahiya |
0:fb8047b156bb | 416 | k = ( i + md_len > dlen ) ? dlen % md_len : md_len; |
| rahul_dahiya |
0:fb8047b156bb | 417 | |
| rahul_dahiya |
0:fb8047b156bb | 418 | for( j = 0; j < k; j++ ) |
| rahul_dahiya |
0:fb8047b156bb | 419 | dstbuf[i + j] = h_i[j]; |
| rahul_dahiya |
0:fb8047b156bb | 420 | } |
| rahul_dahiya |
0:fb8047b156bb | 421 | |
| rahul_dahiya |
0:fb8047b156bb | 422 | mbedtls_md_free( &md_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 423 | |
| rahul_dahiya |
0:fb8047b156bb | 424 | mbedtls_zeroize( tmp, sizeof( tmp ) ); |
| rahul_dahiya |
0:fb8047b156bb | 425 | mbedtls_zeroize( h_i, sizeof( h_i ) ); |
| rahul_dahiya |
0:fb8047b156bb | 426 | |
| rahul_dahiya |
0:fb8047b156bb | 427 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 428 | } |
| rahul_dahiya |
0:fb8047b156bb | 429 | |
| rahul_dahiya |
0:fb8047b156bb | 430 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 431 | static int tls_prf_sha256( const unsigned char *secret, size_t slen, |
| rahul_dahiya |
0:fb8047b156bb | 432 | const char *label, |
| rahul_dahiya |
0:fb8047b156bb | 433 | const unsigned char *random, size_t rlen, |
| rahul_dahiya |
0:fb8047b156bb | 434 | unsigned char *dstbuf, size_t dlen ) |
| rahul_dahiya |
0:fb8047b156bb | 435 | { |
| rahul_dahiya |
0:fb8047b156bb | 436 | return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen, |
| rahul_dahiya |
0:fb8047b156bb | 437 | label, random, rlen, dstbuf, dlen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 438 | } |
| rahul_dahiya |
0:fb8047b156bb | 439 | #endif /* MBEDTLS_SHA256_C */ |
| rahul_dahiya |
0:fb8047b156bb | 440 | |
| rahul_dahiya |
0:fb8047b156bb | 441 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 442 | static int tls_prf_sha384( const unsigned char *secret, size_t slen, |
| rahul_dahiya |
0:fb8047b156bb | 443 | const char *label, |
| rahul_dahiya |
0:fb8047b156bb | 444 | const unsigned char *random, size_t rlen, |
| rahul_dahiya |
0:fb8047b156bb | 445 | unsigned char *dstbuf, size_t dlen ) |
| rahul_dahiya |
0:fb8047b156bb | 446 | { |
| rahul_dahiya |
0:fb8047b156bb | 447 | return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen, |
| rahul_dahiya |
0:fb8047b156bb | 448 | label, random, rlen, dstbuf, dlen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 449 | } |
| rahul_dahiya |
0:fb8047b156bb | 450 | #endif /* MBEDTLS_SHA512_C */ |
| rahul_dahiya |
0:fb8047b156bb | 451 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 452 | |
| rahul_dahiya |
0:fb8047b156bb | 453 | static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); |
| rahul_dahiya |
0:fb8047b156bb | 454 | |
| rahul_dahiya |
0:fb8047b156bb | 455 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 456 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 457 | static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t ); |
| rahul_dahiya |
0:fb8047b156bb | 458 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 459 | |
| rahul_dahiya |
0:fb8047b156bb | 460 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 461 | static void ssl_calc_verify_ssl( mbedtls_ssl_context *, unsigned char * ); |
| rahul_dahiya |
0:fb8047b156bb | 462 | static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int ); |
| rahul_dahiya |
0:fb8047b156bb | 463 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 464 | |
| rahul_dahiya |
0:fb8047b156bb | 465 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 466 | static void ssl_calc_verify_tls( mbedtls_ssl_context *, unsigned char * ); |
| rahul_dahiya |
0:fb8047b156bb | 467 | static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int ); |
| rahul_dahiya |
0:fb8047b156bb | 468 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 469 | |
| rahul_dahiya |
0:fb8047b156bb | 470 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 471 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 472 | static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); |
| rahul_dahiya |
0:fb8047b156bb | 473 | static void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *,unsigned char * ); |
| rahul_dahiya |
0:fb8047b156bb | 474 | static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); |
| rahul_dahiya |
0:fb8047b156bb | 475 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 476 | |
| rahul_dahiya |
0:fb8047b156bb | 477 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 478 | static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); |
| rahul_dahiya |
0:fb8047b156bb | 479 | static void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *, unsigned char * ); |
| rahul_dahiya |
0:fb8047b156bb | 480 | static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); |
| rahul_dahiya |
0:fb8047b156bb | 481 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 482 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 483 | |
| rahul_dahiya |
0:fb8047b156bb | 484 | int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 485 | { |
| rahul_dahiya |
0:fb8047b156bb | 486 | int ret = 0; |
| rahul_dahiya |
0:fb8047b156bb | 487 | unsigned char tmp[64]; |
| rahul_dahiya |
0:fb8047b156bb | 488 | unsigned char keyblk[256]; |
| rahul_dahiya |
0:fb8047b156bb | 489 | unsigned char *key1; |
| rahul_dahiya |
0:fb8047b156bb | 490 | unsigned char *key2; |
| rahul_dahiya |
0:fb8047b156bb | 491 | unsigned char *mac_enc; |
| rahul_dahiya |
0:fb8047b156bb | 492 | unsigned char *mac_dec; |
| rahul_dahiya |
0:fb8047b156bb | 493 | size_t iv_copy_len; |
| rahul_dahiya |
0:fb8047b156bb | 494 | const mbedtls_cipher_info_t *cipher_info; |
| rahul_dahiya |
0:fb8047b156bb | 495 | const mbedtls_md_info_t *md_info; |
| rahul_dahiya |
0:fb8047b156bb | 496 | |
| rahul_dahiya |
0:fb8047b156bb | 497 | mbedtls_ssl_session *session = ssl->session_negotiate; |
| rahul_dahiya |
0:fb8047b156bb | 498 | mbedtls_ssl_transform *transform = ssl->transform_negotiate; |
| rahul_dahiya |
0:fb8047b156bb | 499 | mbedtls_ssl_handshake_params *handshake = ssl->handshake; |
| rahul_dahiya |
0:fb8047b156bb | 500 | |
| rahul_dahiya |
0:fb8047b156bb | 501 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 502 | |
| rahul_dahiya |
0:fb8047b156bb | 503 | cipher_info = mbedtls_cipher_info_from_type( transform->ciphersuite_info->cipher ); |
| rahul_dahiya |
0:fb8047b156bb | 504 | if( cipher_info == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 505 | { |
| rahul_dahiya |
0:fb8047b156bb | 506 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found", |
| rahul_dahiya |
0:fb8047b156bb | 507 | transform->ciphersuite_info->cipher ) ); |
| rahul_dahiya |
0:fb8047b156bb | 508 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 509 | } |
| rahul_dahiya |
0:fb8047b156bb | 510 | |
| rahul_dahiya |
0:fb8047b156bb | 511 | md_info = mbedtls_md_info_from_type( transform->ciphersuite_info->mac ); |
| rahul_dahiya |
0:fb8047b156bb | 512 | if( md_info == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 513 | { |
| rahul_dahiya |
0:fb8047b156bb | 514 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found", |
| rahul_dahiya |
0:fb8047b156bb | 515 | transform->ciphersuite_info->mac ) ); |
| rahul_dahiya |
0:fb8047b156bb | 516 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 517 | } |
| rahul_dahiya |
0:fb8047b156bb | 518 | |
| rahul_dahiya |
0:fb8047b156bb | 519 | /* |
| rahul_dahiya |
0:fb8047b156bb | 520 | * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions |
| rahul_dahiya |
0:fb8047b156bb | 521 | */ |
| rahul_dahiya |
0:fb8047b156bb | 522 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 523 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 524 | { |
| rahul_dahiya |
0:fb8047b156bb | 525 | handshake->tls_prf = ssl3_prf; |
| rahul_dahiya |
0:fb8047b156bb | 526 | handshake->calc_verify = ssl_calc_verify_ssl; |
| rahul_dahiya |
0:fb8047b156bb | 527 | handshake->calc_finished = ssl_calc_finished_ssl; |
| rahul_dahiya |
0:fb8047b156bb | 528 | } |
| rahul_dahiya |
0:fb8047b156bb | 529 | else |
| rahul_dahiya |
0:fb8047b156bb | 530 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 531 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 532 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 533 | { |
| rahul_dahiya |
0:fb8047b156bb | 534 | handshake->tls_prf = tls1_prf; |
| rahul_dahiya |
0:fb8047b156bb | 535 | handshake->calc_verify = ssl_calc_verify_tls; |
| rahul_dahiya |
0:fb8047b156bb | 536 | handshake->calc_finished = ssl_calc_finished_tls; |
| rahul_dahiya |
0:fb8047b156bb | 537 | } |
| rahul_dahiya |
0:fb8047b156bb | 538 | else |
| rahul_dahiya |
0:fb8047b156bb | 539 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 540 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 541 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 542 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && |
| rahul_dahiya |
0:fb8047b156bb | 543 | transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) |
| rahul_dahiya |
0:fb8047b156bb | 544 | { |
| rahul_dahiya |
0:fb8047b156bb | 545 | handshake->tls_prf = tls_prf_sha384; |
| rahul_dahiya |
0:fb8047b156bb | 546 | handshake->calc_verify = ssl_calc_verify_tls_sha384; |
| rahul_dahiya |
0:fb8047b156bb | 547 | handshake->calc_finished = ssl_calc_finished_tls_sha384; |
| rahul_dahiya |
0:fb8047b156bb | 548 | } |
| rahul_dahiya |
0:fb8047b156bb | 549 | else |
| rahul_dahiya |
0:fb8047b156bb | 550 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 551 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 552 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 553 | { |
| rahul_dahiya |
0:fb8047b156bb | 554 | handshake->tls_prf = tls_prf_sha256; |
| rahul_dahiya |
0:fb8047b156bb | 555 | handshake->calc_verify = ssl_calc_verify_tls_sha256; |
| rahul_dahiya |
0:fb8047b156bb | 556 | handshake->calc_finished = ssl_calc_finished_tls_sha256; |
| rahul_dahiya |
0:fb8047b156bb | 557 | } |
| rahul_dahiya |
0:fb8047b156bb | 558 | else |
| rahul_dahiya |
0:fb8047b156bb | 559 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 560 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 561 | { |
| rahul_dahiya |
0:fb8047b156bb | 562 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 563 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 564 | } |
| rahul_dahiya |
0:fb8047b156bb | 565 | |
| rahul_dahiya |
0:fb8047b156bb | 566 | /* |
| rahul_dahiya |
0:fb8047b156bb | 567 | * SSLv3: |
| rahul_dahiya |
0:fb8047b156bb | 568 | * master = |
| rahul_dahiya |
0:fb8047b156bb | 569 | * MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) + |
| rahul_dahiya |
0:fb8047b156bb | 570 | * MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) + |
| rahul_dahiya |
0:fb8047b156bb | 571 | * MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) ) |
| rahul_dahiya |
0:fb8047b156bb | 572 | * |
| rahul_dahiya |
0:fb8047b156bb | 573 | * TLSv1+: |
| rahul_dahiya |
0:fb8047b156bb | 574 | * master = PRF( premaster, "master secret", randbytes )[0..47] |
| rahul_dahiya |
0:fb8047b156bb | 575 | */ |
| rahul_dahiya |
0:fb8047b156bb | 576 | if( handshake->resume == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 577 | { |
| rahul_dahiya |
0:fb8047b156bb | 578 | MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster, |
| rahul_dahiya |
0:fb8047b156bb | 579 | handshake->pmslen ); |
| rahul_dahiya |
0:fb8047b156bb | 580 | |
| rahul_dahiya |
0:fb8047b156bb | 581 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
| rahul_dahiya |
0:fb8047b156bb | 582 | if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) |
| rahul_dahiya |
0:fb8047b156bb | 583 | { |
| rahul_dahiya |
0:fb8047b156bb | 584 | unsigned char session_hash[48]; |
| rahul_dahiya |
0:fb8047b156bb | 585 | size_t hash_len; |
| rahul_dahiya |
0:fb8047b156bb | 586 | |
| rahul_dahiya |
0:fb8047b156bb | 587 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using extended master secret" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 588 | |
| rahul_dahiya |
0:fb8047b156bb | 589 | ssl->handshake->calc_verify( ssl, session_hash ); |
| rahul_dahiya |
0:fb8047b156bb | 590 | |
| rahul_dahiya |
0:fb8047b156bb | 591 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 592 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 593 | { |
| rahul_dahiya |
0:fb8047b156bb | 594 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 595 | if( ssl->transform_negotiate->ciphersuite_info->mac == |
| rahul_dahiya |
0:fb8047b156bb | 596 | MBEDTLS_MD_SHA384 ) |
| rahul_dahiya |
0:fb8047b156bb | 597 | { |
| rahul_dahiya |
0:fb8047b156bb | 598 | hash_len = 48; |
| rahul_dahiya |
0:fb8047b156bb | 599 | } |
| rahul_dahiya |
0:fb8047b156bb | 600 | else |
| rahul_dahiya |
0:fb8047b156bb | 601 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 602 | hash_len = 32; |
| rahul_dahiya |
0:fb8047b156bb | 603 | } |
| rahul_dahiya |
0:fb8047b156bb | 604 | else |
| rahul_dahiya |
0:fb8047b156bb | 605 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 606 | hash_len = 36; |
| rahul_dahiya |
0:fb8047b156bb | 607 | |
| rahul_dahiya |
0:fb8047b156bb | 608 | MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len ); |
| rahul_dahiya |
0:fb8047b156bb | 609 | |
| rahul_dahiya |
0:fb8047b156bb | 610 | ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, |
| rahul_dahiya |
0:fb8047b156bb | 611 | "extended master secret", |
| rahul_dahiya |
0:fb8047b156bb | 612 | session_hash, hash_len, |
| rahul_dahiya |
0:fb8047b156bb | 613 | session->master, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 614 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 615 | { |
| rahul_dahiya |
0:fb8047b156bb | 616 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 617 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 618 | } |
| rahul_dahiya |
0:fb8047b156bb | 619 | |
| rahul_dahiya |
0:fb8047b156bb | 620 | } |
| rahul_dahiya |
0:fb8047b156bb | 621 | else |
| rahul_dahiya |
0:fb8047b156bb | 622 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 623 | ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, |
| rahul_dahiya |
0:fb8047b156bb | 624 | "master secret", |
| rahul_dahiya |
0:fb8047b156bb | 625 | handshake->randbytes, 64, |
| rahul_dahiya |
0:fb8047b156bb | 626 | session->master, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 627 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 628 | { |
| rahul_dahiya |
0:fb8047b156bb | 629 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 630 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 631 | } |
| rahul_dahiya |
0:fb8047b156bb | 632 | |
| rahul_dahiya |
0:fb8047b156bb | 633 | mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) ); |
| rahul_dahiya |
0:fb8047b156bb | 634 | } |
| rahul_dahiya |
0:fb8047b156bb | 635 | else |
| rahul_dahiya |
0:fb8047b156bb | 636 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 637 | |
| rahul_dahiya |
0:fb8047b156bb | 638 | /* |
| rahul_dahiya |
0:fb8047b156bb | 639 | * Swap the client and server random values. |
| rahul_dahiya |
0:fb8047b156bb | 640 | */ |
| rahul_dahiya |
0:fb8047b156bb | 641 | memcpy( tmp, handshake->randbytes, 64 ); |
| rahul_dahiya |
0:fb8047b156bb | 642 | memcpy( handshake->randbytes, tmp + 32, 32 ); |
| rahul_dahiya |
0:fb8047b156bb | 643 | memcpy( handshake->randbytes + 32, tmp, 32 ); |
| rahul_dahiya |
0:fb8047b156bb | 644 | mbedtls_zeroize( tmp, sizeof( tmp ) ); |
| rahul_dahiya |
0:fb8047b156bb | 645 | |
| rahul_dahiya |
0:fb8047b156bb | 646 | /* |
| rahul_dahiya |
0:fb8047b156bb | 647 | * SSLv3: |
| rahul_dahiya |
0:fb8047b156bb | 648 | * key block = |
| rahul_dahiya |
0:fb8047b156bb | 649 | * MD5( master + SHA1( 'A' + master + randbytes ) ) + |
| rahul_dahiya |
0:fb8047b156bb | 650 | * MD5( master + SHA1( 'BB' + master + randbytes ) ) + |
| rahul_dahiya |
0:fb8047b156bb | 651 | * MD5( master + SHA1( 'CCC' + master + randbytes ) ) + |
| rahul_dahiya |
0:fb8047b156bb | 652 | * MD5( master + SHA1( 'DDDD' + master + randbytes ) ) + |
| rahul_dahiya |
0:fb8047b156bb | 653 | * ... |
| rahul_dahiya |
0:fb8047b156bb | 654 | * |
| rahul_dahiya |
0:fb8047b156bb | 655 | * TLSv1: |
| rahul_dahiya |
0:fb8047b156bb | 656 | * key block = PRF( master, "key expansion", randbytes ) |
| rahul_dahiya |
0:fb8047b156bb | 657 | */ |
| rahul_dahiya |
0:fb8047b156bb | 658 | ret = handshake->tls_prf( session->master, 48, "key expansion", |
| rahul_dahiya |
0:fb8047b156bb | 659 | handshake->randbytes, 64, keyblk, 256 ); |
| rahul_dahiya |
0:fb8047b156bb | 660 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 661 | { |
| rahul_dahiya |
0:fb8047b156bb | 662 | MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 663 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 664 | } |
| rahul_dahiya |
0:fb8047b156bb | 665 | |
| rahul_dahiya |
0:fb8047b156bb | 666 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", |
| rahul_dahiya |
0:fb8047b156bb | 667 | mbedtls_ssl_get_ciphersuite_name( session->ciphersuite ) ) ); |
| rahul_dahiya |
0:fb8047b156bb | 668 | MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", session->master, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 669 | MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 ); |
| rahul_dahiya |
0:fb8047b156bb | 670 | MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); |
| rahul_dahiya |
0:fb8047b156bb | 671 | |
| rahul_dahiya |
0:fb8047b156bb | 672 | mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) ); |
| rahul_dahiya |
0:fb8047b156bb | 673 | |
| rahul_dahiya |
0:fb8047b156bb | 674 | /* |
| rahul_dahiya |
0:fb8047b156bb | 675 | * Determine the appropriate key, IV and MAC length. |
| rahul_dahiya |
0:fb8047b156bb | 676 | */ |
| rahul_dahiya |
0:fb8047b156bb | 677 | |
| rahul_dahiya |
0:fb8047b156bb | 678 | transform->keylen = cipher_info->key_bitlen / 8; |
| rahul_dahiya |
0:fb8047b156bb | 679 | |
| rahul_dahiya |
0:fb8047b156bb | 680 | if( cipher_info->mode == MBEDTLS_MODE_GCM || |
| rahul_dahiya |
0:fb8047b156bb | 681 | cipher_info->mode == MBEDTLS_MODE_CCM ) |
| rahul_dahiya |
0:fb8047b156bb | 682 | { |
| rahul_dahiya |
0:fb8047b156bb | 683 | transform->maclen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 684 | |
| rahul_dahiya |
0:fb8047b156bb | 685 | transform->ivlen = 12; |
| rahul_dahiya |
0:fb8047b156bb | 686 | transform->fixed_ivlen = 4; |
| rahul_dahiya |
0:fb8047b156bb | 687 | |
| rahul_dahiya |
0:fb8047b156bb | 688 | /* Minimum length is expicit IV + tag */ |
| rahul_dahiya |
0:fb8047b156bb | 689 | transform->minlen = transform->ivlen - transform->fixed_ivlen |
| rahul_dahiya |
0:fb8047b156bb | 690 | + ( transform->ciphersuite_info->flags & |
| rahul_dahiya |
0:fb8047b156bb | 691 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 692 | } |
| rahul_dahiya |
0:fb8047b156bb | 693 | else |
| rahul_dahiya |
0:fb8047b156bb | 694 | { |
| rahul_dahiya |
0:fb8047b156bb | 695 | /* Initialize HMAC contexts */ |
| rahul_dahiya |
0:fb8047b156bb | 696 | if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 || |
| rahul_dahiya |
0:fb8047b156bb | 697 | ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 698 | { |
| rahul_dahiya |
0:fb8047b156bb | 699 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 700 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 701 | } |
| rahul_dahiya |
0:fb8047b156bb | 702 | |
| rahul_dahiya |
0:fb8047b156bb | 703 | /* Get MAC length */ |
| rahul_dahiya |
0:fb8047b156bb | 704 | transform->maclen = mbedtls_md_get_size( md_info ); |
| rahul_dahiya |
0:fb8047b156bb | 705 | |
| rahul_dahiya |
0:fb8047b156bb | 706 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
| rahul_dahiya |
0:fb8047b156bb | 707 | /* |
| rahul_dahiya |
0:fb8047b156bb | 708 | * If HMAC is to be truncated, we shall keep the leftmost bytes, |
| rahul_dahiya |
0:fb8047b156bb | 709 | * (rfc 6066 page 13 or rfc 2104 section 4), |
| rahul_dahiya |
0:fb8047b156bb | 710 | * so we only need to adjust the length here. |
| rahul_dahiya |
0:fb8047b156bb | 711 | */ |
| rahul_dahiya |
0:fb8047b156bb | 712 | if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) |
| rahul_dahiya |
0:fb8047b156bb | 713 | transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 714 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
| rahul_dahiya |
0:fb8047b156bb | 715 | |
| rahul_dahiya |
0:fb8047b156bb | 716 | /* IV length */ |
| rahul_dahiya |
0:fb8047b156bb | 717 | transform->ivlen = cipher_info->iv_size; |
| rahul_dahiya |
0:fb8047b156bb | 718 | |
| rahul_dahiya |
0:fb8047b156bb | 719 | /* Minimum length */ |
| rahul_dahiya |
0:fb8047b156bb | 720 | if( cipher_info->mode == MBEDTLS_MODE_STREAM ) |
| rahul_dahiya |
0:fb8047b156bb | 721 | transform->minlen = transform->maclen; |
| rahul_dahiya |
0:fb8047b156bb | 722 | else |
| rahul_dahiya |
0:fb8047b156bb | 723 | { |
| rahul_dahiya |
0:fb8047b156bb | 724 | /* |
| rahul_dahiya |
0:fb8047b156bb | 725 | * GenericBlockCipher: |
| rahul_dahiya |
0:fb8047b156bb | 726 | * 1. if EtM is in use: one block plus MAC |
| rahul_dahiya |
0:fb8047b156bb | 727 | * otherwise: * first multiple of blocklen greater than maclen |
| rahul_dahiya |
0:fb8047b156bb | 728 | * 2. IV except for SSL3 and TLS 1.0 |
| rahul_dahiya |
0:fb8047b156bb | 729 | */ |
| rahul_dahiya |
0:fb8047b156bb | 730 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 731 | if( session->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) |
| rahul_dahiya |
0:fb8047b156bb | 732 | { |
| rahul_dahiya |
0:fb8047b156bb | 733 | transform->minlen = transform->maclen |
| rahul_dahiya |
0:fb8047b156bb | 734 | + cipher_info->block_size; |
| rahul_dahiya |
0:fb8047b156bb | 735 | } |
| rahul_dahiya |
0:fb8047b156bb | 736 | else |
| rahul_dahiya |
0:fb8047b156bb | 737 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 738 | { |
| rahul_dahiya |
0:fb8047b156bb | 739 | transform->minlen = transform->maclen |
| rahul_dahiya |
0:fb8047b156bb | 740 | + cipher_info->block_size |
| rahul_dahiya |
0:fb8047b156bb | 741 | - transform->maclen % cipher_info->block_size; |
| rahul_dahiya |
0:fb8047b156bb | 742 | } |
| rahul_dahiya |
0:fb8047b156bb | 743 | |
| rahul_dahiya |
0:fb8047b156bb | 744 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
| rahul_dahiya |
0:fb8047b156bb | 745 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || |
| rahul_dahiya |
0:fb8047b156bb | 746 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 ) |
| rahul_dahiya |
0:fb8047b156bb | 747 | ; /* No need to adjust minlen */ |
| rahul_dahiya |
0:fb8047b156bb | 748 | else |
| rahul_dahiya |
0:fb8047b156bb | 749 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 750 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 751 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 || |
| rahul_dahiya |
0:fb8047b156bb | 752 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 753 | { |
| rahul_dahiya |
0:fb8047b156bb | 754 | transform->minlen += transform->ivlen; |
| rahul_dahiya |
0:fb8047b156bb | 755 | } |
| rahul_dahiya |
0:fb8047b156bb | 756 | else |
| rahul_dahiya |
0:fb8047b156bb | 757 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 758 | { |
| rahul_dahiya |
0:fb8047b156bb | 759 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 760 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 761 | } |
| rahul_dahiya |
0:fb8047b156bb | 762 | } |
| rahul_dahiya |
0:fb8047b156bb | 763 | } |
| rahul_dahiya |
0:fb8047b156bb | 764 | |
| rahul_dahiya |
0:fb8047b156bb | 765 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d", |
| rahul_dahiya |
0:fb8047b156bb | 766 | transform->keylen, transform->minlen, transform->ivlen, |
| rahul_dahiya |
0:fb8047b156bb | 767 | transform->maclen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 768 | |
| rahul_dahiya |
0:fb8047b156bb | 769 | /* |
| rahul_dahiya |
0:fb8047b156bb | 770 | * Finally setup the cipher contexts, IVs and MAC secrets. |
| rahul_dahiya |
0:fb8047b156bb | 771 | */ |
| rahul_dahiya |
0:fb8047b156bb | 772 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 773 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| rahul_dahiya |
0:fb8047b156bb | 774 | { |
| rahul_dahiya |
0:fb8047b156bb | 775 | key1 = keyblk + transform->maclen * 2; |
| rahul_dahiya |
0:fb8047b156bb | 776 | key2 = keyblk + transform->maclen * 2 + transform->keylen; |
| rahul_dahiya |
0:fb8047b156bb | 777 | |
| rahul_dahiya |
0:fb8047b156bb | 778 | mac_enc = keyblk; |
| rahul_dahiya |
0:fb8047b156bb | 779 | mac_dec = keyblk + transform->maclen; |
| rahul_dahiya |
0:fb8047b156bb | 780 | |
| rahul_dahiya |
0:fb8047b156bb | 781 | /* |
| rahul_dahiya |
0:fb8047b156bb | 782 | * This is not used in TLS v1.1. |
| rahul_dahiya |
0:fb8047b156bb | 783 | */ |
| rahul_dahiya |
0:fb8047b156bb | 784 | iv_copy_len = ( transform->fixed_ivlen ) ? |
| rahul_dahiya |
0:fb8047b156bb | 785 | transform->fixed_ivlen : transform->ivlen; |
| rahul_dahiya |
0:fb8047b156bb | 786 | memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len ); |
| rahul_dahiya |
0:fb8047b156bb | 787 | memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len, |
| rahul_dahiya |
0:fb8047b156bb | 788 | iv_copy_len ); |
| rahul_dahiya |
0:fb8047b156bb | 789 | } |
| rahul_dahiya |
0:fb8047b156bb | 790 | else |
| rahul_dahiya |
0:fb8047b156bb | 791 | #endif /* MBEDTLS_SSL_CLI_C */ |
| rahul_dahiya |
0:fb8047b156bb | 792 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 793 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| rahul_dahiya |
0:fb8047b156bb | 794 | { |
| rahul_dahiya |
0:fb8047b156bb | 795 | key1 = keyblk + transform->maclen * 2 + transform->keylen; |
| rahul_dahiya |
0:fb8047b156bb | 796 | key2 = keyblk + transform->maclen * 2; |
| rahul_dahiya |
0:fb8047b156bb | 797 | |
| rahul_dahiya |
0:fb8047b156bb | 798 | mac_enc = keyblk + transform->maclen; |
| rahul_dahiya |
0:fb8047b156bb | 799 | mac_dec = keyblk; |
| rahul_dahiya |
0:fb8047b156bb | 800 | |
| rahul_dahiya |
0:fb8047b156bb | 801 | /* |
| rahul_dahiya |
0:fb8047b156bb | 802 | * This is not used in TLS v1.1. |
| rahul_dahiya |
0:fb8047b156bb | 803 | */ |
| rahul_dahiya |
0:fb8047b156bb | 804 | iv_copy_len = ( transform->fixed_ivlen ) ? |
| rahul_dahiya |
0:fb8047b156bb | 805 | transform->fixed_ivlen : transform->ivlen; |
| rahul_dahiya |
0:fb8047b156bb | 806 | memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len ); |
| rahul_dahiya |
0:fb8047b156bb | 807 | memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len, |
| rahul_dahiya |
0:fb8047b156bb | 808 | iv_copy_len ); |
| rahul_dahiya |
0:fb8047b156bb | 809 | } |
| rahul_dahiya |
0:fb8047b156bb | 810 | else |
| rahul_dahiya |
0:fb8047b156bb | 811 | #endif /* MBEDTLS_SSL_SRV_C */ |
| rahul_dahiya |
0:fb8047b156bb | 812 | { |
| rahul_dahiya |
0:fb8047b156bb | 813 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 814 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 815 | } |
| rahul_dahiya |
0:fb8047b156bb | 816 | |
| rahul_dahiya |
0:fb8047b156bb | 817 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 818 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 819 | { |
| rahul_dahiya |
0:fb8047b156bb | 820 | if( transform->maclen > sizeof transform->mac_enc ) |
| rahul_dahiya |
0:fb8047b156bb | 821 | { |
| rahul_dahiya |
0:fb8047b156bb | 822 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 823 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 824 | } |
| rahul_dahiya |
0:fb8047b156bb | 825 | |
| rahul_dahiya |
0:fb8047b156bb | 826 | memcpy( transform->mac_enc, mac_enc, transform->maclen ); |
| rahul_dahiya |
0:fb8047b156bb | 827 | memcpy( transform->mac_dec, mac_dec, transform->maclen ); |
| rahul_dahiya |
0:fb8047b156bb | 828 | } |
| rahul_dahiya |
0:fb8047b156bb | 829 | else |
| rahul_dahiya |
0:fb8047b156bb | 830 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| rahul_dahiya |
0:fb8047b156bb | 831 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 832 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 833 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
| rahul_dahiya |
0:fb8047b156bb | 834 | { |
| rahul_dahiya |
0:fb8047b156bb | 835 | mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen ); |
| rahul_dahiya |
0:fb8047b156bb | 836 | mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen ); |
| rahul_dahiya |
0:fb8047b156bb | 837 | } |
| rahul_dahiya |
0:fb8047b156bb | 838 | else |
| rahul_dahiya |
0:fb8047b156bb | 839 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 840 | { |
| rahul_dahiya |
0:fb8047b156bb | 841 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 842 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 843 | } |
| rahul_dahiya |
0:fb8047b156bb | 844 | |
| rahul_dahiya |
0:fb8047b156bb | 845 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| rahul_dahiya |
0:fb8047b156bb | 846 | if( mbedtls_ssl_hw_record_init != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 847 | { |
| rahul_dahiya |
0:fb8047b156bb | 848 | int ret = 0; |
| rahul_dahiya |
0:fb8047b156bb | 849 | |
| rahul_dahiya |
0:fb8047b156bb | 850 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 851 | |
| rahul_dahiya |
0:fb8047b156bb | 852 | if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen, |
| rahul_dahiya |
0:fb8047b156bb | 853 | transform->iv_enc, transform->iv_dec, |
| rahul_dahiya |
0:fb8047b156bb | 854 | iv_copy_len, |
| rahul_dahiya |
0:fb8047b156bb | 855 | mac_enc, mac_dec, |
| rahul_dahiya |
0:fb8047b156bb | 856 | transform->maclen ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 857 | { |
| rahul_dahiya |
0:fb8047b156bb | 858 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 859 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 860 | } |
| rahul_dahiya |
0:fb8047b156bb | 861 | } |
| rahul_dahiya |
0:fb8047b156bb | 862 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
| rahul_dahiya |
0:fb8047b156bb | 863 | |
| rahul_dahiya |
0:fb8047b156bb | 864 | #if defined(MBEDTLS_SSL_EXPORT_KEYS) |
| rahul_dahiya |
0:fb8047b156bb | 865 | if( ssl->conf->f_export_keys != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 866 | { |
| rahul_dahiya |
0:fb8047b156bb | 867 | ssl->conf->f_export_keys( ssl->conf->p_export_keys, |
| rahul_dahiya |
0:fb8047b156bb | 868 | session->master, keyblk, |
| rahul_dahiya |
0:fb8047b156bb | 869 | transform->maclen, transform->keylen, |
| rahul_dahiya |
0:fb8047b156bb | 870 | iv_copy_len ); |
| rahul_dahiya |
0:fb8047b156bb | 871 | } |
| rahul_dahiya |
0:fb8047b156bb | 872 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 873 | |
| rahul_dahiya |
0:fb8047b156bb | 874 | if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, |
| rahul_dahiya |
0:fb8047b156bb | 875 | cipher_info ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 876 | { |
| rahul_dahiya |
0:fb8047b156bb | 877 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 878 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 879 | } |
| rahul_dahiya |
0:fb8047b156bb | 880 | |
| rahul_dahiya |
0:fb8047b156bb | 881 | if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, |
| rahul_dahiya |
0:fb8047b156bb | 882 | cipher_info ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 883 | { |
| rahul_dahiya |
0:fb8047b156bb | 884 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 885 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 886 | } |
| rahul_dahiya |
0:fb8047b156bb | 887 | |
| rahul_dahiya |
0:fb8047b156bb | 888 | if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, |
| rahul_dahiya |
0:fb8047b156bb | 889 | cipher_info->key_bitlen, |
| rahul_dahiya |
0:fb8047b156bb | 890 | MBEDTLS_ENCRYPT ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 891 | { |
| rahul_dahiya |
0:fb8047b156bb | 892 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 893 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 894 | } |
| rahul_dahiya |
0:fb8047b156bb | 895 | |
| rahul_dahiya |
0:fb8047b156bb | 896 | if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, |
| rahul_dahiya |
0:fb8047b156bb | 897 | cipher_info->key_bitlen, |
| rahul_dahiya |
0:fb8047b156bb | 898 | MBEDTLS_DECRYPT ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 899 | { |
| rahul_dahiya |
0:fb8047b156bb | 900 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 901 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 902 | } |
| rahul_dahiya |
0:fb8047b156bb | 903 | |
| rahul_dahiya |
0:fb8047b156bb | 904 | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
| rahul_dahiya |
0:fb8047b156bb | 905 | if( cipher_info->mode == MBEDTLS_MODE_CBC ) |
| rahul_dahiya |
0:fb8047b156bb | 906 | { |
| rahul_dahiya |
0:fb8047b156bb | 907 | if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc, |
| rahul_dahiya |
0:fb8047b156bb | 908 | MBEDTLS_PADDING_NONE ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 909 | { |
| rahul_dahiya |
0:fb8047b156bb | 910 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 911 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 912 | } |
| rahul_dahiya |
0:fb8047b156bb | 913 | |
| rahul_dahiya |
0:fb8047b156bb | 914 | if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec, |
| rahul_dahiya |
0:fb8047b156bb | 915 | MBEDTLS_PADDING_NONE ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 916 | { |
| rahul_dahiya |
0:fb8047b156bb | 917 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 918 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 919 | } |
| rahul_dahiya |
0:fb8047b156bb | 920 | } |
| rahul_dahiya |
0:fb8047b156bb | 921 | #endif /* MBEDTLS_CIPHER_MODE_CBC */ |
| rahul_dahiya |
0:fb8047b156bb | 922 | |
| rahul_dahiya |
0:fb8047b156bb | 923 | mbedtls_zeroize( keyblk, sizeof( keyblk ) ); |
| rahul_dahiya |
0:fb8047b156bb | 924 | |
| rahul_dahiya |
0:fb8047b156bb | 925 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| rahul_dahiya |
0:fb8047b156bb | 926 | // Initialize compression |
| rahul_dahiya |
0:fb8047b156bb | 927 | // |
| rahul_dahiya |
0:fb8047b156bb | 928 | if( session->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
| rahul_dahiya |
0:fb8047b156bb | 929 | { |
| rahul_dahiya |
0:fb8047b156bb | 930 | if( ssl->compress_buf == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 931 | { |
| rahul_dahiya |
0:fb8047b156bb | 932 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 933 | ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_BUFFER_LEN ); |
| rahul_dahiya |
0:fb8047b156bb | 934 | if( ssl->compress_buf == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 935 | { |
| rahul_dahiya |
0:fb8047b156bb | 936 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", |
| rahul_dahiya |
0:fb8047b156bb | 937 | MBEDTLS_SSL_BUFFER_LEN ) ); |
| rahul_dahiya |
0:fb8047b156bb | 938 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 939 | } |
| rahul_dahiya |
0:fb8047b156bb | 940 | } |
| rahul_dahiya |
0:fb8047b156bb | 941 | |
| rahul_dahiya |
0:fb8047b156bb | 942 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 943 | |
| rahul_dahiya |
0:fb8047b156bb | 944 | memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) ); |
| rahul_dahiya |
0:fb8047b156bb | 945 | memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) ); |
| rahul_dahiya |
0:fb8047b156bb | 946 | |
| rahul_dahiya |
0:fb8047b156bb | 947 | if( deflateInit( &transform->ctx_deflate, |
| rahul_dahiya |
0:fb8047b156bb | 948 | Z_DEFAULT_COMPRESSION ) != Z_OK || |
| rahul_dahiya |
0:fb8047b156bb | 949 | inflateInit( &transform->ctx_inflate ) != Z_OK ) |
| rahul_dahiya |
0:fb8047b156bb | 950 | { |
| rahul_dahiya |
0:fb8047b156bb | 951 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 952 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 953 | } |
| rahul_dahiya |
0:fb8047b156bb | 954 | } |
| rahul_dahiya |
0:fb8047b156bb | 955 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
| rahul_dahiya |
0:fb8047b156bb | 956 | |
| rahul_dahiya |
0:fb8047b156bb | 957 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 958 | |
| rahul_dahiya |
0:fb8047b156bb | 959 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 960 | } |
| rahul_dahiya |
0:fb8047b156bb | 961 | |
| rahul_dahiya |
0:fb8047b156bb | 962 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 963 | void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] ) |
| rahul_dahiya |
0:fb8047b156bb | 964 | { |
| rahul_dahiya |
0:fb8047b156bb | 965 | mbedtls_md5_context md5; |
| rahul_dahiya |
0:fb8047b156bb | 966 | mbedtls_sha1_context sha1; |
| rahul_dahiya |
0:fb8047b156bb | 967 | unsigned char pad_1[48]; |
| rahul_dahiya |
0:fb8047b156bb | 968 | unsigned char pad_2[48]; |
| rahul_dahiya |
0:fb8047b156bb | 969 | |
| rahul_dahiya |
0:fb8047b156bb | 970 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 971 | |
| rahul_dahiya |
0:fb8047b156bb | 972 | mbedtls_md5_init( &md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 973 | mbedtls_sha1_init( &sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 974 | |
| rahul_dahiya |
0:fb8047b156bb | 975 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 976 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 977 | |
| rahul_dahiya |
0:fb8047b156bb | 978 | memset( pad_1, 0x36, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 979 | memset( pad_2, 0x5C, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 980 | |
| rahul_dahiya |
0:fb8047b156bb | 981 | mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 982 | mbedtls_md5_update( &md5, pad_1, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 983 | mbedtls_md5_finish( &md5, hash ); |
| rahul_dahiya |
0:fb8047b156bb | 984 | |
| rahul_dahiya |
0:fb8047b156bb | 985 | mbedtls_md5_starts( &md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 986 | mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 987 | mbedtls_md5_update( &md5, pad_2, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 988 | mbedtls_md5_update( &md5, hash, 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 989 | mbedtls_md5_finish( &md5, hash ); |
| rahul_dahiya |
0:fb8047b156bb | 990 | |
| rahul_dahiya |
0:fb8047b156bb | 991 | mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 992 | mbedtls_sha1_update( &sha1, pad_1, 40 ); |
| rahul_dahiya |
0:fb8047b156bb | 993 | mbedtls_sha1_finish( &sha1, hash + 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 994 | |
| rahul_dahiya |
0:fb8047b156bb | 995 | mbedtls_sha1_starts( &sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 996 | mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 997 | mbedtls_sha1_update( &sha1, pad_2, 40 ); |
| rahul_dahiya |
0:fb8047b156bb | 998 | mbedtls_sha1_update( &sha1, hash + 16, 20 ); |
| rahul_dahiya |
0:fb8047b156bb | 999 | mbedtls_sha1_finish( &sha1, hash + 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 1000 | |
| rahul_dahiya |
0:fb8047b156bb | 1001 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); |
| rahul_dahiya |
0:fb8047b156bb | 1002 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1003 | |
| rahul_dahiya |
0:fb8047b156bb | 1004 | mbedtls_md5_free( &md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 1005 | mbedtls_sha1_free( &sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 1006 | |
| rahul_dahiya |
0:fb8047b156bb | 1007 | return; |
| rahul_dahiya |
0:fb8047b156bb | 1008 | } |
| rahul_dahiya |
0:fb8047b156bb | 1009 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| rahul_dahiya |
0:fb8047b156bb | 1010 | |
| rahul_dahiya |
0:fb8047b156bb | 1011 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 1012 | void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] ) |
| rahul_dahiya |
0:fb8047b156bb | 1013 | { |
| rahul_dahiya |
0:fb8047b156bb | 1014 | mbedtls_md5_context md5; |
| rahul_dahiya |
0:fb8047b156bb | 1015 | mbedtls_sha1_context sha1; |
| rahul_dahiya |
0:fb8047b156bb | 1016 | |
| rahul_dahiya |
0:fb8047b156bb | 1017 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1018 | |
| rahul_dahiya |
0:fb8047b156bb | 1019 | mbedtls_md5_init( &md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 1020 | mbedtls_sha1_init( &sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 1021 | |
| rahul_dahiya |
0:fb8047b156bb | 1022 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 1023 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 1024 | |
| rahul_dahiya |
0:fb8047b156bb | 1025 | mbedtls_md5_finish( &md5, hash ); |
| rahul_dahiya |
0:fb8047b156bb | 1026 | mbedtls_sha1_finish( &sha1, hash + 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 1027 | |
| rahul_dahiya |
0:fb8047b156bb | 1028 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); |
| rahul_dahiya |
0:fb8047b156bb | 1029 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1030 | |
| rahul_dahiya |
0:fb8047b156bb | 1031 | mbedtls_md5_free( &md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 1032 | mbedtls_sha1_free( &sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 1033 | |
| rahul_dahiya |
0:fb8047b156bb | 1034 | return; |
| rahul_dahiya |
0:fb8047b156bb | 1035 | } |
| rahul_dahiya |
0:fb8047b156bb | 1036 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
| rahul_dahiya |
0:fb8047b156bb | 1037 | |
| rahul_dahiya |
0:fb8047b156bb | 1038 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 1039 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 1040 | void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] ) |
| rahul_dahiya |
0:fb8047b156bb | 1041 | { |
| rahul_dahiya |
0:fb8047b156bb | 1042 | mbedtls_sha256_context sha256; |
| rahul_dahiya |
0:fb8047b156bb | 1043 | |
| rahul_dahiya |
0:fb8047b156bb | 1044 | mbedtls_sha256_init( &sha256 ); |
| rahul_dahiya |
0:fb8047b156bb | 1045 | |
| rahul_dahiya |
0:fb8047b156bb | 1046 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1047 | |
| rahul_dahiya |
0:fb8047b156bb | 1048 | mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); |
| rahul_dahiya |
0:fb8047b156bb | 1049 | mbedtls_sha256_finish( &sha256, hash ); |
| rahul_dahiya |
0:fb8047b156bb | 1050 | |
| rahul_dahiya |
0:fb8047b156bb | 1051 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 ); |
| rahul_dahiya |
0:fb8047b156bb | 1052 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1053 | |
| rahul_dahiya |
0:fb8047b156bb | 1054 | mbedtls_sha256_free( &sha256 ); |
| rahul_dahiya |
0:fb8047b156bb | 1055 | |
| rahul_dahiya |
0:fb8047b156bb | 1056 | return; |
| rahul_dahiya |
0:fb8047b156bb | 1057 | } |
| rahul_dahiya |
0:fb8047b156bb | 1058 | #endif /* MBEDTLS_SHA256_C */ |
| rahul_dahiya |
0:fb8047b156bb | 1059 | |
| rahul_dahiya |
0:fb8047b156bb | 1060 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 1061 | void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] ) |
| rahul_dahiya |
0:fb8047b156bb | 1062 | { |
| rahul_dahiya |
0:fb8047b156bb | 1063 | mbedtls_sha512_context sha512; |
| rahul_dahiya |
0:fb8047b156bb | 1064 | |
| rahul_dahiya |
0:fb8047b156bb | 1065 | mbedtls_sha512_init( &sha512 ); |
| rahul_dahiya |
0:fb8047b156bb | 1066 | |
| rahul_dahiya |
0:fb8047b156bb | 1067 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1068 | |
| rahul_dahiya |
0:fb8047b156bb | 1069 | mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); |
| rahul_dahiya |
0:fb8047b156bb | 1070 | mbedtls_sha512_finish( &sha512, hash ); |
| rahul_dahiya |
0:fb8047b156bb | 1071 | |
| rahul_dahiya |
0:fb8047b156bb | 1072 | MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 1073 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1074 | |
| rahul_dahiya |
0:fb8047b156bb | 1075 | mbedtls_sha512_free( &sha512 ); |
| rahul_dahiya |
0:fb8047b156bb | 1076 | |
| rahul_dahiya |
0:fb8047b156bb | 1077 | return; |
| rahul_dahiya |
0:fb8047b156bb | 1078 | } |
| rahul_dahiya |
0:fb8047b156bb | 1079 | #endif /* MBEDTLS_SHA512_C */ |
| rahul_dahiya |
0:fb8047b156bb | 1080 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 1081 | |
| rahul_dahiya |
0:fb8047b156bb | 1082 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 1083 | int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) |
| rahul_dahiya |
0:fb8047b156bb | 1084 | { |
| rahul_dahiya |
0:fb8047b156bb | 1085 | unsigned char *p = ssl->handshake->premaster; |
| rahul_dahiya |
0:fb8047b156bb | 1086 | unsigned char *end = p + sizeof( ssl->handshake->premaster ); |
| rahul_dahiya |
0:fb8047b156bb | 1087 | const unsigned char *psk = ssl->conf->psk; |
| rahul_dahiya |
0:fb8047b156bb | 1088 | size_t psk_len = ssl->conf->psk_len; |
| rahul_dahiya |
0:fb8047b156bb | 1089 | |
| rahul_dahiya |
0:fb8047b156bb | 1090 | /* If the psk callback was called, use its result */ |
| rahul_dahiya |
0:fb8047b156bb | 1091 | if( ssl->handshake->psk != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 1092 | { |
| rahul_dahiya |
0:fb8047b156bb | 1093 | psk = ssl->handshake->psk; |
| rahul_dahiya |
0:fb8047b156bb | 1094 | psk_len = ssl->handshake->psk_len; |
| rahul_dahiya |
0:fb8047b156bb | 1095 | } |
| rahul_dahiya |
0:fb8047b156bb | 1096 | |
| rahul_dahiya |
0:fb8047b156bb | 1097 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1098 | * PMS = struct { |
| rahul_dahiya |
0:fb8047b156bb | 1099 | * opaque other_secret<0..2^16-1>; |
| rahul_dahiya |
0:fb8047b156bb | 1100 | * opaque psk<0..2^16-1>; |
| rahul_dahiya |
0:fb8047b156bb | 1101 | * }; |
| rahul_dahiya |
0:fb8047b156bb | 1102 | * with "other_secret" depending on the particular key exchange |
| rahul_dahiya |
0:fb8047b156bb | 1103 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1104 | #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 1105 | if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK ) |
| rahul_dahiya |
0:fb8047b156bb | 1106 | { |
| rahul_dahiya |
0:fb8047b156bb | 1107 | if( end - p < 2 ) |
| rahul_dahiya |
0:fb8047b156bb | 1108 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 1109 | |
| rahul_dahiya |
0:fb8047b156bb | 1110 | *(p++) = (unsigned char)( psk_len >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1111 | *(p++) = (unsigned char)( psk_len ); |
| rahul_dahiya |
0:fb8047b156bb | 1112 | |
| rahul_dahiya |
0:fb8047b156bb | 1113 | if( end < p || (size_t)( end - p ) < psk_len ) |
| rahul_dahiya |
0:fb8047b156bb | 1114 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 1115 | |
| rahul_dahiya |
0:fb8047b156bb | 1116 | memset( p, 0, psk_len ); |
| rahul_dahiya |
0:fb8047b156bb | 1117 | p += psk_len; |
| rahul_dahiya |
0:fb8047b156bb | 1118 | } |
| rahul_dahiya |
0:fb8047b156bb | 1119 | else |
| rahul_dahiya |
0:fb8047b156bb | 1120 | #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 1121 | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 1122 | if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) |
| rahul_dahiya |
0:fb8047b156bb | 1123 | { |
| rahul_dahiya |
0:fb8047b156bb | 1124 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1125 | * other_secret already set by the ClientKeyExchange message, |
| rahul_dahiya |
0:fb8047b156bb | 1126 | * and is 48 bytes long |
| rahul_dahiya |
0:fb8047b156bb | 1127 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1128 | *p++ = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1129 | *p++ = 48; |
| rahul_dahiya |
0:fb8047b156bb | 1130 | p += 48; |
| rahul_dahiya |
0:fb8047b156bb | 1131 | } |
| rahul_dahiya |
0:fb8047b156bb | 1132 | else |
| rahul_dahiya |
0:fb8047b156bb | 1133 | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 1134 | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 1135 | if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) |
| rahul_dahiya |
0:fb8047b156bb | 1136 | { |
| rahul_dahiya |
0:fb8047b156bb | 1137 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 1138 | size_t len; |
| rahul_dahiya |
0:fb8047b156bb | 1139 | |
| rahul_dahiya |
0:fb8047b156bb | 1140 | /* Write length only when we know the actual value */ |
| rahul_dahiya |
0:fb8047b156bb | 1141 | if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, |
| rahul_dahiya |
0:fb8047b156bb | 1142 | p + 2, end - ( p + 2 ), &len, |
| rahul_dahiya |
0:fb8047b156bb | 1143 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1144 | { |
| rahul_dahiya |
0:fb8047b156bb | 1145 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1146 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1147 | } |
| rahul_dahiya |
0:fb8047b156bb | 1148 | *(p++) = (unsigned char)( len >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1149 | *(p++) = (unsigned char)( len ); |
| rahul_dahiya |
0:fb8047b156bb | 1150 | p += len; |
| rahul_dahiya |
0:fb8047b156bb | 1151 | |
| rahul_dahiya |
0:fb8047b156bb | 1152 | MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); |
| rahul_dahiya |
0:fb8047b156bb | 1153 | } |
| rahul_dahiya |
0:fb8047b156bb | 1154 | else |
| rahul_dahiya |
0:fb8047b156bb | 1155 | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 1156 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 1157 | if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) |
| rahul_dahiya |
0:fb8047b156bb | 1158 | { |
| rahul_dahiya |
0:fb8047b156bb | 1159 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 1160 | size_t zlen; |
| rahul_dahiya |
0:fb8047b156bb | 1161 | |
| rahul_dahiya |
0:fb8047b156bb | 1162 | if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, |
| rahul_dahiya |
0:fb8047b156bb | 1163 | p + 2, end - ( p + 2 ), |
| rahul_dahiya |
0:fb8047b156bb | 1164 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1165 | { |
| rahul_dahiya |
0:fb8047b156bb | 1166 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1167 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1168 | } |
| rahul_dahiya |
0:fb8047b156bb | 1169 | |
| rahul_dahiya |
0:fb8047b156bb | 1170 | *(p++) = (unsigned char)( zlen >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1171 | *(p++) = (unsigned char)( zlen ); |
| rahul_dahiya |
0:fb8047b156bb | 1172 | p += zlen; |
| rahul_dahiya |
0:fb8047b156bb | 1173 | |
| rahul_dahiya |
0:fb8047b156bb | 1174 | MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); |
| rahul_dahiya |
0:fb8047b156bb | 1175 | } |
| rahul_dahiya |
0:fb8047b156bb | 1176 | else |
| rahul_dahiya |
0:fb8047b156bb | 1177 | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 1178 | { |
| rahul_dahiya |
0:fb8047b156bb | 1179 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1180 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1181 | } |
| rahul_dahiya |
0:fb8047b156bb | 1182 | |
| rahul_dahiya |
0:fb8047b156bb | 1183 | /* opaque psk<0..2^16-1>; */ |
| rahul_dahiya |
0:fb8047b156bb | 1184 | if( end - p < 2 ) |
| rahul_dahiya |
0:fb8047b156bb | 1185 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 1186 | |
| rahul_dahiya |
0:fb8047b156bb | 1187 | *(p++) = (unsigned char)( psk_len >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1188 | *(p++) = (unsigned char)( psk_len ); |
| rahul_dahiya |
0:fb8047b156bb | 1189 | |
| rahul_dahiya |
0:fb8047b156bb | 1190 | if( end < p || (size_t)( end - p ) < psk_len ) |
| rahul_dahiya |
0:fb8047b156bb | 1191 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 1192 | |
| rahul_dahiya |
0:fb8047b156bb | 1193 | memcpy( p, psk, psk_len ); |
| rahul_dahiya |
0:fb8047b156bb | 1194 | p += psk_len; |
| rahul_dahiya |
0:fb8047b156bb | 1195 | |
| rahul_dahiya |
0:fb8047b156bb | 1196 | ssl->handshake->pmslen = p - ssl->handshake->premaster; |
| rahul_dahiya |
0:fb8047b156bb | 1197 | |
| rahul_dahiya |
0:fb8047b156bb | 1198 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1199 | } |
| rahul_dahiya |
0:fb8047b156bb | 1200 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 1201 | |
| rahul_dahiya |
0:fb8047b156bb | 1202 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 1203 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1204 | * SSLv3.0 MAC functions |
| rahul_dahiya |
0:fb8047b156bb | 1205 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1206 | static void ssl_mac( mbedtls_md_context_t *md_ctx, unsigned char *secret, |
| rahul_dahiya |
0:fb8047b156bb | 1207 | unsigned char *buf, size_t len, |
| rahul_dahiya |
0:fb8047b156bb | 1208 | unsigned char *ctr, int type ) |
| rahul_dahiya |
0:fb8047b156bb | 1209 | { |
| rahul_dahiya |
0:fb8047b156bb | 1210 | unsigned char header[11]; |
| rahul_dahiya |
0:fb8047b156bb | 1211 | unsigned char padding[48]; |
| rahul_dahiya |
0:fb8047b156bb | 1212 | int padlen; |
| rahul_dahiya |
0:fb8047b156bb | 1213 | int md_size = mbedtls_md_get_size( md_ctx->md_info ); |
| rahul_dahiya |
0:fb8047b156bb | 1214 | int md_type = mbedtls_md_get_type( md_ctx->md_info ); |
| rahul_dahiya |
0:fb8047b156bb | 1215 | |
| rahul_dahiya |
0:fb8047b156bb | 1216 | /* Only MD5 and SHA-1 supported */ |
| rahul_dahiya |
0:fb8047b156bb | 1217 | if( md_type == MBEDTLS_MD_MD5 ) |
| rahul_dahiya |
0:fb8047b156bb | 1218 | padlen = 48; |
| rahul_dahiya |
0:fb8047b156bb | 1219 | else |
| rahul_dahiya |
0:fb8047b156bb | 1220 | padlen = 40; |
| rahul_dahiya |
0:fb8047b156bb | 1221 | |
| rahul_dahiya |
0:fb8047b156bb | 1222 | memcpy( header, ctr, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1223 | header[ 8] = (unsigned char) type; |
| rahul_dahiya |
0:fb8047b156bb | 1224 | header[ 9] = (unsigned char)( len >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1225 | header[10] = (unsigned char)( len ); |
| rahul_dahiya |
0:fb8047b156bb | 1226 | |
| rahul_dahiya |
0:fb8047b156bb | 1227 | memset( padding, 0x36, padlen ); |
| rahul_dahiya |
0:fb8047b156bb | 1228 | mbedtls_md_starts( md_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 1229 | mbedtls_md_update( md_ctx, secret, md_size ); |
| rahul_dahiya |
0:fb8047b156bb | 1230 | mbedtls_md_update( md_ctx, padding, padlen ); |
| rahul_dahiya |
0:fb8047b156bb | 1231 | mbedtls_md_update( md_ctx, header, 11 ); |
| rahul_dahiya |
0:fb8047b156bb | 1232 | mbedtls_md_update( md_ctx, buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 1233 | mbedtls_md_finish( md_ctx, buf + len ); |
| rahul_dahiya |
0:fb8047b156bb | 1234 | |
| rahul_dahiya |
0:fb8047b156bb | 1235 | memset( padding, 0x5C, padlen ); |
| rahul_dahiya |
0:fb8047b156bb | 1236 | mbedtls_md_starts( md_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 1237 | mbedtls_md_update( md_ctx, secret, md_size ); |
| rahul_dahiya |
0:fb8047b156bb | 1238 | mbedtls_md_update( md_ctx, padding, padlen ); |
| rahul_dahiya |
0:fb8047b156bb | 1239 | mbedtls_md_update( md_ctx, buf + len, md_size ); |
| rahul_dahiya |
0:fb8047b156bb | 1240 | mbedtls_md_finish( md_ctx, buf + len ); |
| rahul_dahiya |
0:fb8047b156bb | 1241 | } |
| rahul_dahiya |
0:fb8047b156bb | 1242 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| rahul_dahiya |
0:fb8047b156bb | 1243 | |
| rahul_dahiya |
0:fb8047b156bb | 1244 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ |
| rahul_dahiya |
0:fb8047b156bb | 1245 | ( defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
| rahul_dahiya |
0:fb8047b156bb | 1246 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) ) |
| rahul_dahiya |
0:fb8047b156bb | 1247 | #define SSL_SOME_MODES_USE_MAC |
| rahul_dahiya |
0:fb8047b156bb | 1248 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1249 | |
| rahul_dahiya |
0:fb8047b156bb | 1250 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1251 | * Encryption/decryption functions |
| rahul_dahiya |
0:fb8047b156bb | 1252 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1253 | static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 1254 | { |
| rahul_dahiya |
0:fb8047b156bb | 1255 | mbedtls_cipher_mode_t mode; |
| rahul_dahiya |
0:fb8047b156bb | 1256 | int auth_done = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1257 | |
| rahul_dahiya |
0:fb8047b156bb | 1258 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1259 | |
| rahul_dahiya |
0:fb8047b156bb | 1260 | if( ssl->session_out == NULL || ssl->transform_out == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 1261 | { |
| rahul_dahiya |
0:fb8047b156bb | 1262 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1263 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1264 | } |
| rahul_dahiya |
0:fb8047b156bb | 1265 | |
| rahul_dahiya |
0:fb8047b156bb | 1266 | mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ); |
| rahul_dahiya |
0:fb8047b156bb | 1267 | |
| rahul_dahiya |
0:fb8047b156bb | 1268 | MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload", |
| rahul_dahiya |
0:fb8047b156bb | 1269 | ssl->out_msg, ssl->out_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 1270 | |
| rahul_dahiya |
0:fb8047b156bb | 1271 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1272 | * Add MAC before if needed |
| rahul_dahiya |
0:fb8047b156bb | 1273 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1274 | #if defined(SSL_SOME_MODES_USE_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 1275 | if( mode == MBEDTLS_MODE_STREAM || |
| rahul_dahiya |
0:fb8047b156bb | 1276 | ( mode == MBEDTLS_MODE_CBC |
| rahul_dahiya |
0:fb8047b156bb | 1277 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 1278 | && ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED |
| rahul_dahiya |
0:fb8047b156bb | 1279 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1280 | ) ) |
| rahul_dahiya |
0:fb8047b156bb | 1281 | { |
| rahul_dahiya |
0:fb8047b156bb | 1282 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 1283 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1284 | { |
| rahul_dahiya |
0:fb8047b156bb | 1285 | ssl_mac( &ssl->transform_out->md_ctx_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1286 | ssl->transform_out->mac_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1287 | ssl->out_msg, ssl->out_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1288 | ssl->out_ctr, ssl->out_msgtype ); |
| rahul_dahiya |
0:fb8047b156bb | 1289 | } |
| rahul_dahiya |
0:fb8047b156bb | 1290 | else |
| rahul_dahiya |
0:fb8047b156bb | 1291 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1292 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 1293 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 1294 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
| rahul_dahiya |
0:fb8047b156bb | 1295 | { |
| rahul_dahiya |
0:fb8047b156bb | 1296 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1297 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 ); |
| rahul_dahiya |
0:fb8047b156bb | 1298 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 ); |
| rahul_dahiya |
0:fb8047b156bb | 1299 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1300 | ssl->out_msg, ssl->out_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 1301 | mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1302 | ssl->out_msg + ssl->out_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 1303 | mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); |
| rahul_dahiya |
0:fb8047b156bb | 1304 | } |
| rahul_dahiya |
0:fb8047b156bb | 1305 | else |
| rahul_dahiya |
0:fb8047b156bb | 1306 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1307 | { |
| rahul_dahiya |
0:fb8047b156bb | 1308 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1309 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1310 | } |
| rahul_dahiya |
0:fb8047b156bb | 1311 | |
| rahul_dahiya |
0:fb8047b156bb | 1312 | MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", |
| rahul_dahiya |
0:fb8047b156bb | 1313 | ssl->out_msg + ssl->out_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1314 | ssl->transform_out->maclen ); |
| rahul_dahiya |
0:fb8047b156bb | 1315 | |
| rahul_dahiya |
0:fb8047b156bb | 1316 | ssl->out_msglen += ssl->transform_out->maclen; |
| rahul_dahiya |
0:fb8047b156bb | 1317 | auth_done++; |
| rahul_dahiya |
0:fb8047b156bb | 1318 | } |
| rahul_dahiya |
0:fb8047b156bb | 1319 | #endif /* AEAD not the only option */ |
| rahul_dahiya |
0:fb8047b156bb | 1320 | |
| rahul_dahiya |
0:fb8047b156bb | 1321 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1322 | * Encrypt |
| rahul_dahiya |
0:fb8047b156bb | 1323 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1324 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) |
| rahul_dahiya |
0:fb8047b156bb | 1325 | if( mode == MBEDTLS_MODE_STREAM ) |
| rahul_dahiya |
0:fb8047b156bb | 1326 | { |
| rahul_dahiya |
0:fb8047b156bb | 1327 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 1328 | size_t olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1329 | |
| rahul_dahiya |
0:fb8047b156bb | 1330 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
| rahul_dahiya |
0:fb8047b156bb | 1331 | "including %d bytes of padding", |
| rahul_dahiya |
0:fb8047b156bb | 1332 | ssl->out_msglen, 0 ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1333 | |
| rahul_dahiya |
0:fb8047b156bb | 1334 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1335 | ssl->transform_out->iv_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1336 | ssl->transform_out->ivlen, |
| rahul_dahiya |
0:fb8047b156bb | 1337 | ssl->out_msg, ssl->out_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1338 | ssl->out_msg, &olen ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1339 | { |
| rahul_dahiya |
0:fb8047b156bb | 1340 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1341 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1342 | } |
| rahul_dahiya |
0:fb8047b156bb | 1343 | |
| rahul_dahiya |
0:fb8047b156bb | 1344 | if( ssl->out_msglen != olen ) |
| rahul_dahiya |
0:fb8047b156bb | 1345 | { |
| rahul_dahiya |
0:fb8047b156bb | 1346 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1347 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1348 | } |
| rahul_dahiya |
0:fb8047b156bb | 1349 | } |
| rahul_dahiya |
0:fb8047b156bb | 1350 | else |
| rahul_dahiya |
0:fb8047b156bb | 1351 | #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ |
| rahul_dahiya |
0:fb8047b156bb | 1352 | #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) |
| rahul_dahiya |
0:fb8047b156bb | 1353 | if( mode == MBEDTLS_MODE_GCM || |
| rahul_dahiya |
0:fb8047b156bb | 1354 | mode == MBEDTLS_MODE_CCM ) |
| rahul_dahiya |
0:fb8047b156bb | 1355 | { |
| rahul_dahiya |
0:fb8047b156bb | 1356 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 1357 | size_t enc_msglen, olen; |
| rahul_dahiya |
0:fb8047b156bb | 1358 | unsigned char *enc_msg; |
| rahul_dahiya |
0:fb8047b156bb | 1359 | unsigned char add_data[13]; |
| rahul_dahiya |
0:fb8047b156bb | 1360 | unsigned char taglen = ssl->transform_out->ciphersuite_info->flags & |
| rahul_dahiya |
0:fb8047b156bb | 1361 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; |
| rahul_dahiya |
0:fb8047b156bb | 1362 | |
| rahul_dahiya |
0:fb8047b156bb | 1363 | memcpy( add_data, ssl->out_ctr, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1364 | add_data[8] = ssl->out_msgtype; |
| rahul_dahiya |
0:fb8047b156bb | 1365 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
| rahul_dahiya |
0:fb8047b156bb | 1366 | ssl->conf->transport, add_data + 9 ); |
| rahul_dahiya |
0:fb8047b156bb | 1367 | add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF; |
| rahul_dahiya |
0:fb8047b156bb | 1368 | add_data[12] = ssl->out_msglen & 0xFF; |
| rahul_dahiya |
0:fb8047b156bb | 1369 | |
| rahul_dahiya |
0:fb8047b156bb | 1370 | MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", |
| rahul_dahiya |
0:fb8047b156bb | 1371 | add_data, 13 ); |
| rahul_dahiya |
0:fb8047b156bb | 1372 | |
| rahul_dahiya |
0:fb8047b156bb | 1373 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1374 | * Generate IV |
| rahul_dahiya |
0:fb8047b156bb | 1375 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1376 | if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 ) |
| rahul_dahiya |
0:fb8047b156bb | 1377 | { |
| rahul_dahiya |
0:fb8047b156bb | 1378 | /* Reminder if we ever add an AEAD mode with a different size */ |
| rahul_dahiya |
0:fb8047b156bb | 1379 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1380 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1381 | } |
| rahul_dahiya |
0:fb8047b156bb | 1382 | |
| rahul_dahiya |
0:fb8047b156bb | 1383 | memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, |
| rahul_dahiya |
0:fb8047b156bb | 1384 | ssl->out_ctr, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1385 | memcpy( ssl->out_iv, ssl->out_ctr, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1386 | |
| rahul_dahiya |
0:fb8047b156bb | 1387 | MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv, |
| rahul_dahiya |
0:fb8047b156bb | 1388 | ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); |
| rahul_dahiya |
0:fb8047b156bb | 1389 | |
| rahul_dahiya |
0:fb8047b156bb | 1390 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1391 | * Fix pointer positions and message length with added IV |
| rahul_dahiya |
0:fb8047b156bb | 1392 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1393 | enc_msg = ssl->out_msg; |
| rahul_dahiya |
0:fb8047b156bb | 1394 | enc_msglen = ssl->out_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 1395 | ssl->out_msglen += ssl->transform_out->ivlen - |
| rahul_dahiya |
0:fb8047b156bb | 1396 | ssl->transform_out->fixed_ivlen; |
| rahul_dahiya |
0:fb8047b156bb | 1397 | |
| rahul_dahiya |
0:fb8047b156bb | 1398 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
| rahul_dahiya |
0:fb8047b156bb | 1399 | "including %d bytes of padding", |
| rahul_dahiya |
0:fb8047b156bb | 1400 | ssl->out_msglen, 0 ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1401 | |
| rahul_dahiya |
0:fb8047b156bb | 1402 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1403 | * Encrypt and authenticate |
| rahul_dahiya |
0:fb8047b156bb | 1404 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1405 | if( ( ret = mbedtls_cipher_auth_encrypt( &ssl->transform_out->cipher_ctx_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1406 | ssl->transform_out->iv_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1407 | ssl->transform_out->ivlen, |
| rahul_dahiya |
0:fb8047b156bb | 1408 | add_data, 13, |
| rahul_dahiya |
0:fb8047b156bb | 1409 | enc_msg, enc_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1410 | enc_msg, &olen, |
| rahul_dahiya |
0:fb8047b156bb | 1411 | enc_msg + enc_msglen, taglen ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1412 | { |
| rahul_dahiya |
0:fb8047b156bb | 1413 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1414 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1415 | } |
| rahul_dahiya |
0:fb8047b156bb | 1416 | |
| rahul_dahiya |
0:fb8047b156bb | 1417 | if( olen != enc_msglen ) |
| rahul_dahiya |
0:fb8047b156bb | 1418 | { |
| rahul_dahiya |
0:fb8047b156bb | 1419 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1420 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1421 | } |
| rahul_dahiya |
0:fb8047b156bb | 1422 | |
| rahul_dahiya |
0:fb8047b156bb | 1423 | ssl->out_msglen += taglen; |
| rahul_dahiya |
0:fb8047b156bb | 1424 | auth_done++; |
| rahul_dahiya |
0:fb8047b156bb | 1425 | |
| rahul_dahiya |
0:fb8047b156bb | 1426 | MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen ); |
| rahul_dahiya |
0:fb8047b156bb | 1427 | } |
| rahul_dahiya |
0:fb8047b156bb | 1428 | else |
| rahul_dahiya |
0:fb8047b156bb | 1429 | #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ |
| rahul_dahiya |
0:fb8047b156bb | 1430 | #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
| rahul_dahiya |
0:fb8047b156bb | 1431 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) |
| rahul_dahiya |
0:fb8047b156bb | 1432 | if( mode == MBEDTLS_MODE_CBC ) |
| rahul_dahiya |
0:fb8047b156bb | 1433 | { |
| rahul_dahiya |
0:fb8047b156bb | 1434 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 1435 | unsigned char *enc_msg; |
| rahul_dahiya |
0:fb8047b156bb | 1436 | size_t enc_msglen, padlen, olen = 0, i; |
| rahul_dahiya |
0:fb8047b156bb | 1437 | |
| rahul_dahiya |
0:fb8047b156bb | 1438 | padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) % |
| rahul_dahiya |
0:fb8047b156bb | 1439 | ssl->transform_out->ivlen; |
| rahul_dahiya |
0:fb8047b156bb | 1440 | if( padlen == ssl->transform_out->ivlen ) |
| rahul_dahiya |
0:fb8047b156bb | 1441 | padlen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1442 | |
| rahul_dahiya |
0:fb8047b156bb | 1443 | for( i = 0; i <= padlen; i++ ) |
| rahul_dahiya |
0:fb8047b156bb | 1444 | ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen; |
| rahul_dahiya |
0:fb8047b156bb | 1445 | |
| rahul_dahiya |
0:fb8047b156bb | 1446 | ssl->out_msglen += padlen + 1; |
| rahul_dahiya |
0:fb8047b156bb | 1447 | |
| rahul_dahiya |
0:fb8047b156bb | 1448 | enc_msglen = ssl->out_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 1449 | enc_msg = ssl->out_msg; |
| rahul_dahiya |
0:fb8047b156bb | 1450 | |
| rahul_dahiya |
0:fb8047b156bb | 1451 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 1452 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1453 | * Prepend per-record IV for block cipher in TLS v1.1 and up as per |
| rahul_dahiya |
0:fb8047b156bb | 1454 | * Method 1 (6.2.3.2. in RFC4346 and RFC5246) |
| rahul_dahiya |
0:fb8047b156bb | 1455 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1456 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
| rahul_dahiya |
0:fb8047b156bb | 1457 | { |
| rahul_dahiya |
0:fb8047b156bb | 1458 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1459 | * Generate IV |
| rahul_dahiya |
0:fb8047b156bb | 1460 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1461 | ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1462 | ssl->transform_out->ivlen ); |
| rahul_dahiya |
0:fb8047b156bb | 1463 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1464 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1465 | |
| rahul_dahiya |
0:fb8047b156bb | 1466 | memcpy( ssl->out_iv, ssl->transform_out->iv_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1467 | ssl->transform_out->ivlen ); |
| rahul_dahiya |
0:fb8047b156bb | 1468 | |
| rahul_dahiya |
0:fb8047b156bb | 1469 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1470 | * Fix pointer positions and message length with added IV |
| rahul_dahiya |
0:fb8047b156bb | 1471 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1472 | enc_msg = ssl->out_msg; |
| rahul_dahiya |
0:fb8047b156bb | 1473 | enc_msglen = ssl->out_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 1474 | ssl->out_msglen += ssl->transform_out->ivlen; |
| rahul_dahiya |
0:fb8047b156bb | 1475 | } |
| rahul_dahiya |
0:fb8047b156bb | 1476 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 1477 | |
| rahul_dahiya |
0:fb8047b156bb | 1478 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
| rahul_dahiya |
0:fb8047b156bb | 1479 | "including %d bytes of IV and %d bytes of padding", |
| rahul_dahiya |
0:fb8047b156bb | 1480 | ssl->out_msglen, ssl->transform_out->ivlen, |
| rahul_dahiya |
0:fb8047b156bb | 1481 | padlen + 1 ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1482 | |
| rahul_dahiya |
0:fb8047b156bb | 1483 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1484 | ssl->transform_out->iv_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1485 | ssl->transform_out->ivlen, |
| rahul_dahiya |
0:fb8047b156bb | 1486 | enc_msg, enc_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1487 | enc_msg, &olen ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1488 | { |
| rahul_dahiya |
0:fb8047b156bb | 1489 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1490 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1491 | } |
| rahul_dahiya |
0:fb8047b156bb | 1492 | |
| rahul_dahiya |
0:fb8047b156bb | 1493 | if( enc_msglen != olen ) |
| rahul_dahiya |
0:fb8047b156bb | 1494 | { |
| rahul_dahiya |
0:fb8047b156bb | 1495 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1496 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1497 | } |
| rahul_dahiya |
0:fb8047b156bb | 1498 | |
| rahul_dahiya |
0:fb8047b156bb | 1499 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
| rahul_dahiya |
0:fb8047b156bb | 1500 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) |
| rahul_dahiya |
0:fb8047b156bb | 1501 | { |
| rahul_dahiya |
0:fb8047b156bb | 1502 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1503 | * Save IV in SSL3 and TLS1 |
| rahul_dahiya |
0:fb8047b156bb | 1504 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1505 | memcpy( ssl->transform_out->iv_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1506 | ssl->transform_out->cipher_ctx_enc.iv, |
| rahul_dahiya |
0:fb8047b156bb | 1507 | ssl->transform_out->ivlen ); |
| rahul_dahiya |
0:fb8047b156bb | 1508 | } |
| rahul_dahiya |
0:fb8047b156bb | 1509 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1510 | |
| rahul_dahiya |
0:fb8047b156bb | 1511 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 1512 | if( auth_done == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1513 | { |
| rahul_dahiya |
0:fb8047b156bb | 1514 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1515 | * MAC(MAC_write_key, seq_num + |
| rahul_dahiya |
0:fb8047b156bb | 1516 | * TLSCipherText.type + |
| rahul_dahiya |
0:fb8047b156bb | 1517 | * TLSCipherText.version + |
| rahul_dahiya |
0:fb8047b156bb | 1518 | * length_of( (IV +) ENC(...) ) + |
| rahul_dahiya |
0:fb8047b156bb | 1519 | * IV + // except for TLS 1.0 |
| rahul_dahiya |
0:fb8047b156bb | 1520 | * ENC(content + padding + padding_length)); |
| rahul_dahiya |
0:fb8047b156bb | 1521 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1522 | unsigned char pseudo_hdr[13]; |
| rahul_dahiya |
0:fb8047b156bb | 1523 | |
| rahul_dahiya |
0:fb8047b156bb | 1524 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1525 | |
| rahul_dahiya |
0:fb8047b156bb | 1526 | memcpy( pseudo_hdr + 0, ssl->out_ctr, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1527 | memcpy( pseudo_hdr + 8, ssl->out_hdr, 3 ); |
| rahul_dahiya |
0:fb8047b156bb | 1528 | pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 1529 | pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 1530 | |
| rahul_dahiya |
0:fb8047b156bb | 1531 | MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 ); |
| rahul_dahiya |
0:fb8047b156bb | 1532 | |
| rahul_dahiya |
0:fb8047b156bb | 1533 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 ); |
| rahul_dahiya |
0:fb8047b156bb | 1534 | mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1535 | ssl->out_iv, ssl->out_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 1536 | mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, |
| rahul_dahiya |
0:fb8047b156bb | 1537 | ssl->out_iv + ssl->out_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 1538 | mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); |
| rahul_dahiya |
0:fb8047b156bb | 1539 | |
| rahul_dahiya |
0:fb8047b156bb | 1540 | ssl->out_msglen += ssl->transform_out->maclen; |
| rahul_dahiya |
0:fb8047b156bb | 1541 | auth_done++; |
| rahul_dahiya |
0:fb8047b156bb | 1542 | } |
| rahul_dahiya |
0:fb8047b156bb | 1543 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
| rahul_dahiya |
0:fb8047b156bb | 1544 | } |
| rahul_dahiya |
0:fb8047b156bb | 1545 | else |
| rahul_dahiya |
0:fb8047b156bb | 1546 | #endif /* MBEDTLS_CIPHER_MODE_CBC && |
| rahul_dahiya |
0:fb8047b156bb | 1547 | ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ |
| rahul_dahiya |
0:fb8047b156bb | 1548 | { |
| rahul_dahiya |
0:fb8047b156bb | 1549 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1550 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1551 | } |
| rahul_dahiya |
0:fb8047b156bb | 1552 | |
| rahul_dahiya |
0:fb8047b156bb | 1553 | /* Make extra sure authentication was performed, exactly once */ |
| rahul_dahiya |
0:fb8047b156bb | 1554 | if( auth_done != 1 ) |
| rahul_dahiya |
0:fb8047b156bb | 1555 | { |
| rahul_dahiya |
0:fb8047b156bb | 1556 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1557 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1558 | } |
| rahul_dahiya |
0:fb8047b156bb | 1559 | |
| rahul_dahiya |
0:fb8047b156bb | 1560 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1561 | |
| rahul_dahiya |
0:fb8047b156bb | 1562 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1563 | } |
| rahul_dahiya |
0:fb8047b156bb | 1564 | |
| rahul_dahiya |
0:fb8047b156bb | 1565 | #define SSL_MAX_MAC_SIZE 48 |
| rahul_dahiya |
0:fb8047b156bb | 1566 | |
| rahul_dahiya |
0:fb8047b156bb | 1567 | static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 1568 | { |
| rahul_dahiya |
0:fb8047b156bb | 1569 | size_t i; |
| rahul_dahiya |
0:fb8047b156bb | 1570 | mbedtls_cipher_mode_t mode; |
| rahul_dahiya |
0:fb8047b156bb | 1571 | int auth_done = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1572 | #if defined(SSL_SOME_MODES_USE_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 1573 | size_t padlen = 0, correct = 1; |
| rahul_dahiya |
0:fb8047b156bb | 1574 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1575 | |
| rahul_dahiya |
0:fb8047b156bb | 1576 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1577 | |
| rahul_dahiya |
0:fb8047b156bb | 1578 | if( ssl->session_in == NULL || ssl->transform_in == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 1579 | { |
| rahul_dahiya |
0:fb8047b156bb | 1580 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1581 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1582 | } |
| rahul_dahiya |
0:fb8047b156bb | 1583 | |
| rahul_dahiya |
0:fb8047b156bb | 1584 | mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec ); |
| rahul_dahiya |
0:fb8047b156bb | 1585 | |
| rahul_dahiya |
0:fb8047b156bb | 1586 | if( ssl->in_msglen < ssl->transform_in->minlen ) |
| rahul_dahiya |
0:fb8047b156bb | 1587 | { |
| rahul_dahiya |
0:fb8047b156bb | 1588 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)", |
| rahul_dahiya |
0:fb8047b156bb | 1589 | ssl->in_msglen, ssl->transform_in->minlen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1590 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| rahul_dahiya |
0:fb8047b156bb | 1591 | } |
| rahul_dahiya |
0:fb8047b156bb | 1592 | |
| rahul_dahiya |
0:fb8047b156bb | 1593 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) |
| rahul_dahiya |
0:fb8047b156bb | 1594 | if( mode == MBEDTLS_MODE_STREAM ) |
| rahul_dahiya |
0:fb8047b156bb | 1595 | { |
| rahul_dahiya |
0:fb8047b156bb | 1596 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 1597 | size_t olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1598 | |
| rahul_dahiya |
0:fb8047b156bb | 1599 | padlen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1600 | |
| rahul_dahiya |
0:fb8047b156bb | 1601 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, |
| rahul_dahiya |
0:fb8047b156bb | 1602 | ssl->transform_in->iv_dec, |
| rahul_dahiya |
0:fb8047b156bb | 1603 | ssl->transform_in->ivlen, |
| rahul_dahiya |
0:fb8047b156bb | 1604 | ssl->in_msg, ssl->in_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1605 | ssl->in_msg, &olen ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1606 | { |
| rahul_dahiya |
0:fb8047b156bb | 1607 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1608 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1609 | } |
| rahul_dahiya |
0:fb8047b156bb | 1610 | |
| rahul_dahiya |
0:fb8047b156bb | 1611 | if( ssl->in_msglen != olen ) |
| rahul_dahiya |
0:fb8047b156bb | 1612 | { |
| rahul_dahiya |
0:fb8047b156bb | 1613 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1614 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1615 | } |
| rahul_dahiya |
0:fb8047b156bb | 1616 | } |
| rahul_dahiya |
0:fb8047b156bb | 1617 | else |
| rahul_dahiya |
0:fb8047b156bb | 1618 | #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ |
| rahul_dahiya |
0:fb8047b156bb | 1619 | #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) |
| rahul_dahiya |
0:fb8047b156bb | 1620 | if( mode == MBEDTLS_MODE_GCM || |
| rahul_dahiya |
0:fb8047b156bb | 1621 | mode == MBEDTLS_MODE_CCM ) |
| rahul_dahiya |
0:fb8047b156bb | 1622 | { |
| rahul_dahiya |
0:fb8047b156bb | 1623 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 1624 | size_t dec_msglen, olen; |
| rahul_dahiya |
0:fb8047b156bb | 1625 | unsigned char *dec_msg; |
| rahul_dahiya |
0:fb8047b156bb | 1626 | unsigned char *dec_msg_result; |
| rahul_dahiya |
0:fb8047b156bb | 1627 | unsigned char add_data[13]; |
| rahul_dahiya |
0:fb8047b156bb | 1628 | unsigned char taglen = ssl->transform_in->ciphersuite_info->flags & |
| rahul_dahiya |
0:fb8047b156bb | 1629 | MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; |
| rahul_dahiya |
0:fb8047b156bb | 1630 | size_t explicit_iv_len = ssl->transform_in->ivlen - |
| rahul_dahiya |
0:fb8047b156bb | 1631 | ssl->transform_in->fixed_ivlen; |
| rahul_dahiya |
0:fb8047b156bb | 1632 | |
| rahul_dahiya |
0:fb8047b156bb | 1633 | if( ssl->in_msglen < explicit_iv_len + taglen ) |
| rahul_dahiya |
0:fb8047b156bb | 1634 | { |
| rahul_dahiya |
0:fb8047b156bb | 1635 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) " |
| rahul_dahiya |
0:fb8047b156bb | 1636 | "+ taglen (%d)", ssl->in_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1637 | explicit_iv_len, taglen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1638 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| rahul_dahiya |
0:fb8047b156bb | 1639 | } |
| rahul_dahiya |
0:fb8047b156bb | 1640 | dec_msglen = ssl->in_msglen - explicit_iv_len - taglen; |
| rahul_dahiya |
0:fb8047b156bb | 1641 | |
| rahul_dahiya |
0:fb8047b156bb | 1642 | dec_msg = ssl->in_msg; |
| rahul_dahiya |
0:fb8047b156bb | 1643 | dec_msg_result = ssl->in_msg; |
| rahul_dahiya |
0:fb8047b156bb | 1644 | ssl->in_msglen = dec_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 1645 | |
| rahul_dahiya |
0:fb8047b156bb | 1646 | memcpy( add_data, ssl->in_ctr, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1647 | add_data[8] = ssl->in_msgtype; |
| rahul_dahiya |
0:fb8047b156bb | 1648 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
| rahul_dahiya |
0:fb8047b156bb | 1649 | ssl->conf->transport, add_data + 9 ); |
| rahul_dahiya |
0:fb8047b156bb | 1650 | add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF; |
| rahul_dahiya |
0:fb8047b156bb | 1651 | add_data[12] = ssl->in_msglen & 0xFF; |
| rahul_dahiya |
0:fb8047b156bb | 1652 | |
| rahul_dahiya |
0:fb8047b156bb | 1653 | MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", |
| rahul_dahiya |
0:fb8047b156bb | 1654 | add_data, 13 ); |
| rahul_dahiya |
0:fb8047b156bb | 1655 | |
| rahul_dahiya |
0:fb8047b156bb | 1656 | memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen, |
| rahul_dahiya |
0:fb8047b156bb | 1657 | ssl->in_iv, |
| rahul_dahiya |
0:fb8047b156bb | 1658 | ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen ); |
| rahul_dahiya |
0:fb8047b156bb | 1659 | |
| rahul_dahiya |
0:fb8047b156bb | 1660 | MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec, |
| rahul_dahiya |
0:fb8047b156bb | 1661 | ssl->transform_in->ivlen ); |
| rahul_dahiya |
0:fb8047b156bb | 1662 | MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen ); |
| rahul_dahiya |
0:fb8047b156bb | 1663 | |
| rahul_dahiya |
0:fb8047b156bb | 1664 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1665 | * Decrypt and authenticate |
| rahul_dahiya |
0:fb8047b156bb | 1666 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1667 | if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec, |
| rahul_dahiya |
0:fb8047b156bb | 1668 | ssl->transform_in->iv_dec, |
| rahul_dahiya |
0:fb8047b156bb | 1669 | ssl->transform_in->ivlen, |
| rahul_dahiya |
0:fb8047b156bb | 1670 | add_data, 13, |
| rahul_dahiya |
0:fb8047b156bb | 1671 | dec_msg, dec_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1672 | dec_msg_result, &olen, |
| rahul_dahiya |
0:fb8047b156bb | 1673 | dec_msg + dec_msglen, taglen ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1674 | { |
| rahul_dahiya |
0:fb8047b156bb | 1675 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1676 | |
| rahul_dahiya |
0:fb8047b156bb | 1677 | if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ) |
| rahul_dahiya |
0:fb8047b156bb | 1678 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| rahul_dahiya |
0:fb8047b156bb | 1679 | |
| rahul_dahiya |
0:fb8047b156bb | 1680 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1681 | } |
| rahul_dahiya |
0:fb8047b156bb | 1682 | auth_done++; |
| rahul_dahiya |
0:fb8047b156bb | 1683 | |
| rahul_dahiya |
0:fb8047b156bb | 1684 | if( olen != dec_msglen ) |
| rahul_dahiya |
0:fb8047b156bb | 1685 | { |
| rahul_dahiya |
0:fb8047b156bb | 1686 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1687 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1688 | } |
| rahul_dahiya |
0:fb8047b156bb | 1689 | } |
| rahul_dahiya |
0:fb8047b156bb | 1690 | else |
| rahul_dahiya |
0:fb8047b156bb | 1691 | #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ |
| rahul_dahiya |
0:fb8047b156bb | 1692 | #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
| rahul_dahiya |
0:fb8047b156bb | 1693 | ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) |
| rahul_dahiya |
0:fb8047b156bb | 1694 | if( mode == MBEDTLS_MODE_CBC ) |
| rahul_dahiya |
0:fb8047b156bb | 1695 | { |
| rahul_dahiya |
0:fb8047b156bb | 1696 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1697 | * Decrypt and check the padding |
| rahul_dahiya |
0:fb8047b156bb | 1698 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1699 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 1700 | unsigned char *dec_msg; |
| rahul_dahiya |
0:fb8047b156bb | 1701 | unsigned char *dec_msg_result; |
| rahul_dahiya |
0:fb8047b156bb | 1702 | size_t dec_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 1703 | size_t minlen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1704 | size_t olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1705 | |
| rahul_dahiya |
0:fb8047b156bb | 1706 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1707 | * Check immediate ciphertext sanity |
| rahul_dahiya |
0:fb8047b156bb | 1708 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1709 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 1710 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
| rahul_dahiya |
0:fb8047b156bb | 1711 | minlen += ssl->transform_in->ivlen; |
| rahul_dahiya |
0:fb8047b156bb | 1712 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1713 | |
| rahul_dahiya |
0:fb8047b156bb | 1714 | if( ssl->in_msglen < minlen + ssl->transform_in->ivlen || |
| rahul_dahiya |
0:fb8047b156bb | 1715 | ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 ) |
| rahul_dahiya |
0:fb8047b156bb | 1716 | { |
| rahul_dahiya |
0:fb8047b156bb | 1717 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) " |
| rahul_dahiya |
0:fb8047b156bb | 1718 | "+ 1 ) ( + expl IV )", ssl->in_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1719 | ssl->transform_in->ivlen, |
| rahul_dahiya |
0:fb8047b156bb | 1720 | ssl->transform_in->maclen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1721 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| rahul_dahiya |
0:fb8047b156bb | 1722 | } |
| rahul_dahiya |
0:fb8047b156bb | 1723 | |
| rahul_dahiya |
0:fb8047b156bb | 1724 | dec_msglen = ssl->in_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 1725 | dec_msg = ssl->in_msg; |
| rahul_dahiya |
0:fb8047b156bb | 1726 | dec_msg_result = ssl->in_msg; |
| rahul_dahiya |
0:fb8047b156bb | 1727 | |
| rahul_dahiya |
0:fb8047b156bb | 1728 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1729 | * Authenticate before decrypt if enabled |
| rahul_dahiya |
0:fb8047b156bb | 1730 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1731 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 1732 | if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) |
| rahul_dahiya |
0:fb8047b156bb | 1733 | { |
| rahul_dahiya |
0:fb8047b156bb | 1734 | unsigned char computed_mac[SSL_MAX_MAC_SIZE]; |
| rahul_dahiya |
0:fb8047b156bb | 1735 | unsigned char pseudo_hdr[13]; |
| rahul_dahiya |
0:fb8047b156bb | 1736 | |
| rahul_dahiya |
0:fb8047b156bb | 1737 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1738 | |
| rahul_dahiya |
0:fb8047b156bb | 1739 | dec_msglen -= ssl->transform_in->maclen; |
| rahul_dahiya |
0:fb8047b156bb | 1740 | ssl->in_msglen -= ssl->transform_in->maclen; |
| rahul_dahiya |
0:fb8047b156bb | 1741 | |
| rahul_dahiya |
0:fb8047b156bb | 1742 | memcpy( pseudo_hdr + 0, ssl->in_ctr, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1743 | memcpy( pseudo_hdr + 8, ssl->in_hdr, 3 ); |
| rahul_dahiya |
0:fb8047b156bb | 1744 | pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 1745 | pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 1746 | |
| rahul_dahiya |
0:fb8047b156bb | 1747 | MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 ); |
| rahul_dahiya |
0:fb8047b156bb | 1748 | |
| rahul_dahiya |
0:fb8047b156bb | 1749 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 ); |
| rahul_dahiya |
0:fb8047b156bb | 1750 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, |
| rahul_dahiya |
0:fb8047b156bb | 1751 | ssl->in_iv, ssl->in_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 1752 | mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, computed_mac ); |
| rahul_dahiya |
0:fb8047b156bb | 1753 | mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); |
| rahul_dahiya |
0:fb8047b156bb | 1754 | |
| rahul_dahiya |
0:fb8047b156bb | 1755 | MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1756 | ssl->transform_in->maclen ); |
| rahul_dahiya |
0:fb8047b156bb | 1757 | MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", computed_mac, |
| rahul_dahiya |
0:fb8047b156bb | 1758 | ssl->transform_in->maclen ); |
| rahul_dahiya |
0:fb8047b156bb | 1759 | |
| rahul_dahiya |
0:fb8047b156bb | 1760 | if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, computed_mac, |
| rahul_dahiya |
0:fb8047b156bb | 1761 | ssl->transform_in->maclen ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1762 | { |
| rahul_dahiya |
0:fb8047b156bb | 1763 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1764 | |
| rahul_dahiya |
0:fb8047b156bb | 1765 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| rahul_dahiya |
0:fb8047b156bb | 1766 | } |
| rahul_dahiya |
0:fb8047b156bb | 1767 | auth_done++; |
| rahul_dahiya |
0:fb8047b156bb | 1768 | } |
| rahul_dahiya |
0:fb8047b156bb | 1769 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
| rahul_dahiya |
0:fb8047b156bb | 1770 | |
| rahul_dahiya |
0:fb8047b156bb | 1771 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1772 | * Check length sanity |
| rahul_dahiya |
0:fb8047b156bb | 1773 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1774 | if( ssl->in_msglen % ssl->transform_in->ivlen != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1775 | { |
| rahul_dahiya |
0:fb8047b156bb | 1776 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0", |
| rahul_dahiya |
0:fb8047b156bb | 1777 | ssl->in_msglen, ssl->transform_in->ivlen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1778 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| rahul_dahiya |
0:fb8047b156bb | 1779 | } |
| rahul_dahiya |
0:fb8047b156bb | 1780 | |
| rahul_dahiya |
0:fb8047b156bb | 1781 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 1782 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1783 | * Initialize for prepended IV for block cipher in TLS v1.1 and up |
| rahul_dahiya |
0:fb8047b156bb | 1784 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1785 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
| rahul_dahiya |
0:fb8047b156bb | 1786 | { |
| rahul_dahiya |
0:fb8047b156bb | 1787 | dec_msglen -= ssl->transform_in->ivlen; |
| rahul_dahiya |
0:fb8047b156bb | 1788 | ssl->in_msglen -= ssl->transform_in->ivlen; |
| rahul_dahiya |
0:fb8047b156bb | 1789 | |
| rahul_dahiya |
0:fb8047b156bb | 1790 | for( i = 0; i < ssl->transform_in->ivlen; i++ ) |
| rahul_dahiya |
0:fb8047b156bb | 1791 | ssl->transform_in->iv_dec[i] = ssl->in_iv[i]; |
| rahul_dahiya |
0:fb8047b156bb | 1792 | } |
| rahul_dahiya |
0:fb8047b156bb | 1793 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 1794 | |
| rahul_dahiya |
0:fb8047b156bb | 1795 | if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, |
| rahul_dahiya |
0:fb8047b156bb | 1796 | ssl->transform_in->iv_dec, |
| rahul_dahiya |
0:fb8047b156bb | 1797 | ssl->transform_in->ivlen, |
| rahul_dahiya |
0:fb8047b156bb | 1798 | dec_msg, dec_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1799 | dec_msg_result, &olen ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1800 | { |
| rahul_dahiya |
0:fb8047b156bb | 1801 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1802 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1803 | } |
| rahul_dahiya |
0:fb8047b156bb | 1804 | |
| rahul_dahiya |
0:fb8047b156bb | 1805 | if( dec_msglen != olen ) |
| rahul_dahiya |
0:fb8047b156bb | 1806 | { |
| rahul_dahiya |
0:fb8047b156bb | 1807 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1808 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1809 | } |
| rahul_dahiya |
0:fb8047b156bb | 1810 | |
| rahul_dahiya |
0:fb8047b156bb | 1811 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) |
| rahul_dahiya |
0:fb8047b156bb | 1812 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) |
| rahul_dahiya |
0:fb8047b156bb | 1813 | { |
| rahul_dahiya |
0:fb8047b156bb | 1814 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1815 | * Save IV in SSL3 and TLS1 |
| rahul_dahiya |
0:fb8047b156bb | 1816 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1817 | memcpy( ssl->transform_in->iv_dec, |
| rahul_dahiya |
0:fb8047b156bb | 1818 | ssl->transform_in->cipher_ctx_dec.iv, |
| rahul_dahiya |
0:fb8047b156bb | 1819 | ssl->transform_in->ivlen ); |
| rahul_dahiya |
0:fb8047b156bb | 1820 | } |
| rahul_dahiya |
0:fb8047b156bb | 1821 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1822 | |
| rahul_dahiya |
0:fb8047b156bb | 1823 | padlen = 1 + ssl->in_msg[ssl->in_msglen - 1]; |
| rahul_dahiya |
0:fb8047b156bb | 1824 | |
| rahul_dahiya |
0:fb8047b156bb | 1825 | if( ssl->in_msglen < ssl->transform_in->maclen + padlen && |
| rahul_dahiya |
0:fb8047b156bb | 1826 | auth_done == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1827 | { |
| rahul_dahiya |
0:fb8047b156bb | 1828 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
| rahul_dahiya |
0:fb8047b156bb | 1829 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)", |
| rahul_dahiya |
0:fb8047b156bb | 1830 | ssl->in_msglen, ssl->transform_in->maclen, padlen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1831 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1832 | padlen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1833 | correct = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1834 | } |
| rahul_dahiya |
0:fb8047b156bb | 1835 | |
| rahul_dahiya |
0:fb8047b156bb | 1836 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 1837 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1838 | { |
| rahul_dahiya |
0:fb8047b156bb | 1839 | if( padlen > ssl->transform_in->ivlen ) |
| rahul_dahiya |
0:fb8047b156bb | 1840 | { |
| rahul_dahiya |
0:fb8047b156bb | 1841 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
| rahul_dahiya |
0:fb8047b156bb | 1842 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, " |
| rahul_dahiya |
0:fb8047b156bb | 1843 | "should be no more than %d", |
| rahul_dahiya |
0:fb8047b156bb | 1844 | padlen, ssl->transform_in->ivlen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1845 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1846 | correct = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1847 | } |
| rahul_dahiya |
0:fb8047b156bb | 1848 | } |
| rahul_dahiya |
0:fb8047b156bb | 1849 | else |
| rahul_dahiya |
0:fb8047b156bb | 1850 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| rahul_dahiya |
0:fb8047b156bb | 1851 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 1852 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 1853 | if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1854 | { |
| rahul_dahiya |
0:fb8047b156bb | 1855 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1856 | * TLSv1+: always check the padding up to the first failure |
| rahul_dahiya |
0:fb8047b156bb | 1857 | * and fake check up to 256 bytes of padding |
| rahul_dahiya |
0:fb8047b156bb | 1858 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1859 | size_t pad_count = 0, real_count = 1; |
| rahul_dahiya |
0:fb8047b156bb | 1860 | size_t padding_idx = ssl->in_msglen - padlen - 1; |
| rahul_dahiya |
0:fb8047b156bb | 1861 | |
| rahul_dahiya |
0:fb8047b156bb | 1862 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1863 | * Padding is guaranteed to be incorrect if: |
| rahul_dahiya |
0:fb8047b156bb | 1864 | * 1. padlen >= ssl->in_msglen |
| rahul_dahiya |
0:fb8047b156bb | 1865 | * |
| rahul_dahiya |
0:fb8047b156bb | 1866 | * 2. padding_idx >= MBEDTLS_SSL_MAX_CONTENT_LEN + |
| rahul_dahiya |
0:fb8047b156bb | 1867 | * ssl->transform_in->maclen |
| rahul_dahiya |
0:fb8047b156bb | 1868 | * |
| rahul_dahiya |
0:fb8047b156bb | 1869 | * In both cases we reset padding_idx to a safe value (0) to |
| rahul_dahiya |
0:fb8047b156bb | 1870 | * prevent out-of-buffer reads. |
| rahul_dahiya |
0:fb8047b156bb | 1871 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1872 | correct &= ( ssl->in_msglen >= padlen + 1 ); |
| rahul_dahiya |
0:fb8047b156bb | 1873 | correct &= ( padding_idx < MBEDTLS_SSL_MAX_CONTENT_LEN + |
| rahul_dahiya |
0:fb8047b156bb | 1874 | ssl->transform_in->maclen ); |
| rahul_dahiya |
0:fb8047b156bb | 1875 | |
| rahul_dahiya |
0:fb8047b156bb | 1876 | padding_idx *= correct; |
| rahul_dahiya |
0:fb8047b156bb | 1877 | |
| rahul_dahiya |
0:fb8047b156bb | 1878 | for( i = 1; i <= 256; i++ ) |
| rahul_dahiya |
0:fb8047b156bb | 1879 | { |
| rahul_dahiya |
0:fb8047b156bb | 1880 | real_count &= ( i <= padlen ); |
| rahul_dahiya |
0:fb8047b156bb | 1881 | pad_count += real_count * |
| rahul_dahiya |
0:fb8047b156bb | 1882 | ( ssl->in_msg[padding_idx + i] == padlen - 1 ); |
| rahul_dahiya |
0:fb8047b156bb | 1883 | } |
| rahul_dahiya |
0:fb8047b156bb | 1884 | |
| rahul_dahiya |
0:fb8047b156bb | 1885 | correct &= ( pad_count == padlen ); /* Only 1 on correct padding */ |
| rahul_dahiya |
0:fb8047b156bb | 1886 | |
| rahul_dahiya |
0:fb8047b156bb | 1887 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
| rahul_dahiya |
0:fb8047b156bb | 1888 | if( padlen > 0 && correct == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1889 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1890 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1891 | padlen &= correct * 0x1FF; |
| rahul_dahiya |
0:fb8047b156bb | 1892 | } |
| rahul_dahiya |
0:fb8047b156bb | 1893 | else |
| rahul_dahiya |
0:fb8047b156bb | 1894 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
| rahul_dahiya |
0:fb8047b156bb | 1895 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 1896 | { |
| rahul_dahiya |
0:fb8047b156bb | 1897 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1898 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1899 | } |
| rahul_dahiya |
0:fb8047b156bb | 1900 | |
| rahul_dahiya |
0:fb8047b156bb | 1901 | ssl->in_msglen -= padlen; |
| rahul_dahiya |
0:fb8047b156bb | 1902 | } |
| rahul_dahiya |
0:fb8047b156bb | 1903 | else |
| rahul_dahiya |
0:fb8047b156bb | 1904 | #endif /* MBEDTLS_CIPHER_MODE_CBC && |
| rahul_dahiya |
0:fb8047b156bb | 1905 | ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ |
| rahul_dahiya |
0:fb8047b156bb | 1906 | { |
| rahul_dahiya |
0:fb8047b156bb | 1907 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1908 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1909 | } |
| rahul_dahiya |
0:fb8047b156bb | 1910 | |
| rahul_dahiya |
0:fb8047b156bb | 1911 | MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption", |
| rahul_dahiya |
0:fb8047b156bb | 1912 | ssl->in_msg, ssl->in_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 1913 | |
| rahul_dahiya |
0:fb8047b156bb | 1914 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1915 | * Authenticate if not done yet. |
| rahul_dahiya |
0:fb8047b156bb | 1916 | * Compute the MAC regardless of the padding result (RFC4346, CBCTIME). |
| rahul_dahiya |
0:fb8047b156bb | 1917 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1918 | #if defined(SSL_SOME_MODES_USE_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 1919 | if( auth_done == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1920 | { |
| rahul_dahiya |
0:fb8047b156bb | 1921 | unsigned char tmp[SSL_MAX_MAC_SIZE]; |
| rahul_dahiya |
0:fb8047b156bb | 1922 | |
| rahul_dahiya |
0:fb8047b156bb | 1923 | ssl->in_msglen -= ssl->transform_in->maclen; |
| rahul_dahiya |
0:fb8047b156bb | 1924 | |
| rahul_dahiya |
0:fb8047b156bb | 1925 | ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1926 | ssl->in_len[1] = (unsigned char)( ssl->in_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 1927 | |
| rahul_dahiya |
0:fb8047b156bb | 1928 | memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen ); |
| rahul_dahiya |
0:fb8047b156bb | 1929 | |
| rahul_dahiya |
0:fb8047b156bb | 1930 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 1931 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1932 | { |
| rahul_dahiya |
0:fb8047b156bb | 1933 | ssl_mac( &ssl->transform_in->md_ctx_dec, |
| rahul_dahiya |
0:fb8047b156bb | 1934 | ssl->transform_in->mac_dec, |
| rahul_dahiya |
0:fb8047b156bb | 1935 | ssl->in_msg, ssl->in_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1936 | ssl->in_ctr, ssl->in_msgtype ); |
| rahul_dahiya |
0:fb8047b156bb | 1937 | } |
| rahul_dahiya |
0:fb8047b156bb | 1938 | else |
| rahul_dahiya |
0:fb8047b156bb | 1939 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| rahul_dahiya |
0:fb8047b156bb | 1940 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 1941 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 1942 | if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1943 | { |
| rahul_dahiya |
0:fb8047b156bb | 1944 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1945 | * Process MAC and always update for padlen afterwards to make |
| rahul_dahiya |
0:fb8047b156bb | 1946 | * total time independent of padlen |
| rahul_dahiya |
0:fb8047b156bb | 1947 | * |
| rahul_dahiya |
0:fb8047b156bb | 1948 | * extra_run compensates MAC check for padlen |
| rahul_dahiya |
0:fb8047b156bb | 1949 | * |
| rahul_dahiya |
0:fb8047b156bb | 1950 | * Known timing attacks: |
| rahul_dahiya |
0:fb8047b156bb | 1951 | * - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf) |
| rahul_dahiya |
0:fb8047b156bb | 1952 | * |
| rahul_dahiya |
0:fb8047b156bb | 1953 | * We use ( ( Lx + 8 ) / 64 ) to handle 'negative Lx' values |
| rahul_dahiya |
0:fb8047b156bb | 1954 | * correctly. (We round down instead of up, so -56 is the correct |
| rahul_dahiya |
0:fb8047b156bb | 1955 | * value for our calculations instead of -55) |
| rahul_dahiya |
0:fb8047b156bb | 1956 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1957 | size_t j, extra_run = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1958 | extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 - |
| rahul_dahiya |
0:fb8047b156bb | 1959 | ( 13 + ssl->in_msglen + 8 ) / 64; |
| rahul_dahiya |
0:fb8047b156bb | 1960 | |
| rahul_dahiya |
0:fb8047b156bb | 1961 | extra_run &= correct * 0xFF; |
| rahul_dahiya |
0:fb8047b156bb | 1962 | |
| rahul_dahiya |
0:fb8047b156bb | 1963 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 1964 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 ); |
| rahul_dahiya |
0:fb8047b156bb | 1965 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 ); |
| rahul_dahiya |
0:fb8047b156bb | 1966 | mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, |
| rahul_dahiya |
0:fb8047b156bb | 1967 | ssl->in_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 1968 | mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, |
| rahul_dahiya |
0:fb8047b156bb | 1969 | ssl->in_msg + ssl->in_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 1970 | /* Call mbedtls_md_process at least once due to cache attacks */ |
| rahul_dahiya |
0:fb8047b156bb | 1971 | for( j = 0; j < extra_run + 1; j++ ) |
| rahul_dahiya |
0:fb8047b156bb | 1972 | mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); |
| rahul_dahiya |
0:fb8047b156bb | 1973 | |
| rahul_dahiya |
0:fb8047b156bb | 1974 | mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); |
| rahul_dahiya |
0:fb8047b156bb | 1975 | } |
| rahul_dahiya |
0:fb8047b156bb | 1976 | else |
| rahul_dahiya |
0:fb8047b156bb | 1977 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
| rahul_dahiya |
0:fb8047b156bb | 1978 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 1979 | { |
| rahul_dahiya |
0:fb8047b156bb | 1980 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1981 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1982 | } |
| rahul_dahiya |
0:fb8047b156bb | 1983 | |
| rahul_dahiya |
0:fb8047b156bb | 1984 | MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen ); |
| rahul_dahiya |
0:fb8047b156bb | 1985 | MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1986 | ssl->transform_in->maclen ); |
| rahul_dahiya |
0:fb8047b156bb | 1987 | |
| rahul_dahiya |
0:fb8047b156bb | 1988 | if( mbedtls_ssl_safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen, |
| rahul_dahiya |
0:fb8047b156bb | 1989 | ssl->transform_in->maclen ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1990 | { |
| rahul_dahiya |
0:fb8047b156bb | 1991 | #if defined(MBEDTLS_SSL_DEBUG_ALL) |
| rahul_dahiya |
0:fb8047b156bb | 1992 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1993 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1994 | correct = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1995 | } |
| rahul_dahiya |
0:fb8047b156bb | 1996 | auth_done++; |
| rahul_dahiya |
0:fb8047b156bb | 1997 | |
| rahul_dahiya |
0:fb8047b156bb | 1998 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1999 | * Finally check the correct flag |
| rahul_dahiya |
0:fb8047b156bb | 2000 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2001 | if( correct == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2002 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| rahul_dahiya |
0:fb8047b156bb | 2003 | } |
| rahul_dahiya |
0:fb8047b156bb | 2004 | #endif /* SSL_SOME_MODES_USE_MAC */ |
| rahul_dahiya |
0:fb8047b156bb | 2005 | |
| rahul_dahiya |
0:fb8047b156bb | 2006 | /* Make extra sure authentication was performed, exactly once */ |
| rahul_dahiya |
0:fb8047b156bb | 2007 | if( auth_done != 1 ) |
| rahul_dahiya |
0:fb8047b156bb | 2008 | { |
| rahul_dahiya |
0:fb8047b156bb | 2009 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2010 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2011 | } |
| rahul_dahiya |
0:fb8047b156bb | 2012 | |
| rahul_dahiya |
0:fb8047b156bb | 2013 | if( ssl->in_msglen == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2014 | { |
| rahul_dahiya |
0:fb8047b156bb | 2015 | ssl->nb_zero++; |
| rahul_dahiya |
0:fb8047b156bb | 2016 | |
| rahul_dahiya |
0:fb8047b156bb | 2017 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2018 | * Three or more empty messages may be a DoS attack |
| rahul_dahiya |
0:fb8047b156bb | 2019 | * (excessive CPU consumption). |
| rahul_dahiya |
0:fb8047b156bb | 2020 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2021 | if( ssl->nb_zero > 3 ) |
| rahul_dahiya |
0:fb8047b156bb | 2022 | { |
| rahul_dahiya |
0:fb8047b156bb | 2023 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty " |
| rahul_dahiya |
0:fb8047b156bb | 2024 | "messages, possible DoS attack" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2025 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| rahul_dahiya |
0:fb8047b156bb | 2026 | } |
| rahul_dahiya |
0:fb8047b156bb | 2027 | } |
| rahul_dahiya |
0:fb8047b156bb | 2028 | else |
| rahul_dahiya |
0:fb8047b156bb | 2029 | ssl->nb_zero = 0; |
| rahul_dahiya |
0:fb8047b156bb | 2030 | |
| rahul_dahiya |
0:fb8047b156bb | 2031 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 2032 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 2033 | { |
| rahul_dahiya |
0:fb8047b156bb | 2034 | ; /* in_ctr read from peer, not maintained internally */ |
| rahul_dahiya |
0:fb8047b156bb | 2035 | } |
| rahul_dahiya |
0:fb8047b156bb | 2036 | else |
| rahul_dahiya |
0:fb8047b156bb | 2037 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2038 | { |
| rahul_dahiya |
0:fb8047b156bb | 2039 | for( i = 8; i > ssl_ep_len( ssl ); i-- ) |
| rahul_dahiya |
0:fb8047b156bb | 2040 | if( ++ssl->in_ctr[i - 1] != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2041 | break; |
| rahul_dahiya |
0:fb8047b156bb | 2042 | |
| rahul_dahiya |
0:fb8047b156bb | 2043 | /* The loop goes to its end iff the counter is wrapping */ |
| rahul_dahiya |
0:fb8047b156bb | 2044 | if( i == ssl_ep_len( ssl ) ) |
| rahul_dahiya |
0:fb8047b156bb | 2045 | { |
| rahul_dahiya |
0:fb8047b156bb | 2046 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2047 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
| rahul_dahiya |
0:fb8047b156bb | 2048 | } |
| rahul_dahiya |
0:fb8047b156bb | 2049 | } |
| rahul_dahiya |
0:fb8047b156bb | 2050 | |
| rahul_dahiya |
0:fb8047b156bb | 2051 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2052 | |
| rahul_dahiya |
0:fb8047b156bb | 2053 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2054 | } |
| rahul_dahiya |
0:fb8047b156bb | 2055 | |
| rahul_dahiya |
0:fb8047b156bb | 2056 | #undef MAC_NONE |
| rahul_dahiya |
0:fb8047b156bb | 2057 | #undef MAC_PLAINTEXT |
| rahul_dahiya |
0:fb8047b156bb | 2058 | #undef MAC_CIPHERTEXT |
| rahul_dahiya |
0:fb8047b156bb | 2059 | |
| rahul_dahiya |
0:fb8047b156bb | 2060 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| rahul_dahiya |
0:fb8047b156bb | 2061 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2062 | * Compression/decompression functions |
| rahul_dahiya |
0:fb8047b156bb | 2063 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2064 | static int ssl_compress_buf( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2065 | { |
| rahul_dahiya |
0:fb8047b156bb | 2066 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 2067 | unsigned char *msg_post = ssl->out_msg; |
| rahul_dahiya |
0:fb8047b156bb | 2068 | size_t len_pre = ssl->out_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 2069 | unsigned char *msg_pre = ssl->compress_buf; |
| rahul_dahiya |
0:fb8047b156bb | 2070 | |
| rahul_dahiya |
0:fb8047b156bb | 2071 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> compress buf" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2072 | |
| rahul_dahiya |
0:fb8047b156bb | 2073 | if( len_pre == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2074 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2075 | |
| rahul_dahiya |
0:fb8047b156bb | 2076 | memcpy( msg_pre, ssl->out_msg, len_pre ); |
| rahul_dahiya |
0:fb8047b156bb | 2077 | |
| rahul_dahiya |
0:fb8047b156bb | 2078 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ", |
| rahul_dahiya |
0:fb8047b156bb | 2079 | ssl->out_msglen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2080 | |
| rahul_dahiya |
0:fb8047b156bb | 2081 | MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload", |
| rahul_dahiya |
0:fb8047b156bb | 2082 | ssl->out_msg, ssl->out_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 2083 | |
| rahul_dahiya |
0:fb8047b156bb | 2084 | ssl->transform_out->ctx_deflate.next_in = msg_pre; |
| rahul_dahiya |
0:fb8047b156bb | 2085 | ssl->transform_out->ctx_deflate.avail_in = len_pre; |
| rahul_dahiya |
0:fb8047b156bb | 2086 | ssl->transform_out->ctx_deflate.next_out = msg_post; |
| rahul_dahiya |
0:fb8047b156bb | 2087 | ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 2088 | |
| rahul_dahiya |
0:fb8047b156bb | 2089 | ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH ); |
| rahul_dahiya |
0:fb8047b156bb | 2090 | if( ret != Z_OK ) |
| rahul_dahiya |
0:fb8047b156bb | 2091 | { |
| rahul_dahiya |
0:fb8047b156bb | 2092 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2093 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 2094 | } |
| rahul_dahiya |
0:fb8047b156bb | 2095 | |
| rahul_dahiya |
0:fb8047b156bb | 2096 | ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN - |
| rahul_dahiya |
0:fb8047b156bb | 2097 | ssl->transform_out->ctx_deflate.avail_out; |
| rahul_dahiya |
0:fb8047b156bb | 2098 | |
| rahul_dahiya |
0:fb8047b156bb | 2099 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ", |
| rahul_dahiya |
0:fb8047b156bb | 2100 | ssl->out_msglen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2101 | |
| rahul_dahiya |
0:fb8047b156bb | 2102 | MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload", |
| rahul_dahiya |
0:fb8047b156bb | 2103 | ssl->out_msg, ssl->out_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 2104 | |
| rahul_dahiya |
0:fb8047b156bb | 2105 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= compress buf" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2106 | |
| rahul_dahiya |
0:fb8047b156bb | 2107 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2108 | } |
| rahul_dahiya |
0:fb8047b156bb | 2109 | |
| rahul_dahiya |
0:fb8047b156bb | 2110 | static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2111 | { |
| rahul_dahiya |
0:fb8047b156bb | 2112 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 2113 | unsigned char *msg_post = ssl->in_msg; |
| rahul_dahiya |
0:fb8047b156bb | 2114 | size_t len_pre = ssl->in_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 2115 | unsigned char *msg_pre = ssl->compress_buf; |
| rahul_dahiya |
0:fb8047b156bb | 2116 | |
| rahul_dahiya |
0:fb8047b156bb | 2117 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2118 | |
| rahul_dahiya |
0:fb8047b156bb | 2119 | if( len_pre == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2120 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2121 | |
| rahul_dahiya |
0:fb8047b156bb | 2122 | memcpy( msg_pre, ssl->in_msg, len_pre ); |
| rahul_dahiya |
0:fb8047b156bb | 2123 | |
| rahul_dahiya |
0:fb8047b156bb | 2124 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ", |
| rahul_dahiya |
0:fb8047b156bb | 2125 | ssl->in_msglen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2126 | |
| rahul_dahiya |
0:fb8047b156bb | 2127 | MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload", |
| rahul_dahiya |
0:fb8047b156bb | 2128 | ssl->in_msg, ssl->in_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 2129 | |
| rahul_dahiya |
0:fb8047b156bb | 2130 | ssl->transform_in->ctx_inflate.next_in = msg_pre; |
| rahul_dahiya |
0:fb8047b156bb | 2131 | ssl->transform_in->ctx_inflate.avail_in = len_pre; |
| rahul_dahiya |
0:fb8047b156bb | 2132 | ssl->transform_in->ctx_inflate.next_out = msg_post; |
| rahul_dahiya |
0:fb8047b156bb | 2133 | ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_MAX_CONTENT_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 2134 | |
| rahul_dahiya |
0:fb8047b156bb | 2135 | ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); |
| rahul_dahiya |
0:fb8047b156bb | 2136 | if( ret != Z_OK ) |
| rahul_dahiya |
0:fb8047b156bb | 2137 | { |
| rahul_dahiya |
0:fb8047b156bb | 2138 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2139 | return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 2140 | } |
| rahul_dahiya |
0:fb8047b156bb | 2141 | |
| rahul_dahiya |
0:fb8047b156bb | 2142 | ssl->in_msglen = MBEDTLS_SSL_MAX_CONTENT_LEN - |
| rahul_dahiya |
0:fb8047b156bb | 2143 | ssl->transform_in->ctx_inflate.avail_out; |
| rahul_dahiya |
0:fb8047b156bb | 2144 | |
| rahul_dahiya |
0:fb8047b156bb | 2145 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", |
| rahul_dahiya |
0:fb8047b156bb | 2146 | ssl->in_msglen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2147 | |
| rahul_dahiya |
0:fb8047b156bb | 2148 | MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload", |
| rahul_dahiya |
0:fb8047b156bb | 2149 | ssl->in_msg, ssl->in_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 2150 | |
| rahul_dahiya |
0:fb8047b156bb | 2151 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2152 | |
| rahul_dahiya |
0:fb8047b156bb | 2153 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2154 | } |
| rahul_dahiya |
0:fb8047b156bb | 2155 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
| rahul_dahiya |
0:fb8047b156bb | 2156 | |
| rahul_dahiya |
0:fb8047b156bb | 2157 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 2158 | static int ssl_write_hello_request( mbedtls_ssl_context *ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 2159 | |
| rahul_dahiya |
0:fb8047b156bb | 2160 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 2161 | static int ssl_resend_hello_request( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2162 | { |
| rahul_dahiya |
0:fb8047b156bb | 2163 | /* If renegotiation is not enforced, retransmit until we would reach max |
| rahul_dahiya |
0:fb8047b156bb | 2164 | * timeout if we were using the usual handshake doubling scheme */ |
| rahul_dahiya |
0:fb8047b156bb | 2165 | if( ssl->conf->renego_max_records < 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2166 | { |
| rahul_dahiya |
0:fb8047b156bb | 2167 | uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; |
| rahul_dahiya |
0:fb8047b156bb | 2168 | unsigned char doublings = 1; |
| rahul_dahiya |
0:fb8047b156bb | 2169 | |
| rahul_dahiya |
0:fb8047b156bb | 2170 | while( ratio != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2171 | { |
| rahul_dahiya |
0:fb8047b156bb | 2172 | ++doublings; |
| rahul_dahiya |
0:fb8047b156bb | 2173 | ratio >>= 1; |
| rahul_dahiya |
0:fb8047b156bb | 2174 | } |
| rahul_dahiya |
0:fb8047b156bb | 2175 | |
| rahul_dahiya |
0:fb8047b156bb | 2176 | if( ++ssl->renego_records_seen > doublings ) |
| rahul_dahiya |
0:fb8047b156bb | 2177 | { |
| rahul_dahiya |
0:fb8047b156bb | 2178 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2179 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2180 | } |
| rahul_dahiya |
0:fb8047b156bb | 2181 | } |
| rahul_dahiya |
0:fb8047b156bb | 2182 | |
| rahul_dahiya |
0:fb8047b156bb | 2183 | return( ssl_write_hello_request( ssl ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2184 | } |
| rahul_dahiya |
0:fb8047b156bb | 2185 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2186 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
| rahul_dahiya |
0:fb8047b156bb | 2187 | |
| rahul_dahiya |
0:fb8047b156bb | 2188 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2189 | * Fill the input message buffer by appending data to it. |
| rahul_dahiya |
0:fb8047b156bb | 2190 | * The amount of data already fetched is in ssl->in_left. |
| rahul_dahiya |
0:fb8047b156bb | 2191 | * |
| rahul_dahiya |
0:fb8047b156bb | 2192 | * If we return 0, is it guaranteed that (at least) nb_want bytes are |
| rahul_dahiya |
0:fb8047b156bb | 2193 | * available (from this read and/or a previous one). Otherwise, an error code |
| rahul_dahiya |
0:fb8047b156bb | 2194 | * is returned (possibly EOF or WANT_READ). |
| rahul_dahiya |
0:fb8047b156bb | 2195 | * |
| rahul_dahiya |
0:fb8047b156bb | 2196 | * With stream transport (TLS) on success ssl->in_left == nb_want, but |
| rahul_dahiya |
0:fb8047b156bb | 2197 | * with datagram transport (DTLS) on success ssl->in_left >= nb_want, |
| rahul_dahiya |
0:fb8047b156bb | 2198 | * since we always read a whole datagram at once. |
| rahul_dahiya |
0:fb8047b156bb | 2199 | * |
| rahul_dahiya |
0:fb8047b156bb | 2200 | * For DTLS, it is up to the caller to set ssl->next_record_offset when |
| rahul_dahiya |
0:fb8047b156bb | 2201 | * they're done reading a record. |
| rahul_dahiya |
0:fb8047b156bb | 2202 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2203 | int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) |
| rahul_dahiya |
0:fb8047b156bb | 2204 | { |
| rahul_dahiya |
0:fb8047b156bb | 2205 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 2206 | size_t len; |
| rahul_dahiya |
0:fb8047b156bb | 2207 | |
| rahul_dahiya |
0:fb8047b156bb | 2208 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2209 | |
| rahul_dahiya |
0:fb8047b156bb | 2210 | if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2211 | { |
| rahul_dahiya |
0:fb8047b156bb | 2212 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " |
| rahul_dahiya |
0:fb8047b156bb | 2213 | "or mbedtls_ssl_set_bio()" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2214 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 2215 | } |
| rahul_dahiya |
0:fb8047b156bb | 2216 | |
| rahul_dahiya |
0:fb8047b156bb | 2217 | if( nb_want > MBEDTLS_SSL_BUFFER_LEN - (size_t)( ssl->in_hdr - ssl->in_buf ) ) |
| rahul_dahiya |
0:fb8047b156bb | 2218 | { |
| rahul_dahiya |
0:fb8047b156bb | 2219 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2220 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 2221 | } |
| rahul_dahiya |
0:fb8047b156bb | 2222 | |
| rahul_dahiya |
0:fb8047b156bb | 2223 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 2224 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 2225 | { |
| rahul_dahiya |
0:fb8047b156bb | 2226 | uint32_t timeout; |
| rahul_dahiya |
0:fb8047b156bb | 2227 | |
| rahul_dahiya |
0:fb8047b156bb | 2228 | /* Just to be sure */ |
| rahul_dahiya |
0:fb8047b156bb | 2229 | if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2230 | { |
| rahul_dahiya |
0:fb8047b156bb | 2231 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use " |
| rahul_dahiya |
0:fb8047b156bb | 2232 | "mbedtls_ssl_set_timer_cb() for DTLS" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2233 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 2234 | } |
| rahul_dahiya |
0:fb8047b156bb | 2235 | |
| rahul_dahiya |
0:fb8047b156bb | 2236 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2237 | * The point is, we need to always read a full datagram at once, so we |
| rahul_dahiya |
0:fb8047b156bb | 2238 | * sometimes read more then requested, and handle the additional data. |
| rahul_dahiya |
0:fb8047b156bb | 2239 | * It could be the rest of the current record (while fetching the |
| rahul_dahiya |
0:fb8047b156bb | 2240 | * header) and/or some other records in the same datagram. |
| rahul_dahiya |
0:fb8047b156bb | 2241 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2242 | |
| rahul_dahiya |
0:fb8047b156bb | 2243 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2244 | * Move to the next record in the already read datagram if applicable |
| rahul_dahiya |
0:fb8047b156bb | 2245 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2246 | if( ssl->next_record_offset != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2247 | { |
| rahul_dahiya |
0:fb8047b156bb | 2248 | if( ssl->in_left < ssl->next_record_offset ) |
| rahul_dahiya |
0:fb8047b156bb | 2249 | { |
| rahul_dahiya |
0:fb8047b156bb | 2250 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2251 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2252 | } |
| rahul_dahiya |
0:fb8047b156bb | 2253 | |
| rahul_dahiya |
0:fb8047b156bb | 2254 | ssl->in_left -= ssl->next_record_offset; |
| rahul_dahiya |
0:fb8047b156bb | 2255 | |
| rahul_dahiya |
0:fb8047b156bb | 2256 | if( ssl->in_left != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2257 | { |
| rahul_dahiya |
0:fb8047b156bb | 2258 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d", |
| rahul_dahiya |
0:fb8047b156bb | 2259 | ssl->next_record_offset ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2260 | memmove( ssl->in_hdr, |
| rahul_dahiya |
0:fb8047b156bb | 2261 | ssl->in_hdr + ssl->next_record_offset, |
| rahul_dahiya |
0:fb8047b156bb | 2262 | ssl->in_left ); |
| rahul_dahiya |
0:fb8047b156bb | 2263 | } |
| rahul_dahiya |
0:fb8047b156bb | 2264 | |
| rahul_dahiya |
0:fb8047b156bb | 2265 | ssl->next_record_offset = 0; |
| rahul_dahiya |
0:fb8047b156bb | 2266 | } |
| rahul_dahiya |
0:fb8047b156bb | 2267 | |
| rahul_dahiya |
0:fb8047b156bb | 2268 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
| rahul_dahiya |
0:fb8047b156bb | 2269 | ssl->in_left, nb_want ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2270 | |
| rahul_dahiya |
0:fb8047b156bb | 2271 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2272 | * Done if we already have enough data. |
| rahul_dahiya |
0:fb8047b156bb | 2273 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2274 | if( nb_want <= ssl->in_left) |
| rahul_dahiya |
0:fb8047b156bb | 2275 | { |
| rahul_dahiya |
0:fb8047b156bb | 2276 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2277 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2278 | } |
| rahul_dahiya |
0:fb8047b156bb | 2279 | |
| rahul_dahiya |
0:fb8047b156bb | 2280 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2281 | * A record can't be split accross datagrams. If we need to read but |
| rahul_dahiya |
0:fb8047b156bb | 2282 | * are not at the beginning of a new record, the caller did something |
| rahul_dahiya |
0:fb8047b156bb | 2283 | * wrong. |
| rahul_dahiya |
0:fb8047b156bb | 2284 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2285 | if( ssl->in_left != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2286 | { |
| rahul_dahiya |
0:fb8047b156bb | 2287 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2288 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2289 | } |
| rahul_dahiya |
0:fb8047b156bb | 2290 | |
| rahul_dahiya |
0:fb8047b156bb | 2291 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2292 | * Don't even try to read if time's out already. |
| rahul_dahiya |
0:fb8047b156bb | 2293 | * This avoids by-passing the timer when repeatedly receiving messages |
| rahul_dahiya |
0:fb8047b156bb | 2294 | * that will end up being dropped. |
| rahul_dahiya |
0:fb8047b156bb | 2295 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2296 | if( ssl_check_timer( ssl ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2297 | ret = MBEDTLS_ERR_SSL_TIMEOUT; |
| rahul_dahiya |
0:fb8047b156bb | 2298 | else |
| rahul_dahiya |
0:fb8047b156bb | 2299 | { |
| rahul_dahiya |
0:fb8047b156bb | 2300 | len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf ); |
| rahul_dahiya |
0:fb8047b156bb | 2301 | |
| rahul_dahiya |
0:fb8047b156bb | 2302 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| rahul_dahiya |
0:fb8047b156bb | 2303 | timeout = ssl->handshake->retransmit_timeout; |
| rahul_dahiya |
0:fb8047b156bb | 2304 | else |
| rahul_dahiya |
0:fb8047b156bb | 2305 | timeout = ssl->conf->read_timeout; |
| rahul_dahiya |
0:fb8047b156bb | 2306 | |
| rahul_dahiya |
0:fb8047b156bb | 2307 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2308 | |
| rahul_dahiya |
0:fb8047b156bb | 2309 | if( ssl->f_recv_timeout != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2310 | ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len, |
| rahul_dahiya |
0:fb8047b156bb | 2311 | timeout ); |
| rahul_dahiya |
0:fb8047b156bb | 2312 | else |
| rahul_dahiya |
0:fb8047b156bb | 2313 | ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len ); |
| rahul_dahiya |
0:fb8047b156bb | 2314 | |
| rahul_dahiya |
0:fb8047b156bb | 2315 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2316 | |
| rahul_dahiya |
0:fb8047b156bb | 2317 | if( ret == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2318 | return( MBEDTLS_ERR_SSL_CONN_EOF ); |
| rahul_dahiya |
0:fb8047b156bb | 2319 | } |
| rahul_dahiya |
0:fb8047b156bb | 2320 | |
| rahul_dahiya |
0:fb8047b156bb | 2321 | if( ret == MBEDTLS_ERR_SSL_TIMEOUT ) |
| rahul_dahiya |
0:fb8047b156bb | 2322 | { |
| rahul_dahiya |
0:fb8047b156bb | 2323 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2324 | ssl_set_timer( ssl, 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2325 | |
| rahul_dahiya |
0:fb8047b156bb | 2326 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| rahul_dahiya |
0:fb8047b156bb | 2327 | { |
| rahul_dahiya |
0:fb8047b156bb | 2328 | if( ssl_double_retransmit_timeout( ssl ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2329 | { |
| rahul_dahiya |
0:fb8047b156bb | 2330 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2331 | return( MBEDTLS_ERR_SSL_TIMEOUT ); |
| rahul_dahiya |
0:fb8047b156bb | 2332 | } |
| rahul_dahiya |
0:fb8047b156bb | 2333 | |
| rahul_dahiya |
0:fb8047b156bb | 2334 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2335 | { |
| rahul_dahiya |
0:fb8047b156bb | 2336 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2337 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2338 | } |
| rahul_dahiya |
0:fb8047b156bb | 2339 | |
| rahul_dahiya |
0:fb8047b156bb | 2340 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
| rahul_dahiya |
0:fb8047b156bb | 2341 | } |
| rahul_dahiya |
0:fb8047b156bb | 2342 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 2343 | else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| rahul_dahiya |
0:fb8047b156bb | 2344 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
| rahul_dahiya |
0:fb8047b156bb | 2345 | { |
| rahul_dahiya |
0:fb8047b156bb | 2346 | if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2347 | { |
| rahul_dahiya |
0:fb8047b156bb | 2348 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2349 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2350 | } |
| rahul_dahiya |
0:fb8047b156bb | 2351 | |
| rahul_dahiya |
0:fb8047b156bb | 2352 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
| rahul_dahiya |
0:fb8047b156bb | 2353 | } |
| rahul_dahiya |
0:fb8047b156bb | 2354 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
| rahul_dahiya |
0:fb8047b156bb | 2355 | } |
| rahul_dahiya |
0:fb8047b156bb | 2356 | |
| rahul_dahiya |
0:fb8047b156bb | 2357 | if( ret < 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2358 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2359 | |
| rahul_dahiya |
0:fb8047b156bb | 2360 | ssl->in_left = ret; |
| rahul_dahiya |
0:fb8047b156bb | 2361 | } |
| rahul_dahiya |
0:fb8047b156bb | 2362 | else |
| rahul_dahiya |
0:fb8047b156bb | 2363 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2364 | { |
| rahul_dahiya |
0:fb8047b156bb | 2365 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
| rahul_dahiya |
0:fb8047b156bb | 2366 | ssl->in_left, nb_want ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2367 | |
| rahul_dahiya |
0:fb8047b156bb | 2368 | while( ssl->in_left < nb_want ) |
| rahul_dahiya |
0:fb8047b156bb | 2369 | { |
| rahul_dahiya |
0:fb8047b156bb | 2370 | len = nb_want - ssl->in_left; |
| rahul_dahiya |
0:fb8047b156bb | 2371 | |
| rahul_dahiya |
0:fb8047b156bb | 2372 | if( ssl_check_timer( ssl ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2373 | ret = MBEDTLS_ERR_SSL_TIMEOUT; |
| rahul_dahiya |
0:fb8047b156bb | 2374 | else |
| rahul_dahiya |
0:fb8047b156bb | 2375 | { |
| rahul_dahiya |
0:fb8047b156bb | 2376 | if( ssl->f_recv_timeout != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2377 | { |
| rahul_dahiya |
0:fb8047b156bb | 2378 | ret = ssl->f_recv_timeout( ssl->p_bio, |
| rahul_dahiya |
0:fb8047b156bb | 2379 | ssl->in_hdr + ssl->in_left, len, |
| rahul_dahiya |
0:fb8047b156bb | 2380 | ssl->conf->read_timeout ); |
| rahul_dahiya |
0:fb8047b156bb | 2381 | } |
| rahul_dahiya |
0:fb8047b156bb | 2382 | else |
| rahul_dahiya |
0:fb8047b156bb | 2383 | { |
| rahul_dahiya |
0:fb8047b156bb | 2384 | ret = ssl->f_recv( ssl->p_bio, |
| rahul_dahiya |
0:fb8047b156bb | 2385 | ssl->in_hdr + ssl->in_left, len ); |
| rahul_dahiya |
0:fb8047b156bb | 2386 | } |
| rahul_dahiya |
0:fb8047b156bb | 2387 | } |
| rahul_dahiya |
0:fb8047b156bb | 2388 | |
| rahul_dahiya |
0:fb8047b156bb | 2389 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
| rahul_dahiya |
0:fb8047b156bb | 2390 | ssl->in_left, nb_want ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2391 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2392 | |
| rahul_dahiya |
0:fb8047b156bb | 2393 | if( ret == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2394 | return( MBEDTLS_ERR_SSL_CONN_EOF ); |
| rahul_dahiya |
0:fb8047b156bb | 2395 | |
| rahul_dahiya |
0:fb8047b156bb | 2396 | if( ret < 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2397 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2398 | |
| rahul_dahiya |
0:fb8047b156bb | 2399 | ssl->in_left += ret; |
| rahul_dahiya |
0:fb8047b156bb | 2400 | } |
| rahul_dahiya |
0:fb8047b156bb | 2401 | } |
| rahul_dahiya |
0:fb8047b156bb | 2402 | |
| rahul_dahiya |
0:fb8047b156bb | 2403 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2404 | |
| rahul_dahiya |
0:fb8047b156bb | 2405 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2406 | } |
| rahul_dahiya |
0:fb8047b156bb | 2407 | |
| rahul_dahiya |
0:fb8047b156bb | 2408 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2409 | * Flush any data not yet written |
| rahul_dahiya |
0:fb8047b156bb | 2410 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2411 | int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2412 | { |
| rahul_dahiya |
0:fb8047b156bb | 2413 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 2414 | unsigned char *buf, i; |
| rahul_dahiya |
0:fb8047b156bb | 2415 | |
| rahul_dahiya |
0:fb8047b156bb | 2416 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2417 | |
| rahul_dahiya |
0:fb8047b156bb | 2418 | if( ssl->f_send == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2419 | { |
| rahul_dahiya |
0:fb8047b156bb | 2420 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " |
| rahul_dahiya |
0:fb8047b156bb | 2421 | "or mbedtls_ssl_set_bio()" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2422 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 2423 | } |
| rahul_dahiya |
0:fb8047b156bb | 2424 | |
| rahul_dahiya |
0:fb8047b156bb | 2425 | /* Avoid incrementing counter if data is flushed */ |
| rahul_dahiya |
0:fb8047b156bb | 2426 | if( ssl->out_left == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2427 | { |
| rahul_dahiya |
0:fb8047b156bb | 2428 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2429 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2430 | } |
| rahul_dahiya |
0:fb8047b156bb | 2431 | |
| rahul_dahiya |
0:fb8047b156bb | 2432 | while( ssl->out_left > 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2433 | { |
| rahul_dahiya |
0:fb8047b156bb | 2434 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d", |
| rahul_dahiya |
0:fb8047b156bb | 2435 | mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2436 | |
| rahul_dahiya |
0:fb8047b156bb | 2437 | buf = ssl->out_hdr + mbedtls_ssl_hdr_len( ssl ) + |
| rahul_dahiya |
0:fb8047b156bb | 2438 | ssl->out_msglen - ssl->out_left; |
| rahul_dahiya |
0:fb8047b156bb | 2439 | ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left ); |
| rahul_dahiya |
0:fb8047b156bb | 2440 | |
| rahul_dahiya |
0:fb8047b156bb | 2441 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2442 | |
| rahul_dahiya |
0:fb8047b156bb | 2443 | if( ret <= 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2444 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2445 | |
| rahul_dahiya |
0:fb8047b156bb | 2446 | ssl->out_left -= ret; |
| rahul_dahiya |
0:fb8047b156bb | 2447 | } |
| rahul_dahiya |
0:fb8047b156bb | 2448 | |
| rahul_dahiya |
0:fb8047b156bb | 2449 | for( i = 8; i > ssl_ep_len( ssl ); i-- ) |
| rahul_dahiya |
0:fb8047b156bb | 2450 | if( ++ssl->out_ctr[i - 1] != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2451 | break; |
| rahul_dahiya |
0:fb8047b156bb | 2452 | |
| rahul_dahiya |
0:fb8047b156bb | 2453 | /* The loop goes to its end iff the counter is wrapping */ |
| rahul_dahiya |
0:fb8047b156bb | 2454 | if( i == ssl_ep_len( ssl ) ) |
| rahul_dahiya |
0:fb8047b156bb | 2455 | { |
| rahul_dahiya |
0:fb8047b156bb | 2456 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2457 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
| rahul_dahiya |
0:fb8047b156bb | 2458 | } |
| rahul_dahiya |
0:fb8047b156bb | 2459 | |
| rahul_dahiya |
0:fb8047b156bb | 2460 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2461 | |
| rahul_dahiya |
0:fb8047b156bb | 2462 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2463 | } |
| rahul_dahiya |
0:fb8047b156bb | 2464 | |
| rahul_dahiya |
0:fb8047b156bb | 2465 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2466 | * Functions to handle the DTLS retransmission state machine |
| rahul_dahiya |
0:fb8047b156bb | 2467 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2468 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 2469 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2470 | * Append current handshake message to current outgoing flight |
| rahul_dahiya |
0:fb8047b156bb | 2471 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2472 | static int ssl_flight_append( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2473 | { |
| rahul_dahiya |
0:fb8047b156bb | 2474 | mbedtls_ssl_flight_item *msg; |
| rahul_dahiya |
0:fb8047b156bb | 2475 | |
| rahul_dahiya |
0:fb8047b156bb | 2476 | /* Allocate space for current message */ |
| rahul_dahiya |
0:fb8047b156bb | 2477 | if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2478 | { |
| rahul_dahiya |
0:fb8047b156bb | 2479 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", |
| rahul_dahiya |
0:fb8047b156bb | 2480 | sizeof( mbedtls_ssl_flight_item ) ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2481 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 2482 | } |
| rahul_dahiya |
0:fb8047b156bb | 2483 | |
| rahul_dahiya |
0:fb8047b156bb | 2484 | if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2485 | { |
| rahul_dahiya |
0:fb8047b156bb | 2486 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2487 | mbedtls_free( msg ); |
| rahul_dahiya |
0:fb8047b156bb | 2488 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 2489 | } |
| rahul_dahiya |
0:fb8047b156bb | 2490 | |
| rahul_dahiya |
0:fb8047b156bb | 2491 | /* Copy current handshake message with headers */ |
| rahul_dahiya |
0:fb8047b156bb | 2492 | memcpy( msg->p, ssl->out_msg, ssl->out_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 2493 | msg->len = ssl->out_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 2494 | msg->type = ssl->out_msgtype; |
| rahul_dahiya |
0:fb8047b156bb | 2495 | msg->next = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 2496 | |
| rahul_dahiya |
0:fb8047b156bb | 2497 | /* Append to the current flight */ |
| rahul_dahiya |
0:fb8047b156bb | 2498 | if( ssl->handshake->flight == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2499 | ssl->handshake->flight = msg; |
| rahul_dahiya |
0:fb8047b156bb | 2500 | else |
| rahul_dahiya |
0:fb8047b156bb | 2501 | { |
| rahul_dahiya |
0:fb8047b156bb | 2502 | mbedtls_ssl_flight_item *cur = ssl->handshake->flight; |
| rahul_dahiya |
0:fb8047b156bb | 2503 | while( cur->next != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2504 | cur = cur->next; |
| rahul_dahiya |
0:fb8047b156bb | 2505 | cur->next = msg; |
| rahul_dahiya |
0:fb8047b156bb | 2506 | } |
| rahul_dahiya |
0:fb8047b156bb | 2507 | |
| rahul_dahiya |
0:fb8047b156bb | 2508 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2509 | } |
| rahul_dahiya |
0:fb8047b156bb | 2510 | |
| rahul_dahiya |
0:fb8047b156bb | 2511 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2512 | * Free the current flight of handshake messages |
| rahul_dahiya |
0:fb8047b156bb | 2513 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2514 | static void ssl_flight_free( mbedtls_ssl_flight_item *flight ) |
| rahul_dahiya |
0:fb8047b156bb | 2515 | { |
| rahul_dahiya |
0:fb8047b156bb | 2516 | mbedtls_ssl_flight_item *cur = flight; |
| rahul_dahiya |
0:fb8047b156bb | 2517 | mbedtls_ssl_flight_item *next; |
| rahul_dahiya |
0:fb8047b156bb | 2518 | |
| rahul_dahiya |
0:fb8047b156bb | 2519 | while( cur != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2520 | { |
| rahul_dahiya |
0:fb8047b156bb | 2521 | next = cur->next; |
| rahul_dahiya |
0:fb8047b156bb | 2522 | |
| rahul_dahiya |
0:fb8047b156bb | 2523 | mbedtls_free( cur->p ); |
| rahul_dahiya |
0:fb8047b156bb | 2524 | mbedtls_free( cur ); |
| rahul_dahiya |
0:fb8047b156bb | 2525 | |
| rahul_dahiya |
0:fb8047b156bb | 2526 | cur = next; |
| rahul_dahiya |
0:fb8047b156bb | 2527 | } |
| rahul_dahiya |
0:fb8047b156bb | 2528 | } |
| rahul_dahiya |
0:fb8047b156bb | 2529 | |
| rahul_dahiya |
0:fb8047b156bb | 2530 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| rahul_dahiya |
0:fb8047b156bb | 2531 | static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 2532 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2533 | |
| rahul_dahiya |
0:fb8047b156bb | 2534 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2535 | * Swap transform_out and out_ctr with the alternative ones |
| rahul_dahiya |
0:fb8047b156bb | 2536 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2537 | static void ssl_swap_epochs( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2538 | { |
| rahul_dahiya |
0:fb8047b156bb | 2539 | mbedtls_ssl_transform *tmp_transform; |
| rahul_dahiya |
0:fb8047b156bb | 2540 | unsigned char tmp_out_ctr[8]; |
| rahul_dahiya |
0:fb8047b156bb | 2541 | |
| rahul_dahiya |
0:fb8047b156bb | 2542 | if( ssl->transform_out == ssl->handshake->alt_transform_out ) |
| rahul_dahiya |
0:fb8047b156bb | 2543 | { |
| rahul_dahiya |
0:fb8047b156bb | 2544 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2545 | return; |
| rahul_dahiya |
0:fb8047b156bb | 2546 | } |
| rahul_dahiya |
0:fb8047b156bb | 2547 | |
| rahul_dahiya |
0:fb8047b156bb | 2548 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2549 | |
| rahul_dahiya |
0:fb8047b156bb | 2550 | /* Swap transforms */ |
| rahul_dahiya |
0:fb8047b156bb | 2551 | tmp_transform = ssl->transform_out; |
| rahul_dahiya |
0:fb8047b156bb | 2552 | ssl->transform_out = ssl->handshake->alt_transform_out; |
| rahul_dahiya |
0:fb8047b156bb | 2553 | ssl->handshake->alt_transform_out = tmp_transform; |
| rahul_dahiya |
0:fb8047b156bb | 2554 | |
| rahul_dahiya |
0:fb8047b156bb | 2555 | /* Swap epoch + sequence_number */ |
| rahul_dahiya |
0:fb8047b156bb | 2556 | memcpy( tmp_out_ctr, ssl->out_ctr, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 2557 | memcpy( ssl->out_ctr, ssl->handshake->alt_out_ctr, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 2558 | memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 2559 | |
| rahul_dahiya |
0:fb8047b156bb | 2560 | /* Adjust to the newly activated transform */ |
| rahul_dahiya |
0:fb8047b156bb | 2561 | if( ssl->transform_out != NULL && |
| rahul_dahiya |
0:fb8047b156bb | 2562 | ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
| rahul_dahiya |
0:fb8047b156bb | 2563 | { |
| rahul_dahiya |
0:fb8047b156bb | 2564 | ssl->out_msg = ssl->out_iv + ssl->transform_out->ivlen - |
| rahul_dahiya |
0:fb8047b156bb | 2565 | ssl->transform_out->fixed_ivlen; |
| rahul_dahiya |
0:fb8047b156bb | 2566 | } |
| rahul_dahiya |
0:fb8047b156bb | 2567 | else |
| rahul_dahiya |
0:fb8047b156bb | 2568 | ssl->out_msg = ssl->out_iv; |
| rahul_dahiya |
0:fb8047b156bb | 2569 | |
| rahul_dahiya |
0:fb8047b156bb | 2570 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| rahul_dahiya |
0:fb8047b156bb | 2571 | if( mbedtls_ssl_hw_record_activate != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2572 | { |
| rahul_dahiya |
0:fb8047b156bb | 2573 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2574 | { |
| rahul_dahiya |
0:fb8047b156bb | 2575 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2576 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 2577 | } |
| rahul_dahiya |
0:fb8047b156bb | 2578 | } |
| rahul_dahiya |
0:fb8047b156bb | 2579 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2580 | } |
| rahul_dahiya |
0:fb8047b156bb | 2581 | |
| rahul_dahiya |
0:fb8047b156bb | 2582 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2583 | * Retransmit the current flight of messages. |
| rahul_dahiya |
0:fb8047b156bb | 2584 | * |
| rahul_dahiya |
0:fb8047b156bb | 2585 | * Need to remember the current message in case flush_output returns |
| rahul_dahiya |
0:fb8047b156bb | 2586 | * WANT_WRITE, causing us to exit this function and come back later. |
| rahul_dahiya |
0:fb8047b156bb | 2587 | * This function must be called until state is no longer SENDING. |
| rahul_dahiya |
0:fb8047b156bb | 2588 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2589 | int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2590 | { |
| rahul_dahiya |
0:fb8047b156bb | 2591 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2592 | |
| rahul_dahiya |
0:fb8047b156bb | 2593 | if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) |
| rahul_dahiya |
0:fb8047b156bb | 2594 | { |
| rahul_dahiya |
0:fb8047b156bb | 2595 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise resending" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2596 | |
| rahul_dahiya |
0:fb8047b156bb | 2597 | ssl->handshake->cur_msg = ssl->handshake->flight; |
| rahul_dahiya |
0:fb8047b156bb | 2598 | ssl_swap_epochs( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 2599 | |
| rahul_dahiya |
0:fb8047b156bb | 2600 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; |
| rahul_dahiya |
0:fb8047b156bb | 2601 | } |
| rahul_dahiya |
0:fb8047b156bb | 2602 | |
| rahul_dahiya |
0:fb8047b156bb | 2603 | while( ssl->handshake->cur_msg != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2604 | { |
| rahul_dahiya |
0:fb8047b156bb | 2605 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 2606 | mbedtls_ssl_flight_item *cur = ssl->handshake->cur_msg; |
| rahul_dahiya |
0:fb8047b156bb | 2607 | |
| rahul_dahiya |
0:fb8047b156bb | 2608 | /* Swap epochs before sending Finished: we can't do it after |
| rahul_dahiya |
0:fb8047b156bb | 2609 | * sending ChangeCipherSpec, in case write returns WANT_READ. |
| rahul_dahiya |
0:fb8047b156bb | 2610 | * Must be done before copying, may change out_msg pointer */ |
| rahul_dahiya |
0:fb8047b156bb | 2611 | if( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE && |
| rahul_dahiya |
0:fb8047b156bb | 2612 | cur->p[0] == MBEDTLS_SSL_HS_FINISHED ) |
| rahul_dahiya |
0:fb8047b156bb | 2613 | { |
| rahul_dahiya |
0:fb8047b156bb | 2614 | ssl_swap_epochs( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 2615 | } |
| rahul_dahiya |
0:fb8047b156bb | 2616 | |
| rahul_dahiya |
0:fb8047b156bb | 2617 | memcpy( ssl->out_msg, cur->p, cur->len ); |
| rahul_dahiya |
0:fb8047b156bb | 2618 | ssl->out_msglen = cur->len; |
| rahul_dahiya |
0:fb8047b156bb | 2619 | ssl->out_msgtype = cur->type; |
| rahul_dahiya |
0:fb8047b156bb | 2620 | |
| rahul_dahiya |
0:fb8047b156bb | 2621 | ssl->handshake->cur_msg = cur->next; |
| rahul_dahiya |
0:fb8047b156bb | 2622 | |
| rahul_dahiya |
0:fb8047b156bb | 2623 | MBEDTLS_SSL_DEBUG_BUF( 3, "resent handshake message header", ssl->out_msg, 12 ); |
| rahul_dahiya |
0:fb8047b156bb | 2624 | |
| rahul_dahiya |
0:fb8047b156bb | 2625 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2626 | { |
| rahul_dahiya |
0:fb8047b156bb | 2627 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2628 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2629 | } |
| rahul_dahiya |
0:fb8047b156bb | 2630 | } |
| rahul_dahiya |
0:fb8047b156bb | 2631 | |
| rahul_dahiya |
0:fb8047b156bb | 2632 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
| rahul_dahiya |
0:fb8047b156bb | 2633 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
| rahul_dahiya |
0:fb8047b156bb | 2634 | else |
| rahul_dahiya |
0:fb8047b156bb | 2635 | { |
| rahul_dahiya |
0:fb8047b156bb | 2636 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
| rahul_dahiya |
0:fb8047b156bb | 2637 | ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); |
| rahul_dahiya |
0:fb8047b156bb | 2638 | } |
| rahul_dahiya |
0:fb8047b156bb | 2639 | |
| rahul_dahiya |
0:fb8047b156bb | 2640 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2641 | |
| rahul_dahiya |
0:fb8047b156bb | 2642 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2643 | } |
| rahul_dahiya |
0:fb8047b156bb | 2644 | |
| rahul_dahiya |
0:fb8047b156bb | 2645 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2646 | * To be called when the last message of an incoming flight is received. |
| rahul_dahiya |
0:fb8047b156bb | 2647 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2648 | void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2649 | { |
| rahul_dahiya |
0:fb8047b156bb | 2650 | /* We won't need to resend that one any more */ |
| rahul_dahiya |
0:fb8047b156bb | 2651 | ssl_flight_free( ssl->handshake->flight ); |
| rahul_dahiya |
0:fb8047b156bb | 2652 | ssl->handshake->flight = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 2653 | ssl->handshake->cur_msg = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 2654 | |
| rahul_dahiya |
0:fb8047b156bb | 2655 | /* The next incoming flight will start with this msg_seq */ |
| rahul_dahiya |
0:fb8047b156bb | 2656 | ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq; |
| rahul_dahiya |
0:fb8047b156bb | 2657 | |
| rahul_dahiya |
0:fb8047b156bb | 2658 | /* Cancel timer */ |
| rahul_dahiya |
0:fb8047b156bb | 2659 | ssl_set_timer( ssl, 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2660 | |
| rahul_dahiya |
0:fb8047b156bb | 2661 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
| rahul_dahiya |
0:fb8047b156bb | 2662 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
| rahul_dahiya |
0:fb8047b156bb | 2663 | { |
| rahul_dahiya |
0:fb8047b156bb | 2664 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
| rahul_dahiya |
0:fb8047b156bb | 2665 | } |
| rahul_dahiya |
0:fb8047b156bb | 2666 | else |
| rahul_dahiya |
0:fb8047b156bb | 2667 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; |
| rahul_dahiya |
0:fb8047b156bb | 2668 | } |
| rahul_dahiya |
0:fb8047b156bb | 2669 | |
| rahul_dahiya |
0:fb8047b156bb | 2670 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2671 | * To be called when the last message of an outgoing flight is send. |
| rahul_dahiya |
0:fb8047b156bb | 2672 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2673 | void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2674 | { |
| rahul_dahiya |
0:fb8047b156bb | 2675 | ssl_reset_retransmit_timeout( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 2676 | ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); |
| rahul_dahiya |
0:fb8047b156bb | 2677 | |
| rahul_dahiya |
0:fb8047b156bb | 2678 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
| rahul_dahiya |
0:fb8047b156bb | 2679 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
| rahul_dahiya |
0:fb8047b156bb | 2680 | { |
| rahul_dahiya |
0:fb8047b156bb | 2681 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; |
| rahul_dahiya |
0:fb8047b156bb | 2682 | } |
| rahul_dahiya |
0:fb8047b156bb | 2683 | else |
| rahul_dahiya |
0:fb8047b156bb | 2684 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
| rahul_dahiya |
0:fb8047b156bb | 2685 | } |
| rahul_dahiya |
0:fb8047b156bb | 2686 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| rahul_dahiya |
0:fb8047b156bb | 2687 | |
| rahul_dahiya |
0:fb8047b156bb | 2688 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2689 | * Record layer functions |
| rahul_dahiya |
0:fb8047b156bb | 2690 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2691 | |
| rahul_dahiya |
0:fb8047b156bb | 2692 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2693 | * Write current record. |
| rahul_dahiya |
0:fb8047b156bb | 2694 | * Uses ssl->out_msgtype, ssl->out_msglen and bytes at ssl->out_msg. |
| rahul_dahiya |
0:fb8047b156bb | 2695 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2696 | int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2697 | { |
| rahul_dahiya |
0:fb8047b156bb | 2698 | int ret, done = 0, out_msg_type; |
| rahul_dahiya |
0:fb8047b156bb | 2699 | size_t len = ssl->out_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 2700 | |
| rahul_dahiya |
0:fb8047b156bb | 2701 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2702 | |
| rahul_dahiya |
0:fb8047b156bb | 2703 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 2704 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| rahul_dahiya |
0:fb8047b156bb | 2705 | ssl->handshake != NULL && |
| rahul_dahiya |
0:fb8047b156bb | 2706 | ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) |
| rahul_dahiya |
0:fb8047b156bb | 2707 | { |
| rahul_dahiya |
0:fb8047b156bb | 2708 | ; /* Skip special handshake treatment when resending */ |
| rahul_dahiya |
0:fb8047b156bb | 2709 | } |
| rahul_dahiya |
0:fb8047b156bb | 2710 | else |
| rahul_dahiya |
0:fb8047b156bb | 2711 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2712 | if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 2713 | { |
| rahul_dahiya |
0:fb8047b156bb | 2714 | out_msg_type = ssl->out_msg[0]; |
| rahul_dahiya |
0:fb8047b156bb | 2715 | |
| rahul_dahiya |
0:fb8047b156bb | 2716 | if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST && |
| rahul_dahiya |
0:fb8047b156bb | 2717 | ssl->handshake == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2718 | { |
| rahul_dahiya |
0:fb8047b156bb | 2719 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2720 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2721 | } |
| rahul_dahiya |
0:fb8047b156bb | 2722 | |
| rahul_dahiya |
0:fb8047b156bb | 2723 | ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 2724 | ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 2725 | ssl->out_msg[3] = (unsigned char)( ( len - 4 ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2726 | |
| rahul_dahiya |
0:fb8047b156bb | 2727 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2728 | * DTLS has additional fields in the Handshake layer, |
| rahul_dahiya |
0:fb8047b156bb | 2729 | * between the length field and the actual payload: |
| rahul_dahiya |
0:fb8047b156bb | 2730 | * uint16 message_seq; |
| rahul_dahiya |
0:fb8047b156bb | 2731 | * uint24 fragment_offset; |
| rahul_dahiya |
0:fb8047b156bb | 2732 | * uint24 fragment_length; |
| rahul_dahiya |
0:fb8047b156bb | 2733 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2734 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 2735 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 2736 | { |
| rahul_dahiya |
0:fb8047b156bb | 2737 | /* Make room for the additional DTLS fields */ |
| rahul_dahiya |
0:fb8047b156bb | 2738 | memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 ); |
| rahul_dahiya |
0:fb8047b156bb | 2739 | ssl->out_msglen += 8; |
| rahul_dahiya |
0:fb8047b156bb | 2740 | len += 8; |
| rahul_dahiya |
0:fb8047b156bb | 2741 | |
| rahul_dahiya |
0:fb8047b156bb | 2742 | /* Write message_seq and update it, except for HelloRequest */ |
| rahul_dahiya |
0:fb8047b156bb | 2743 | if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) |
| rahul_dahiya |
0:fb8047b156bb | 2744 | { |
| rahul_dahiya |
0:fb8047b156bb | 2745 | ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; |
| rahul_dahiya |
0:fb8047b156bb | 2746 | ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; |
| rahul_dahiya |
0:fb8047b156bb | 2747 | ++( ssl->handshake->out_msg_seq ); |
| rahul_dahiya |
0:fb8047b156bb | 2748 | } |
| rahul_dahiya |
0:fb8047b156bb | 2749 | else |
| rahul_dahiya |
0:fb8047b156bb | 2750 | { |
| rahul_dahiya |
0:fb8047b156bb | 2751 | ssl->out_msg[4] = 0; |
| rahul_dahiya |
0:fb8047b156bb | 2752 | ssl->out_msg[5] = 0; |
| rahul_dahiya |
0:fb8047b156bb | 2753 | } |
| rahul_dahiya |
0:fb8047b156bb | 2754 | |
| rahul_dahiya |
0:fb8047b156bb | 2755 | /* We don't fragment, so frag_offset = 0 and frag_len = len */ |
| rahul_dahiya |
0:fb8047b156bb | 2756 | memset( ssl->out_msg + 6, 0x00, 3 ); |
| rahul_dahiya |
0:fb8047b156bb | 2757 | memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 ); |
| rahul_dahiya |
0:fb8047b156bb | 2758 | } |
| rahul_dahiya |
0:fb8047b156bb | 2759 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| rahul_dahiya |
0:fb8047b156bb | 2760 | |
| rahul_dahiya |
0:fb8047b156bb | 2761 | if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) |
| rahul_dahiya |
0:fb8047b156bb | 2762 | ssl->handshake->update_checksum( ssl, ssl->out_msg, len ); |
| rahul_dahiya |
0:fb8047b156bb | 2763 | } |
| rahul_dahiya |
0:fb8047b156bb | 2764 | |
| rahul_dahiya |
0:fb8047b156bb | 2765 | /* Save handshake and CCS messages for resending */ |
| rahul_dahiya |
0:fb8047b156bb | 2766 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 2767 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| rahul_dahiya |
0:fb8047b156bb | 2768 | ssl->handshake != NULL && |
| rahul_dahiya |
0:fb8047b156bb | 2769 | ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING && |
| rahul_dahiya |
0:fb8047b156bb | 2770 | ( ssl->out_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC || |
| rahul_dahiya |
0:fb8047b156bb | 2771 | ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) ) |
| rahul_dahiya |
0:fb8047b156bb | 2772 | { |
| rahul_dahiya |
0:fb8047b156bb | 2773 | if( ( ret = ssl_flight_append( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2774 | { |
| rahul_dahiya |
0:fb8047b156bb | 2775 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2776 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2777 | } |
| rahul_dahiya |
0:fb8047b156bb | 2778 | } |
| rahul_dahiya |
0:fb8047b156bb | 2779 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2780 | |
| rahul_dahiya |
0:fb8047b156bb | 2781 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| rahul_dahiya |
0:fb8047b156bb | 2782 | if( ssl->transform_out != NULL && |
| rahul_dahiya |
0:fb8047b156bb | 2783 | ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
| rahul_dahiya |
0:fb8047b156bb | 2784 | { |
| rahul_dahiya |
0:fb8047b156bb | 2785 | if( ( ret = ssl_compress_buf( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2786 | { |
| rahul_dahiya |
0:fb8047b156bb | 2787 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compress_buf", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2788 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2789 | } |
| rahul_dahiya |
0:fb8047b156bb | 2790 | |
| rahul_dahiya |
0:fb8047b156bb | 2791 | len = ssl->out_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 2792 | } |
| rahul_dahiya |
0:fb8047b156bb | 2793 | #endif /*MBEDTLS_ZLIB_SUPPORT */ |
| rahul_dahiya |
0:fb8047b156bb | 2794 | |
| rahul_dahiya |
0:fb8047b156bb | 2795 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| rahul_dahiya |
0:fb8047b156bb | 2796 | if( mbedtls_ssl_hw_record_write != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2797 | { |
| rahul_dahiya |
0:fb8047b156bb | 2798 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_write()" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2799 | |
| rahul_dahiya |
0:fb8047b156bb | 2800 | ret = mbedtls_ssl_hw_record_write( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 2801 | if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) |
| rahul_dahiya |
0:fb8047b156bb | 2802 | { |
| rahul_dahiya |
0:fb8047b156bb | 2803 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_write", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2804 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 2805 | } |
| rahul_dahiya |
0:fb8047b156bb | 2806 | |
| rahul_dahiya |
0:fb8047b156bb | 2807 | if( ret == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2808 | done = 1; |
| rahul_dahiya |
0:fb8047b156bb | 2809 | } |
| rahul_dahiya |
0:fb8047b156bb | 2810 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
| rahul_dahiya |
0:fb8047b156bb | 2811 | if( !done ) |
| rahul_dahiya |
0:fb8047b156bb | 2812 | { |
| rahul_dahiya |
0:fb8047b156bb | 2813 | ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; |
| rahul_dahiya |
0:fb8047b156bb | 2814 | mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, |
| rahul_dahiya |
0:fb8047b156bb | 2815 | ssl->conf->transport, ssl->out_hdr + 1 ); |
| rahul_dahiya |
0:fb8047b156bb | 2816 | |
| rahul_dahiya |
0:fb8047b156bb | 2817 | ssl->out_len[0] = (unsigned char)( len >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 2818 | ssl->out_len[1] = (unsigned char)( len ); |
| rahul_dahiya |
0:fb8047b156bb | 2819 | |
| rahul_dahiya |
0:fb8047b156bb | 2820 | if( ssl->transform_out != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2821 | { |
| rahul_dahiya |
0:fb8047b156bb | 2822 | if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2823 | { |
| rahul_dahiya |
0:fb8047b156bb | 2824 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2825 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2826 | } |
| rahul_dahiya |
0:fb8047b156bb | 2827 | |
| rahul_dahiya |
0:fb8047b156bb | 2828 | len = ssl->out_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 2829 | ssl->out_len[0] = (unsigned char)( len >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 2830 | ssl->out_len[1] = (unsigned char)( len ); |
| rahul_dahiya |
0:fb8047b156bb | 2831 | } |
| rahul_dahiya |
0:fb8047b156bb | 2832 | |
| rahul_dahiya |
0:fb8047b156bb | 2833 | ssl->out_left = mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 2834 | |
| rahul_dahiya |
0:fb8047b156bb | 2835 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, " |
| rahul_dahiya |
0:fb8047b156bb | 2836 | "version = [%d:%d], msglen = %d", |
| rahul_dahiya |
0:fb8047b156bb | 2837 | ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], |
| rahul_dahiya |
0:fb8047b156bb | 2838 | ( ssl->out_len[0] << 8 ) | ssl->out_len[1] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2839 | |
| rahul_dahiya |
0:fb8047b156bb | 2840 | MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network", |
| rahul_dahiya |
0:fb8047b156bb | 2841 | ssl->out_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 2842 | } |
| rahul_dahiya |
0:fb8047b156bb | 2843 | |
| rahul_dahiya |
0:fb8047b156bb | 2844 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2845 | { |
| rahul_dahiya |
0:fb8047b156bb | 2846 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2847 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2848 | } |
| rahul_dahiya |
0:fb8047b156bb | 2849 | |
| rahul_dahiya |
0:fb8047b156bb | 2850 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2851 | |
| rahul_dahiya |
0:fb8047b156bb | 2852 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2853 | } |
| rahul_dahiya |
0:fb8047b156bb | 2854 | |
| rahul_dahiya |
0:fb8047b156bb | 2855 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 2856 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2857 | * Mark bits in bitmask (used for DTLS HS reassembly) |
| rahul_dahiya |
0:fb8047b156bb | 2858 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2859 | static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 2860 | { |
| rahul_dahiya |
0:fb8047b156bb | 2861 | unsigned int start_bits, end_bits; |
| rahul_dahiya |
0:fb8047b156bb | 2862 | |
| rahul_dahiya |
0:fb8047b156bb | 2863 | start_bits = 8 - ( offset % 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 2864 | if( start_bits != 8 ) |
| rahul_dahiya |
0:fb8047b156bb | 2865 | { |
| rahul_dahiya |
0:fb8047b156bb | 2866 | size_t first_byte_idx = offset / 8; |
| rahul_dahiya |
0:fb8047b156bb | 2867 | |
| rahul_dahiya |
0:fb8047b156bb | 2868 | /* Special case */ |
| rahul_dahiya |
0:fb8047b156bb | 2869 | if( len <= start_bits ) |
| rahul_dahiya |
0:fb8047b156bb | 2870 | { |
| rahul_dahiya |
0:fb8047b156bb | 2871 | for( ; len != 0; len-- ) |
| rahul_dahiya |
0:fb8047b156bb | 2872 | mask[first_byte_idx] |= 1 << ( start_bits - len ); |
| rahul_dahiya |
0:fb8047b156bb | 2873 | |
| rahul_dahiya |
0:fb8047b156bb | 2874 | /* Avoid potential issues with offset or len becoming invalid */ |
| rahul_dahiya |
0:fb8047b156bb | 2875 | return; |
| rahul_dahiya |
0:fb8047b156bb | 2876 | } |
| rahul_dahiya |
0:fb8047b156bb | 2877 | |
| rahul_dahiya |
0:fb8047b156bb | 2878 | offset += start_bits; /* Now offset % 8 == 0 */ |
| rahul_dahiya |
0:fb8047b156bb | 2879 | len -= start_bits; |
| rahul_dahiya |
0:fb8047b156bb | 2880 | |
| rahul_dahiya |
0:fb8047b156bb | 2881 | for( ; start_bits != 0; start_bits-- ) |
| rahul_dahiya |
0:fb8047b156bb | 2882 | mask[first_byte_idx] |= 1 << ( start_bits - 1 ); |
| rahul_dahiya |
0:fb8047b156bb | 2883 | } |
| rahul_dahiya |
0:fb8047b156bb | 2884 | |
| rahul_dahiya |
0:fb8047b156bb | 2885 | end_bits = len % 8; |
| rahul_dahiya |
0:fb8047b156bb | 2886 | if( end_bits != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2887 | { |
| rahul_dahiya |
0:fb8047b156bb | 2888 | size_t last_byte_idx = ( offset + len ) / 8; |
| rahul_dahiya |
0:fb8047b156bb | 2889 | |
| rahul_dahiya |
0:fb8047b156bb | 2890 | len -= end_bits; /* Now len % 8 == 0 */ |
| rahul_dahiya |
0:fb8047b156bb | 2891 | |
| rahul_dahiya |
0:fb8047b156bb | 2892 | for( ; end_bits != 0; end_bits-- ) |
| rahul_dahiya |
0:fb8047b156bb | 2893 | mask[last_byte_idx] |= 1 << ( 8 - end_bits ); |
| rahul_dahiya |
0:fb8047b156bb | 2894 | } |
| rahul_dahiya |
0:fb8047b156bb | 2895 | |
| rahul_dahiya |
0:fb8047b156bb | 2896 | memset( mask + offset / 8, 0xFF, len / 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 2897 | } |
| rahul_dahiya |
0:fb8047b156bb | 2898 | |
| rahul_dahiya |
0:fb8047b156bb | 2899 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2900 | * Check that bitmask is full |
| rahul_dahiya |
0:fb8047b156bb | 2901 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2902 | static int ssl_bitmask_check( unsigned char *mask, size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 2903 | { |
| rahul_dahiya |
0:fb8047b156bb | 2904 | size_t i; |
| rahul_dahiya |
0:fb8047b156bb | 2905 | |
| rahul_dahiya |
0:fb8047b156bb | 2906 | for( i = 0; i < len / 8; i++ ) |
| rahul_dahiya |
0:fb8047b156bb | 2907 | if( mask[i] != 0xFF ) |
| rahul_dahiya |
0:fb8047b156bb | 2908 | return( -1 ); |
| rahul_dahiya |
0:fb8047b156bb | 2909 | |
| rahul_dahiya |
0:fb8047b156bb | 2910 | for( i = 0; i < len % 8; i++ ) |
| rahul_dahiya |
0:fb8047b156bb | 2911 | if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2912 | return( -1 ); |
| rahul_dahiya |
0:fb8047b156bb | 2913 | |
| rahul_dahiya |
0:fb8047b156bb | 2914 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2915 | } |
| rahul_dahiya |
0:fb8047b156bb | 2916 | |
| rahul_dahiya |
0:fb8047b156bb | 2917 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2918 | * Reassemble fragmented DTLS handshake messages. |
| rahul_dahiya |
0:fb8047b156bb | 2919 | * |
| rahul_dahiya |
0:fb8047b156bb | 2920 | * Use a temporary buffer for reassembly, divided in two parts: |
| rahul_dahiya |
0:fb8047b156bb | 2921 | * - the first holds the reassembled message (including handshake header), |
| rahul_dahiya |
0:fb8047b156bb | 2922 | * - the second holds a bitmask indicating which parts of the message |
| rahul_dahiya |
0:fb8047b156bb | 2923 | * (excluding headers) have been received so far. |
| rahul_dahiya |
0:fb8047b156bb | 2924 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2925 | static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2926 | { |
| rahul_dahiya |
0:fb8047b156bb | 2927 | unsigned char *msg, *bitmask; |
| rahul_dahiya |
0:fb8047b156bb | 2928 | size_t frag_len, frag_off; |
| rahul_dahiya |
0:fb8047b156bb | 2929 | size_t msg_len = ssl->in_hslen - 12; /* Without headers */ |
| rahul_dahiya |
0:fb8047b156bb | 2930 | |
| rahul_dahiya |
0:fb8047b156bb | 2931 | if( ssl->handshake == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2932 | { |
| rahul_dahiya |
0:fb8047b156bb | 2933 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "not supported outside handshake (for now)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2934 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
| rahul_dahiya |
0:fb8047b156bb | 2935 | } |
| rahul_dahiya |
0:fb8047b156bb | 2936 | |
| rahul_dahiya |
0:fb8047b156bb | 2937 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2938 | * For first fragment, check size and allocate buffer |
| rahul_dahiya |
0:fb8047b156bb | 2939 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2940 | if( ssl->handshake->hs_msg == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2941 | { |
| rahul_dahiya |
0:fb8047b156bb | 2942 | size_t alloc_len; |
| rahul_dahiya |
0:fb8047b156bb | 2943 | |
| rahul_dahiya |
0:fb8047b156bb | 2944 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d", |
| rahul_dahiya |
0:fb8047b156bb | 2945 | msg_len ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2946 | |
| rahul_dahiya |
0:fb8047b156bb | 2947 | if( ssl->in_hslen > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
| rahul_dahiya |
0:fb8047b156bb | 2948 | { |
| rahul_dahiya |
0:fb8047b156bb | 2949 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too large" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2950 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
| rahul_dahiya |
0:fb8047b156bb | 2951 | } |
| rahul_dahiya |
0:fb8047b156bb | 2952 | |
| rahul_dahiya |
0:fb8047b156bb | 2953 | /* The bitmask needs one bit per byte of message excluding header */ |
| rahul_dahiya |
0:fb8047b156bb | 2954 | alloc_len = 12 + msg_len + msg_len / 8 + ( msg_len % 8 != 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2955 | |
| rahul_dahiya |
0:fb8047b156bb | 2956 | ssl->handshake->hs_msg = mbedtls_calloc( 1, alloc_len ); |
| rahul_dahiya |
0:fb8047b156bb | 2957 | if( ssl->handshake->hs_msg == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2958 | { |
| rahul_dahiya |
0:fb8047b156bb | 2959 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", alloc_len ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2960 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 2961 | } |
| rahul_dahiya |
0:fb8047b156bb | 2962 | |
| rahul_dahiya |
0:fb8047b156bb | 2963 | /* Prepare final header: copy msg_type, length and message_seq, |
| rahul_dahiya |
0:fb8047b156bb | 2964 | * then add standardised fragment_offset and fragment_length */ |
| rahul_dahiya |
0:fb8047b156bb | 2965 | memcpy( ssl->handshake->hs_msg, ssl->in_msg, 6 ); |
| rahul_dahiya |
0:fb8047b156bb | 2966 | memset( ssl->handshake->hs_msg + 6, 0, 3 ); |
| rahul_dahiya |
0:fb8047b156bb | 2967 | memcpy( ssl->handshake->hs_msg + 9, |
| rahul_dahiya |
0:fb8047b156bb | 2968 | ssl->handshake->hs_msg + 1, 3 ); |
| rahul_dahiya |
0:fb8047b156bb | 2969 | } |
| rahul_dahiya |
0:fb8047b156bb | 2970 | else |
| rahul_dahiya |
0:fb8047b156bb | 2971 | { |
| rahul_dahiya |
0:fb8047b156bb | 2972 | /* Make sure msg_type and length are consistent */ |
| rahul_dahiya |
0:fb8047b156bb | 2973 | if( memcmp( ssl->handshake->hs_msg, ssl->in_msg, 4 ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2974 | { |
| rahul_dahiya |
0:fb8047b156bb | 2975 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment header mismatch" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2976 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 2977 | } |
| rahul_dahiya |
0:fb8047b156bb | 2978 | } |
| rahul_dahiya |
0:fb8047b156bb | 2979 | |
| rahul_dahiya |
0:fb8047b156bb | 2980 | msg = ssl->handshake->hs_msg + 12; |
| rahul_dahiya |
0:fb8047b156bb | 2981 | bitmask = msg + msg_len; |
| rahul_dahiya |
0:fb8047b156bb | 2982 | |
| rahul_dahiya |
0:fb8047b156bb | 2983 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2984 | * Check and copy current fragment |
| rahul_dahiya |
0:fb8047b156bb | 2985 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2986 | frag_off = ( ssl->in_msg[6] << 16 ) | |
| rahul_dahiya |
0:fb8047b156bb | 2987 | ( ssl->in_msg[7] << 8 ) | |
| rahul_dahiya |
0:fb8047b156bb | 2988 | ssl->in_msg[8]; |
| rahul_dahiya |
0:fb8047b156bb | 2989 | frag_len = ( ssl->in_msg[9] << 16 ) | |
| rahul_dahiya |
0:fb8047b156bb | 2990 | ( ssl->in_msg[10] << 8 ) | |
| rahul_dahiya |
0:fb8047b156bb | 2991 | ssl->in_msg[11]; |
| rahul_dahiya |
0:fb8047b156bb | 2992 | |
| rahul_dahiya |
0:fb8047b156bb | 2993 | if( frag_off + frag_len > msg_len ) |
| rahul_dahiya |
0:fb8047b156bb | 2994 | { |
| rahul_dahiya |
0:fb8047b156bb | 2995 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment offset/len: %d + %d > %d", |
| rahul_dahiya |
0:fb8047b156bb | 2996 | frag_off, frag_len, msg_len ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2997 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 2998 | } |
| rahul_dahiya |
0:fb8047b156bb | 2999 | |
| rahul_dahiya |
0:fb8047b156bb | 3000 | if( frag_len + 12 > ssl->in_msglen ) |
| rahul_dahiya |
0:fb8047b156bb | 3001 | { |
| rahul_dahiya |
0:fb8047b156bb | 3002 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment length: %d + 12 > %d", |
| rahul_dahiya |
0:fb8047b156bb | 3003 | frag_len, ssl->in_msglen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3004 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3005 | } |
| rahul_dahiya |
0:fb8047b156bb | 3006 | |
| rahul_dahiya |
0:fb8047b156bb | 3007 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d", |
| rahul_dahiya |
0:fb8047b156bb | 3008 | frag_off, frag_len ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3009 | |
| rahul_dahiya |
0:fb8047b156bb | 3010 | memcpy( msg + frag_off, ssl->in_msg + 12, frag_len ); |
| rahul_dahiya |
0:fb8047b156bb | 3011 | ssl_bitmask_set( bitmask, frag_off, frag_len ); |
| rahul_dahiya |
0:fb8047b156bb | 3012 | |
| rahul_dahiya |
0:fb8047b156bb | 3013 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3014 | * Do we have the complete message by now? |
| rahul_dahiya |
0:fb8047b156bb | 3015 | * If yes, finalize it, else ask to read the next record. |
| rahul_dahiya |
0:fb8047b156bb | 3016 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3017 | if( ssl_bitmask_check( bitmask, msg_len ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3018 | { |
| rahul_dahiya |
0:fb8047b156bb | 3019 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3020 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
| rahul_dahiya |
0:fb8047b156bb | 3021 | } |
| rahul_dahiya |
0:fb8047b156bb | 3022 | |
| rahul_dahiya |
0:fb8047b156bb | 3023 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3024 | |
| rahul_dahiya |
0:fb8047b156bb | 3025 | if( frag_len + 12 < ssl->in_msglen ) |
| rahul_dahiya |
0:fb8047b156bb | 3026 | { |
| rahul_dahiya |
0:fb8047b156bb | 3027 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3028 | * We'got more handshake messages in the same record. |
| rahul_dahiya |
0:fb8047b156bb | 3029 | * This case is not handled now because no know implementation does |
| rahul_dahiya |
0:fb8047b156bb | 3030 | * that and it's hard to test, so we prefer to fail cleanly for now. |
| rahul_dahiya |
0:fb8047b156bb | 3031 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3032 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "last fragment not alone in its record" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3033 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
| rahul_dahiya |
0:fb8047b156bb | 3034 | } |
| rahul_dahiya |
0:fb8047b156bb | 3035 | |
| rahul_dahiya |
0:fb8047b156bb | 3036 | if( ssl->in_left > ssl->next_record_offset ) |
| rahul_dahiya |
0:fb8047b156bb | 3037 | { |
| rahul_dahiya |
0:fb8047b156bb | 3038 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3039 | * We've got more data in the buffer after the current record, |
| rahul_dahiya |
0:fb8047b156bb | 3040 | * that we don't want to overwrite. Move it before writing the |
| rahul_dahiya |
0:fb8047b156bb | 3041 | * reassembled message, and adjust in_left and next_record_offset. |
| rahul_dahiya |
0:fb8047b156bb | 3042 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3043 | unsigned char *cur_remain = ssl->in_hdr + ssl->next_record_offset; |
| rahul_dahiya |
0:fb8047b156bb | 3044 | unsigned char *new_remain = ssl->in_msg + ssl->in_hslen; |
| rahul_dahiya |
0:fb8047b156bb | 3045 | size_t remain_len = ssl->in_left - ssl->next_record_offset; |
| rahul_dahiya |
0:fb8047b156bb | 3046 | |
| rahul_dahiya |
0:fb8047b156bb | 3047 | /* First compute and check new lengths */ |
| rahul_dahiya |
0:fb8047b156bb | 3048 | ssl->next_record_offset = new_remain - ssl->in_hdr; |
| rahul_dahiya |
0:fb8047b156bb | 3049 | ssl->in_left = ssl->next_record_offset + remain_len; |
| rahul_dahiya |
0:fb8047b156bb | 3050 | |
| rahul_dahiya |
0:fb8047b156bb | 3051 | if( ssl->in_left > MBEDTLS_SSL_BUFFER_LEN - |
| rahul_dahiya |
0:fb8047b156bb | 3052 | (size_t)( ssl->in_hdr - ssl->in_buf ) ) |
| rahul_dahiya |
0:fb8047b156bb | 3053 | { |
| rahul_dahiya |
0:fb8047b156bb | 3054 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "reassembled message too large for buffer" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3055 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); |
| rahul_dahiya |
0:fb8047b156bb | 3056 | } |
| rahul_dahiya |
0:fb8047b156bb | 3057 | |
| rahul_dahiya |
0:fb8047b156bb | 3058 | memmove( new_remain, cur_remain, remain_len ); |
| rahul_dahiya |
0:fb8047b156bb | 3059 | } |
| rahul_dahiya |
0:fb8047b156bb | 3060 | |
| rahul_dahiya |
0:fb8047b156bb | 3061 | memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen ); |
| rahul_dahiya |
0:fb8047b156bb | 3062 | |
| rahul_dahiya |
0:fb8047b156bb | 3063 | mbedtls_free( ssl->handshake->hs_msg ); |
| rahul_dahiya |
0:fb8047b156bb | 3064 | ssl->handshake->hs_msg = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 3065 | |
| rahul_dahiya |
0:fb8047b156bb | 3066 | MBEDTLS_SSL_DEBUG_BUF( 3, "reassembled handshake message", |
| rahul_dahiya |
0:fb8047b156bb | 3067 | ssl->in_msg, ssl->in_hslen ); |
| rahul_dahiya |
0:fb8047b156bb | 3068 | |
| rahul_dahiya |
0:fb8047b156bb | 3069 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3070 | } |
| rahul_dahiya |
0:fb8047b156bb | 3071 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| rahul_dahiya |
0:fb8047b156bb | 3072 | |
| rahul_dahiya |
0:fb8047b156bb | 3073 | int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3074 | { |
| rahul_dahiya |
0:fb8047b156bb | 3075 | if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) ) |
| rahul_dahiya |
0:fb8047b156bb | 3076 | { |
| rahul_dahiya |
0:fb8047b156bb | 3077 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d", |
| rahul_dahiya |
0:fb8047b156bb | 3078 | ssl->in_msglen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3079 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3080 | } |
| rahul_dahiya |
0:fb8047b156bb | 3081 | |
| rahul_dahiya |
0:fb8047b156bb | 3082 | ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ( |
| rahul_dahiya |
0:fb8047b156bb | 3083 | ( ssl->in_msg[1] << 16 ) | |
| rahul_dahiya |
0:fb8047b156bb | 3084 | ( ssl->in_msg[2] << 8 ) | |
| rahul_dahiya |
0:fb8047b156bb | 3085 | ssl->in_msg[3] ); |
| rahul_dahiya |
0:fb8047b156bb | 3086 | |
| rahul_dahiya |
0:fb8047b156bb | 3087 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" |
| rahul_dahiya |
0:fb8047b156bb | 3088 | " %d, type = %d, hslen = %d", |
| rahul_dahiya |
0:fb8047b156bb | 3089 | ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3090 | |
| rahul_dahiya |
0:fb8047b156bb | 3091 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 3092 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 3093 | { |
| rahul_dahiya |
0:fb8047b156bb | 3094 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 3095 | unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; |
| rahul_dahiya |
0:fb8047b156bb | 3096 | |
| rahul_dahiya |
0:fb8047b156bb | 3097 | /* ssl->handshake is NULL when receiving ClientHello for renego */ |
| rahul_dahiya |
0:fb8047b156bb | 3098 | if( ssl->handshake != NULL && |
| rahul_dahiya |
0:fb8047b156bb | 3099 | recv_msg_seq != ssl->handshake->in_msg_seq ) |
| rahul_dahiya |
0:fb8047b156bb | 3100 | { |
| rahul_dahiya |
0:fb8047b156bb | 3101 | /* Retransmit only on last message from previous flight, to avoid |
| rahul_dahiya |
0:fb8047b156bb | 3102 | * too many retransmissions. |
| rahul_dahiya |
0:fb8047b156bb | 3103 | * Besides, No sane server ever retransmits HelloVerifyRequest */ |
| rahul_dahiya |
0:fb8047b156bb | 3104 | if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 && |
| rahul_dahiya |
0:fb8047b156bb | 3105 | ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST ) |
| rahul_dahiya |
0:fb8047b156bb | 3106 | { |
| rahul_dahiya |
0:fb8047b156bb | 3107 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, " |
| rahul_dahiya |
0:fb8047b156bb | 3108 | "message_seq = %d, start_of_flight = %d", |
| rahul_dahiya |
0:fb8047b156bb | 3109 | recv_msg_seq, |
| rahul_dahiya |
0:fb8047b156bb | 3110 | ssl->handshake->in_flight_start_seq ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3111 | |
| rahul_dahiya |
0:fb8047b156bb | 3112 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3113 | { |
| rahul_dahiya |
0:fb8047b156bb | 3114 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3115 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3116 | } |
| rahul_dahiya |
0:fb8047b156bb | 3117 | } |
| rahul_dahiya |
0:fb8047b156bb | 3118 | else |
| rahul_dahiya |
0:fb8047b156bb | 3119 | { |
| rahul_dahiya |
0:fb8047b156bb | 3120 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: " |
| rahul_dahiya |
0:fb8047b156bb | 3121 | "message_seq = %d, expected = %d", |
| rahul_dahiya |
0:fb8047b156bb | 3122 | recv_msg_seq, |
| rahul_dahiya |
0:fb8047b156bb | 3123 | ssl->handshake->in_msg_seq ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3124 | } |
| rahul_dahiya |
0:fb8047b156bb | 3125 | |
| rahul_dahiya |
0:fb8047b156bb | 3126 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
| rahul_dahiya |
0:fb8047b156bb | 3127 | } |
| rahul_dahiya |
0:fb8047b156bb | 3128 | /* Wait until message completion to increment in_msg_seq */ |
| rahul_dahiya |
0:fb8047b156bb | 3129 | |
| rahul_dahiya |
0:fb8047b156bb | 3130 | /* Reassemble if current message is fragmented or reassembly is |
| rahul_dahiya |
0:fb8047b156bb | 3131 | * already in progress */ |
| rahul_dahiya |
0:fb8047b156bb | 3132 | if( ssl->in_msglen < ssl->in_hslen || |
| rahul_dahiya |
0:fb8047b156bb | 3133 | memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 || |
| rahul_dahiya |
0:fb8047b156bb | 3134 | memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 || |
| rahul_dahiya |
0:fb8047b156bb | 3135 | ( ssl->handshake != NULL && ssl->handshake->hs_msg != NULL ) ) |
| rahul_dahiya |
0:fb8047b156bb | 3136 | { |
| rahul_dahiya |
0:fb8047b156bb | 3137 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3138 | |
| rahul_dahiya |
0:fb8047b156bb | 3139 | if( ( ret = ssl_reassemble_dtls_handshake( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3140 | { |
| rahul_dahiya |
0:fb8047b156bb | 3141 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_reassemble_dtls_handshake", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3142 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3143 | } |
| rahul_dahiya |
0:fb8047b156bb | 3144 | } |
| rahul_dahiya |
0:fb8047b156bb | 3145 | } |
| rahul_dahiya |
0:fb8047b156bb | 3146 | else |
| rahul_dahiya |
0:fb8047b156bb | 3147 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| rahul_dahiya |
0:fb8047b156bb | 3148 | /* With TLS we don't handle fragmentation (for now) */ |
| rahul_dahiya |
0:fb8047b156bb | 3149 | if( ssl->in_msglen < ssl->in_hslen ) |
| rahul_dahiya |
0:fb8047b156bb | 3150 | { |
| rahul_dahiya |
0:fb8047b156bb | 3151 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3152 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
| rahul_dahiya |
0:fb8047b156bb | 3153 | } |
| rahul_dahiya |
0:fb8047b156bb | 3154 | |
| rahul_dahiya |
0:fb8047b156bb | 3155 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3156 | } |
| rahul_dahiya |
0:fb8047b156bb | 3157 | |
| rahul_dahiya |
0:fb8047b156bb | 3158 | void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3159 | { |
| rahul_dahiya |
0:fb8047b156bb | 3160 | |
| rahul_dahiya |
0:fb8047b156bb | 3161 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && |
| rahul_dahiya |
0:fb8047b156bb | 3162 | ssl->handshake != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 3163 | { |
| rahul_dahiya |
0:fb8047b156bb | 3164 | ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); |
| rahul_dahiya |
0:fb8047b156bb | 3165 | } |
| rahul_dahiya |
0:fb8047b156bb | 3166 | |
| rahul_dahiya |
0:fb8047b156bb | 3167 | /* Handshake message is complete, increment counter */ |
| rahul_dahiya |
0:fb8047b156bb | 3168 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 3169 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| rahul_dahiya |
0:fb8047b156bb | 3170 | ssl->handshake != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 3171 | { |
| rahul_dahiya |
0:fb8047b156bb | 3172 | ssl->handshake->in_msg_seq++; |
| rahul_dahiya |
0:fb8047b156bb | 3173 | } |
| rahul_dahiya |
0:fb8047b156bb | 3174 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3175 | } |
| rahul_dahiya |
0:fb8047b156bb | 3176 | |
| rahul_dahiya |
0:fb8047b156bb | 3177 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3178 | * DTLS anti-replay: RFC 6347 4.1.2.6 |
| rahul_dahiya |
0:fb8047b156bb | 3179 | * |
| rahul_dahiya |
0:fb8047b156bb | 3180 | * in_window is a field of bits numbered from 0 (lsb) to 63 (msb). |
| rahul_dahiya |
0:fb8047b156bb | 3181 | * Bit n is set iff record number in_window_top - n has been seen. |
| rahul_dahiya |
0:fb8047b156bb | 3182 | * |
| rahul_dahiya |
0:fb8047b156bb | 3183 | * Usually, in_window_top is the last record number seen and the lsb of |
| rahul_dahiya |
0:fb8047b156bb | 3184 | * in_window is set. The only exception is the initial state (record number 0 |
| rahul_dahiya |
0:fb8047b156bb | 3185 | * not seen yet). |
| rahul_dahiya |
0:fb8047b156bb | 3186 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3187 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| rahul_dahiya |
0:fb8047b156bb | 3188 | static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3189 | { |
| rahul_dahiya |
0:fb8047b156bb | 3190 | ssl->in_window_top = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3191 | ssl->in_window = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3192 | } |
| rahul_dahiya |
0:fb8047b156bb | 3193 | |
| rahul_dahiya |
0:fb8047b156bb | 3194 | static inline uint64_t ssl_load_six_bytes( unsigned char *buf ) |
| rahul_dahiya |
0:fb8047b156bb | 3195 | { |
| rahul_dahiya |
0:fb8047b156bb | 3196 | return( ( (uint64_t) buf[0] << 40 ) | |
| rahul_dahiya |
0:fb8047b156bb | 3197 | ( (uint64_t) buf[1] << 32 ) | |
| rahul_dahiya |
0:fb8047b156bb | 3198 | ( (uint64_t) buf[2] << 24 ) | |
| rahul_dahiya |
0:fb8047b156bb | 3199 | ( (uint64_t) buf[3] << 16 ) | |
| rahul_dahiya |
0:fb8047b156bb | 3200 | ( (uint64_t) buf[4] << 8 ) | |
| rahul_dahiya |
0:fb8047b156bb | 3201 | ( (uint64_t) buf[5] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3202 | } |
| rahul_dahiya |
0:fb8047b156bb | 3203 | |
| rahul_dahiya |
0:fb8047b156bb | 3204 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3205 | * Return 0 if sequence number is acceptable, -1 otherwise |
| rahul_dahiya |
0:fb8047b156bb | 3206 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3207 | int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3208 | { |
| rahul_dahiya |
0:fb8047b156bb | 3209 | uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); |
| rahul_dahiya |
0:fb8047b156bb | 3210 | uint64_t bit; |
| rahul_dahiya |
0:fb8047b156bb | 3211 | |
| rahul_dahiya |
0:fb8047b156bb | 3212 | if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) |
| rahul_dahiya |
0:fb8047b156bb | 3213 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3214 | |
| rahul_dahiya |
0:fb8047b156bb | 3215 | if( rec_seqnum > ssl->in_window_top ) |
| rahul_dahiya |
0:fb8047b156bb | 3216 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3217 | |
| rahul_dahiya |
0:fb8047b156bb | 3218 | bit = ssl->in_window_top - rec_seqnum; |
| rahul_dahiya |
0:fb8047b156bb | 3219 | |
| rahul_dahiya |
0:fb8047b156bb | 3220 | if( bit >= 64 ) |
| rahul_dahiya |
0:fb8047b156bb | 3221 | return( -1 ); |
| rahul_dahiya |
0:fb8047b156bb | 3222 | |
| rahul_dahiya |
0:fb8047b156bb | 3223 | if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3224 | return( -1 ); |
| rahul_dahiya |
0:fb8047b156bb | 3225 | |
| rahul_dahiya |
0:fb8047b156bb | 3226 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3227 | } |
| rahul_dahiya |
0:fb8047b156bb | 3228 | |
| rahul_dahiya |
0:fb8047b156bb | 3229 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3230 | * Update replay window on new validated record |
| rahul_dahiya |
0:fb8047b156bb | 3231 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3232 | void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3233 | { |
| rahul_dahiya |
0:fb8047b156bb | 3234 | uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); |
| rahul_dahiya |
0:fb8047b156bb | 3235 | |
| rahul_dahiya |
0:fb8047b156bb | 3236 | if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) |
| rahul_dahiya |
0:fb8047b156bb | 3237 | return; |
| rahul_dahiya |
0:fb8047b156bb | 3238 | |
| rahul_dahiya |
0:fb8047b156bb | 3239 | if( rec_seqnum > ssl->in_window_top ) |
| rahul_dahiya |
0:fb8047b156bb | 3240 | { |
| rahul_dahiya |
0:fb8047b156bb | 3241 | /* Update window_top and the contents of the window */ |
| rahul_dahiya |
0:fb8047b156bb | 3242 | uint64_t shift = rec_seqnum - ssl->in_window_top; |
| rahul_dahiya |
0:fb8047b156bb | 3243 | |
| rahul_dahiya |
0:fb8047b156bb | 3244 | if( shift >= 64 ) |
| rahul_dahiya |
0:fb8047b156bb | 3245 | ssl->in_window = 1; |
| rahul_dahiya |
0:fb8047b156bb | 3246 | else |
| rahul_dahiya |
0:fb8047b156bb | 3247 | { |
| rahul_dahiya |
0:fb8047b156bb | 3248 | ssl->in_window <<= shift; |
| rahul_dahiya |
0:fb8047b156bb | 3249 | ssl->in_window |= 1; |
| rahul_dahiya |
0:fb8047b156bb | 3250 | } |
| rahul_dahiya |
0:fb8047b156bb | 3251 | |
| rahul_dahiya |
0:fb8047b156bb | 3252 | ssl->in_window_top = rec_seqnum; |
| rahul_dahiya |
0:fb8047b156bb | 3253 | } |
| rahul_dahiya |
0:fb8047b156bb | 3254 | else |
| rahul_dahiya |
0:fb8047b156bb | 3255 | { |
| rahul_dahiya |
0:fb8047b156bb | 3256 | /* Mark that number as seen in the current window */ |
| rahul_dahiya |
0:fb8047b156bb | 3257 | uint64_t bit = ssl->in_window_top - rec_seqnum; |
| rahul_dahiya |
0:fb8047b156bb | 3258 | |
| rahul_dahiya |
0:fb8047b156bb | 3259 | if( bit < 64 ) /* Always true, but be extra sure */ |
| rahul_dahiya |
0:fb8047b156bb | 3260 | ssl->in_window |= (uint64_t) 1 << bit; |
| rahul_dahiya |
0:fb8047b156bb | 3261 | } |
| rahul_dahiya |
0:fb8047b156bb | 3262 | } |
| rahul_dahiya |
0:fb8047b156bb | 3263 | #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ |
| rahul_dahiya |
0:fb8047b156bb | 3264 | |
| rahul_dahiya |
0:fb8047b156bb | 3265 | #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 3266 | /* Forward declaration */ |
| rahul_dahiya |
0:fb8047b156bb | 3267 | static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ); |
| rahul_dahiya |
0:fb8047b156bb | 3268 | |
| rahul_dahiya |
0:fb8047b156bb | 3269 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3270 | * Without any SSL context, check if a datagram looks like a ClientHello with |
| rahul_dahiya |
0:fb8047b156bb | 3271 | * a valid cookie, and if it doesn't, generate a HelloVerifyRequest message. |
| rahul_dahiya |
0:fb8047b156bb | 3272 | * Both input and output include full DTLS headers. |
| rahul_dahiya |
0:fb8047b156bb | 3273 | * |
| rahul_dahiya |
0:fb8047b156bb | 3274 | * - if cookie is valid, return 0 |
| rahul_dahiya |
0:fb8047b156bb | 3275 | * - if ClientHello looks superficially valid but cookie is not, |
| rahul_dahiya |
0:fb8047b156bb | 3276 | * fill obuf and set olen, then |
| rahul_dahiya |
0:fb8047b156bb | 3277 | * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED |
| rahul_dahiya |
0:fb8047b156bb | 3278 | * - otherwise return a specific error code |
| rahul_dahiya |
0:fb8047b156bb | 3279 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3280 | static int ssl_check_dtls_clihlo_cookie( |
| rahul_dahiya |
0:fb8047b156bb | 3281 | mbedtls_ssl_cookie_write_t *f_cookie_write, |
| rahul_dahiya |
0:fb8047b156bb | 3282 | mbedtls_ssl_cookie_check_t *f_cookie_check, |
| rahul_dahiya |
0:fb8047b156bb | 3283 | void *p_cookie, |
| rahul_dahiya |
0:fb8047b156bb | 3284 | const unsigned char *cli_id, size_t cli_id_len, |
| rahul_dahiya |
0:fb8047b156bb | 3285 | const unsigned char *in, size_t in_len, |
| rahul_dahiya |
0:fb8047b156bb | 3286 | unsigned char *obuf, size_t buf_len, size_t *olen ) |
| rahul_dahiya |
0:fb8047b156bb | 3287 | { |
| rahul_dahiya |
0:fb8047b156bb | 3288 | size_t sid_len, cookie_len; |
| rahul_dahiya |
0:fb8047b156bb | 3289 | unsigned char *p; |
| rahul_dahiya |
0:fb8047b156bb | 3290 | |
| rahul_dahiya |
0:fb8047b156bb | 3291 | if( f_cookie_write == NULL || f_cookie_check == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 3292 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 3293 | |
| rahul_dahiya |
0:fb8047b156bb | 3294 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3295 | * Structure of ClientHello with record and handshake headers, |
| rahul_dahiya |
0:fb8047b156bb | 3296 | * and expected values. We don't need to check a lot, more checks will be |
| rahul_dahiya |
0:fb8047b156bb | 3297 | * done when actually parsing the ClientHello - skipping those checks |
| rahul_dahiya |
0:fb8047b156bb | 3298 | * avoids code duplication and does not make cookie forging any easier. |
| rahul_dahiya |
0:fb8047b156bb | 3299 | * |
| rahul_dahiya |
0:fb8047b156bb | 3300 | * 0-0 ContentType type; copied, must be handshake |
| rahul_dahiya |
0:fb8047b156bb | 3301 | * 1-2 ProtocolVersion version; copied |
| rahul_dahiya |
0:fb8047b156bb | 3302 | * 3-4 uint16 epoch; copied, must be 0 |
| rahul_dahiya |
0:fb8047b156bb | 3303 | * 5-10 uint48 sequence_number; copied |
| rahul_dahiya |
0:fb8047b156bb | 3304 | * 11-12 uint16 length; (ignored) |
| rahul_dahiya |
0:fb8047b156bb | 3305 | * |
| rahul_dahiya |
0:fb8047b156bb | 3306 | * 13-13 HandshakeType msg_type; (ignored) |
| rahul_dahiya |
0:fb8047b156bb | 3307 | * 14-16 uint24 length; (ignored) |
| rahul_dahiya |
0:fb8047b156bb | 3308 | * 17-18 uint16 message_seq; copied |
| rahul_dahiya |
0:fb8047b156bb | 3309 | * 19-21 uint24 fragment_offset; copied, must be 0 |
| rahul_dahiya |
0:fb8047b156bb | 3310 | * 22-24 uint24 fragment_length; (ignored) |
| rahul_dahiya |
0:fb8047b156bb | 3311 | * |
| rahul_dahiya |
0:fb8047b156bb | 3312 | * 25-26 ProtocolVersion client_version; (ignored) |
| rahul_dahiya |
0:fb8047b156bb | 3313 | * 27-58 Random random; (ignored) |
| rahul_dahiya |
0:fb8047b156bb | 3314 | * 59-xx SessionID session_id; 1 byte len + sid_len content |
| rahul_dahiya |
0:fb8047b156bb | 3315 | * 60+ opaque cookie<0..2^8-1>; 1 byte len + content |
| rahul_dahiya |
0:fb8047b156bb | 3316 | * ... |
| rahul_dahiya |
0:fb8047b156bb | 3317 | * |
| rahul_dahiya |
0:fb8047b156bb | 3318 | * Minimum length is 61 bytes. |
| rahul_dahiya |
0:fb8047b156bb | 3319 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3320 | if( in_len < 61 || |
| rahul_dahiya |
0:fb8047b156bb | 3321 | in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || |
| rahul_dahiya |
0:fb8047b156bb | 3322 | in[3] != 0 || in[4] != 0 || |
| rahul_dahiya |
0:fb8047b156bb | 3323 | in[19] != 0 || in[20] != 0 || in[21] != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3324 | { |
| rahul_dahiya |
0:fb8047b156bb | 3325 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 3326 | } |
| rahul_dahiya |
0:fb8047b156bb | 3327 | |
| rahul_dahiya |
0:fb8047b156bb | 3328 | sid_len = in[59]; |
| rahul_dahiya |
0:fb8047b156bb | 3329 | if( sid_len > in_len - 61 ) |
| rahul_dahiya |
0:fb8047b156bb | 3330 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 3331 | |
| rahul_dahiya |
0:fb8047b156bb | 3332 | cookie_len = in[60 + sid_len]; |
| rahul_dahiya |
0:fb8047b156bb | 3333 | if( cookie_len > in_len - 60 ) |
| rahul_dahiya |
0:fb8047b156bb | 3334 | return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 3335 | |
| rahul_dahiya |
0:fb8047b156bb | 3336 | if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len, |
| rahul_dahiya |
0:fb8047b156bb | 3337 | cli_id, cli_id_len ) == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3338 | { |
| rahul_dahiya |
0:fb8047b156bb | 3339 | /* Valid cookie */ |
| rahul_dahiya |
0:fb8047b156bb | 3340 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3341 | } |
| rahul_dahiya |
0:fb8047b156bb | 3342 | |
| rahul_dahiya |
0:fb8047b156bb | 3343 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3344 | * If we get here, we've got an invalid cookie, let's prepare HVR. |
| rahul_dahiya |
0:fb8047b156bb | 3345 | * |
| rahul_dahiya |
0:fb8047b156bb | 3346 | * 0-0 ContentType type; copied |
| rahul_dahiya |
0:fb8047b156bb | 3347 | * 1-2 ProtocolVersion version; copied |
| rahul_dahiya |
0:fb8047b156bb | 3348 | * 3-4 uint16 epoch; copied |
| rahul_dahiya |
0:fb8047b156bb | 3349 | * 5-10 uint48 sequence_number; copied |
| rahul_dahiya |
0:fb8047b156bb | 3350 | * 11-12 uint16 length; olen - 13 |
| rahul_dahiya |
0:fb8047b156bb | 3351 | * |
| rahul_dahiya |
0:fb8047b156bb | 3352 | * 13-13 HandshakeType msg_type; hello_verify_request |
| rahul_dahiya |
0:fb8047b156bb | 3353 | * 14-16 uint24 length; olen - 25 |
| rahul_dahiya |
0:fb8047b156bb | 3354 | * 17-18 uint16 message_seq; copied |
| rahul_dahiya |
0:fb8047b156bb | 3355 | * 19-21 uint24 fragment_offset; copied |
| rahul_dahiya |
0:fb8047b156bb | 3356 | * 22-24 uint24 fragment_length; olen - 25 |
| rahul_dahiya |
0:fb8047b156bb | 3357 | * |
| rahul_dahiya |
0:fb8047b156bb | 3358 | * 25-26 ProtocolVersion server_version; 0xfe 0xff |
| rahul_dahiya |
0:fb8047b156bb | 3359 | * 27-27 opaque cookie<0..2^8-1>; cookie_len = olen - 27, cookie |
| rahul_dahiya |
0:fb8047b156bb | 3360 | * |
| rahul_dahiya |
0:fb8047b156bb | 3361 | * Minimum length is 28. |
| rahul_dahiya |
0:fb8047b156bb | 3362 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3363 | if( buf_len < 28 ) |
| rahul_dahiya |
0:fb8047b156bb | 3364 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); |
| rahul_dahiya |
0:fb8047b156bb | 3365 | |
| rahul_dahiya |
0:fb8047b156bb | 3366 | /* Copy most fields and adapt others */ |
| rahul_dahiya |
0:fb8047b156bb | 3367 | memcpy( obuf, in, 25 ); |
| rahul_dahiya |
0:fb8047b156bb | 3368 | obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; |
| rahul_dahiya |
0:fb8047b156bb | 3369 | obuf[25] = 0xfe; |
| rahul_dahiya |
0:fb8047b156bb | 3370 | obuf[26] = 0xff; |
| rahul_dahiya |
0:fb8047b156bb | 3371 | |
| rahul_dahiya |
0:fb8047b156bb | 3372 | /* Generate and write actual cookie */ |
| rahul_dahiya |
0:fb8047b156bb | 3373 | p = obuf + 28; |
| rahul_dahiya |
0:fb8047b156bb | 3374 | if( f_cookie_write( p_cookie, |
| rahul_dahiya |
0:fb8047b156bb | 3375 | &p, obuf + buf_len, cli_id, cli_id_len ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3376 | { |
| rahul_dahiya |
0:fb8047b156bb | 3377 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 3378 | } |
| rahul_dahiya |
0:fb8047b156bb | 3379 | |
| rahul_dahiya |
0:fb8047b156bb | 3380 | *olen = p - obuf; |
| rahul_dahiya |
0:fb8047b156bb | 3381 | |
| rahul_dahiya |
0:fb8047b156bb | 3382 | /* Go back and fill length fields */ |
| rahul_dahiya |
0:fb8047b156bb | 3383 | obuf[27] = (unsigned char)( *olen - 28 ); |
| rahul_dahiya |
0:fb8047b156bb | 3384 | |
| rahul_dahiya |
0:fb8047b156bb | 3385 | obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 3386 | obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 3387 | obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3388 | |
| rahul_dahiya |
0:fb8047b156bb | 3389 | obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 3390 | obuf[12] = (unsigned char)( ( *olen - 13 ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3391 | |
| rahul_dahiya |
0:fb8047b156bb | 3392 | return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); |
| rahul_dahiya |
0:fb8047b156bb | 3393 | } |
| rahul_dahiya |
0:fb8047b156bb | 3394 | |
| rahul_dahiya |
0:fb8047b156bb | 3395 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3396 | * Handle possible client reconnect with the same UDP quadruplet |
| rahul_dahiya |
0:fb8047b156bb | 3397 | * (RFC 6347 Section 4.2.8). |
| rahul_dahiya |
0:fb8047b156bb | 3398 | * |
| rahul_dahiya |
0:fb8047b156bb | 3399 | * Called by ssl_parse_record_header() in case we receive an epoch 0 record |
| rahul_dahiya |
0:fb8047b156bb | 3400 | * that looks like a ClientHello. |
| rahul_dahiya |
0:fb8047b156bb | 3401 | * |
| rahul_dahiya |
0:fb8047b156bb | 3402 | * - if the input looks like a ClientHello without cookies, |
| rahul_dahiya |
0:fb8047b156bb | 3403 | * send back HelloVerifyRequest, then |
| rahul_dahiya |
0:fb8047b156bb | 3404 | * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED |
| rahul_dahiya |
0:fb8047b156bb | 3405 | * - if the input looks like a ClientHello with a valid cookie, |
| rahul_dahiya |
0:fb8047b156bb | 3406 | * reset the session of the current context, and |
| rahul_dahiya |
0:fb8047b156bb | 3407 | * return MBEDTLS_ERR_SSL_CLIENT_RECONNECT |
| rahul_dahiya |
0:fb8047b156bb | 3408 | * - if anything goes wrong, return a specific error code |
| rahul_dahiya |
0:fb8047b156bb | 3409 | * |
| rahul_dahiya |
0:fb8047b156bb | 3410 | * mbedtls_ssl_read_record() will ignore the record if anything else than |
| rahul_dahiya |
0:fb8047b156bb | 3411 | * MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function |
| rahul_dahiya |
0:fb8047b156bb | 3412 | * cannot not return 0. |
| rahul_dahiya |
0:fb8047b156bb | 3413 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3414 | static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3415 | { |
| rahul_dahiya |
0:fb8047b156bb | 3416 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 3417 | size_t len; |
| rahul_dahiya |
0:fb8047b156bb | 3418 | |
| rahul_dahiya |
0:fb8047b156bb | 3419 | ret = ssl_check_dtls_clihlo_cookie( |
| rahul_dahiya |
0:fb8047b156bb | 3420 | ssl->conf->f_cookie_write, |
| rahul_dahiya |
0:fb8047b156bb | 3421 | ssl->conf->f_cookie_check, |
| rahul_dahiya |
0:fb8047b156bb | 3422 | ssl->conf->p_cookie, |
| rahul_dahiya |
0:fb8047b156bb | 3423 | ssl->cli_id, ssl->cli_id_len, |
| rahul_dahiya |
0:fb8047b156bb | 3424 | ssl->in_buf, ssl->in_left, |
| rahul_dahiya |
0:fb8047b156bb | 3425 | ssl->out_buf, MBEDTLS_SSL_MAX_CONTENT_LEN, &len ); |
| rahul_dahiya |
0:fb8047b156bb | 3426 | |
| rahul_dahiya |
0:fb8047b156bb | 3427 | MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3428 | |
| rahul_dahiya |
0:fb8047b156bb | 3429 | if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) |
| rahul_dahiya |
0:fb8047b156bb | 3430 | { |
| rahul_dahiya |
0:fb8047b156bb | 3431 | /* Don't check write errors as we can't do anything here. |
| rahul_dahiya |
0:fb8047b156bb | 3432 | * If the error is permanent we'll catch it later, |
| rahul_dahiya |
0:fb8047b156bb | 3433 | * if it's not, then hopefully it'll work next time. */ |
| rahul_dahiya |
0:fb8047b156bb | 3434 | (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 3435 | |
| rahul_dahiya |
0:fb8047b156bb | 3436 | return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); |
| rahul_dahiya |
0:fb8047b156bb | 3437 | } |
| rahul_dahiya |
0:fb8047b156bb | 3438 | |
| rahul_dahiya |
0:fb8047b156bb | 3439 | if( ret == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3440 | { |
| rahul_dahiya |
0:fb8047b156bb | 3441 | /* Got a valid cookie, partially reset context */ |
| rahul_dahiya |
0:fb8047b156bb | 3442 | if( ( ret = ssl_session_reset_int( ssl, 1 ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3443 | { |
| rahul_dahiya |
0:fb8047b156bb | 3444 | MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3445 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3446 | } |
| rahul_dahiya |
0:fb8047b156bb | 3447 | |
| rahul_dahiya |
0:fb8047b156bb | 3448 | return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT ); |
| rahul_dahiya |
0:fb8047b156bb | 3449 | } |
| rahul_dahiya |
0:fb8047b156bb | 3450 | |
| rahul_dahiya |
0:fb8047b156bb | 3451 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3452 | } |
| rahul_dahiya |
0:fb8047b156bb | 3453 | #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ |
| rahul_dahiya |
0:fb8047b156bb | 3454 | |
| rahul_dahiya |
0:fb8047b156bb | 3455 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3456 | * ContentType type; |
| rahul_dahiya |
0:fb8047b156bb | 3457 | * ProtocolVersion version; |
| rahul_dahiya |
0:fb8047b156bb | 3458 | * uint16 epoch; // DTLS only |
| rahul_dahiya |
0:fb8047b156bb | 3459 | * uint48 sequence_number; // DTLS only |
| rahul_dahiya |
0:fb8047b156bb | 3460 | * uint16 length; |
| rahul_dahiya |
0:fb8047b156bb | 3461 | * |
| rahul_dahiya |
0:fb8047b156bb | 3462 | * Return 0 if header looks sane (and, for DTLS, the record is expected) |
| rahul_dahiya |
0:fb8047b156bb | 3463 | * MBEDTLS_ERR_SSL_INVALID_RECORD if the header looks bad, |
| rahul_dahiya |
0:fb8047b156bb | 3464 | * MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected. |
| rahul_dahiya |
0:fb8047b156bb | 3465 | * |
| rahul_dahiya |
0:fb8047b156bb | 3466 | * With DTLS, mbedtls_ssl_read_record() will: |
| rahul_dahiya |
0:fb8047b156bb | 3467 | * 1. proceed with the record if this function returns 0 |
| rahul_dahiya |
0:fb8047b156bb | 3468 | * 2. drop only the current record if this function returns UNEXPECTED_RECORD |
| rahul_dahiya |
0:fb8047b156bb | 3469 | * 3. return CLIENT_RECONNECT if this function return that value |
| rahul_dahiya |
0:fb8047b156bb | 3470 | * 4. drop the whole datagram if this function returns anything else. |
| rahul_dahiya |
0:fb8047b156bb | 3471 | * Point 2 is needed when the peer is resending, and we have already received |
| rahul_dahiya |
0:fb8047b156bb | 3472 | * the first record from a datagram but are still waiting for the others. |
| rahul_dahiya |
0:fb8047b156bb | 3473 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3474 | static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3475 | { |
| rahul_dahiya |
0:fb8047b156bb | 3476 | int major_ver, minor_ver; |
| rahul_dahiya |
0:fb8047b156bb | 3477 | |
| rahul_dahiya |
0:fb8047b156bb | 3478 | MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3479 | |
| rahul_dahiya |
0:fb8047b156bb | 3480 | ssl->in_msgtype = ssl->in_hdr[0]; |
| rahul_dahiya |
0:fb8047b156bb | 3481 | ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; |
| rahul_dahiya |
0:fb8047b156bb | 3482 | mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 ); |
| rahul_dahiya |
0:fb8047b156bb | 3483 | |
| rahul_dahiya |
0:fb8047b156bb | 3484 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " |
| rahul_dahiya |
0:fb8047b156bb | 3485 | "version = [%d:%d], msglen = %d", |
| rahul_dahiya |
0:fb8047b156bb | 3486 | ssl->in_msgtype, |
| rahul_dahiya |
0:fb8047b156bb | 3487 | major_ver, minor_ver, ssl->in_msglen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3488 | |
| rahul_dahiya |
0:fb8047b156bb | 3489 | /* Check record type */ |
| rahul_dahiya |
0:fb8047b156bb | 3490 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && |
| rahul_dahiya |
0:fb8047b156bb | 3491 | ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT && |
| rahul_dahiya |
0:fb8047b156bb | 3492 | ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && |
| rahul_dahiya |
0:fb8047b156bb | 3493 | ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
| rahul_dahiya |
0:fb8047b156bb | 3494 | { |
| rahul_dahiya |
0:fb8047b156bb | 3495 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3496 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 3497 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 3498 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3499 | } |
| rahul_dahiya |
0:fb8047b156bb | 3500 | |
| rahul_dahiya |
0:fb8047b156bb | 3501 | /* Check version */ |
| rahul_dahiya |
0:fb8047b156bb | 3502 | if( major_ver != ssl->major_ver ) |
| rahul_dahiya |
0:fb8047b156bb | 3503 | { |
| rahul_dahiya |
0:fb8047b156bb | 3504 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3505 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3506 | } |
| rahul_dahiya |
0:fb8047b156bb | 3507 | |
| rahul_dahiya |
0:fb8047b156bb | 3508 | if( minor_ver > ssl->conf->max_minor_ver ) |
| rahul_dahiya |
0:fb8047b156bb | 3509 | { |
| rahul_dahiya |
0:fb8047b156bb | 3510 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3511 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3512 | } |
| rahul_dahiya |
0:fb8047b156bb | 3513 | |
| rahul_dahiya |
0:fb8047b156bb | 3514 | /* Check length against the size of our buffer */ |
| rahul_dahiya |
0:fb8047b156bb | 3515 | if( ssl->in_msglen > MBEDTLS_SSL_BUFFER_LEN |
| rahul_dahiya |
0:fb8047b156bb | 3516 | - (size_t)( ssl->in_msg - ssl->in_buf ) ) |
| rahul_dahiya |
0:fb8047b156bb | 3517 | { |
| rahul_dahiya |
0:fb8047b156bb | 3518 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3519 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3520 | } |
| rahul_dahiya |
0:fb8047b156bb | 3521 | |
| rahul_dahiya |
0:fb8047b156bb | 3522 | /* Check length against bounds of the current transform and version */ |
| rahul_dahiya |
0:fb8047b156bb | 3523 | if( ssl->transform_in == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 3524 | { |
| rahul_dahiya |
0:fb8047b156bb | 3525 | if( ssl->in_msglen < 1 || |
| rahul_dahiya |
0:fb8047b156bb | 3526 | ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
| rahul_dahiya |
0:fb8047b156bb | 3527 | { |
| rahul_dahiya |
0:fb8047b156bb | 3528 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3529 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3530 | } |
| rahul_dahiya |
0:fb8047b156bb | 3531 | } |
| rahul_dahiya |
0:fb8047b156bb | 3532 | else |
| rahul_dahiya |
0:fb8047b156bb | 3533 | { |
| rahul_dahiya |
0:fb8047b156bb | 3534 | if( ssl->in_msglen < ssl->transform_in->minlen ) |
| rahul_dahiya |
0:fb8047b156bb | 3535 | { |
| rahul_dahiya |
0:fb8047b156bb | 3536 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3537 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3538 | } |
| rahul_dahiya |
0:fb8047b156bb | 3539 | |
| rahul_dahiya |
0:fb8047b156bb | 3540 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 3541 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && |
| rahul_dahiya |
0:fb8047b156bb | 3542 | ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN ) |
| rahul_dahiya |
0:fb8047b156bb | 3543 | { |
| rahul_dahiya |
0:fb8047b156bb | 3544 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3545 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3546 | } |
| rahul_dahiya |
0:fb8047b156bb | 3547 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3548 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 3549 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 3550 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3551 | * TLS encrypted messages can have up to 256 bytes of padding |
| rahul_dahiya |
0:fb8047b156bb | 3552 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3553 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 && |
| rahul_dahiya |
0:fb8047b156bb | 3554 | ssl->in_msglen > ssl->transform_in->minlen + |
| rahul_dahiya |
0:fb8047b156bb | 3555 | MBEDTLS_SSL_MAX_CONTENT_LEN + 256 ) |
| rahul_dahiya |
0:fb8047b156bb | 3556 | { |
| rahul_dahiya |
0:fb8047b156bb | 3557 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3558 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3559 | } |
| rahul_dahiya |
0:fb8047b156bb | 3560 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3561 | } |
| rahul_dahiya |
0:fb8047b156bb | 3562 | |
| rahul_dahiya |
0:fb8047b156bb | 3563 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3564 | * DTLS-related tests done last, because most of them may result in |
| rahul_dahiya |
0:fb8047b156bb | 3565 | * silently dropping the record (but not the whole datagram), and we only |
| rahul_dahiya |
0:fb8047b156bb | 3566 | * want to consider that after ensuring that the "basic" fields (type, |
| rahul_dahiya |
0:fb8047b156bb | 3567 | * version, length) are sane. |
| rahul_dahiya |
0:fb8047b156bb | 3568 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3569 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 3570 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 3571 | { |
| rahul_dahiya |
0:fb8047b156bb | 3572 | unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; |
| rahul_dahiya |
0:fb8047b156bb | 3573 | |
| rahul_dahiya |
0:fb8047b156bb | 3574 | /* Drop unexpected ChangeCipherSpec messages */ |
| rahul_dahiya |
0:fb8047b156bb | 3575 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && |
| rahul_dahiya |
0:fb8047b156bb | 3576 | ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && |
| rahul_dahiya |
0:fb8047b156bb | 3577 | ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) |
| rahul_dahiya |
0:fb8047b156bb | 3578 | { |
| rahul_dahiya |
0:fb8047b156bb | 3579 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3580 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3581 | } |
| rahul_dahiya |
0:fb8047b156bb | 3582 | |
| rahul_dahiya |
0:fb8047b156bb | 3583 | /* Drop unexpected ApplicationData records, |
| rahul_dahiya |
0:fb8047b156bb | 3584 | * except at the beginning of renegotiations */ |
| rahul_dahiya |
0:fb8047b156bb | 3585 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && |
| rahul_dahiya |
0:fb8047b156bb | 3586 | ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER |
| rahul_dahiya |
0:fb8047b156bb | 3587 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 3588 | && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && |
| rahul_dahiya |
0:fb8047b156bb | 3589 | ssl->state == MBEDTLS_SSL_SERVER_HELLO ) |
| rahul_dahiya |
0:fb8047b156bb | 3590 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3591 | ) |
| rahul_dahiya |
0:fb8047b156bb | 3592 | { |
| rahul_dahiya |
0:fb8047b156bb | 3593 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3594 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3595 | } |
| rahul_dahiya |
0:fb8047b156bb | 3596 | |
| rahul_dahiya |
0:fb8047b156bb | 3597 | /* Check epoch (and sequence number) with DTLS */ |
| rahul_dahiya |
0:fb8047b156bb | 3598 | if( rec_epoch != ssl->in_epoch ) |
| rahul_dahiya |
0:fb8047b156bb | 3599 | { |
| rahul_dahiya |
0:fb8047b156bb | 3600 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: " |
| rahul_dahiya |
0:fb8047b156bb | 3601 | "expected %d, received %d", |
| rahul_dahiya |
0:fb8047b156bb | 3602 | ssl->in_epoch, rec_epoch ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3603 | |
| rahul_dahiya |
0:fb8047b156bb | 3604 | #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 3605 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3606 | * Check for an epoch 0 ClientHello. We can't use in_msg here to |
| rahul_dahiya |
0:fb8047b156bb | 3607 | * access the first byte of record content (handshake type), as we |
| rahul_dahiya |
0:fb8047b156bb | 3608 | * have an active transform (possibly iv_len != 0), so use the |
| rahul_dahiya |
0:fb8047b156bb | 3609 | * fact that the record header len is 13 instead. |
| rahul_dahiya |
0:fb8047b156bb | 3610 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3611 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| rahul_dahiya |
0:fb8047b156bb | 3612 | ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && |
| rahul_dahiya |
0:fb8047b156bb | 3613 | rec_epoch == 0 && |
| rahul_dahiya |
0:fb8047b156bb | 3614 | ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
| rahul_dahiya |
0:fb8047b156bb | 3615 | ssl->in_left > 13 && |
| rahul_dahiya |
0:fb8047b156bb | 3616 | ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO ) |
| rahul_dahiya |
0:fb8047b156bb | 3617 | { |
| rahul_dahiya |
0:fb8047b156bb | 3618 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect " |
| rahul_dahiya |
0:fb8047b156bb | 3619 | "from the same port" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3620 | return( ssl_handle_possible_reconnect( ssl ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3621 | } |
| rahul_dahiya |
0:fb8047b156bb | 3622 | else |
| rahul_dahiya |
0:fb8047b156bb | 3623 | #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ |
| rahul_dahiya |
0:fb8047b156bb | 3624 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3625 | } |
| rahul_dahiya |
0:fb8047b156bb | 3626 | |
| rahul_dahiya |
0:fb8047b156bb | 3627 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| rahul_dahiya |
0:fb8047b156bb | 3628 | /* Replay detection only works for the current epoch */ |
| rahul_dahiya |
0:fb8047b156bb | 3629 | if( rec_epoch == ssl->in_epoch && |
| rahul_dahiya |
0:fb8047b156bb | 3630 | mbedtls_ssl_dtls_replay_check( ssl ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3631 | { |
| rahul_dahiya |
0:fb8047b156bb | 3632 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3633 | return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3634 | } |
| rahul_dahiya |
0:fb8047b156bb | 3635 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3636 | } |
| rahul_dahiya |
0:fb8047b156bb | 3637 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| rahul_dahiya |
0:fb8047b156bb | 3638 | |
| rahul_dahiya |
0:fb8047b156bb | 3639 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3640 | } |
| rahul_dahiya |
0:fb8047b156bb | 3641 | |
| rahul_dahiya |
0:fb8047b156bb | 3642 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3643 | * If applicable, decrypt (and decompress) record content |
| rahul_dahiya |
0:fb8047b156bb | 3644 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3645 | static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3646 | { |
| rahul_dahiya |
0:fb8047b156bb | 3647 | int ret, done = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3648 | |
| rahul_dahiya |
0:fb8047b156bb | 3649 | MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network", |
| rahul_dahiya |
0:fb8047b156bb | 3650 | ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 3651 | |
| rahul_dahiya |
0:fb8047b156bb | 3652 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| rahul_dahiya |
0:fb8047b156bb | 3653 | if( mbedtls_ssl_hw_record_read != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 3654 | { |
| rahul_dahiya |
0:fb8047b156bb | 3655 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_read()" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3656 | |
| rahul_dahiya |
0:fb8047b156bb | 3657 | ret = mbedtls_ssl_hw_record_read( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3658 | if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) |
| rahul_dahiya |
0:fb8047b156bb | 3659 | { |
| rahul_dahiya |
0:fb8047b156bb | 3660 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_read", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3661 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 3662 | } |
| rahul_dahiya |
0:fb8047b156bb | 3663 | |
| rahul_dahiya |
0:fb8047b156bb | 3664 | if( ret == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3665 | done = 1; |
| rahul_dahiya |
0:fb8047b156bb | 3666 | } |
| rahul_dahiya |
0:fb8047b156bb | 3667 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
| rahul_dahiya |
0:fb8047b156bb | 3668 | if( !done && ssl->transform_in != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 3669 | { |
| rahul_dahiya |
0:fb8047b156bb | 3670 | if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3671 | { |
| rahul_dahiya |
0:fb8047b156bb | 3672 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3673 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3674 | } |
| rahul_dahiya |
0:fb8047b156bb | 3675 | |
| rahul_dahiya |
0:fb8047b156bb | 3676 | MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt", |
| rahul_dahiya |
0:fb8047b156bb | 3677 | ssl->in_msg, ssl->in_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 3678 | |
| rahul_dahiya |
0:fb8047b156bb | 3679 | if( ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
| rahul_dahiya |
0:fb8047b156bb | 3680 | { |
| rahul_dahiya |
0:fb8047b156bb | 3681 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3682 | return( MBEDTLS_ERR_SSL_INVALID_RECORD ); |
| rahul_dahiya |
0:fb8047b156bb | 3683 | } |
| rahul_dahiya |
0:fb8047b156bb | 3684 | } |
| rahul_dahiya |
0:fb8047b156bb | 3685 | |
| rahul_dahiya |
0:fb8047b156bb | 3686 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| rahul_dahiya |
0:fb8047b156bb | 3687 | if( ssl->transform_in != NULL && |
| rahul_dahiya |
0:fb8047b156bb | 3688 | ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) |
| rahul_dahiya |
0:fb8047b156bb | 3689 | { |
| rahul_dahiya |
0:fb8047b156bb | 3690 | if( ( ret = ssl_decompress_buf( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3691 | { |
| rahul_dahiya |
0:fb8047b156bb | 3692 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3693 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3694 | } |
| rahul_dahiya |
0:fb8047b156bb | 3695 | } |
| rahul_dahiya |
0:fb8047b156bb | 3696 | #endif /* MBEDTLS_ZLIB_SUPPORT */ |
| rahul_dahiya |
0:fb8047b156bb | 3697 | |
| rahul_dahiya |
0:fb8047b156bb | 3698 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| rahul_dahiya |
0:fb8047b156bb | 3699 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 3700 | { |
| rahul_dahiya |
0:fb8047b156bb | 3701 | mbedtls_ssl_dtls_replay_update( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3702 | } |
| rahul_dahiya |
0:fb8047b156bb | 3703 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3704 | |
| rahul_dahiya |
0:fb8047b156bb | 3705 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3706 | } |
| rahul_dahiya |
0:fb8047b156bb | 3707 | |
| rahul_dahiya |
0:fb8047b156bb | 3708 | static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3709 | |
| rahul_dahiya |
0:fb8047b156bb | 3710 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3711 | * Read a record. |
| rahul_dahiya |
0:fb8047b156bb | 3712 | * |
| rahul_dahiya |
0:fb8047b156bb | 3713 | * Silently ignore non-fatal alert (and for DTLS, invalid records as well, |
| rahul_dahiya |
0:fb8047b156bb | 3714 | * RFC 6347 4.1.2.7) and continue reading until a valid record is found. |
| rahul_dahiya |
0:fb8047b156bb | 3715 | * |
| rahul_dahiya |
0:fb8047b156bb | 3716 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3717 | int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3718 | { |
| rahul_dahiya |
0:fb8047b156bb | 3719 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 3720 | |
| rahul_dahiya |
0:fb8047b156bb | 3721 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3722 | |
| rahul_dahiya |
0:fb8047b156bb | 3723 | if( ssl->keep_current_message == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3724 | { |
| rahul_dahiya |
0:fb8047b156bb | 3725 | do { |
| rahul_dahiya |
0:fb8047b156bb | 3726 | |
| rahul_dahiya |
0:fb8047b156bb | 3727 | if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3728 | { |
| rahul_dahiya |
0:fb8047b156bb | 3729 | MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3730 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3731 | } |
| rahul_dahiya |
0:fb8047b156bb | 3732 | |
| rahul_dahiya |
0:fb8047b156bb | 3733 | ret = mbedtls_ssl_handle_message_type( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3734 | |
| rahul_dahiya |
0:fb8047b156bb | 3735 | } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3736 | |
| rahul_dahiya |
0:fb8047b156bb | 3737 | if( 0 != ret ) |
| rahul_dahiya |
0:fb8047b156bb | 3738 | { |
| rahul_dahiya |
0:fb8047b156bb | 3739 | MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3740 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3741 | } |
| rahul_dahiya |
0:fb8047b156bb | 3742 | |
| rahul_dahiya |
0:fb8047b156bb | 3743 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 3744 | { |
| rahul_dahiya |
0:fb8047b156bb | 3745 | mbedtls_ssl_update_handshake_status( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3746 | } |
| rahul_dahiya |
0:fb8047b156bb | 3747 | } |
| rahul_dahiya |
0:fb8047b156bb | 3748 | else |
| rahul_dahiya |
0:fb8047b156bb | 3749 | { |
| rahul_dahiya |
0:fb8047b156bb | 3750 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= reuse previously read message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3751 | ssl->keep_current_message = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3752 | } |
| rahul_dahiya |
0:fb8047b156bb | 3753 | |
| rahul_dahiya |
0:fb8047b156bb | 3754 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3755 | |
| rahul_dahiya |
0:fb8047b156bb | 3756 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3757 | } |
| rahul_dahiya |
0:fb8047b156bb | 3758 | |
| rahul_dahiya |
0:fb8047b156bb | 3759 | int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3760 | { |
| rahul_dahiya |
0:fb8047b156bb | 3761 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 3762 | |
| rahul_dahiya |
0:fb8047b156bb | 3763 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3764 | * Step A |
| rahul_dahiya |
0:fb8047b156bb | 3765 | * |
| rahul_dahiya |
0:fb8047b156bb | 3766 | * Consume last content-layer message and potentially |
| rahul_dahiya |
0:fb8047b156bb | 3767 | * update in_msglen which keeps track of the contents' |
| rahul_dahiya |
0:fb8047b156bb | 3768 | * consumption state. |
| rahul_dahiya |
0:fb8047b156bb | 3769 | * |
| rahul_dahiya |
0:fb8047b156bb | 3770 | * (1) Handshake messages: |
| rahul_dahiya |
0:fb8047b156bb | 3771 | * Remove last handshake message, move content |
| rahul_dahiya |
0:fb8047b156bb | 3772 | * and adapt in_msglen. |
| rahul_dahiya |
0:fb8047b156bb | 3773 | * |
| rahul_dahiya |
0:fb8047b156bb | 3774 | * (2) Alert messages: |
| rahul_dahiya |
0:fb8047b156bb | 3775 | * Consume whole record content, in_msglen = 0. |
| rahul_dahiya |
0:fb8047b156bb | 3776 | * |
| rahul_dahiya |
0:fb8047b156bb | 3777 | * NOTE: This needs to be fixed, since like for |
| rahul_dahiya |
0:fb8047b156bb | 3778 | * handshake messages it is allowed to have |
| rahul_dahiya |
0:fb8047b156bb | 3779 | * multiple alerts witin a single record. |
| rahul_dahiya |
0:fb8047b156bb | 3780 | * Internal reference IOTSSL-1321. |
| rahul_dahiya |
0:fb8047b156bb | 3781 | * |
| rahul_dahiya |
0:fb8047b156bb | 3782 | * (3) Change cipher spec: |
| rahul_dahiya |
0:fb8047b156bb | 3783 | * Consume whole record content, in_msglen = 0. |
| rahul_dahiya |
0:fb8047b156bb | 3784 | * |
| rahul_dahiya |
0:fb8047b156bb | 3785 | * (4) Application data: |
| rahul_dahiya |
0:fb8047b156bb | 3786 | * Don't do anything - the record layer provides |
| rahul_dahiya |
0:fb8047b156bb | 3787 | * the application data as a stream transport |
| rahul_dahiya |
0:fb8047b156bb | 3788 | * and consumes through mbedtls_ssl_read only. |
| rahul_dahiya |
0:fb8047b156bb | 3789 | * |
| rahul_dahiya |
0:fb8047b156bb | 3790 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3791 | |
| rahul_dahiya |
0:fb8047b156bb | 3792 | /* Case (1): Handshake messages */ |
| rahul_dahiya |
0:fb8047b156bb | 3793 | if( ssl->in_hslen != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3794 | { |
| rahul_dahiya |
0:fb8047b156bb | 3795 | /* Hard assertion to be sure that no application data |
| rahul_dahiya |
0:fb8047b156bb | 3796 | * is in flight, as corrupting ssl->in_msglen during |
| rahul_dahiya |
0:fb8047b156bb | 3797 | * ssl->in_offt != NULL is fatal. */ |
| rahul_dahiya |
0:fb8047b156bb | 3798 | if( ssl->in_offt != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 3799 | { |
| rahul_dahiya |
0:fb8047b156bb | 3800 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3801 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 3802 | } |
| rahul_dahiya |
0:fb8047b156bb | 3803 | |
| rahul_dahiya |
0:fb8047b156bb | 3804 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3805 | * Get next Handshake message in the current record |
| rahul_dahiya |
0:fb8047b156bb | 3806 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3807 | |
| rahul_dahiya |
0:fb8047b156bb | 3808 | /* Notes: |
| rahul_dahiya |
0:fb8047b156bb | 3809 | * (1) in_hslen is *NOT* necessarily the size of the |
| rahul_dahiya |
0:fb8047b156bb | 3810 | * current handshake content: If DTLS handshake |
| rahul_dahiya |
0:fb8047b156bb | 3811 | * fragmentation is used, that's the fragment |
| rahul_dahiya |
0:fb8047b156bb | 3812 | * size instead. Using the total handshake message |
| rahul_dahiya |
0:fb8047b156bb | 3813 | * size here is FAULTY and should be changed at |
| rahul_dahiya |
0:fb8047b156bb | 3814 | * some point. Internal reference IOTSSL-1414. |
| rahul_dahiya |
0:fb8047b156bb | 3815 | * (2) While it doesn't seem to cause problems, one |
| rahul_dahiya |
0:fb8047b156bb | 3816 | * has to be very careful not to assume that in_hslen |
| rahul_dahiya |
0:fb8047b156bb | 3817 | * is always <= in_msglen in a sensible communication. |
| rahul_dahiya |
0:fb8047b156bb | 3818 | * Again, it's wrong for DTLS handshake fragmentation. |
| rahul_dahiya |
0:fb8047b156bb | 3819 | * The following check is therefore mandatory, and |
| rahul_dahiya |
0:fb8047b156bb | 3820 | * should not be treated as a silently corrected assertion. |
| rahul_dahiya |
0:fb8047b156bb | 3821 | * Additionally, ssl->in_hslen might be arbitrarily out of |
| rahul_dahiya |
0:fb8047b156bb | 3822 | * bounds after handling a DTLS message with an unexpected |
| rahul_dahiya |
0:fb8047b156bb | 3823 | * sequence number, see mbedtls_ssl_prepare_handshake_record. |
| rahul_dahiya |
0:fb8047b156bb | 3824 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3825 | if( ssl->in_hslen < ssl->in_msglen ) |
| rahul_dahiya |
0:fb8047b156bb | 3826 | { |
| rahul_dahiya |
0:fb8047b156bb | 3827 | ssl->in_msglen -= ssl->in_hslen; |
| rahul_dahiya |
0:fb8047b156bb | 3828 | memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen, |
| rahul_dahiya |
0:fb8047b156bb | 3829 | ssl->in_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 3830 | |
| rahul_dahiya |
0:fb8047b156bb | 3831 | MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record", |
| rahul_dahiya |
0:fb8047b156bb | 3832 | ssl->in_msg, ssl->in_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 3833 | } |
| rahul_dahiya |
0:fb8047b156bb | 3834 | else |
| rahul_dahiya |
0:fb8047b156bb | 3835 | { |
| rahul_dahiya |
0:fb8047b156bb | 3836 | ssl->in_msglen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3837 | } |
| rahul_dahiya |
0:fb8047b156bb | 3838 | |
| rahul_dahiya |
0:fb8047b156bb | 3839 | ssl->in_hslen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3840 | } |
| rahul_dahiya |
0:fb8047b156bb | 3841 | /* Case (4): Application data */ |
| rahul_dahiya |
0:fb8047b156bb | 3842 | else if( ssl->in_offt != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 3843 | { |
| rahul_dahiya |
0:fb8047b156bb | 3844 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3845 | } |
| rahul_dahiya |
0:fb8047b156bb | 3846 | /* Everything else (CCS & Alerts) */ |
| rahul_dahiya |
0:fb8047b156bb | 3847 | else |
| rahul_dahiya |
0:fb8047b156bb | 3848 | { |
| rahul_dahiya |
0:fb8047b156bb | 3849 | ssl->in_msglen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3850 | } |
| rahul_dahiya |
0:fb8047b156bb | 3851 | |
| rahul_dahiya |
0:fb8047b156bb | 3852 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3853 | * Step B |
| rahul_dahiya |
0:fb8047b156bb | 3854 | * |
| rahul_dahiya |
0:fb8047b156bb | 3855 | * Fetch and decode new record if current one is fully consumed. |
| rahul_dahiya |
0:fb8047b156bb | 3856 | * |
| rahul_dahiya |
0:fb8047b156bb | 3857 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3858 | |
| rahul_dahiya |
0:fb8047b156bb | 3859 | if( ssl->in_msglen > 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3860 | { |
| rahul_dahiya |
0:fb8047b156bb | 3861 | /* There's something left to be processed in the current record. */ |
| rahul_dahiya |
0:fb8047b156bb | 3862 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3863 | } |
| rahul_dahiya |
0:fb8047b156bb | 3864 | |
| rahul_dahiya |
0:fb8047b156bb | 3865 | /* Need to fetch a new record */ |
| rahul_dahiya |
0:fb8047b156bb | 3866 | |
| rahul_dahiya |
0:fb8047b156bb | 3867 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 3868 | read_record_header: |
| rahul_dahiya |
0:fb8047b156bb | 3869 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3870 | |
| rahul_dahiya |
0:fb8047b156bb | 3871 | /* Current record either fully processed or to be discarded. */ |
| rahul_dahiya |
0:fb8047b156bb | 3872 | |
| rahul_dahiya |
0:fb8047b156bb | 3873 | if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3874 | { |
| rahul_dahiya |
0:fb8047b156bb | 3875 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3876 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3877 | } |
| rahul_dahiya |
0:fb8047b156bb | 3878 | |
| rahul_dahiya |
0:fb8047b156bb | 3879 | if( ( ret = ssl_parse_record_header( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3880 | { |
| rahul_dahiya |
0:fb8047b156bb | 3881 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 3882 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| rahul_dahiya |
0:fb8047b156bb | 3883 | ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT ) |
| rahul_dahiya |
0:fb8047b156bb | 3884 | { |
| rahul_dahiya |
0:fb8047b156bb | 3885 | if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ) |
| rahul_dahiya |
0:fb8047b156bb | 3886 | { |
| rahul_dahiya |
0:fb8047b156bb | 3887 | /* Skip unexpected record (but not whole datagram) */ |
| rahul_dahiya |
0:fb8047b156bb | 3888 | ssl->next_record_offset = ssl->in_msglen |
| rahul_dahiya |
0:fb8047b156bb | 3889 | + mbedtls_ssl_hdr_len( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3890 | |
| rahul_dahiya |
0:fb8047b156bb | 3891 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record " |
| rahul_dahiya |
0:fb8047b156bb | 3892 | "(header)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3893 | } |
| rahul_dahiya |
0:fb8047b156bb | 3894 | else |
| rahul_dahiya |
0:fb8047b156bb | 3895 | { |
| rahul_dahiya |
0:fb8047b156bb | 3896 | /* Skip invalid record and the rest of the datagram */ |
| rahul_dahiya |
0:fb8047b156bb | 3897 | ssl->next_record_offset = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3898 | ssl->in_left = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3899 | |
| rahul_dahiya |
0:fb8047b156bb | 3900 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record " |
| rahul_dahiya |
0:fb8047b156bb | 3901 | "(header)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3902 | } |
| rahul_dahiya |
0:fb8047b156bb | 3903 | |
| rahul_dahiya |
0:fb8047b156bb | 3904 | /* Get next record */ |
| rahul_dahiya |
0:fb8047b156bb | 3905 | goto read_record_header; |
| rahul_dahiya |
0:fb8047b156bb | 3906 | } |
| rahul_dahiya |
0:fb8047b156bb | 3907 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3908 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3909 | } |
| rahul_dahiya |
0:fb8047b156bb | 3910 | |
| rahul_dahiya |
0:fb8047b156bb | 3911 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3912 | * Read and optionally decrypt the message contents |
| rahul_dahiya |
0:fb8047b156bb | 3913 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3914 | if( ( ret = mbedtls_ssl_fetch_input( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 3915 | mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3916 | { |
| rahul_dahiya |
0:fb8047b156bb | 3917 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3918 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3919 | } |
| rahul_dahiya |
0:fb8047b156bb | 3920 | |
| rahul_dahiya |
0:fb8047b156bb | 3921 | /* Done reading this record, get ready for the next one */ |
| rahul_dahiya |
0:fb8047b156bb | 3922 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 3923 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 3924 | ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3925 | else |
| rahul_dahiya |
0:fb8047b156bb | 3926 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3927 | ssl->in_left = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3928 | |
| rahul_dahiya |
0:fb8047b156bb | 3929 | if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3930 | { |
| rahul_dahiya |
0:fb8047b156bb | 3931 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 3932 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 3933 | { |
| rahul_dahiya |
0:fb8047b156bb | 3934 | /* Silently discard invalid records */ |
| rahul_dahiya |
0:fb8047b156bb | 3935 | if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD || |
| rahul_dahiya |
0:fb8047b156bb | 3936 | ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
| rahul_dahiya |
0:fb8047b156bb | 3937 | { |
| rahul_dahiya |
0:fb8047b156bb | 3938 | /* Except when waiting for Finished as a bad mac here |
| rahul_dahiya |
0:fb8047b156bb | 3939 | * probably means something went wrong in the handshake |
| rahul_dahiya |
0:fb8047b156bb | 3940 | * (eg wrong psk used, mitm downgrade attempt, etc.) */ |
| rahul_dahiya |
0:fb8047b156bb | 3941 | if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED || |
| rahul_dahiya |
0:fb8047b156bb | 3942 | ssl->state == MBEDTLS_SSL_SERVER_FINISHED ) |
| rahul_dahiya |
0:fb8047b156bb | 3943 | { |
| rahul_dahiya |
0:fb8047b156bb | 3944 | #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) |
| rahul_dahiya |
0:fb8047b156bb | 3945 | if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
| rahul_dahiya |
0:fb8047b156bb | 3946 | { |
| rahul_dahiya |
0:fb8047b156bb | 3947 | mbedtls_ssl_send_alert_message( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 3948 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 3949 | MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); |
| rahul_dahiya |
0:fb8047b156bb | 3950 | } |
| rahul_dahiya |
0:fb8047b156bb | 3951 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3952 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3953 | } |
| rahul_dahiya |
0:fb8047b156bb | 3954 | |
| rahul_dahiya |
0:fb8047b156bb | 3955 | #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) |
| rahul_dahiya |
0:fb8047b156bb | 3956 | if( ssl->conf->badmac_limit != 0 && |
| rahul_dahiya |
0:fb8047b156bb | 3957 | ++ssl->badmac_seen >= ssl->conf->badmac_limit ) |
| rahul_dahiya |
0:fb8047b156bb | 3958 | { |
| rahul_dahiya |
0:fb8047b156bb | 3959 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3960 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
| rahul_dahiya |
0:fb8047b156bb | 3961 | } |
| rahul_dahiya |
0:fb8047b156bb | 3962 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3963 | |
| rahul_dahiya |
0:fb8047b156bb | 3964 | /* As above, invalid records cause |
| rahul_dahiya |
0:fb8047b156bb | 3965 | * dismissal of the whole datagram. */ |
| rahul_dahiya |
0:fb8047b156bb | 3966 | |
| rahul_dahiya |
0:fb8047b156bb | 3967 | ssl->next_record_offset = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3968 | ssl->in_left = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3969 | |
| rahul_dahiya |
0:fb8047b156bb | 3970 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3971 | goto read_record_header; |
| rahul_dahiya |
0:fb8047b156bb | 3972 | } |
| rahul_dahiya |
0:fb8047b156bb | 3973 | |
| rahul_dahiya |
0:fb8047b156bb | 3974 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3975 | } |
| rahul_dahiya |
0:fb8047b156bb | 3976 | else |
| rahul_dahiya |
0:fb8047b156bb | 3977 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3978 | { |
| rahul_dahiya |
0:fb8047b156bb | 3979 | /* Error out (and send alert) on invalid records */ |
| rahul_dahiya |
0:fb8047b156bb | 3980 | #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) |
| rahul_dahiya |
0:fb8047b156bb | 3981 | if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) |
| rahul_dahiya |
0:fb8047b156bb | 3982 | { |
| rahul_dahiya |
0:fb8047b156bb | 3983 | mbedtls_ssl_send_alert_message( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 3984 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 3985 | MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); |
| rahul_dahiya |
0:fb8047b156bb | 3986 | } |
| rahul_dahiya |
0:fb8047b156bb | 3987 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3988 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3989 | } |
| rahul_dahiya |
0:fb8047b156bb | 3990 | } |
| rahul_dahiya |
0:fb8047b156bb | 3991 | |
| rahul_dahiya |
0:fb8047b156bb | 3992 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3993 | * When we sent the last flight of the handshake, we MUST respond to a |
| rahul_dahiya |
0:fb8047b156bb | 3994 | * retransmit of the peer's previous flight with a retransmit. (In |
| rahul_dahiya |
0:fb8047b156bb | 3995 | * practice, only the Finished message will make it, other messages |
| rahul_dahiya |
0:fb8047b156bb | 3996 | * including CCS use the old transform so they're dropped as invalid.) |
| rahul_dahiya |
0:fb8047b156bb | 3997 | * |
| rahul_dahiya |
0:fb8047b156bb | 3998 | * If the record we received is not a handshake message, however, it |
| rahul_dahiya |
0:fb8047b156bb | 3999 | * means the peer received our last flight so we can clean up |
| rahul_dahiya |
0:fb8047b156bb | 4000 | * handshake info. |
| rahul_dahiya |
0:fb8047b156bb | 4001 | * |
| rahul_dahiya |
0:fb8047b156bb | 4002 | * This check needs to be done before prepare_handshake() due to an edge |
| rahul_dahiya |
0:fb8047b156bb | 4003 | * case: if the client immediately requests renegotiation, this |
| rahul_dahiya |
0:fb8047b156bb | 4004 | * finishes the current handshake first, avoiding the new ClientHello |
| rahul_dahiya |
0:fb8047b156bb | 4005 | * being mistaken for an ancient message in the current handshake. |
| rahul_dahiya |
0:fb8047b156bb | 4006 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4007 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 4008 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| rahul_dahiya |
0:fb8047b156bb | 4009 | ssl->handshake != NULL && |
| rahul_dahiya |
0:fb8047b156bb | 4010 | ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
| rahul_dahiya |
0:fb8047b156bb | 4011 | { |
| rahul_dahiya |
0:fb8047b156bb | 4012 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
| rahul_dahiya |
0:fb8047b156bb | 4013 | ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) |
| rahul_dahiya |
0:fb8047b156bb | 4014 | { |
| rahul_dahiya |
0:fb8047b156bb | 4015 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "received retransmit of last flight" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4016 | |
| rahul_dahiya |
0:fb8047b156bb | 4017 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4018 | { |
| rahul_dahiya |
0:fb8047b156bb | 4019 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4020 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4021 | } |
| rahul_dahiya |
0:fb8047b156bb | 4022 | |
| rahul_dahiya |
0:fb8047b156bb | 4023 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
| rahul_dahiya |
0:fb8047b156bb | 4024 | } |
| rahul_dahiya |
0:fb8047b156bb | 4025 | else |
| rahul_dahiya |
0:fb8047b156bb | 4026 | { |
| rahul_dahiya |
0:fb8047b156bb | 4027 | ssl_handshake_wrapup_free_hs_transform( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 4028 | } |
| rahul_dahiya |
0:fb8047b156bb | 4029 | } |
| rahul_dahiya |
0:fb8047b156bb | 4030 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4031 | |
| rahul_dahiya |
0:fb8047b156bb | 4032 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4033 | } |
| rahul_dahiya |
0:fb8047b156bb | 4034 | |
| rahul_dahiya |
0:fb8047b156bb | 4035 | int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 4036 | { |
| rahul_dahiya |
0:fb8047b156bb | 4037 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 4038 | |
| rahul_dahiya |
0:fb8047b156bb | 4039 | /* |
| rahul_dahiya |
0:fb8047b156bb | 4040 | * Handle particular types of records |
| rahul_dahiya |
0:fb8047b156bb | 4041 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4042 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 4043 | { |
| rahul_dahiya |
0:fb8047b156bb | 4044 | if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4045 | { |
| rahul_dahiya |
0:fb8047b156bb | 4046 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4047 | } |
| rahul_dahiya |
0:fb8047b156bb | 4048 | } |
| rahul_dahiya |
0:fb8047b156bb | 4049 | |
| rahul_dahiya |
0:fb8047b156bb | 4050 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) |
| rahul_dahiya |
0:fb8047b156bb | 4051 | { |
| rahul_dahiya |
0:fb8047b156bb | 4052 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]", |
| rahul_dahiya |
0:fb8047b156bb | 4053 | ssl->in_msg[0], ssl->in_msg[1] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4054 | |
| rahul_dahiya |
0:fb8047b156bb | 4055 | /* |
| rahul_dahiya |
0:fb8047b156bb | 4056 | * Ignore non-fatal alerts, except close_notify and no_renegotiation |
| rahul_dahiya |
0:fb8047b156bb | 4057 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4058 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL ) |
| rahul_dahiya |
0:fb8047b156bb | 4059 | { |
| rahul_dahiya |
0:fb8047b156bb | 4060 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)", |
| rahul_dahiya |
0:fb8047b156bb | 4061 | ssl->in_msg[1] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4062 | return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 4063 | } |
| rahul_dahiya |
0:fb8047b156bb | 4064 | |
| rahul_dahiya |
0:fb8047b156bb | 4065 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
| rahul_dahiya |
0:fb8047b156bb | 4066 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) |
| rahul_dahiya |
0:fb8047b156bb | 4067 | { |
| rahul_dahiya |
0:fb8047b156bb | 4068 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4069 | return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ); |
| rahul_dahiya |
0:fb8047b156bb | 4070 | } |
| rahul_dahiya |
0:fb8047b156bb | 4071 | |
| rahul_dahiya |
0:fb8047b156bb | 4072 | #if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 4073 | if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
| rahul_dahiya |
0:fb8047b156bb | 4074 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) |
| rahul_dahiya |
0:fb8047b156bb | 4075 | { |
| rahul_dahiya |
0:fb8047b156bb | 4076 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4077 | /* Will be handled when trying to parse ServerHello */ |
| rahul_dahiya |
0:fb8047b156bb | 4078 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4079 | } |
| rahul_dahiya |
0:fb8047b156bb | 4080 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4081 | |
| rahul_dahiya |
0:fb8047b156bb | 4082 | #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 4083 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && |
| rahul_dahiya |
0:fb8047b156bb | 4084 | ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| rahul_dahiya |
0:fb8047b156bb | 4085 | ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
| rahul_dahiya |
0:fb8047b156bb | 4086 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) |
| rahul_dahiya |
0:fb8047b156bb | 4087 | { |
| rahul_dahiya |
0:fb8047b156bb | 4088 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4089 | /* Will be handled in mbedtls_ssl_parse_certificate() */ |
| rahul_dahiya |
0:fb8047b156bb | 4090 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4091 | } |
| rahul_dahiya |
0:fb8047b156bb | 4092 | #endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ |
| rahul_dahiya |
0:fb8047b156bb | 4093 | |
| rahul_dahiya |
0:fb8047b156bb | 4094 | /* Silently ignore: fetch new message */ |
| rahul_dahiya |
0:fb8047b156bb | 4095 | return MBEDTLS_ERR_SSL_NON_FATAL; |
| rahul_dahiya |
0:fb8047b156bb | 4096 | } |
| rahul_dahiya |
0:fb8047b156bb | 4097 | |
| rahul_dahiya |
0:fb8047b156bb | 4098 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4099 | } |
| rahul_dahiya |
0:fb8047b156bb | 4100 | |
| rahul_dahiya |
0:fb8047b156bb | 4101 | int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 4102 | { |
| rahul_dahiya |
0:fb8047b156bb | 4103 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 4104 | |
| rahul_dahiya |
0:fb8047b156bb | 4105 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 4106 | MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 4107 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4108 | { |
| rahul_dahiya |
0:fb8047b156bb | 4109 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4110 | } |
| rahul_dahiya |
0:fb8047b156bb | 4111 | |
| rahul_dahiya |
0:fb8047b156bb | 4112 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4113 | } |
| rahul_dahiya |
0:fb8047b156bb | 4114 | |
| rahul_dahiya |
0:fb8047b156bb | 4115 | int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 4116 | unsigned char level, |
| rahul_dahiya |
0:fb8047b156bb | 4117 | unsigned char message ) |
| rahul_dahiya |
0:fb8047b156bb | 4118 | { |
| rahul_dahiya |
0:fb8047b156bb | 4119 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 4120 | |
| rahul_dahiya |
0:fb8047b156bb | 4121 | if( ssl == NULL || ssl->conf == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 4122 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 4123 | |
| rahul_dahiya |
0:fb8047b156bb | 4124 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4125 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message )); |
| rahul_dahiya |
0:fb8047b156bb | 4126 | |
| rahul_dahiya |
0:fb8047b156bb | 4127 | ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; |
| rahul_dahiya |
0:fb8047b156bb | 4128 | ssl->out_msglen = 2; |
| rahul_dahiya |
0:fb8047b156bb | 4129 | ssl->out_msg[0] = level; |
| rahul_dahiya |
0:fb8047b156bb | 4130 | ssl->out_msg[1] = message; |
| rahul_dahiya |
0:fb8047b156bb | 4131 | |
| rahul_dahiya |
0:fb8047b156bb | 4132 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4133 | { |
| rahul_dahiya |
0:fb8047b156bb | 4134 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4135 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4136 | } |
| rahul_dahiya |
0:fb8047b156bb | 4137 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4138 | |
| rahul_dahiya |
0:fb8047b156bb | 4139 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4140 | } |
| rahul_dahiya |
0:fb8047b156bb | 4141 | |
| rahul_dahiya |
0:fb8047b156bb | 4142 | /* |
| rahul_dahiya |
0:fb8047b156bb | 4143 | * Handshake functions |
| rahul_dahiya |
0:fb8047b156bb | 4144 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4145 | #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ |
| rahul_dahiya |
0:fb8047b156bb | 4146 | !defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ |
| rahul_dahiya |
0:fb8047b156bb | 4147 | !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ |
| rahul_dahiya |
0:fb8047b156bb | 4148 | !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ |
| rahul_dahiya |
0:fb8047b156bb | 4149 | !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ |
| rahul_dahiya |
0:fb8047b156bb | 4150 | !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ |
| rahul_dahiya |
0:fb8047b156bb | 4151 | !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 4152 | /* No certificate support -> dummy functions */ |
| rahul_dahiya |
0:fb8047b156bb | 4153 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 4154 | { |
| rahul_dahiya |
0:fb8047b156bb | 4155 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
| rahul_dahiya |
0:fb8047b156bb | 4156 | |
| rahul_dahiya |
0:fb8047b156bb | 4157 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4158 | |
| rahul_dahiya |
0:fb8047b156bb | 4159 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 4160 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 4161 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 4162 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 4163 | { |
| rahul_dahiya |
0:fb8047b156bb | 4164 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4165 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 4166 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4167 | } |
| rahul_dahiya |
0:fb8047b156bb | 4168 | |
| rahul_dahiya |
0:fb8047b156bb | 4169 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4170 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 4171 | } |
| rahul_dahiya |
0:fb8047b156bb | 4172 | |
| rahul_dahiya |
0:fb8047b156bb | 4173 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 4174 | { |
| rahul_dahiya |
0:fb8047b156bb | 4175 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
| rahul_dahiya |
0:fb8047b156bb | 4176 | |
| rahul_dahiya |
0:fb8047b156bb | 4177 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4178 | |
| rahul_dahiya |
0:fb8047b156bb | 4179 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 4180 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 4181 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 4182 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 4183 | { |
| rahul_dahiya |
0:fb8047b156bb | 4184 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4185 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 4186 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4187 | } |
| rahul_dahiya |
0:fb8047b156bb | 4188 | |
| rahul_dahiya |
0:fb8047b156bb | 4189 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4190 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 4191 | } |
| rahul_dahiya |
0:fb8047b156bb | 4192 | |
| rahul_dahiya |
0:fb8047b156bb | 4193 | #else |
| rahul_dahiya |
0:fb8047b156bb | 4194 | /* Some certificate support -> implement write and parse */ |
| rahul_dahiya |
0:fb8047b156bb | 4195 | |
| rahul_dahiya |
0:fb8047b156bb | 4196 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 4197 | { |
| rahul_dahiya |
0:fb8047b156bb | 4198 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
| rahul_dahiya |
0:fb8047b156bb | 4199 | size_t i, n; |
| rahul_dahiya |
0:fb8047b156bb | 4200 | const mbedtls_x509_crt *crt; |
| rahul_dahiya |
0:fb8047b156bb | 4201 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
| rahul_dahiya |
0:fb8047b156bb | 4202 | |
| rahul_dahiya |
0:fb8047b156bb | 4203 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4204 | |
| rahul_dahiya |
0:fb8047b156bb | 4205 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 4206 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 4207 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 4208 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 4209 | { |
| rahul_dahiya |
0:fb8047b156bb | 4210 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4211 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 4212 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4213 | } |
| rahul_dahiya |
0:fb8047b156bb | 4214 | |
| rahul_dahiya |
0:fb8047b156bb | 4215 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 4216 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| rahul_dahiya |
0:fb8047b156bb | 4217 | { |
| rahul_dahiya |
0:fb8047b156bb | 4218 | if( ssl->client_auth == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4219 | { |
| rahul_dahiya |
0:fb8047b156bb | 4220 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4221 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 4222 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4223 | } |
| rahul_dahiya |
0:fb8047b156bb | 4224 | |
| rahul_dahiya |
0:fb8047b156bb | 4225 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 4226 | /* |
| rahul_dahiya |
0:fb8047b156bb | 4227 | * If using SSLv3 and got no cert, send an Alert message |
| rahul_dahiya |
0:fb8047b156bb | 4228 | * (otherwise an empty Certificate message will be sent). |
| rahul_dahiya |
0:fb8047b156bb | 4229 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4230 | if( mbedtls_ssl_own_cert( ssl ) == NULL && |
| rahul_dahiya |
0:fb8047b156bb | 4231 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4232 | { |
| rahul_dahiya |
0:fb8047b156bb | 4233 | ssl->out_msglen = 2; |
| rahul_dahiya |
0:fb8047b156bb | 4234 | ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; |
| rahul_dahiya |
0:fb8047b156bb | 4235 | ssl->out_msg[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING; |
| rahul_dahiya |
0:fb8047b156bb | 4236 | ssl->out_msg[1] = MBEDTLS_SSL_ALERT_MSG_NO_CERT; |
| rahul_dahiya |
0:fb8047b156bb | 4237 | |
| rahul_dahiya |
0:fb8047b156bb | 4238 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4239 | goto write_msg; |
| rahul_dahiya |
0:fb8047b156bb | 4240 | } |
| rahul_dahiya |
0:fb8047b156bb | 4241 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| rahul_dahiya |
0:fb8047b156bb | 4242 | } |
| rahul_dahiya |
0:fb8047b156bb | 4243 | #endif /* MBEDTLS_SSL_CLI_C */ |
| rahul_dahiya |
0:fb8047b156bb | 4244 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 4245 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| rahul_dahiya |
0:fb8047b156bb | 4246 | { |
| rahul_dahiya |
0:fb8047b156bb | 4247 | if( mbedtls_ssl_own_cert( ssl ) == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 4248 | { |
| rahul_dahiya |
0:fb8047b156bb | 4249 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4250 | return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED ); |
| rahul_dahiya |
0:fb8047b156bb | 4251 | } |
| rahul_dahiya |
0:fb8047b156bb | 4252 | } |
| rahul_dahiya |
0:fb8047b156bb | 4253 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4254 | |
| rahul_dahiya |
0:fb8047b156bb | 4255 | MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4256 | |
| rahul_dahiya |
0:fb8047b156bb | 4257 | /* |
| rahul_dahiya |
0:fb8047b156bb | 4258 | * 0 . 0 handshake type |
| rahul_dahiya |
0:fb8047b156bb | 4259 | * 1 . 3 handshake length |
| rahul_dahiya |
0:fb8047b156bb | 4260 | * 4 . 6 length of all certs |
| rahul_dahiya |
0:fb8047b156bb | 4261 | * 7 . 9 length of cert. 1 |
| rahul_dahiya |
0:fb8047b156bb | 4262 | * 10 . n-1 peer certificate |
| rahul_dahiya |
0:fb8047b156bb | 4263 | * n . n+2 length of cert. 2 |
| rahul_dahiya |
0:fb8047b156bb | 4264 | * n+3 . ... upper level cert, etc. |
| rahul_dahiya |
0:fb8047b156bb | 4265 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4266 | i = 7; |
| rahul_dahiya |
0:fb8047b156bb | 4267 | crt = mbedtls_ssl_own_cert( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 4268 | |
| rahul_dahiya |
0:fb8047b156bb | 4269 | while( crt != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 4270 | { |
| rahul_dahiya |
0:fb8047b156bb | 4271 | n = crt->raw.len; |
| rahul_dahiya |
0:fb8047b156bb | 4272 | if( n > MBEDTLS_SSL_MAX_CONTENT_LEN - 3 - i ) |
| rahul_dahiya |
0:fb8047b156bb | 4273 | { |
| rahul_dahiya |
0:fb8047b156bb | 4274 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d", |
| rahul_dahiya |
0:fb8047b156bb | 4275 | i + 3 + n, MBEDTLS_SSL_MAX_CONTENT_LEN ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4276 | return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); |
| rahul_dahiya |
0:fb8047b156bb | 4277 | } |
| rahul_dahiya |
0:fb8047b156bb | 4278 | |
| rahul_dahiya |
0:fb8047b156bb | 4279 | ssl->out_msg[i ] = (unsigned char)( n >> 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 4280 | ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 4281 | ssl->out_msg[i + 2] = (unsigned char)( n ); |
| rahul_dahiya |
0:fb8047b156bb | 4282 | |
| rahul_dahiya |
0:fb8047b156bb | 4283 | i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); |
| rahul_dahiya |
0:fb8047b156bb | 4284 | i += n; crt = crt->next; |
| rahul_dahiya |
0:fb8047b156bb | 4285 | } |
| rahul_dahiya |
0:fb8047b156bb | 4286 | |
| rahul_dahiya |
0:fb8047b156bb | 4287 | ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 4288 | ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 4289 | ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4290 | |
| rahul_dahiya |
0:fb8047b156bb | 4291 | ssl->out_msglen = i; |
| rahul_dahiya |
0:fb8047b156bb | 4292 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
| rahul_dahiya |
0:fb8047b156bb | 4293 | ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; |
| rahul_dahiya |
0:fb8047b156bb | 4294 | |
| rahul_dahiya |
0:fb8047b156bb | 4295 | #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 4296 | write_msg: |
| rahul_dahiya |
0:fb8047b156bb | 4297 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4298 | |
| rahul_dahiya |
0:fb8047b156bb | 4299 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 4300 | |
| rahul_dahiya |
0:fb8047b156bb | 4301 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4302 | { |
| rahul_dahiya |
0:fb8047b156bb | 4303 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4304 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4305 | } |
| rahul_dahiya |
0:fb8047b156bb | 4306 | |
| rahul_dahiya |
0:fb8047b156bb | 4307 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4308 | |
| rahul_dahiya |
0:fb8047b156bb | 4309 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4310 | } |
| rahul_dahiya |
0:fb8047b156bb | 4311 | |
| rahul_dahiya |
0:fb8047b156bb | 4312 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 4313 | { |
| rahul_dahiya |
0:fb8047b156bb | 4314 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
| rahul_dahiya |
0:fb8047b156bb | 4315 | size_t i, n; |
| rahul_dahiya |
0:fb8047b156bb | 4316 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
| rahul_dahiya |
0:fb8047b156bb | 4317 | int authmode = ssl->conf->authmode; |
| rahul_dahiya |
0:fb8047b156bb | 4318 | uint8_t alert; |
| rahul_dahiya |
0:fb8047b156bb | 4319 | |
| rahul_dahiya |
0:fb8047b156bb | 4320 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4321 | |
| rahul_dahiya |
0:fb8047b156bb | 4322 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 4323 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 4324 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 4325 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 4326 | { |
| rahul_dahiya |
0:fb8047b156bb | 4327 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4328 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 4329 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4330 | } |
| rahul_dahiya |
0:fb8047b156bb | 4331 | |
| rahul_dahiya |
0:fb8047b156bb | 4332 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 4333 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| rahul_dahiya |
0:fb8047b156bb | 4334 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) |
| rahul_dahiya |
0:fb8047b156bb | 4335 | { |
| rahul_dahiya |
0:fb8047b156bb | 4336 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4337 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 4338 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4339 | } |
| rahul_dahiya |
0:fb8047b156bb | 4340 | |
| rahul_dahiya |
0:fb8047b156bb | 4341 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| rahul_dahiya |
0:fb8047b156bb | 4342 | if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ) |
| rahul_dahiya |
0:fb8047b156bb | 4343 | authmode = ssl->handshake->sni_authmode; |
| rahul_dahiya |
0:fb8047b156bb | 4344 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4345 | |
| rahul_dahiya |
0:fb8047b156bb | 4346 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| rahul_dahiya |
0:fb8047b156bb | 4347 | authmode == MBEDTLS_SSL_VERIFY_NONE ) |
| rahul_dahiya |
0:fb8047b156bb | 4348 | { |
| rahul_dahiya |
0:fb8047b156bb | 4349 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; |
| rahul_dahiya |
0:fb8047b156bb | 4350 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4351 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 4352 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4353 | } |
| rahul_dahiya |
0:fb8047b156bb | 4354 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4355 | |
| rahul_dahiya |
0:fb8047b156bb | 4356 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4357 | { |
| rahul_dahiya |
0:fb8047b156bb | 4358 | /* mbedtls_ssl_read_record may have sent an alert already. We |
| rahul_dahiya |
0:fb8047b156bb | 4359 | let it decide whether to alert. */ |
| rahul_dahiya |
0:fb8047b156bb | 4360 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4361 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4362 | } |
| rahul_dahiya |
0:fb8047b156bb | 4363 | |
| rahul_dahiya |
0:fb8047b156bb | 4364 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 4365 | |
| rahul_dahiya |
0:fb8047b156bb | 4366 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 4367 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 4368 | /* |
| rahul_dahiya |
0:fb8047b156bb | 4369 | * Check if the client sent an empty certificate |
| rahul_dahiya |
0:fb8047b156bb | 4370 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4371 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| rahul_dahiya |
0:fb8047b156bb | 4372 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4373 | { |
| rahul_dahiya |
0:fb8047b156bb | 4374 | if( ssl->in_msglen == 2 && |
| rahul_dahiya |
0:fb8047b156bb | 4375 | ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT && |
| rahul_dahiya |
0:fb8047b156bb | 4376 | ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && |
| rahul_dahiya |
0:fb8047b156bb | 4377 | ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) |
| rahul_dahiya |
0:fb8047b156bb | 4378 | { |
| rahul_dahiya |
0:fb8047b156bb | 4379 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4380 | |
| rahul_dahiya |
0:fb8047b156bb | 4381 | /* The client was asked for a certificate but didn't send |
| rahul_dahiya |
0:fb8047b156bb | 4382 | one. The client should know what's going on, so we |
| rahul_dahiya |
0:fb8047b156bb | 4383 | don't send an alert. */ |
| rahul_dahiya |
0:fb8047b156bb | 4384 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; |
| rahul_dahiya |
0:fb8047b156bb | 4385 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) |
| rahul_dahiya |
0:fb8047b156bb | 4386 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4387 | else |
| rahul_dahiya |
0:fb8047b156bb | 4388 | return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); |
| rahul_dahiya |
0:fb8047b156bb | 4389 | } |
| rahul_dahiya |
0:fb8047b156bb | 4390 | } |
| rahul_dahiya |
0:fb8047b156bb | 4391 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| rahul_dahiya |
0:fb8047b156bb | 4392 | |
| rahul_dahiya |
0:fb8047b156bb | 4393 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 4394 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 4395 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| rahul_dahiya |
0:fb8047b156bb | 4396 | ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4397 | { |
| rahul_dahiya |
0:fb8047b156bb | 4398 | if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) && |
| rahul_dahiya |
0:fb8047b156bb | 4399 | ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && |
| rahul_dahiya |
0:fb8047b156bb | 4400 | ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && |
| rahul_dahiya |
0:fb8047b156bb | 4401 | memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4402 | { |
| rahul_dahiya |
0:fb8047b156bb | 4403 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4404 | |
| rahul_dahiya |
0:fb8047b156bb | 4405 | /* The client was asked for a certificate but didn't send |
| rahul_dahiya |
0:fb8047b156bb | 4406 | one. The client should know what's going on, so we |
| rahul_dahiya |
0:fb8047b156bb | 4407 | don't send an alert. */ |
| rahul_dahiya |
0:fb8047b156bb | 4408 | ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; |
| rahul_dahiya |
0:fb8047b156bb | 4409 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) |
| rahul_dahiya |
0:fb8047b156bb | 4410 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4411 | else |
| rahul_dahiya |
0:fb8047b156bb | 4412 | return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); |
| rahul_dahiya |
0:fb8047b156bb | 4413 | } |
| rahul_dahiya |
0:fb8047b156bb | 4414 | } |
| rahul_dahiya |
0:fb8047b156bb | 4415 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
| rahul_dahiya |
0:fb8047b156bb | 4416 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 4417 | #endif /* MBEDTLS_SSL_SRV_C */ |
| rahul_dahiya |
0:fb8047b156bb | 4418 | |
| rahul_dahiya |
0:fb8047b156bb | 4419 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 4420 | { |
| rahul_dahiya |
0:fb8047b156bb | 4421 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4422 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 4423 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 4424 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 4425 | } |
| rahul_dahiya |
0:fb8047b156bb | 4426 | |
| rahul_dahiya |
0:fb8047b156bb | 4427 | if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE || |
| rahul_dahiya |
0:fb8047b156bb | 4428 | ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 ) |
| rahul_dahiya |
0:fb8047b156bb | 4429 | { |
| rahul_dahiya |
0:fb8047b156bb | 4430 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4431 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 4432 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 4433 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| rahul_dahiya |
0:fb8047b156bb | 4434 | } |
| rahul_dahiya |
0:fb8047b156bb | 4435 | |
| rahul_dahiya |
0:fb8047b156bb | 4436 | i = mbedtls_ssl_hs_hdr_len( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 4437 | |
| rahul_dahiya |
0:fb8047b156bb | 4438 | /* |
| rahul_dahiya |
0:fb8047b156bb | 4439 | * Same message structure as in mbedtls_ssl_write_certificate() |
| rahul_dahiya |
0:fb8047b156bb | 4440 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4441 | n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; |
| rahul_dahiya |
0:fb8047b156bb | 4442 | |
| rahul_dahiya |
0:fb8047b156bb | 4443 | if( ssl->in_msg[i] != 0 || |
| rahul_dahiya |
0:fb8047b156bb | 4444 | ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) |
| rahul_dahiya |
0:fb8047b156bb | 4445 | { |
| rahul_dahiya |
0:fb8047b156bb | 4446 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4447 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 4448 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 4449 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| rahul_dahiya |
0:fb8047b156bb | 4450 | } |
| rahul_dahiya |
0:fb8047b156bb | 4451 | |
| rahul_dahiya |
0:fb8047b156bb | 4452 | /* In case we tried to reuse a session but it failed */ |
| rahul_dahiya |
0:fb8047b156bb | 4453 | if( ssl->session_negotiate->peer_cert != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 4454 | { |
| rahul_dahiya |
0:fb8047b156bb | 4455 | mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert ); |
| rahul_dahiya |
0:fb8047b156bb | 4456 | mbedtls_free( ssl->session_negotiate->peer_cert ); |
| rahul_dahiya |
0:fb8047b156bb | 4457 | } |
| rahul_dahiya |
0:fb8047b156bb | 4458 | |
| rahul_dahiya |
0:fb8047b156bb | 4459 | if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1, |
| rahul_dahiya |
0:fb8047b156bb | 4460 | sizeof( mbedtls_x509_crt ) ) ) == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 4461 | { |
| rahul_dahiya |
0:fb8047b156bb | 4462 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", |
| rahul_dahiya |
0:fb8047b156bb | 4463 | sizeof( mbedtls_x509_crt ) ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4464 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 4465 | MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 4466 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 4467 | } |
| rahul_dahiya |
0:fb8047b156bb | 4468 | |
| rahul_dahiya |
0:fb8047b156bb | 4469 | mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert ); |
| rahul_dahiya |
0:fb8047b156bb | 4470 | |
| rahul_dahiya |
0:fb8047b156bb | 4471 | i += 3; |
| rahul_dahiya |
0:fb8047b156bb | 4472 | |
| rahul_dahiya |
0:fb8047b156bb | 4473 | while( i < ssl->in_hslen ) |
| rahul_dahiya |
0:fb8047b156bb | 4474 | { |
| rahul_dahiya |
0:fb8047b156bb | 4475 | if( ssl->in_msg[i] != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4476 | { |
| rahul_dahiya |
0:fb8047b156bb | 4477 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4478 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 4479 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 4480 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| rahul_dahiya |
0:fb8047b156bb | 4481 | } |
| rahul_dahiya |
0:fb8047b156bb | 4482 | |
| rahul_dahiya |
0:fb8047b156bb | 4483 | n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) |
| rahul_dahiya |
0:fb8047b156bb | 4484 | | (unsigned int) ssl->in_msg[i + 2]; |
| rahul_dahiya |
0:fb8047b156bb | 4485 | i += 3; |
| rahul_dahiya |
0:fb8047b156bb | 4486 | |
| rahul_dahiya |
0:fb8047b156bb | 4487 | if( n < 128 || i + n > ssl->in_hslen ) |
| rahul_dahiya |
0:fb8047b156bb | 4488 | { |
| rahul_dahiya |
0:fb8047b156bb | 4489 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4490 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 4491 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 4492 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| rahul_dahiya |
0:fb8047b156bb | 4493 | } |
| rahul_dahiya |
0:fb8047b156bb | 4494 | |
| rahul_dahiya |
0:fb8047b156bb | 4495 | ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert, |
| rahul_dahiya |
0:fb8047b156bb | 4496 | ssl->in_msg + i, n ); |
| rahul_dahiya |
0:fb8047b156bb | 4497 | switch( ret ) |
| rahul_dahiya |
0:fb8047b156bb | 4498 | { |
| rahul_dahiya |
0:fb8047b156bb | 4499 | case 0: /*ok*/ |
| rahul_dahiya |
0:fb8047b156bb | 4500 | case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: |
| rahul_dahiya |
0:fb8047b156bb | 4501 | /* Ignore certificate with an unknown algorithm: maybe a |
| rahul_dahiya |
0:fb8047b156bb | 4502 | prior certificate was already trusted. */ |
| rahul_dahiya |
0:fb8047b156bb | 4503 | break; |
| rahul_dahiya |
0:fb8047b156bb | 4504 | |
| rahul_dahiya |
0:fb8047b156bb | 4505 | case MBEDTLS_ERR_X509_ALLOC_FAILED: |
| rahul_dahiya |
0:fb8047b156bb | 4506 | alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR; |
| rahul_dahiya |
0:fb8047b156bb | 4507 | goto crt_parse_der_failed; |
| rahul_dahiya |
0:fb8047b156bb | 4508 | |
| rahul_dahiya |
0:fb8047b156bb | 4509 | case MBEDTLS_ERR_X509_UNKNOWN_VERSION: |
| rahul_dahiya |
0:fb8047b156bb | 4510 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
| rahul_dahiya |
0:fb8047b156bb | 4511 | goto crt_parse_der_failed; |
| rahul_dahiya |
0:fb8047b156bb | 4512 | |
| rahul_dahiya |
0:fb8047b156bb | 4513 | default: |
| rahul_dahiya |
0:fb8047b156bb | 4514 | alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; |
| rahul_dahiya |
0:fb8047b156bb | 4515 | crt_parse_der_failed: |
| rahul_dahiya |
0:fb8047b156bb | 4516 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert ); |
| rahul_dahiya |
0:fb8047b156bb | 4517 | MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4518 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4519 | } |
| rahul_dahiya |
0:fb8047b156bb | 4520 | |
| rahul_dahiya |
0:fb8047b156bb | 4521 | i += n; |
| rahul_dahiya |
0:fb8047b156bb | 4522 | } |
| rahul_dahiya |
0:fb8047b156bb | 4523 | |
| rahul_dahiya |
0:fb8047b156bb | 4524 | MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert ); |
| rahul_dahiya |
0:fb8047b156bb | 4525 | |
| rahul_dahiya |
0:fb8047b156bb | 4526 | /* |
| rahul_dahiya |
0:fb8047b156bb | 4527 | * On client, make sure the server cert doesn't change during renego to |
| rahul_dahiya |
0:fb8047b156bb | 4528 | * avoid "triple handshake" attack: https://secure-resumption.com/ |
| rahul_dahiya |
0:fb8047b156bb | 4529 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4530 | #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 4531 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && |
| rahul_dahiya |
0:fb8047b156bb | 4532 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
| rahul_dahiya |
0:fb8047b156bb | 4533 | { |
| rahul_dahiya |
0:fb8047b156bb | 4534 | if( ssl->session->peer_cert == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 4535 | { |
| rahul_dahiya |
0:fb8047b156bb | 4536 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4537 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 4538 | MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED ); |
| rahul_dahiya |
0:fb8047b156bb | 4539 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| rahul_dahiya |
0:fb8047b156bb | 4540 | } |
| rahul_dahiya |
0:fb8047b156bb | 4541 | |
| rahul_dahiya |
0:fb8047b156bb | 4542 | if( ssl->session->peer_cert->raw.len != |
| rahul_dahiya |
0:fb8047b156bb | 4543 | ssl->session_negotiate->peer_cert->raw.len || |
| rahul_dahiya |
0:fb8047b156bb | 4544 | memcmp( ssl->session->peer_cert->raw.p, |
| rahul_dahiya |
0:fb8047b156bb | 4545 | ssl->session_negotiate->peer_cert->raw.p, |
| rahul_dahiya |
0:fb8047b156bb | 4546 | ssl->session->peer_cert->raw.len ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4547 | { |
| rahul_dahiya |
0:fb8047b156bb | 4548 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4549 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 4550 | MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED ); |
| rahul_dahiya |
0:fb8047b156bb | 4551 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| rahul_dahiya |
0:fb8047b156bb | 4552 | } |
| rahul_dahiya |
0:fb8047b156bb | 4553 | } |
| rahul_dahiya |
0:fb8047b156bb | 4554 | #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ |
| rahul_dahiya |
0:fb8047b156bb | 4555 | |
| rahul_dahiya |
0:fb8047b156bb | 4556 | if( authmode != MBEDTLS_SSL_VERIFY_NONE ) |
| rahul_dahiya |
0:fb8047b156bb | 4557 | { |
| rahul_dahiya |
0:fb8047b156bb | 4558 | mbedtls_x509_crt *ca_chain; |
| rahul_dahiya |
0:fb8047b156bb | 4559 | mbedtls_x509_crl *ca_crl; |
| rahul_dahiya |
0:fb8047b156bb | 4560 | |
| rahul_dahiya |
0:fb8047b156bb | 4561 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| rahul_dahiya |
0:fb8047b156bb | 4562 | if( ssl->handshake->sni_ca_chain != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 4563 | { |
| rahul_dahiya |
0:fb8047b156bb | 4564 | ca_chain = ssl->handshake->sni_ca_chain; |
| rahul_dahiya |
0:fb8047b156bb | 4565 | ca_crl = ssl->handshake->sni_ca_crl; |
| rahul_dahiya |
0:fb8047b156bb | 4566 | } |
| rahul_dahiya |
0:fb8047b156bb | 4567 | else |
| rahul_dahiya |
0:fb8047b156bb | 4568 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4569 | { |
| rahul_dahiya |
0:fb8047b156bb | 4570 | ca_chain = ssl->conf->ca_chain; |
| rahul_dahiya |
0:fb8047b156bb | 4571 | ca_crl = ssl->conf->ca_crl; |
| rahul_dahiya |
0:fb8047b156bb | 4572 | } |
| rahul_dahiya |
0:fb8047b156bb | 4573 | |
| rahul_dahiya |
0:fb8047b156bb | 4574 | /* |
| rahul_dahiya |
0:fb8047b156bb | 4575 | * Main check: verify certificate |
| rahul_dahiya |
0:fb8047b156bb | 4576 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4577 | ret = mbedtls_x509_crt_verify_with_profile( |
| rahul_dahiya |
0:fb8047b156bb | 4578 | ssl->session_negotiate->peer_cert, |
| rahul_dahiya |
0:fb8047b156bb | 4579 | ca_chain, ca_crl, |
| rahul_dahiya |
0:fb8047b156bb | 4580 | ssl->conf->cert_profile, |
| rahul_dahiya |
0:fb8047b156bb | 4581 | ssl->hostname, |
| rahul_dahiya |
0:fb8047b156bb | 4582 | &ssl->session_negotiate->verify_result, |
| rahul_dahiya |
0:fb8047b156bb | 4583 | ssl->conf->f_vrfy, ssl->conf->p_vrfy ); |
| rahul_dahiya |
0:fb8047b156bb | 4584 | |
| rahul_dahiya |
0:fb8047b156bb | 4585 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4586 | { |
| rahul_dahiya |
0:fb8047b156bb | 4587 | MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4588 | } |
| rahul_dahiya |
0:fb8047b156bb | 4589 | |
| rahul_dahiya |
0:fb8047b156bb | 4590 | /* |
| rahul_dahiya |
0:fb8047b156bb | 4591 | * Secondary checks: always done, but change 'ret' only if it was 0 |
| rahul_dahiya |
0:fb8047b156bb | 4592 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4593 | |
| rahul_dahiya |
0:fb8047b156bb | 4594 | #if defined(MBEDTLS_ECP_C) |
| rahul_dahiya |
0:fb8047b156bb | 4595 | { |
| rahul_dahiya |
0:fb8047b156bb | 4596 | const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk; |
| rahul_dahiya |
0:fb8047b156bb | 4597 | |
| rahul_dahiya |
0:fb8047b156bb | 4598 | /* If certificate uses an EC key, make sure the curve is OK */ |
| rahul_dahiya |
0:fb8047b156bb | 4599 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) && |
| rahul_dahiya |
0:fb8047b156bb | 4600 | mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4601 | { |
| rahul_dahiya |
0:fb8047b156bb | 4602 | ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; |
| rahul_dahiya |
0:fb8047b156bb | 4603 | |
| rahul_dahiya |
0:fb8047b156bb | 4604 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4605 | if( ret == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4606 | ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; |
| rahul_dahiya |
0:fb8047b156bb | 4607 | } |
| rahul_dahiya |
0:fb8047b156bb | 4608 | } |
| rahul_dahiya |
0:fb8047b156bb | 4609 | #endif /* MBEDTLS_ECP_C */ |
| rahul_dahiya |
0:fb8047b156bb | 4610 | |
| rahul_dahiya |
0:fb8047b156bb | 4611 | if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert, |
| rahul_dahiya |
0:fb8047b156bb | 4612 | ciphersuite_info, |
| rahul_dahiya |
0:fb8047b156bb | 4613 | ! ssl->conf->endpoint, |
| rahul_dahiya |
0:fb8047b156bb | 4614 | &ssl->session_negotiate->verify_result ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4615 | { |
| rahul_dahiya |
0:fb8047b156bb | 4616 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4617 | if( ret == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4618 | ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; |
| rahul_dahiya |
0:fb8047b156bb | 4619 | } |
| rahul_dahiya |
0:fb8047b156bb | 4620 | |
| rahul_dahiya |
0:fb8047b156bb | 4621 | /* mbedtls_x509_crt_verify_with_profile is supposed to report a |
| rahul_dahiya |
0:fb8047b156bb | 4622 | * verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED, |
| rahul_dahiya |
0:fb8047b156bb | 4623 | * with details encoded in the verification flags. All other kinds |
| rahul_dahiya |
0:fb8047b156bb | 4624 | * of error codes, including those from the user provided f_vrfy |
| rahul_dahiya |
0:fb8047b156bb | 4625 | * functions, are treated as fatal and lead to a failure of |
| rahul_dahiya |
0:fb8047b156bb | 4626 | * ssl_parse_certificate even if verification was optional. */ |
| rahul_dahiya |
0:fb8047b156bb | 4627 | if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && |
| rahul_dahiya |
0:fb8047b156bb | 4628 | ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || |
| rahul_dahiya |
0:fb8047b156bb | 4629 | ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) ) |
| rahul_dahiya |
0:fb8047b156bb | 4630 | { |
| rahul_dahiya |
0:fb8047b156bb | 4631 | ret = 0; |
| rahul_dahiya |
0:fb8047b156bb | 4632 | } |
| rahul_dahiya |
0:fb8047b156bb | 4633 | |
| rahul_dahiya |
0:fb8047b156bb | 4634 | if( ca_chain == NULL && authmode == MBEDTLS_SSL_VERIFY_REQUIRED ) |
| rahul_dahiya |
0:fb8047b156bb | 4635 | { |
| rahul_dahiya |
0:fb8047b156bb | 4636 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4637 | ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED; |
| rahul_dahiya |
0:fb8047b156bb | 4638 | } |
| rahul_dahiya |
0:fb8047b156bb | 4639 | |
| rahul_dahiya |
0:fb8047b156bb | 4640 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4641 | { |
| rahul_dahiya |
0:fb8047b156bb | 4642 | /* The certificate may have been rejected for several reasons. |
| rahul_dahiya |
0:fb8047b156bb | 4643 | Pick one and send the corresponding alert. Which alert to send |
| rahul_dahiya |
0:fb8047b156bb | 4644 | may be a subject of debate in some cases. */ |
| rahul_dahiya |
0:fb8047b156bb | 4645 | if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER ) |
| rahul_dahiya |
0:fb8047b156bb | 4646 | alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED; |
| rahul_dahiya |
0:fb8047b156bb | 4647 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH ) |
| rahul_dahiya |
0:fb8047b156bb | 4648 | alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; |
| rahul_dahiya |
0:fb8047b156bb | 4649 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE ) |
| rahul_dahiya |
0:fb8047b156bb | 4650 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
| rahul_dahiya |
0:fb8047b156bb | 4651 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE ) |
| rahul_dahiya |
0:fb8047b156bb | 4652 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
| rahul_dahiya |
0:fb8047b156bb | 4653 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE ) |
| rahul_dahiya |
0:fb8047b156bb | 4654 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
| rahul_dahiya |
0:fb8047b156bb | 4655 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK ) |
| rahul_dahiya |
0:fb8047b156bb | 4656 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
| rahul_dahiya |
0:fb8047b156bb | 4657 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY ) |
| rahul_dahiya |
0:fb8047b156bb | 4658 | alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; |
| rahul_dahiya |
0:fb8047b156bb | 4659 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED ) |
| rahul_dahiya |
0:fb8047b156bb | 4660 | alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED; |
| rahul_dahiya |
0:fb8047b156bb | 4661 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED ) |
| rahul_dahiya |
0:fb8047b156bb | 4662 | alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED; |
| rahul_dahiya |
0:fb8047b156bb | 4663 | else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) |
| rahul_dahiya |
0:fb8047b156bb | 4664 | alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA; |
| rahul_dahiya |
0:fb8047b156bb | 4665 | else |
| rahul_dahiya |
0:fb8047b156bb | 4666 | alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN; |
| rahul_dahiya |
0:fb8047b156bb | 4667 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 4668 | alert ); |
| rahul_dahiya |
0:fb8047b156bb | 4669 | } |
| rahul_dahiya |
0:fb8047b156bb | 4670 | |
| rahul_dahiya |
0:fb8047b156bb | 4671 | #if defined(MBEDTLS_DEBUG_C) |
| rahul_dahiya |
0:fb8047b156bb | 4672 | if( ssl->session_negotiate->verify_result != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4673 | { |
| rahul_dahiya |
0:fb8047b156bb | 4674 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x", |
| rahul_dahiya |
0:fb8047b156bb | 4675 | ssl->session_negotiate->verify_result ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4676 | } |
| rahul_dahiya |
0:fb8047b156bb | 4677 | else |
| rahul_dahiya |
0:fb8047b156bb | 4678 | { |
| rahul_dahiya |
0:fb8047b156bb | 4679 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4680 | } |
| rahul_dahiya |
0:fb8047b156bb | 4681 | #endif /* MBEDTLS_DEBUG_C */ |
| rahul_dahiya |
0:fb8047b156bb | 4682 | } |
| rahul_dahiya |
0:fb8047b156bb | 4683 | |
| rahul_dahiya |
0:fb8047b156bb | 4684 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4685 | |
| rahul_dahiya |
0:fb8047b156bb | 4686 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4687 | } |
| rahul_dahiya |
0:fb8047b156bb | 4688 | #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED |
| rahul_dahiya |
0:fb8047b156bb | 4689 | !MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
| rahul_dahiya |
0:fb8047b156bb | 4690 | !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED |
| rahul_dahiya |
0:fb8047b156bb | 4691 | !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
| rahul_dahiya |
0:fb8047b156bb | 4692 | !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
| rahul_dahiya |
0:fb8047b156bb | 4693 | !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED |
| rahul_dahiya |
0:fb8047b156bb | 4694 | !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 4695 | |
| rahul_dahiya |
0:fb8047b156bb | 4696 | int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 4697 | { |
| rahul_dahiya |
0:fb8047b156bb | 4698 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 4699 | |
| rahul_dahiya |
0:fb8047b156bb | 4700 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4701 | |
| rahul_dahiya |
0:fb8047b156bb | 4702 | ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; |
| rahul_dahiya |
0:fb8047b156bb | 4703 | ssl->out_msglen = 1; |
| rahul_dahiya |
0:fb8047b156bb | 4704 | ssl->out_msg[0] = 1; |
| rahul_dahiya |
0:fb8047b156bb | 4705 | |
| rahul_dahiya |
0:fb8047b156bb | 4706 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 4707 | |
| rahul_dahiya |
0:fb8047b156bb | 4708 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4709 | { |
| rahul_dahiya |
0:fb8047b156bb | 4710 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4711 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4712 | } |
| rahul_dahiya |
0:fb8047b156bb | 4713 | |
| rahul_dahiya |
0:fb8047b156bb | 4714 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4715 | |
| rahul_dahiya |
0:fb8047b156bb | 4716 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4717 | } |
| rahul_dahiya |
0:fb8047b156bb | 4718 | |
| rahul_dahiya |
0:fb8047b156bb | 4719 | int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 4720 | { |
| rahul_dahiya |
0:fb8047b156bb | 4721 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 4722 | |
| rahul_dahiya |
0:fb8047b156bb | 4723 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4724 | |
| rahul_dahiya |
0:fb8047b156bb | 4725 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4726 | { |
| rahul_dahiya |
0:fb8047b156bb | 4727 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4728 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4729 | } |
| rahul_dahiya |
0:fb8047b156bb | 4730 | |
| rahul_dahiya |
0:fb8047b156bb | 4731 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) |
| rahul_dahiya |
0:fb8047b156bb | 4732 | { |
| rahul_dahiya |
0:fb8047b156bb | 4733 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4734 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 4735 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 4736 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 4737 | } |
| rahul_dahiya |
0:fb8047b156bb | 4738 | |
| rahul_dahiya |
0:fb8047b156bb | 4739 | if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 ) |
| rahul_dahiya |
0:fb8047b156bb | 4740 | { |
| rahul_dahiya |
0:fb8047b156bb | 4741 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4742 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 4743 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 4744 | return( MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC ); |
| rahul_dahiya |
0:fb8047b156bb | 4745 | } |
| rahul_dahiya |
0:fb8047b156bb | 4746 | |
| rahul_dahiya |
0:fb8047b156bb | 4747 | /* |
| rahul_dahiya |
0:fb8047b156bb | 4748 | * Switch to our negotiated transform and session parameters for inbound |
| rahul_dahiya |
0:fb8047b156bb | 4749 | * data. |
| rahul_dahiya |
0:fb8047b156bb | 4750 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4751 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4752 | ssl->transform_in = ssl->transform_negotiate; |
| rahul_dahiya |
0:fb8047b156bb | 4753 | ssl->session_in = ssl->session_negotiate; |
| rahul_dahiya |
0:fb8047b156bb | 4754 | |
| rahul_dahiya |
0:fb8047b156bb | 4755 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 4756 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 4757 | { |
| rahul_dahiya |
0:fb8047b156bb | 4758 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| rahul_dahiya |
0:fb8047b156bb | 4759 | ssl_dtls_replay_reset( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 4760 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4761 | |
| rahul_dahiya |
0:fb8047b156bb | 4762 | /* Increment epoch */ |
| rahul_dahiya |
0:fb8047b156bb | 4763 | if( ++ssl->in_epoch == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4764 | { |
| rahul_dahiya |
0:fb8047b156bb | 4765 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4766 | /* This is highly unlikely to happen for legitimate reasons, so |
| rahul_dahiya |
0:fb8047b156bb | 4767 | treat it as an attack and don't send an alert. */ |
| rahul_dahiya |
0:fb8047b156bb | 4768 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
| rahul_dahiya |
0:fb8047b156bb | 4769 | } |
| rahul_dahiya |
0:fb8047b156bb | 4770 | } |
| rahul_dahiya |
0:fb8047b156bb | 4771 | else |
| rahul_dahiya |
0:fb8047b156bb | 4772 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| rahul_dahiya |
0:fb8047b156bb | 4773 | memset( ssl->in_ctr, 0, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 4774 | |
| rahul_dahiya |
0:fb8047b156bb | 4775 | /* |
| rahul_dahiya |
0:fb8047b156bb | 4776 | * Set the in_msg pointer to the correct location based on IV length |
| rahul_dahiya |
0:fb8047b156bb | 4777 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4778 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
| rahul_dahiya |
0:fb8047b156bb | 4779 | { |
| rahul_dahiya |
0:fb8047b156bb | 4780 | ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen - |
| rahul_dahiya |
0:fb8047b156bb | 4781 | ssl->transform_negotiate->fixed_ivlen; |
| rahul_dahiya |
0:fb8047b156bb | 4782 | } |
| rahul_dahiya |
0:fb8047b156bb | 4783 | else |
| rahul_dahiya |
0:fb8047b156bb | 4784 | ssl->in_msg = ssl->in_iv; |
| rahul_dahiya |
0:fb8047b156bb | 4785 | |
| rahul_dahiya |
0:fb8047b156bb | 4786 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| rahul_dahiya |
0:fb8047b156bb | 4787 | if( mbedtls_ssl_hw_record_activate != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 4788 | { |
| rahul_dahiya |
0:fb8047b156bb | 4789 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 4790 | { |
| rahul_dahiya |
0:fb8047b156bb | 4791 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 4792 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 4793 | MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 4794 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 4795 | } |
| rahul_dahiya |
0:fb8047b156bb | 4796 | } |
| rahul_dahiya |
0:fb8047b156bb | 4797 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4798 | |
| rahul_dahiya |
0:fb8047b156bb | 4799 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 4800 | |
| rahul_dahiya |
0:fb8047b156bb | 4801 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4802 | |
| rahul_dahiya |
0:fb8047b156bb | 4803 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4804 | } |
| rahul_dahiya |
0:fb8047b156bb | 4805 | |
| rahul_dahiya |
0:fb8047b156bb | 4806 | void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 4807 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info ) |
| rahul_dahiya |
0:fb8047b156bb | 4808 | { |
| rahul_dahiya |
0:fb8047b156bb | 4809 | ((void) ciphersuite_info); |
| rahul_dahiya |
0:fb8047b156bb | 4810 | |
| rahul_dahiya |
0:fb8047b156bb | 4811 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 4812 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 4813 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 4814 | ssl->handshake->update_checksum = ssl_update_checksum_md5sha1; |
| rahul_dahiya |
0:fb8047b156bb | 4815 | else |
| rahul_dahiya |
0:fb8047b156bb | 4816 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4817 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 4818 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 4819 | if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) |
| rahul_dahiya |
0:fb8047b156bb | 4820 | ssl->handshake->update_checksum = ssl_update_checksum_sha384; |
| rahul_dahiya |
0:fb8047b156bb | 4821 | else |
| rahul_dahiya |
0:fb8047b156bb | 4822 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4823 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 4824 | if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 ) |
| rahul_dahiya |
0:fb8047b156bb | 4825 | ssl->handshake->update_checksum = ssl_update_checksum_sha256; |
| rahul_dahiya |
0:fb8047b156bb | 4826 | else |
| rahul_dahiya |
0:fb8047b156bb | 4827 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4828 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 4829 | { |
| rahul_dahiya |
0:fb8047b156bb | 4830 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4831 | return; |
| rahul_dahiya |
0:fb8047b156bb | 4832 | } |
| rahul_dahiya |
0:fb8047b156bb | 4833 | } |
| rahul_dahiya |
0:fb8047b156bb | 4834 | |
| rahul_dahiya |
0:fb8047b156bb | 4835 | void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 4836 | { |
| rahul_dahiya |
0:fb8047b156bb | 4837 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 4838 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 4839 | mbedtls_md5_starts( &ssl->handshake->fin_md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 4840 | mbedtls_sha1_starts( &ssl->handshake->fin_sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 4841 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4842 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 4843 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 4844 | mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 4845 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4846 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 4847 | mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 ); |
| rahul_dahiya |
0:fb8047b156bb | 4848 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4849 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 4850 | } |
| rahul_dahiya |
0:fb8047b156bb | 4851 | |
| rahul_dahiya |
0:fb8047b156bb | 4852 | static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 4853 | const unsigned char *buf, size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 4854 | { |
| rahul_dahiya |
0:fb8047b156bb | 4855 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 4856 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 4857 | mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 4858 | mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 4859 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4860 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 4861 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 4862 | mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 4863 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4864 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 4865 | mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 4866 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4867 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 4868 | } |
| rahul_dahiya |
0:fb8047b156bb | 4869 | |
| rahul_dahiya |
0:fb8047b156bb | 4870 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 4871 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 4872 | static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 4873 | const unsigned char *buf, size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 4874 | { |
| rahul_dahiya |
0:fb8047b156bb | 4875 | mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 4876 | mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 4877 | } |
| rahul_dahiya |
0:fb8047b156bb | 4878 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4879 | |
| rahul_dahiya |
0:fb8047b156bb | 4880 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 4881 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 4882 | static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 4883 | const unsigned char *buf, size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 4884 | { |
| rahul_dahiya |
0:fb8047b156bb | 4885 | mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 4886 | } |
| rahul_dahiya |
0:fb8047b156bb | 4887 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4888 | |
| rahul_dahiya |
0:fb8047b156bb | 4889 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 4890 | static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 4891 | const unsigned char *buf, size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 4892 | { |
| rahul_dahiya |
0:fb8047b156bb | 4893 | mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 4894 | } |
| rahul_dahiya |
0:fb8047b156bb | 4895 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4896 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 4897 | |
| rahul_dahiya |
0:fb8047b156bb | 4898 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 4899 | static void ssl_calc_finished_ssl( |
| rahul_dahiya |
0:fb8047b156bb | 4900 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
| rahul_dahiya |
0:fb8047b156bb | 4901 | { |
| rahul_dahiya |
0:fb8047b156bb | 4902 | const char *sender; |
| rahul_dahiya |
0:fb8047b156bb | 4903 | mbedtls_md5_context md5; |
| rahul_dahiya |
0:fb8047b156bb | 4904 | mbedtls_sha1_context sha1; |
| rahul_dahiya |
0:fb8047b156bb | 4905 | |
| rahul_dahiya |
0:fb8047b156bb | 4906 | unsigned char padbuf[48]; |
| rahul_dahiya |
0:fb8047b156bb | 4907 | unsigned char md5sum[16]; |
| rahul_dahiya |
0:fb8047b156bb | 4908 | unsigned char sha1sum[20]; |
| rahul_dahiya |
0:fb8047b156bb | 4909 | |
| rahul_dahiya |
0:fb8047b156bb | 4910 | mbedtls_ssl_session *session = ssl->session_negotiate; |
| rahul_dahiya |
0:fb8047b156bb | 4911 | if( !session ) |
| rahul_dahiya |
0:fb8047b156bb | 4912 | session = ssl->session; |
| rahul_dahiya |
0:fb8047b156bb | 4913 | |
| rahul_dahiya |
0:fb8047b156bb | 4914 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4915 | |
| rahul_dahiya |
0:fb8047b156bb | 4916 | mbedtls_md5_init( &md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 4917 | mbedtls_sha1_init( &sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 4918 | |
| rahul_dahiya |
0:fb8047b156bb | 4919 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 4920 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 4921 | |
| rahul_dahiya |
0:fb8047b156bb | 4922 | /* |
| rahul_dahiya |
0:fb8047b156bb | 4923 | * SSLv3: |
| rahul_dahiya |
0:fb8047b156bb | 4924 | * hash = |
| rahul_dahiya |
0:fb8047b156bb | 4925 | * MD5( master + pad2 + |
| rahul_dahiya |
0:fb8047b156bb | 4926 | * MD5( handshake + sender + master + pad1 ) ) |
| rahul_dahiya |
0:fb8047b156bb | 4927 | * + SHA1( master + pad2 + |
| rahul_dahiya |
0:fb8047b156bb | 4928 | * SHA1( handshake + sender + master + pad1 ) ) |
| rahul_dahiya |
0:fb8047b156bb | 4929 | */ |
| rahul_dahiya |
0:fb8047b156bb | 4930 | |
| rahul_dahiya |
0:fb8047b156bb | 4931 | #if !defined(MBEDTLS_MD5_ALT) |
| rahul_dahiya |
0:fb8047b156bb | 4932 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) |
| rahul_dahiya |
0:fb8047b156bb | 4933 | md5.state, sizeof( md5.state ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4934 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4935 | |
| rahul_dahiya |
0:fb8047b156bb | 4936 | #if !defined(MBEDTLS_SHA1_ALT) |
| rahul_dahiya |
0:fb8047b156bb | 4937 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) |
| rahul_dahiya |
0:fb8047b156bb | 4938 | sha1.state, sizeof( sha1.state ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4939 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 4940 | |
| rahul_dahiya |
0:fb8047b156bb | 4941 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) ? "CLNT" |
| rahul_dahiya |
0:fb8047b156bb | 4942 | : "SRVR"; |
| rahul_dahiya |
0:fb8047b156bb | 4943 | |
| rahul_dahiya |
0:fb8047b156bb | 4944 | memset( padbuf, 0x36, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 4945 | |
| rahul_dahiya |
0:fb8047b156bb | 4946 | mbedtls_md5_update( &md5, (const unsigned char *) sender, 4 ); |
| rahul_dahiya |
0:fb8047b156bb | 4947 | mbedtls_md5_update( &md5, session->master, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 4948 | mbedtls_md5_update( &md5, padbuf, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 4949 | mbedtls_md5_finish( &md5, md5sum ); |
| rahul_dahiya |
0:fb8047b156bb | 4950 | |
| rahul_dahiya |
0:fb8047b156bb | 4951 | mbedtls_sha1_update( &sha1, (const unsigned char *) sender, 4 ); |
| rahul_dahiya |
0:fb8047b156bb | 4952 | mbedtls_sha1_update( &sha1, session->master, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 4953 | mbedtls_sha1_update( &sha1, padbuf, 40 ); |
| rahul_dahiya |
0:fb8047b156bb | 4954 | mbedtls_sha1_finish( &sha1, sha1sum ); |
| rahul_dahiya |
0:fb8047b156bb | 4955 | |
| rahul_dahiya |
0:fb8047b156bb | 4956 | memset( padbuf, 0x5C, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 4957 | |
| rahul_dahiya |
0:fb8047b156bb | 4958 | mbedtls_md5_starts( &md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 4959 | mbedtls_md5_update( &md5, session->master, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 4960 | mbedtls_md5_update( &md5, padbuf, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 4961 | mbedtls_md5_update( &md5, md5sum, 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 4962 | mbedtls_md5_finish( &md5, buf ); |
| rahul_dahiya |
0:fb8047b156bb | 4963 | |
| rahul_dahiya |
0:fb8047b156bb | 4964 | mbedtls_sha1_starts( &sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 4965 | mbedtls_sha1_update( &sha1, session->master, 48 ); |
| rahul_dahiya |
0:fb8047b156bb | 4966 | mbedtls_sha1_update( &sha1, padbuf , 40 ); |
| rahul_dahiya |
0:fb8047b156bb | 4967 | mbedtls_sha1_update( &sha1, sha1sum, 20 ); |
| rahul_dahiya |
0:fb8047b156bb | 4968 | mbedtls_sha1_finish( &sha1, buf + 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 4969 | |
| rahul_dahiya |
0:fb8047b156bb | 4970 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 ); |
| rahul_dahiya |
0:fb8047b156bb | 4971 | |
| rahul_dahiya |
0:fb8047b156bb | 4972 | mbedtls_md5_free( &md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 4973 | mbedtls_sha1_free( &sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 4974 | |
| rahul_dahiya |
0:fb8047b156bb | 4975 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4976 | mbedtls_zeroize( md5sum, sizeof( md5sum ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4977 | mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4978 | |
| rahul_dahiya |
0:fb8047b156bb | 4979 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4980 | } |
| rahul_dahiya |
0:fb8047b156bb | 4981 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| rahul_dahiya |
0:fb8047b156bb | 4982 | |
| rahul_dahiya |
0:fb8047b156bb | 4983 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 4984 | static void ssl_calc_finished_tls( |
| rahul_dahiya |
0:fb8047b156bb | 4985 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
| rahul_dahiya |
0:fb8047b156bb | 4986 | { |
| rahul_dahiya |
0:fb8047b156bb | 4987 | int len = 12; |
| rahul_dahiya |
0:fb8047b156bb | 4988 | const char *sender; |
| rahul_dahiya |
0:fb8047b156bb | 4989 | mbedtls_md5_context md5; |
| rahul_dahiya |
0:fb8047b156bb | 4990 | mbedtls_sha1_context sha1; |
| rahul_dahiya |
0:fb8047b156bb | 4991 | unsigned char padbuf[36]; |
| rahul_dahiya |
0:fb8047b156bb | 4992 | |
| rahul_dahiya |
0:fb8047b156bb | 4993 | mbedtls_ssl_session *session = ssl->session_negotiate; |
| rahul_dahiya |
0:fb8047b156bb | 4994 | if( !session ) |
| rahul_dahiya |
0:fb8047b156bb | 4995 | session = ssl->session; |
| rahul_dahiya |
0:fb8047b156bb | 4996 | |
| rahul_dahiya |
0:fb8047b156bb | 4997 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 4998 | |
| rahul_dahiya |
0:fb8047b156bb | 4999 | mbedtls_md5_init( &md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 5000 | mbedtls_sha1_init( &sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 5001 | |
| rahul_dahiya |
0:fb8047b156bb | 5002 | mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 5003 | mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 5004 | |
| rahul_dahiya |
0:fb8047b156bb | 5005 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5006 | * TLSv1: |
| rahul_dahiya |
0:fb8047b156bb | 5007 | * hash = PRF( master, finished_label, |
| rahul_dahiya |
0:fb8047b156bb | 5008 | * MD5( handshake ) + SHA1( handshake ) )[0..11] |
| rahul_dahiya |
0:fb8047b156bb | 5009 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5010 | |
| rahul_dahiya |
0:fb8047b156bb | 5011 | #if !defined(MBEDTLS_MD5_ALT) |
| rahul_dahiya |
0:fb8047b156bb | 5012 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) |
| rahul_dahiya |
0:fb8047b156bb | 5013 | md5.state, sizeof( md5.state ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5014 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5015 | |
| rahul_dahiya |
0:fb8047b156bb | 5016 | #if !defined(MBEDTLS_SHA1_ALT) |
| rahul_dahiya |
0:fb8047b156bb | 5017 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) |
| rahul_dahiya |
0:fb8047b156bb | 5018 | sha1.state, sizeof( sha1.state ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5019 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5020 | |
| rahul_dahiya |
0:fb8047b156bb | 5021 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
| rahul_dahiya |
0:fb8047b156bb | 5022 | ? "client finished" |
| rahul_dahiya |
0:fb8047b156bb | 5023 | : "server finished"; |
| rahul_dahiya |
0:fb8047b156bb | 5024 | |
| rahul_dahiya |
0:fb8047b156bb | 5025 | mbedtls_md5_finish( &md5, padbuf ); |
| rahul_dahiya |
0:fb8047b156bb | 5026 | mbedtls_sha1_finish( &sha1, padbuf + 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 5027 | |
| rahul_dahiya |
0:fb8047b156bb | 5028 | ssl->handshake->tls_prf( session->master, 48, sender, |
| rahul_dahiya |
0:fb8047b156bb | 5029 | padbuf, 36, buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 5030 | |
| rahul_dahiya |
0:fb8047b156bb | 5031 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 5032 | |
| rahul_dahiya |
0:fb8047b156bb | 5033 | mbedtls_md5_free( &md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 5034 | mbedtls_sha1_free( &sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 5035 | |
| rahul_dahiya |
0:fb8047b156bb | 5036 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5037 | |
| rahul_dahiya |
0:fb8047b156bb | 5038 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5039 | } |
| rahul_dahiya |
0:fb8047b156bb | 5040 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
| rahul_dahiya |
0:fb8047b156bb | 5041 | |
| rahul_dahiya |
0:fb8047b156bb | 5042 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 5043 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 5044 | static void ssl_calc_finished_tls_sha256( |
| rahul_dahiya |
0:fb8047b156bb | 5045 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
| rahul_dahiya |
0:fb8047b156bb | 5046 | { |
| rahul_dahiya |
0:fb8047b156bb | 5047 | int len = 12; |
| rahul_dahiya |
0:fb8047b156bb | 5048 | const char *sender; |
| rahul_dahiya |
0:fb8047b156bb | 5049 | mbedtls_sha256_context sha256; |
| rahul_dahiya |
0:fb8047b156bb | 5050 | unsigned char padbuf[32]; |
| rahul_dahiya |
0:fb8047b156bb | 5051 | |
| rahul_dahiya |
0:fb8047b156bb | 5052 | mbedtls_ssl_session *session = ssl->session_negotiate; |
| rahul_dahiya |
0:fb8047b156bb | 5053 | if( !session ) |
| rahul_dahiya |
0:fb8047b156bb | 5054 | session = ssl->session; |
| rahul_dahiya |
0:fb8047b156bb | 5055 | |
| rahul_dahiya |
0:fb8047b156bb | 5056 | mbedtls_sha256_init( &sha256 ); |
| rahul_dahiya |
0:fb8047b156bb | 5057 | |
| rahul_dahiya |
0:fb8047b156bb | 5058 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5059 | |
| rahul_dahiya |
0:fb8047b156bb | 5060 | mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); |
| rahul_dahiya |
0:fb8047b156bb | 5061 | |
| rahul_dahiya |
0:fb8047b156bb | 5062 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5063 | * TLSv1.2: |
| rahul_dahiya |
0:fb8047b156bb | 5064 | * hash = PRF( master, finished_label, |
| rahul_dahiya |
0:fb8047b156bb | 5065 | * Hash( handshake ) )[0.11] |
| rahul_dahiya |
0:fb8047b156bb | 5066 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5067 | |
| rahul_dahiya |
0:fb8047b156bb | 5068 | #if !defined(MBEDTLS_SHA256_ALT) |
| rahul_dahiya |
0:fb8047b156bb | 5069 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *) |
| rahul_dahiya |
0:fb8047b156bb | 5070 | sha256.state, sizeof( sha256.state ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5071 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5072 | |
| rahul_dahiya |
0:fb8047b156bb | 5073 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
| rahul_dahiya |
0:fb8047b156bb | 5074 | ? "client finished" |
| rahul_dahiya |
0:fb8047b156bb | 5075 | : "server finished"; |
| rahul_dahiya |
0:fb8047b156bb | 5076 | |
| rahul_dahiya |
0:fb8047b156bb | 5077 | mbedtls_sha256_finish( &sha256, padbuf ); |
| rahul_dahiya |
0:fb8047b156bb | 5078 | |
| rahul_dahiya |
0:fb8047b156bb | 5079 | ssl->handshake->tls_prf( session->master, 48, sender, |
| rahul_dahiya |
0:fb8047b156bb | 5080 | padbuf, 32, buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 5081 | |
| rahul_dahiya |
0:fb8047b156bb | 5082 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 5083 | |
| rahul_dahiya |
0:fb8047b156bb | 5084 | mbedtls_sha256_free( &sha256 ); |
| rahul_dahiya |
0:fb8047b156bb | 5085 | |
| rahul_dahiya |
0:fb8047b156bb | 5086 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5087 | |
| rahul_dahiya |
0:fb8047b156bb | 5088 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5089 | } |
| rahul_dahiya |
0:fb8047b156bb | 5090 | #endif /* MBEDTLS_SHA256_C */ |
| rahul_dahiya |
0:fb8047b156bb | 5091 | |
| rahul_dahiya |
0:fb8047b156bb | 5092 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 5093 | static void ssl_calc_finished_tls_sha384( |
| rahul_dahiya |
0:fb8047b156bb | 5094 | mbedtls_ssl_context *ssl, unsigned char *buf, int from ) |
| rahul_dahiya |
0:fb8047b156bb | 5095 | { |
| rahul_dahiya |
0:fb8047b156bb | 5096 | int len = 12; |
| rahul_dahiya |
0:fb8047b156bb | 5097 | const char *sender; |
| rahul_dahiya |
0:fb8047b156bb | 5098 | mbedtls_sha512_context sha512; |
| rahul_dahiya |
0:fb8047b156bb | 5099 | unsigned char padbuf[48]; |
| rahul_dahiya |
0:fb8047b156bb | 5100 | |
| rahul_dahiya |
0:fb8047b156bb | 5101 | mbedtls_ssl_session *session = ssl->session_negotiate; |
| rahul_dahiya |
0:fb8047b156bb | 5102 | if( !session ) |
| rahul_dahiya |
0:fb8047b156bb | 5103 | session = ssl->session; |
| rahul_dahiya |
0:fb8047b156bb | 5104 | |
| rahul_dahiya |
0:fb8047b156bb | 5105 | mbedtls_sha512_init( &sha512 ); |
| rahul_dahiya |
0:fb8047b156bb | 5106 | |
| rahul_dahiya |
0:fb8047b156bb | 5107 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5108 | |
| rahul_dahiya |
0:fb8047b156bb | 5109 | mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); |
| rahul_dahiya |
0:fb8047b156bb | 5110 | |
| rahul_dahiya |
0:fb8047b156bb | 5111 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5112 | * TLSv1.2: |
| rahul_dahiya |
0:fb8047b156bb | 5113 | * hash = PRF( master, finished_label, |
| rahul_dahiya |
0:fb8047b156bb | 5114 | * Hash( handshake ) )[0.11] |
| rahul_dahiya |
0:fb8047b156bb | 5115 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5116 | |
| rahul_dahiya |
0:fb8047b156bb | 5117 | #if !defined(MBEDTLS_SHA512_ALT) |
| rahul_dahiya |
0:fb8047b156bb | 5118 | MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) |
| rahul_dahiya |
0:fb8047b156bb | 5119 | sha512.state, sizeof( sha512.state ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5120 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5121 | |
| rahul_dahiya |
0:fb8047b156bb | 5122 | sender = ( from == MBEDTLS_SSL_IS_CLIENT ) |
| rahul_dahiya |
0:fb8047b156bb | 5123 | ? "client finished" |
| rahul_dahiya |
0:fb8047b156bb | 5124 | : "server finished"; |
| rahul_dahiya |
0:fb8047b156bb | 5125 | |
| rahul_dahiya |
0:fb8047b156bb | 5126 | mbedtls_sha512_finish( &sha512, padbuf ); |
| rahul_dahiya |
0:fb8047b156bb | 5127 | |
| rahul_dahiya |
0:fb8047b156bb | 5128 | ssl->handshake->tls_prf( session->master, 48, sender, |
| rahul_dahiya |
0:fb8047b156bb | 5129 | padbuf, 48, buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 5130 | |
| rahul_dahiya |
0:fb8047b156bb | 5131 | MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 5132 | |
| rahul_dahiya |
0:fb8047b156bb | 5133 | mbedtls_sha512_free( &sha512 ); |
| rahul_dahiya |
0:fb8047b156bb | 5134 | |
| rahul_dahiya |
0:fb8047b156bb | 5135 | mbedtls_zeroize( padbuf, sizeof( padbuf ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5136 | |
| rahul_dahiya |
0:fb8047b156bb | 5137 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5138 | } |
| rahul_dahiya |
0:fb8047b156bb | 5139 | #endif /* MBEDTLS_SHA512_C */ |
| rahul_dahiya |
0:fb8047b156bb | 5140 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 5141 | |
| rahul_dahiya |
0:fb8047b156bb | 5142 | static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 5143 | { |
| rahul_dahiya |
0:fb8047b156bb | 5144 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5145 | |
| rahul_dahiya |
0:fb8047b156bb | 5146 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5147 | * Free our handshake params |
| rahul_dahiya |
0:fb8047b156bb | 5148 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5149 | mbedtls_ssl_handshake_free( ssl->handshake ); |
| rahul_dahiya |
0:fb8047b156bb | 5150 | mbedtls_free( ssl->handshake ); |
| rahul_dahiya |
0:fb8047b156bb | 5151 | ssl->handshake = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5152 | |
| rahul_dahiya |
0:fb8047b156bb | 5153 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5154 | * Free the previous transform and swith in the current one |
| rahul_dahiya |
0:fb8047b156bb | 5155 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5156 | if( ssl->transform ) |
| rahul_dahiya |
0:fb8047b156bb | 5157 | { |
| rahul_dahiya |
0:fb8047b156bb | 5158 | mbedtls_ssl_transform_free( ssl->transform ); |
| rahul_dahiya |
0:fb8047b156bb | 5159 | mbedtls_free( ssl->transform ); |
| rahul_dahiya |
0:fb8047b156bb | 5160 | } |
| rahul_dahiya |
0:fb8047b156bb | 5161 | ssl->transform = ssl->transform_negotiate; |
| rahul_dahiya |
0:fb8047b156bb | 5162 | ssl->transform_negotiate = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5163 | |
| rahul_dahiya |
0:fb8047b156bb | 5164 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5165 | } |
| rahul_dahiya |
0:fb8047b156bb | 5166 | |
| rahul_dahiya |
0:fb8047b156bb | 5167 | void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 5168 | { |
| rahul_dahiya |
0:fb8047b156bb | 5169 | int resume = ssl->handshake->resume; |
| rahul_dahiya |
0:fb8047b156bb | 5170 | |
| rahul_dahiya |
0:fb8047b156bb | 5171 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5172 | |
| rahul_dahiya |
0:fb8047b156bb | 5173 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 5174 | if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
| rahul_dahiya |
0:fb8047b156bb | 5175 | { |
| rahul_dahiya |
0:fb8047b156bb | 5176 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE; |
| rahul_dahiya |
0:fb8047b156bb | 5177 | ssl->renego_records_seen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5178 | } |
| rahul_dahiya |
0:fb8047b156bb | 5179 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5180 | |
| rahul_dahiya |
0:fb8047b156bb | 5181 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5182 | * Free the previous session and switch in the current one |
| rahul_dahiya |
0:fb8047b156bb | 5183 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5184 | if( ssl->session ) |
| rahul_dahiya |
0:fb8047b156bb | 5185 | { |
| rahul_dahiya |
0:fb8047b156bb | 5186 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 5187 | /* RFC 7366 3.1: keep the EtM state */ |
| rahul_dahiya |
0:fb8047b156bb | 5188 | ssl->session_negotiate->encrypt_then_mac = |
| rahul_dahiya |
0:fb8047b156bb | 5189 | ssl->session->encrypt_then_mac; |
| rahul_dahiya |
0:fb8047b156bb | 5190 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5191 | |
| rahul_dahiya |
0:fb8047b156bb | 5192 | mbedtls_ssl_session_free( ssl->session ); |
| rahul_dahiya |
0:fb8047b156bb | 5193 | mbedtls_free( ssl->session ); |
| rahul_dahiya |
0:fb8047b156bb | 5194 | } |
| rahul_dahiya |
0:fb8047b156bb | 5195 | ssl->session = ssl->session_negotiate; |
| rahul_dahiya |
0:fb8047b156bb | 5196 | ssl->session_negotiate = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5197 | |
| rahul_dahiya |
0:fb8047b156bb | 5198 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5199 | * Add cache entry |
| rahul_dahiya |
0:fb8047b156bb | 5200 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5201 | if( ssl->conf->f_set_cache != NULL && |
| rahul_dahiya |
0:fb8047b156bb | 5202 | ssl->session->id_len != 0 && |
| rahul_dahiya |
0:fb8047b156bb | 5203 | resume == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5204 | { |
| rahul_dahiya |
0:fb8047b156bb | 5205 | if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5206 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5207 | } |
| rahul_dahiya |
0:fb8047b156bb | 5208 | |
| rahul_dahiya |
0:fb8047b156bb | 5209 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 5210 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| rahul_dahiya |
0:fb8047b156bb | 5211 | ssl->handshake->flight != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 5212 | { |
| rahul_dahiya |
0:fb8047b156bb | 5213 | /* Cancel handshake timer */ |
| rahul_dahiya |
0:fb8047b156bb | 5214 | ssl_set_timer( ssl, 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 5215 | |
| rahul_dahiya |
0:fb8047b156bb | 5216 | /* Keep last flight around in case we need to resend it: |
| rahul_dahiya |
0:fb8047b156bb | 5217 | * we need the handshake and transform structures for that */ |
| rahul_dahiya |
0:fb8047b156bb | 5218 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5219 | } |
| rahul_dahiya |
0:fb8047b156bb | 5220 | else |
| rahul_dahiya |
0:fb8047b156bb | 5221 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5222 | ssl_handshake_wrapup_free_hs_transform( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 5223 | |
| rahul_dahiya |
0:fb8047b156bb | 5224 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 5225 | |
| rahul_dahiya |
0:fb8047b156bb | 5226 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5227 | } |
| rahul_dahiya |
0:fb8047b156bb | 5228 | |
| rahul_dahiya |
0:fb8047b156bb | 5229 | int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 5230 | { |
| rahul_dahiya |
0:fb8047b156bb | 5231 | int ret, hash_len; |
| rahul_dahiya |
0:fb8047b156bb | 5232 | |
| rahul_dahiya |
0:fb8047b156bb | 5233 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5234 | |
| rahul_dahiya |
0:fb8047b156bb | 5235 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5236 | * Set the out_msg pointer to the correct location based on IV length |
| rahul_dahiya |
0:fb8047b156bb | 5237 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5238 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) |
| rahul_dahiya |
0:fb8047b156bb | 5239 | { |
| rahul_dahiya |
0:fb8047b156bb | 5240 | ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen - |
| rahul_dahiya |
0:fb8047b156bb | 5241 | ssl->transform_negotiate->fixed_ivlen; |
| rahul_dahiya |
0:fb8047b156bb | 5242 | } |
| rahul_dahiya |
0:fb8047b156bb | 5243 | else |
| rahul_dahiya |
0:fb8047b156bb | 5244 | ssl->out_msg = ssl->out_iv; |
| rahul_dahiya |
0:fb8047b156bb | 5245 | |
| rahul_dahiya |
0:fb8047b156bb | 5246 | ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); |
| rahul_dahiya |
0:fb8047b156bb | 5247 | |
| rahul_dahiya |
0:fb8047b156bb | 5248 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5249 | * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites |
| rahul_dahiya |
0:fb8047b156bb | 5250 | * may define some other value. Currently (early 2016), no defined |
| rahul_dahiya |
0:fb8047b156bb | 5251 | * ciphersuite does this (and this is unlikely to change as activity has |
| rahul_dahiya |
0:fb8047b156bb | 5252 | * moved to TLS 1.3 now) so we can keep the hardcoded 12 here. |
| rahul_dahiya |
0:fb8047b156bb | 5253 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5254 | hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12; |
| rahul_dahiya |
0:fb8047b156bb | 5255 | |
| rahul_dahiya |
0:fb8047b156bb | 5256 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 5257 | ssl->verify_data_len = hash_len; |
| rahul_dahiya |
0:fb8047b156bb | 5258 | memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len ); |
| rahul_dahiya |
0:fb8047b156bb | 5259 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5260 | |
| rahul_dahiya |
0:fb8047b156bb | 5261 | ssl->out_msglen = 4 + hash_len; |
| rahul_dahiya |
0:fb8047b156bb | 5262 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
| rahul_dahiya |
0:fb8047b156bb | 5263 | ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED; |
| rahul_dahiya |
0:fb8047b156bb | 5264 | |
| rahul_dahiya |
0:fb8047b156bb | 5265 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5266 | * In case of session resuming, invert the client and server |
| rahul_dahiya |
0:fb8047b156bb | 5267 | * ChangeCipherSpec messages order. |
| rahul_dahiya |
0:fb8047b156bb | 5268 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5269 | if( ssl->handshake->resume != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5270 | { |
| rahul_dahiya |
0:fb8047b156bb | 5271 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 5272 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| rahul_dahiya |
0:fb8047b156bb | 5273 | ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; |
| rahul_dahiya |
0:fb8047b156bb | 5274 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5275 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 5276 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| rahul_dahiya |
0:fb8047b156bb | 5277 | ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; |
| rahul_dahiya |
0:fb8047b156bb | 5278 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5279 | } |
| rahul_dahiya |
0:fb8047b156bb | 5280 | else |
| rahul_dahiya |
0:fb8047b156bb | 5281 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 5282 | |
| rahul_dahiya |
0:fb8047b156bb | 5283 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5284 | * Switch to our negotiated transform and session parameters for outbound |
| rahul_dahiya |
0:fb8047b156bb | 5285 | * data. |
| rahul_dahiya |
0:fb8047b156bb | 5286 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5287 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5288 | |
| rahul_dahiya |
0:fb8047b156bb | 5289 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 5290 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 5291 | { |
| rahul_dahiya |
0:fb8047b156bb | 5292 | unsigned char i; |
| rahul_dahiya |
0:fb8047b156bb | 5293 | |
| rahul_dahiya |
0:fb8047b156bb | 5294 | /* Remember current epoch settings for resending */ |
| rahul_dahiya |
0:fb8047b156bb | 5295 | ssl->handshake->alt_transform_out = ssl->transform_out; |
| rahul_dahiya |
0:fb8047b156bb | 5296 | memcpy( ssl->handshake->alt_out_ctr, ssl->out_ctr, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 5297 | |
| rahul_dahiya |
0:fb8047b156bb | 5298 | /* Set sequence_number to zero */ |
| rahul_dahiya |
0:fb8047b156bb | 5299 | memset( ssl->out_ctr + 2, 0, 6 ); |
| rahul_dahiya |
0:fb8047b156bb | 5300 | |
| rahul_dahiya |
0:fb8047b156bb | 5301 | /* Increment epoch */ |
| rahul_dahiya |
0:fb8047b156bb | 5302 | for( i = 2; i > 0; i-- ) |
| rahul_dahiya |
0:fb8047b156bb | 5303 | if( ++ssl->out_ctr[i - 1] != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5304 | break; |
| rahul_dahiya |
0:fb8047b156bb | 5305 | |
| rahul_dahiya |
0:fb8047b156bb | 5306 | /* The loop goes to its end iff the counter is wrapping */ |
| rahul_dahiya |
0:fb8047b156bb | 5307 | if( i == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5308 | { |
| rahul_dahiya |
0:fb8047b156bb | 5309 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5310 | return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); |
| rahul_dahiya |
0:fb8047b156bb | 5311 | } |
| rahul_dahiya |
0:fb8047b156bb | 5312 | } |
| rahul_dahiya |
0:fb8047b156bb | 5313 | else |
| rahul_dahiya |
0:fb8047b156bb | 5314 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| rahul_dahiya |
0:fb8047b156bb | 5315 | memset( ssl->out_ctr, 0, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 5316 | |
| rahul_dahiya |
0:fb8047b156bb | 5317 | ssl->transform_out = ssl->transform_negotiate; |
| rahul_dahiya |
0:fb8047b156bb | 5318 | ssl->session_out = ssl->session_negotiate; |
| rahul_dahiya |
0:fb8047b156bb | 5319 | |
| rahul_dahiya |
0:fb8047b156bb | 5320 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| rahul_dahiya |
0:fb8047b156bb | 5321 | if( mbedtls_ssl_hw_record_activate != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 5322 | { |
| rahul_dahiya |
0:fb8047b156bb | 5323 | if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5324 | { |
| rahul_dahiya |
0:fb8047b156bb | 5325 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 5326 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 5327 | } |
| rahul_dahiya |
0:fb8047b156bb | 5328 | } |
| rahul_dahiya |
0:fb8047b156bb | 5329 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5330 | |
| rahul_dahiya |
0:fb8047b156bb | 5331 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 5332 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 5333 | mbedtls_ssl_send_flight_completed( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 5334 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5335 | |
| rahul_dahiya |
0:fb8047b156bb | 5336 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5337 | { |
| rahul_dahiya |
0:fb8047b156bb | 5338 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 5339 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 5340 | } |
| rahul_dahiya |
0:fb8047b156bb | 5341 | |
| rahul_dahiya |
0:fb8047b156bb | 5342 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5343 | |
| rahul_dahiya |
0:fb8047b156bb | 5344 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 5345 | } |
| rahul_dahiya |
0:fb8047b156bb | 5346 | |
| rahul_dahiya |
0:fb8047b156bb | 5347 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 5348 | #define SSL_MAX_HASH_LEN 36 |
| rahul_dahiya |
0:fb8047b156bb | 5349 | #else |
| rahul_dahiya |
0:fb8047b156bb | 5350 | #define SSL_MAX_HASH_LEN 12 |
| rahul_dahiya |
0:fb8047b156bb | 5351 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5352 | |
| rahul_dahiya |
0:fb8047b156bb | 5353 | int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 5354 | { |
| rahul_dahiya |
0:fb8047b156bb | 5355 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 5356 | unsigned int hash_len; |
| rahul_dahiya |
0:fb8047b156bb | 5357 | unsigned char buf[SSL_MAX_HASH_LEN]; |
| rahul_dahiya |
0:fb8047b156bb | 5358 | |
| rahul_dahiya |
0:fb8047b156bb | 5359 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5360 | |
| rahul_dahiya |
0:fb8047b156bb | 5361 | ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 ); |
| rahul_dahiya |
0:fb8047b156bb | 5362 | |
| rahul_dahiya |
0:fb8047b156bb | 5363 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5364 | { |
| rahul_dahiya |
0:fb8047b156bb | 5365 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 5366 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 5367 | } |
| rahul_dahiya |
0:fb8047b156bb | 5368 | |
| rahul_dahiya |
0:fb8047b156bb | 5369 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 5370 | { |
| rahul_dahiya |
0:fb8047b156bb | 5371 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5372 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 5373 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 5374 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 5375 | } |
| rahul_dahiya |
0:fb8047b156bb | 5376 | |
| rahul_dahiya |
0:fb8047b156bb | 5377 | /* There is currently no ciphersuite using another length with TLS 1.2 */ |
| rahul_dahiya |
0:fb8047b156bb | 5378 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 5379 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5380 | hash_len = 36; |
| rahul_dahiya |
0:fb8047b156bb | 5381 | else |
| rahul_dahiya |
0:fb8047b156bb | 5382 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5383 | hash_len = 12; |
| rahul_dahiya |
0:fb8047b156bb | 5384 | |
| rahul_dahiya |
0:fb8047b156bb | 5385 | if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED || |
| rahul_dahiya |
0:fb8047b156bb | 5386 | ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len ) |
| rahul_dahiya |
0:fb8047b156bb | 5387 | { |
| rahul_dahiya |
0:fb8047b156bb | 5388 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5389 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 5390 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 5391 | return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); |
| rahul_dahiya |
0:fb8047b156bb | 5392 | } |
| rahul_dahiya |
0:fb8047b156bb | 5393 | |
| rahul_dahiya |
0:fb8047b156bb | 5394 | if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), |
| rahul_dahiya |
0:fb8047b156bb | 5395 | buf, hash_len ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5396 | { |
| rahul_dahiya |
0:fb8047b156bb | 5397 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5398 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 5399 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 5400 | return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); |
| rahul_dahiya |
0:fb8047b156bb | 5401 | } |
| rahul_dahiya |
0:fb8047b156bb | 5402 | |
| rahul_dahiya |
0:fb8047b156bb | 5403 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 5404 | ssl->verify_data_len = hash_len; |
| rahul_dahiya |
0:fb8047b156bb | 5405 | memcpy( ssl->peer_verify_data, buf, hash_len ); |
| rahul_dahiya |
0:fb8047b156bb | 5406 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5407 | |
| rahul_dahiya |
0:fb8047b156bb | 5408 | if( ssl->handshake->resume != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5409 | { |
| rahul_dahiya |
0:fb8047b156bb | 5410 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 5411 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| rahul_dahiya |
0:fb8047b156bb | 5412 | ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; |
| rahul_dahiya |
0:fb8047b156bb | 5413 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5414 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 5415 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| rahul_dahiya |
0:fb8047b156bb | 5416 | ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; |
| rahul_dahiya |
0:fb8047b156bb | 5417 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5418 | } |
| rahul_dahiya |
0:fb8047b156bb | 5419 | else |
| rahul_dahiya |
0:fb8047b156bb | 5420 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 5421 | |
| rahul_dahiya |
0:fb8047b156bb | 5422 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 5423 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 5424 | mbedtls_ssl_recv_flight_completed( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 5425 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5426 | |
| rahul_dahiya |
0:fb8047b156bb | 5427 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5428 | |
| rahul_dahiya |
0:fb8047b156bb | 5429 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 5430 | } |
| rahul_dahiya |
0:fb8047b156bb | 5431 | |
| rahul_dahiya |
0:fb8047b156bb | 5432 | static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) |
| rahul_dahiya |
0:fb8047b156bb | 5433 | { |
| rahul_dahiya |
0:fb8047b156bb | 5434 | memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5435 | |
| rahul_dahiya |
0:fb8047b156bb | 5436 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 5437 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 5438 | mbedtls_md5_init( &handshake->fin_md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 5439 | mbedtls_sha1_init( &handshake->fin_sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 5440 | mbedtls_md5_starts( &handshake->fin_md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 5441 | mbedtls_sha1_starts( &handshake->fin_sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 5442 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5443 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 5444 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 5445 | mbedtls_sha256_init( &handshake->fin_sha256 ); |
| rahul_dahiya |
0:fb8047b156bb | 5446 | mbedtls_sha256_starts( &handshake->fin_sha256, 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 5447 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5448 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 5449 | mbedtls_sha512_init( &handshake->fin_sha512 ); |
| rahul_dahiya |
0:fb8047b156bb | 5450 | mbedtls_sha512_starts( &handshake->fin_sha512, 1 ); |
| rahul_dahiya |
0:fb8047b156bb | 5451 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5452 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 5453 | |
| rahul_dahiya |
0:fb8047b156bb | 5454 | handshake->update_checksum = ssl_update_checksum_start; |
| rahul_dahiya |
0:fb8047b156bb | 5455 | |
| rahul_dahiya |
0:fb8047b156bb | 5456 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ |
| rahul_dahiya |
0:fb8047b156bb | 5457 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 5458 | mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs ); |
| rahul_dahiya |
0:fb8047b156bb | 5459 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5460 | |
| rahul_dahiya |
0:fb8047b156bb | 5461 | #if defined(MBEDTLS_DHM_C) |
| rahul_dahiya |
0:fb8047b156bb | 5462 | mbedtls_dhm_init( &handshake->dhm_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 5463 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5464 | #if defined(MBEDTLS_ECDH_C) |
| rahul_dahiya |
0:fb8047b156bb | 5465 | mbedtls_ecdh_init( &handshake->ecdh_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 5466 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5467 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 5468 | mbedtls_ecjpake_init( &handshake->ecjpake_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 5469 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 5470 | handshake->ecjpake_cache = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5471 | handshake->ecjpake_cache_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5472 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5473 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5474 | |
| rahul_dahiya |
0:fb8047b156bb | 5475 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| rahul_dahiya |
0:fb8047b156bb | 5476 | handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET; |
| rahul_dahiya |
0:fb8047b156bb | 5477 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5478 | } |
| rahul_dahiya |
0:fb8047b156bb | 5479 | |
| rahul_dahiya |
0:fb8047b156bb | 5480 | static void ssl_transform_init( mbedtls_ssl_transform *transform ) |
| rahul_dahiya |
0:fb8047b156bb | 5481 | { |
| rahul_dahiya |
0:fb8047b156bb | 5482 | memset( transform, 0, sizeof(mbedtls_ssl_transform) ); |
| rahul_dahiya |
0:fb8047b156bb | 5483 | |
| rahul_dahiya |
0:fb8047b156bb | 5484 | mbedtls_cipher_init( &transform->cipher_ctx_enc ); |
| rahul_dahiya |
0:fb8047b156bb | 5485 | mbedtls_cipher_init( &transform->cipher_ctx_dec ); |
| rahul_dahiya |
0:fb8047b156bb | 5486 | |
| rahul_dahiya |
0:fb8047b156bb | 5487 | mbedtls_md_init( &transform->md_ctx_enc ); |
| rahul_dahiya |
0:fb8047b156bb | 5488 | mbedtls_md_init( &transform->md_ctx_dec ); |
| rahul_dahiya |
0:fb8047b156bb | 5489 | } |
| rahul_dahiya |
0:fb8047b156bb | 5490 | |
| rahul_dahiya |
0:fb8047b156bb | 5491 | void mbedtls_ssl_session_init( mbedtls_ssl_session *session ) |
| rahul_dahiya |
0:fb8047b156bb | 5492 | { |
| rahul_dahiya |
0:fb8047b156bb | 5493 | memset( session, 0, sizeof(mbedtls_ssl_session) ); |
| rahul_dahiya |
0:fb8047b156bb | 5494 | } |
| rahul_dahiya |
0:fb8047b156bb | 5495 | |
| rahul_dahiya |
0:fb8047b156bb | 5496 | static int ssl_handshake_init( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 5497 | { |
| rahul_dahiya |
0:fb8047b156bb | 5498 | /* Clear old handshake information if present */ |
| rahul_dahiya |
0:fb8047b156bb | 5499 | if( ssl->transform_negotiate ) |
| rahul_dahiya |
0:fb8047b156bb | 5500 | mbedtls_ssl_transform_free( ssl->transform_negotiate ); |
| rahul_dahiya |
0:fb8047b156bb | 5501 | if( ssl->session_negotiate ) |
| rahul_dahiya |
0:fb8047b156bb | 5502 | mbedtls_ssl_session_free( ssl->session_negotiate ); |
| rahul_dahiya |
0:fb8047b156bb | 5503 | if( ssl->handshake ) |
| rahul_dahiya |
0:fb8047b156bb | 5504 | mbedtls_ssl_handshake_free( ssl->handshake ); |
| rahul_dahiya |
0:fb8047b156bb | 5505 | |
| rahul_dahiya |
0:fb8047b156bb | 5506 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5507 | * Either the pointers are now NULL or cleared properly and can be freed. |
| rahul_dahiya |
0:fb8047b156bb | 5508 | * Now allocate missing structures. |
| rahul_dahiya |
0:fb8047b156bb | 5509 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5510 | if( ssl->transform_negotiate == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 5511 | { |
| rahul_dahiya |
0:fb8047b156bb | 5512 | ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) ); |
| rahul_dahiya |
0:fb8047b156bb | 5513 | } |
| rahul_dahiya |
0:fb8047b156bb | 5514 | |
| rahul_dahiya |
0:fb8047b156bb | 5515 | if( ssl->session_negotiate == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 5516 | { |
| rahul_dahiya |
0:fb8047b156bb | 5517 | ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) ); |
| rahul_dahiya |
0:fb8047b156bb | 5518 | } |
| rahul_dahiya |
0:fb8047b156bb | 5519 | |
| rahul_dahiya |
0:fb8047b156bb | 5520 | if( ssl->handshake == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 5521 | { |
| rahul_dahiya |
0:fb8047b156bb | 5522 | ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) ); |
| rahul_dahiya |
0:fb8047b156bb | 5523 | } |
| rahul_dahiya |
0:fb8047b156bb | 5524 | |
| rahul_dahiya |
0:fb8047b156bb | 5525 | /* All pointers should exist and can be directly freed without issue */ |
| rahul_dahiya |
0:fb8047b156bb | 5526 | if( ssl->handshake == NULL || |
| rahul_dahiya |
0:fb8047b156bb | 5527 | ssl->transform_negotiate == NULL || |
| rahul_dahiya |
0:fb8047b156bb | 5528 | ssl->session_negotiate == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 5529 | { |
| rahul_dahiya |
0:fb8047b156bb | 5530 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5531 | |
| rahul_dahiya |
0:fb8047b156bb | 5532 | mbedtls_free( ssl->handshake ); |
| rahul_dahiya |
0:fb8047b156bb | 5533 | mbedtls_free( ssl->transform_negotiate ); |
| rahul_dahiya |
0:fb8047b156bb | 5534 | mbedtls_free( ssl->session_negotiate ); |
| rahul_dahiya |
0:fb8047b156bb | 5535 | |
| rahul_dahiya |
0:fb8047b156bb | 5536 | ssl->handshake = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5537 | ssl->transform_negotiate = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5538 | ssl->session_negotiate = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5539 | |
| rahul_dahiya |
0:fb8047b156bb | 5540 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 5541 | } |
| rahul_dahiya |
0:fb8047b156bb | 5542 | |
| rahul_dahiya |
0:fb8047b156bb | 5543 | /* Initialize structures */ |
| rahul_dahiya |
0:fb8047b156bb | 5544 | mbedtls_ssl_session_init( ssl->session_negotiate ); |
| rahul_dahiya |
0:fb8047b156bb | 5545 | ssl_transform_init( ssl->transform_negotiate ); |
| rahul_dahiya |
0:fb8047b156bb | 5546 | ssl_handshake_params_init( ssl->handshake ); |
| rahul_dahiya |
0:fb8047b156bb | 5547 | |
| rahul_dahiya |
0:fb8047b156bb | 5548 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 5549 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 5550 | { |
| rahul_dahiya |
0:fb8047b156bb | 5551 | ssl->handshake->alt_transform_out = ssl->transform_out; |
| rahul_dahiya |
0:fb8047b156bb | 5552 | |
| rahul_dahiya |
0:fb8047b156bb | 5553 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| rahul_dahiya |
0:fb8047b156bb | 5554 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; |
| rahul_dahiya |
0:fb8047b156bb | 5555 | else |
| rahul_dahiya |
0:fb8047b156bb | 5556 | ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; |
| rahul_dahiya |
0:fb8047b156bb | 5557 | |
| rahul_dahiya |
0:fb8047b156bb | 5558 | ssl_set_timer( ssl, 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 5559 | } |
| rahul_dahiya |
0:fb8047b156bb | 5560 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5561 | |
| rahul_dahiya |
0:fb8047b156bb | 5562 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 5563 | } |
| rahul_dahiya |
0:fb8047b156bb | 5564 | |
| rahul_dahiya |
0:fb8047b156bb | 5565 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 5566 | /* Dummy cookie callbacks for defaults */ |
| rahul_dahiya |
0:fb8047b156bb | 5567 | static int ssl_cookie_write_dummy( void *ctx, |
| rahul_dahiya |
0:fb8047b156bb | 5568 | unsigned char **p, unsigned char *end, |
| rahul_dahiya |
0:fb8047b156bb | 5569 | const unsigned char *cli_id, size_t cli_id_len ) |
| rahul_dahiya |
0:fb8047b156bb | 5570 | { |
| rahul_dahiya |
0:fb8047b156bb | 5571 | ((void) ctx); |
| rahul_dahiya |
0:fb8047b156bb | 5572 | ((void) p); |
| rahul_dahiya |
0:fb8047b156bb | 5573 | ((void) end); |
| rahul_dahiya |
0:fb8047b156bb | 5574 | ((void) cli_id); |
| rahul_dahiya |
0:fb8047b156bb | 5575 | ((void) cli_id_len); |
| rahul_dahiya |
0:fb8047b156bb | 5576 | |
| rahul_dahiya |
0:fb8047b156bb | 5577 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
| rahul_dahiya |
0:fb8047b156bb | 5578 | } |
| rahul_dahiya |
0:fb8047b156bb | 5579 | |
| rahul_dahiya |
0:fb8047b156bb | 5580 | static int ssl_cookie_check_dummy( void *ctx, |
| rahul_dahiya |
0:fb8047b156bb | 5581 | const unsigned char *cookie, size_t cookie_len, |
| rahul_dahiya |
0:fb8047b156bb | 5582 | const unsigned char *cli_id, size_t cli_id_len ) |
| rahul_dahiya |
0:fb8047b156bb | 5583 | { |
| rahul_dahiya |
0:fb8047b156bb | 5584 | ((void) ctx); |
| rahul_dahiya |
0:fb8047b156bb | 5585 | ((void) cookie); |
| rahul_dahiya |
0:fb8047b156bb | 5586 | ((void) cookie_len); |
| rahul_dahiya |
0:fb8047b156bb | 5587 | ((void) cli_id); |
| rahul_dahiya |
0:fb8047b156bb | 5588 | ((void) cli_id_len); |
| rahul_dahiya |
0:fb8047b156bb | 5589 | |
| rahul_dahiya |
0:fb8047b156bb | 5590 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
| rahul_dahiya |
0:fb8047b156bb | 5591 | } |
| rahul_dahiya |
0:fb8047b156bb | 5592 | #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ |
| rahul_dahiya |
0:fb8047b156bb | 5593 | |
| rahul_dahiya |
0:fb8047b156bb | 5594 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5595 | * Initialize an SSL context |
| rahul_dahiya |
0:fb8047b156bb | 5596 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5597 | void mbedtls_ssl_init( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 5598 | { |
| rahul_dahiya |
0:fb8047b156bb | 5599 | memset( ssl, 0, sizeof( mbedtls_ssl_context ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5600 | } |
| rahul_dahiya |
0:fb8047b156bb | 5601 | |
| rahul_dahiya |
0:fb8047b156bb | 5602 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5603 | * Setup an SSL context |
| rahul_dahiya |
0:fb8047b156bb | 5604 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5605 | int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 5606 | const mbedtls_ssl_config *conf ) |
| rahul_dahiya |
0:fb8047b156bb | 5607 | { |
| rahul_dahiya |
0:fb8047b156bb | 5608 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 5609 | const size_t len = MBEDTLS_SSL_BUFFER_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 5610 | |
| rahul_dahiya |
0:fb8047b156bb | 5611 | ssl->conf = conf; |
| rahul_dahiya |
0:fb8047b156bb | 5612 | |
| rahul_dahiya |
0:fb8047b156bb | 5613 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5614 | * Prepare base structures |
| rahul_dahiya |
0:fb8047b156bb | 5615 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5616 | if( ( ssl-> in_buf = mbedtls_calloc( 1, len ) ) == NULL || |
| rahul_dahiya |
0:fb8047b156bb | 5617 | ( ssl->out_buf = mbedtls_calloc( 1, len ) ) == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 5618 | { |
| rahul_dahiya |
0:fb8047b156bb | 5619 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", len ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5620 | mbedtls_free( ssl->in_buf ); |
| rahul_dahiya |
0:fb8047b156bb | 5621 | ssl->in_buf = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5622 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 5623 | } |
| rahul_dahiya |
0:fb8047b156bb | 5624 | |
| rahul_dahiya |
0:fb8047b156bb | 5625 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 5626 | if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 5627 | { |
| rahul_dahiya |
0:fb8047b156bb | 5628 | ssl->out_hdr = ssl->out_buf; |
| rahul_dahiya |
0:fb8047b156bb | 5629 | ssl->out_ctr = ssl->out_buf + 3; |
| rahul_dahiya |
0:fb8047b156bb | 5630 | ssl->out_len = ssl->out_buf + 11; |
| rahul_dahiya |
0:fb8047b156bb | 5631 | ssl->out_iv = ssl->out_buf + 13; |
| rahul_dahiya |
0:fb8047b156bb | 5632 | ssl->out_msg = ssl->out_buf + 13; |
| rahul_dahiya |
0:fb8047b156bb | 5633 | |
| rahul_dahiya |
0:fb8047b156bb | 5634 | ssl->in_hdr = ssl->in_buf; |
| rahul_dahiya |
0:fb8047b156bb | 5635 | ssl->in_ctr = ssl->in_buf + 3; |
| rahul_dahiya |
0:fb8047b156bb | 5636 | ssl->in_len = ssl->in_buf + 11; |
| rahul_dahiya |
0:fb8047b156bb | 5637 | ssl->in_iv = ssl->in_buf + 13; |
| rahul_dahiya |
0:fb8047b156bb | 5638 | ssl->in_msg = ssl->in_buf + 13; |
| rahul_dahiya |
0:fb8047b156bb | 5639 | } |
| rahul_dahiya |
0:fb8047b156bb | 5640 | else |
| rahul_dahiya |
0:fb8047b156bb | 5641 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5642 | { |
| rahul_dahiya |
0:fb8047b156bb | 5643 | ssl->out_ctr = ssl->out_buf; |
| rahul_dahiya |
0:fb8047b156bb | 5644 | ssl->out_hdr = ssl->out_buf + 8; |
| rahul_dahiya |
0:fb8047b156bb | 5645 | ssl->out_len = ssl->out_buf + 11; |
| rahul_dahiya |
0:fb8047b156bb | 5646 | ssl->out_iv = ssl->out_buf + 13; |
| rahul_dahiya |
0:fb8047b156bb | 5647 | ssl->out_msg = ssl->out_buf + 13; |
| rahul_dahiya |
0:fb8047b156bb | 5648 | |
| rahul_dahiya |
0:fb8047b156bb | 5649 | ssl->in_ctr = ssl->in_buf; |
| rahul_dahiya |
0:fb8047b156bb | 5650 | ssl->in_hdr = ssl->in_buf + 8; |
| rahul_dahiya |
0:fb8047b156bb | 5651 | ssl->in_len = ssl->in_buf + 11; |
| rahul_dahiya |
0:fb8047b156bb | 5652 | ssl->in_iv = ssl->in_buf + 13; |
| rahul_dahiya |
0:fb8047b156bb | 5653 | ssl->in_msg = ssl->in_buf + 13; |
| rahul_dahiya |
0:fb8047b156bb | 5654 | } |
| rahul_dahiya |
0:fb8047b156bb | 5655 | |
| rahul_dahiya |
0:fb8047b156bb | 5656 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5657 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 5658 | |
| rahul_dahiya |
0:fb8047b156bb | 5659 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 5660 | } |
| rahul_dahiya |
0:fb8047b156bb | 5661 | |
| rahul_dahiya |
0:fb8047b156bb | 5662 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5663 | * Reset an initialized and used SSL context for re-use while retaining |
| rahul_dahiya |
0:fb8047b156bb | 5664 | * all application-set variables, function pointers and data. |
| rahul_dahiya |
0:fb8047b156bb | 5665 | * |
| rahul_dahiya |
0:fb8047b156bb | 5666 | * If partial is non-zero, keep data in the input buffer and client ID. |
| rahul_dahiya |
0:fb8047b156bb | 5667 | * (Use when a DTLS client reconnects from the same port.) |
| rahul_dahiya |
0:fb8047b156bb | 5668 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5669 | static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) |
| rahul_dahiya |
0:fb8047b156bb | 5670 | { |
| rahul_dahiya |
0:fb8047b156bb | 5671 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 5672 | |
| rahul_dahiya |
0:fb8047b156bb | 5673 | ssl->state = MBEDTLS_SSL_HELLO_REQUEST; |
| rahul_dahiya |
0:fb8047b156bb | 5674 | |
| rahul_dahiya |
0:fb8047b156bb | 5675 | /* Cancel any possibly running timer */ |
| rahul_dahiya |
0:fb8047b156bb | 5676 | ssl_set_timer( ssl, 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 5677 | |
| rahul_dahiya |
0:fb8047b156bb | 5678 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 5679 | ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; |
| rahul_dahiya |
0:fb8047b156bb | 5680 | ssl->renego_records_seen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5681 | |
| rahul_dahiya |
0:fb8047b156bb | 5682 | ssl->verify_data_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5683 | memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); |
| rahul_dahiya |
0:fb8047b156bb | 5684 | memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); |
| rahul_dahiya |
0:fb8047b156bb | 5685 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5686 | ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; |
| rahul_dahiya |
0:fb8047b156bb | 5687 | |
| rahul_dahiya |
0:fb8047b156bb | 5688 | ssl->in_offt = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5689 | |
| rahul_dahiya |
0:fb8047b156bb | 5690 | ssl->in_msg = ssl->in_buf + 13; |
| rahul_dahiya |
0:fb8047b156bb | 5691 | ssl->in_msgtype = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5692 | ssl->in_msglen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5693 | if( partial == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5694 | ssl->in_left = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5695 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 5696 | ssl->next_record_offset = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5697 | ssl->in_epoch = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5698 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5699 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| rahul_dahiya |
0:fb8047b156bb | 5700 | ssl_dtls_replay_reset( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 5701 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5702 | |
| rahul_dahiya |
0:fb8047b156bb | 5703 | ssl->in_hslen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5704 | ssl->nb_zero = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5705 | |
| rahul_dahiya |
0:fb8047b156bb | 5706 | ssl->keep_current_message = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5707 | |
| rahul_dahiya |
0:fb8047b156bb | 5708 | ssl->out_msg = ssl->out_buf + 13; |
| rahul_dahiya |
0:fb8047b156bb | 5709 | ssl->out_msgtype = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5710 | ssl->out_msglen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5711 | ssl->out_left = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5712 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
| rahul_dahiya |
0:fb8047b156bb | 5713 | if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ) |
| rahul_dahiya |
0:fb8047b156bb | 5714 | ssl->split_done = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5715 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5716 | |
| rahul_dahiya |
0:fb8047b156bb | 5717 | ssl->transform_in = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5718 | ssl->transform_out = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5719 | |
| rahul_dahiya |
0:fb8047b156bb | 5720 | memset( ssl->out_buf, 0, MBEDTLS_SSL_BUFFER_LEN ); |
| rahul_dahiya |
0:fb8047b156bb | 5721 | if( partial == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5722 | memset( ssl->in_buf, 0, MBEDTLS_SSL_BUFFER_LEN ); |
| rahul_dahiya |
0:fb8047b156bb | 5723 | |
| rahul_dahiya |
0:fb8047b156bb | 5724 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| rahul_dahiya |
0:fb8047b156bb | 5725 | if( mbedtls_ssl_hw_record_reset != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 5726 | { |
| rahul_dahiya |
0:fb8047b156bb | 5727 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_reset()" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5728 | if( ( ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5729 | { |
| rahul_dahiya |
0:fb8047b156bb | 5730 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_reset", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 5731 | return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 5732 | } |
| rahul_dahiya |
0:fb8047b156bb | 5733 | } |
| rahul_dahiya |
0:fb8047b156bb | 5734 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5735 | |
| rahul_dahiya |
0:fb8047b156bb | 5736 | if( ssl->transform ) |
| rahul_dahiya |
0:fb8047b156bb | 5737 | { |
| rahul_dahiya |
0:fb8047b156bb | 5738 | mbedtls_ssl_transform_free( ssl->transform ); |
| rahul_dahiya |
0:fb8047b156bb | 5739 | mbedtls_free( ssl->transform ); |
| rahul_dahiya |
0:fb8047b156bb | 5740 | ssl->transform = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5741 | } |
| rahul_dahiya |
0:fb8047b156bb | 5742 | |
| rahul_dahiya |
0:fb8047b156bb | 5743 | if( ssl->session ) |
| rahul_dahiya |
0:fb8047b156bb | 5744 | { |
| rahul_dahiya |
0:fb8047b156bb | 5745 | mbedtls_ssl_session_free( ssl->session ); |
| rahul_dahiya |
0:fb8047b156bb | 5746 | mbedtls_free( ssl->session ); |
| rahul_dahiya |
0:fb8047b156bb | 5747 | ssl->session = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5748 | } |
| rahul_dahiya |
0:fb8047b156bb | 5749 | |
| rahul_dahiya |
0:fb8047b156bb | 5750 | #if defined(MBEDTLS_SSL_ALPN) |
| rahul_dahiya |
0:fb8047b156bb | 5751 | ssl->alpn_chosen = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5752 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5753 | |
| rahul_dahiya |
0:fb8047b156bb | 5754 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 5755 | if( partial == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5756 | { |
| rahul_dahiya |
0:fb8047b156bb | 5757 | mbedtls_free( ssl->cli_id ); |
| rahul_dahiya |
0:fb8047b156bb | 5758 | ssl->cli_id = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5759 | ssl->cli_id_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 5760 | } |
| rahul_dahiya |
0:fb8047b156bb | 5761 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5762 | |
| rahul_dahiya |
0:fb8047b156bb | 5763 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5764 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 5765 | |
| rahul_dahiya |
0:fb8047b156bb | 5766 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 5767 | } |
| rahul_dahiya |
0:fb8047b156bb | 5768 | |
| rahul_dahiya |
0:fb8047b156bb | 5769 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5770 | * Reset an initialized and used SSL context for re-use while retaining |
| rahul_dahiya |
0:fb8047b156bb | 5771 | * all application-set variables, function pointers and data. |
| rahul_dahiya |
0:fb8047b156bb | 5772 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5773 | int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 5774 | { |
| rahul_dahiya |
0:fb8047b156bb | 5775 | return( ssl_session_reset_int( ssl, 0 ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5776 | } |
| rahul_dahiya |
0:fb8047b156bb | 5777 | |
| rahul_dahiya |
0:fb8047b156bb | 5778 | /* |
| rahul_dahiya |
0:fb8047b156bb | 5779 | * SSL set accessors |
| rahul_dahiya |
0:fb8047b156bb | 5780 | */ |
| rahul_dahiya |
0:fb8047b156bb | 5781 | void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ) |
| rahul_dahiya |
0:fb8047b156bb | 5782 | { |
| rahul_dahiya |
0:fb8047b156bb | 5783 | conf->endpoint = endpoint; |
| rahul_dahiya |
0:fb8047b156bb | 5784 | } |
| rahul_dahiya |
0:fb8047b156bb | 5785 | |
| rahul_dahiya |
0:fb8047b156bb | 5786 | void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ) |
| rahul_dahiya |
0:fb8047b156bb | 5787 | { |
| rahul_dahiya |
0:fb8047b156bb | 5788 | conf->transport = transport; |
| rahul_dahiya |
0:fb8047b156bb | 5789 | } |
| rahul_dahiya |
0:fb8047b156bb | 5790 | |
| rahul_dahiya |
0:fb8047b156bb | 5791 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| rahul_dahiya |
0:fb8047b156bb | 5792 | void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ) |
| rahul_dahiya |
0:fb8047b156bb | 5793 | { |
| rahul_dahiya |
0:fb8047b156bb | 5794 | conf->anti_replay = mode; |
| rahul_dahiya |
0:fb8047b156bb | 5795 | } |
| rahul_dahiya |
0:fb8047b156bb | 5796 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5797 | |
| rahul_dahiya |
0:fb8047b156bb | 5798 | #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) |
| rahul_dahiya |
0:fb8047b156bb | 5799 | void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ) |
| rahul_dahiya |
0:fb8047b156bb | 5800 | { |
| rahul_dahiya |
0:fb8047b156bb | 5801 | conf->badmac_limit = limit; |
| rahul_dahiya |
0:fb8047b156bb | 5802 | } |
| rahul_dahiya |
0:fb8047b156bb | 5803 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5804 | |
| rahul_dahiya |
0:fb8047b156bb | 5805 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 5806 | void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ) |
| rahul_dahiya |
0:fb8047b156bb | 5807 | { |
| rahul_dahiya |
0:fb8047b156bb | 5808 | conf->hs_timeout_min = min; |
| rahul_dahiya |
0:fb8047b156bb | 5809 | conf->hs_timeout_max = max; |
| rahul_dahiya |
0:fb8047b156bb | 5810 | } |
| rahul_dahiya |
0:fb8047b156bb | 5811 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 5812 | |
| rahul_dahiya |
0:fb8047b156bb | 5813 | void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ) |
| rahul_dahiya |
0:fb8047b156bb | 5814 | { |
| rahul_dahiya |
0:fb8047b156bb | 5815 | conf->authmode = authmode; |
| rahul_dahiya |
0:fb8047b156bb | 5816 | } |
| rahul_dahiya |
0:fb8047b156bb | 5817 | |
| rahul_dahiya |
0:fb8047b156bb | 5818 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| rahul_dahiya |
0:fb8047b156bb | 5819 | void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 5820 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
| rahul_dahiya |
0:fb8047b156bb | 5821 | void *p_vrfy ) |
| rahul_dahiya |
0:fb8047b156bb | 5822 | { |
| rahul_dahiya |
0:fb8047b156bb | 5823 | conf->f_vrfy = f_vrfy; |
| rahul_dahiya |
0:fb8047b156bb | 5824 | conf->p_vrfy = p_vrfy; |
| rahul_dahiya |
0:fb8047b156bb | 5825 | } |
| rahul_dahiya |
0:fb8047b156bb | 5826 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| rahul_dahiya |
0:fb8047b156bb | 5827 | |
| rahul_dahiya |
0:fb8047b156bb | 5828 | void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 5829 | int (*f_rng)(void *, unsigned char *, size_t), |
| rahul_dahiya |
0:fb8047b156bb | 5830 | void *p_rng ) |
| rahul_dahiya |
0:fb8047b156bb | 5831 | { |
| rahul_dahiya |
0:fb8047b156bb | 5832 | conf->f_rng = f_rng; |
| rahul_dahiya |
0:fb8047b156bb | 5833 | conf->p_rng = p_rng; |
| rahul_dahiya |
0:fb8047b156bb | 5834 | } |
| rahul_dahiya |
0:fb8047b156bb | 5835 | |
| rahul_dahiya |
0:fb8047b156bb | 5836 | void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 5837 | void (*f_dbg)(void *, int, const char *, int, const char *), |
| rahul_dahiya |
0:fb8047b156bb | 5838 | void *p_dbg ) |
| rahul_dahiya |
0:fb8047b156bb | 5839 | { |
| rahul_dahiya |
0:fb8047b156bb | 5840 | conf->f_dbg = f_dbg; |
| rahul_dahiya |
0:fb8047b156bb | 5841 | conf->p_dbg = p_dbg; |
| rahul_dahiya |
0:fb8047b156bb | 5842 | } |
| rahul_dahiya |
0:fb8047b156bb | 5843 | |
| rahul_dahiya |
0:fb8047b156bb | 5844 | void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 5845 | void *p_bio, |
| rahul_dahiya |
0:fb8047b156bb | 5846 | mbedtls_ssl_send_t *f_send, |
| rahul_dahiya |
0:fb8047b156bb | 5847 | mbedtls_ssl_recv_t *f_recv, |
| rahul_dahiya |
0:fb8047b156bb | 5848 | mbedtls_ssl_recv_timeout_t *f_recv_timeout ) |
| rahul_dahiya |
0:fb8047b156bb | 5849 | { |
| rahul_dahiya |
0:fb8047b156bb | 5850 | ssl->p_bio = p_bio; |
| rahul_dahiya |
0:fb8047b156bb | 5851 | ssl->f_send = f_send; |
| rahul_dahiya |
0:fb8047b156bb | 5852 | ssl->f_recv = f_recv; |
| rahul_dahiya |
0:fb8047b156bb | 5853 | ssl->f_recv_timeout = f_recv_timeout; |
| rahul_dahiya |
0:fb8047b156bb | 5854 | } |
| rahul_dahiya |
0:fb8047b156bb | 5855 | |
| rahul_dahiya |
0:fb8047b156bb | 5856 | void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) |
| rahul_dahiya |
0:fb8047b156bb | 5857 | { |
| rahul_dahiya |
0:fb8047b156bb | 5858 | conf->read_timeout = timeout; |
| rahul_dahiya |
0:fb8047b156bb | 5859 | } |
| rahul_dahiya |
0:fb8047b156bb | 5860 | |
| rahul_dahiya |
0:fb8047b156bb | 5861 | void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 5862 | void *p_timer, |
| rahul_dahiya |
0:fb8047b156bb | 5863 | mbedtls_ssl_set_timer_t *f_set_timer, |
| rahul_dahiya |
0:fb8047b156bb | 5864 | mbedtls_ssl_get_timer_t *f_get_timer ) |
| rahul_dahiya |
0:fb8047b156bb | 5865 | { |
| rahul_dahiya |
0:fb8047b156bb | 5866 | ssl->p_timer = p_timer; |
| rahul_dahiya |
0:fb8047b156bb | 5867 | ssl->f_set_timer = f_set_timer; |
| rahul_dahiya |
0:fb8047b156bb | 5868 | ssl->f_get_timer = f_get_timer; |
| rahul_dahiya |
0:fb8047b156bb | 5869 | |
| rahul_dahiya |
0:fb8047b156bb | 5870 | /* Make sure we start with no timer running */ |
| rahul_dahiya |
0:fb8047b156bb | 5871 | ssl_set_timer( ssl, 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 5872 | } |
| rahul_dahiya |
0:fb8047b156bb | 5873 | |
| rahul_dahiya |
0:fb8047b156bb | 5874 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 5875 | void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 5876 | void *p_cache, |
| rahul_dahiya |
0:fb8047b156bb | 5877 | int (*f_get_cache)(void *, mbedtls_ssl_session *), |
| rahul_dahiya |
0:fb8047b156bb | 5878 | int (*f_set_cache)(void *, const mbedtls_ssl_session *) ) |
| rahul_dahiya |
0:fb8047b156bb | 5879 | { |
| rahul_dahiya |
0:fb8047b156bb | 5880 | conf->p_cache = p_cache; |
| rahul_dahiya |
0:fb8047b156bb | 5881 | conf->f_get_cache = f_get_cache; |
| rahul_dahiya |
0:fb8047b156bb | 5882 | conf->f_set_cache = f_set_cache; |
| rahul_dahiya |
0:fb8047b156bb | 5883 | } |
| rahul_dahiya |
0:fb8047b156bb | 5884 | #endif /* MBEDTLS_SSL_SRV_C */ |
| rahul_dahiya |
0:fb8047b156bb | 5885 | |
| rahul_dahiya |
0:fb8047b156bb | 5886 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 5887 | int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ) |
| rahul_dahiya |
0:fb8047b156bb | 5888 | { |
| rahul_dahiya |
0:fb8047b156bb | 5889 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 5890 | |
| rahul_dahiya |
0:fb8047b156bb | 5891 | if( ssl == NULL || |
| rahul_dahiya |
0:fb8047b156bb | 5892 | session == NULL || |
| rahul_dahiya |
0:fb8047b156bb | 5893 | ssl->session_negotiate == NULL || |
| rahul_dahiya |
0:fb8047b156bb | 5894 | ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) |
| rahul_dahiya |
0:fb8047b156bb | 5895 | { |
| rahul_dahiya |
0:fb8047b156bb | 5896 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 5897 | } |
| rahul_dahiya |
0:fb8047b156bb | 5898 | |
| rahul_dahiya |
0:fb8047b156bb | 5899 | if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 5900 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 5901 | |
| rahul_dahiya |
0:fb8047b156bb | 5902 | ssl->handshake->resume = 1; |
| rahul_dahiya |
0:fb8047b156bb | 5903 | |
| rahul_dahiya |
0:fb8047b156bb | 5904 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 5905 | } |
| rahul_dahiya |
0:fb8047b156bb | 5906 | #endif /* MBEDTLS_SSL_CLI_C */ |
| rahul_dahiya |
0:fb8047b156bb | 5907 | |
| rahul_dahiya |
0:fb8047b156bb | 5908 | void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 5909 | const int *ciphersuites ) |
| rahul_dahiya |
0:fb8047b156bb | 5910 | { |
| rahul_dahiya |
0:fb8047b156bb | 5911 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites; |
| rahul_dahiya |
0:fb8047b156bb | 5912 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites; |
| rahul_dahiya |
0:fb8047b156bb | 5913 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites; |
| rahul_dahiya |
0:fb8047b156bb | 5914 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites; |
| rahul_dahiya |
0:fb8047b156bb | 5915 | } |
| rahul_dahiya |
0:fb8047b156bb | 5916 | |
| rahul_dahiya |
0:fb8047b156bb | 5917 | void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 5918 | const int *ciphersuites, |
| rahul_dahiya |
0:fb8047b156bb | 5919 | int major, int minor ) |
| rahul_dahiya |
0:fb8047b156bb | 5920 | { |
| rahul_dahiya |
0:fb8047b156bb | 5921 | if( major != MBEDTLS_SSL_MAJOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 5922 | return; |
| rahul_dahiya |
0:fb8047b156bb | 5923 | |
| rahul_dahiya |
0:fb8047b156bb | 5924 | if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 5925 | return; |
| rahul_dahiya |
0:fb8047b156bb | 5926 | |
| rahul_dahiya |
0:fb8047b156bb | 5927 | conf->ciphersuite_list[minor] = ciphersuites; |
| rahul_dahiya |
0:fb8047b156bb | 5928 | } |
| rahul_dahiya |
0:fb8047b156bb | 5929 | |
| rahul_dahiya |
0:fb8047b156bb | 5930 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| rahul_dahiya |
0:fb8047b156bb | 5931 | void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 5932 | const mbedtls_x509_crt_profile *profile ) |
| rahul_dahiya |
0:fb8047b156bb | 5933 | { |
| rahul_dahiya |
0:fb8047b156bb | 5934 | conf->cert_profile = profile; |
| rahul_dahiya |
0:fb8047b156bb | 5935 | } |
| rahul_dahiya |
0:fb8047b156bb | 5936 | |
| rahul_dahiya |
0:fb8047b156bb | 5937 | /* Append a new keycert entry to a (possibly empty) list */ |
| rahul_dahiya |
0:fb8047b156bb | 5938 | static int ssl_append_key_cert( mbedtls_ssl_key_cert **head, |
| rahul_dahiya |
0:fb8047b156bb | 5939 | mbedtls_x509_crt *cert, |
| rahul_dahiya |
0:fb8047b156bb | 5940 | mbedtls_pk_context *key ) |
| rahul_dahiya |
0:fb8047b156bb | 5941 | { |
| rahul_dahiya |
0:fb8047b156bb | 5942 | mbedtls_ssl_key_cert *new; |
| rahul_dahiya |
0:fb8047b156bb | 5943 | |
| rahul_dahiya |
0:fb8047b156bb | 5944 | new = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5945 | if( new == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 5946 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 5947 | |
| rahul_dahiya |
0:fb8047b156bb | 5948 | new->cert = cert; |
| rahul_dahiya |
0:fb8047b156bb | 5949 | new->key = key; |
| rahul_dahiya |
0:fb8047b156bb | 5950 | new->next = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 5951 | |
| rahul_dahiya |
0:fb8047b156bb | 5952 | /* Update head is the list was null, else add to the end */ |
| rahul_dahiya |
0:fb8047b156bb | 5953 | if( *head == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 5954 | { |
| rahul_dahiya |
0:fb8047b156bb | 5955 | *head = new; |
| rahul_dahiya |
0:fb8047b156bb | 5956 | } |
| rahul_dahiya |
0:fb8047b156bb | 5957 | else |
| rahul_dahiya |
0:fb8047b156bb | 5958 | { |
| rahul_dahiya |
0:fb8047b156bb | 5959 | mbedtls_ssl_key_cert *cur = *head; |
| rahul_dahiya |
0:fb8047b156bb | 5960 | while( cur->next != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 5961 | cur = cur->next; |
| rahul_dahiya |
0:fb8047b156bb | 5962 | cur->next = new; |
| rahul_dahiya |
0:fb8047b156bb | 5963 | } |
| rahul_dahiya |
0:fb8047b156bb | 5964 | |
| rahul_dahiya |
0:fb8047b156bb | 5965 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 5966 | } |
| rahul_dahiya |
0:fb8047b156bb | 5967 | |
| rahul_dahiya |
0:fb8047b156bb | 5968 | int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 5969 | mbedtls_x509_crt *own_cert, |
| rahul_dahiya |
0:fb8047b156bb | 5970 | mbedtls_pk_context *pk_key ) |
| rahul_dahiya |
0:fb8047b156bb | 5971 | { |
| rahul_dahiya |
0:fb8047b156bb | 5972 | return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5973 | } |
| rahul_dahiya |
0:fb8047b156bb | 5974 | |
| rahul_dahiya |
0:fb8047b156bb | 5975 | void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 5976 | mbedtls_x509_crt *ca_chain, |
| rahul_dahiya |
0:fb8047b156bb | 5977 | mbedtls_x509_crl *ca_crl ) |
| rahul_dahiya |
0:fb8047b156bb | 5978 | { |
| rahul_dahiya |
0:fb8047b156bb | 5979 | conf->ca_chain = ca_chain; |
| rahul_dahiya |
0:fb8047b156bb | 5980 | conf->ca_crl = ca_crl; |
| rahul_dahiya |
0:fb8047b156bb | 5981 | } |
| rahul_dahiya |
0:fb8047b156bb | 5982 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| rahul_dahiya |
0:fb8047b156bb | 5983 | |
| rahul_dahiya |
0:fb8047b156bb | 5984 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| rahul_dahiya |
0:fb8047b156bb | 5985 | int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 5986 | mbedtls_x509_crt *own_cert, |
| rahul_dahiya |
0:fb8047b156bb | 5987 | mbedtls_pk_context *pk_key ) |
| rahul_dahiya |
0:fb8047b156bb | 5988 | { |
| rahul_dahiya |
0:fb8047b156bb | 5989 | return( ssl_append_key_cert( &ssl->handshake->sni_key_cert, |
| rahul_dahiya |
0:fb8047b156bb | 5990 | own_cert, pk_key ) ); |
| rahul_dahiya |
0:fb8047b156bb | 5991 | } |
| rahul_dahiya |
0:fb8047b156bb | 5992 | |
| rahul_dahiya |
0:fb8047b156bb | 5993 | void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 5994 | mbedtls_x509_crt *ca_chain, |
| rahul_dahiya |
0:fb8047b156bb | 5995 | mbedtls_x509_crl *ca_crl ) |
| rahul_dahiya |
0:fb8047b156bb | 5996 | { |
| rahul_dahiya |
0:fb8047b156bb | 5997 | ssl->handshake->sni_ca_chain = ca_chain; |
| rahul_dahiya |
0:fb8047b156bb | 5998 | ssl->handshake->sni_ca_crl = ca_crl; |
| rahul_dahiya |
0:fb8047b156bb | 5999 | } |
| rahul_dahiya |
0:fb8047b156bb | 6000 | |
| rahul_dahiya |
0:fb8047b156bb | 6001 | void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 6002 | int authmode ) |
| rahul_dahiya |
0:fb8047b156bb | 6003 | { |
| rahul_dahiya |
0:fb8047b156bb | 6004 | ssl->handshake->sni_authmode = authmode; |
| rahul_dahiya |
0:fb8047b156bb | 6005 | } |
| rahul_dahiya |
0:fb8047b156bb | 6006 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
| rahul_dahiya |
0:fb8047b156bb | 6007 | |
| rahul_dahiya |
0:fb8047b156bb | 6008 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 6009 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6010 | * Set EC J-PAKE password for current handshake |
| rahul_dahiya |
0:fb8047b156bb | 6011 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6012 | int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 6013 | const unsigned char *pw, |
| rahul_dahiya |
0:fb8047b156bb | 6014 | size_t pw_len ) |
| rahul_dahiya |
0:fb8047b156bb | 6015 | { |
| rahul_dahiya |
0:fb8047b156bb | 6016 | mbedtls_ecjpake_role role; |
| rahul_dahiya |
0:fb8047b156bb | 6017 | |
| rahul_dahiya |
0:fb8047b156bb | 6018 | if( ssl->handshake == NULL || ssl->conf == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6019 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6020 | |
| rahul_dahiya |
0:fb8047b156bb | 6021 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| rahul_dahiya |
0:fb8047b156bb | 6022 | role = MBEDTLS_ECJPAKE_SERVER; |
| rahul_dahiya |
0:fb8047b156bb | 6023 | else |
| rahul_dahiya |
0:fb8047b156bb | 6024 | role = MBEDTLS_ECJPAKE_CLIENT; |
| rahul_dahiya |
0:fb8047b156bb | 6025 | |
| rahul_dahiya |
0:fb8047b156bb | 6026 | return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx, |
| rahul_dahiya |
0:fb8047b156bb | 6027 | role, |
| rahul_dahiya |
0:fb8047b156bb | 6028 | MBEDTLS_MD_SHA256, |
| rahul_dahiya |
0:fb8047b156bb | 6029 | MBEDTLS_ECP_DP_SECP256R1, |
| rahul_dahiya |
0:fb8047b156bb | 6030 | pw, pw_len ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6031 | } |
| rahul_dahiya |
0:fb8047b156bb | 6032 | #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 6033 | |
| rahul_dahiya |
0:fb8047b156bb | 6034 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 6035 | int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 6036 | const unsigned char *psk, size_t psk_len, |
| rahul_dahiya |
0:fb8047b156bb | 6037 | const unsigned char *psk_identity, size_t psk_identity_len ) |
| rahul_dahiya |
0:fb8047b156bb | 6038 | { |
| rahul_dahiya |
0:fb8047b156bb | 6039 | if( psk == NULL || psk_identity == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6040 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6041 | |
| rahul_dahiya |
0:fb8047b156bb | 6042 | if( psk_len > MBEDTLS_PSK_MAX_LEN ) |
| rahul_dahiya |
0:fb8047b156bb | 6043 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6044 | |
| rahul_dahiya |
0:fb8047b156bb | 6045 | /* Identity len will be encoded on two bytes */ |
| rahul_dahiya |
0:fb8047b156bb | 6046 | if( ( psk_identity_len >> 16 ) != 0 || |
| rahul_dahiya |
0:fb8047b156bb | 6047 | psk_identity_len > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
| rahul_dahiya |
0:fb8047b156bb | 6048 | { |
| rahul_dahiya |
0:fb8047b156bb | 6049 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6050 | } |
| rahul_dahiya |
0:fb8047b156bb | 6051 | |
| rahul_dahiya |
0:fb8047b156bb | 6052 | if( conf->psk != NULL || conf->psk_identity != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6053 | { |
| rahul_dahiya |
0:fb8047b156bb | 6054 | mbedtls_free( conf->psk ); |
| rahul_dahiya |
0:fb8047b156bb | 6055 | mbedtls_free( conf->psk_identity ); |
| rahul_dahiya |
0:fb8047b156bb | 6056 | conf->psk = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 6057 | conf->psk_identity = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 6058 | } |
| rahul_dahiya |
0:fb8047b156bb | 6059 | |
| rahul_dahiya |
0:fb8047b156bb | 6060 | if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL || |
| rahul_dahiya |
0:fb8047b156bb | 6061 | ( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6062 | { |
| rahul_dahiya |
0:fb8047b156bb | 6063 | mbedtls_free( conf->psk ); |
| rahul_dahiya |
0:fb8047b156bb | 6064 | mbedtls_free( conf->psk_identity ); |
| rahul_dahiya |
0:fb8047b156bb | 6065 | conf->psk = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 6066 | conf->psk_identity = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 6067 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 6068 | } |
| rahul_dahiya |
0:fb8047b156bb | 6069 | |
| rahul_dahiya |
0:fb8047b156bb | 6070 | conf->psk_len = psk_len; |
| rahul_dahiya |
0:fb8047b156bb | 6071 | conf->psk_identity_len = psk_identity_len; |
| rahul_dahiya |
0:fb8047b156bb | 6072 | |
| rahul_dahiya |
0:fb8047b156bb | 6073 | memcpy( conf->psk, psk, conf->psk_len ); |
| rahul_dahiya |
0:fb8047b156bb | 6074 | memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len ); |
| rahul_dahiya |
0:fb8047b156bb | 6075 | |
| rahul_dahiya |
0:fb8047b156bb | 6076 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 6077 | } |
| rahul_dahiya |
0:fb8047b156bb | 6078 | |
| rahul_dahiya |
0:fb8047b156bb | 6079 | int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 6080 | const unsigned char *psk, size_t psk_len ) |
| rahul_dahiya |
0:fb8047b156bb | 6081 | { |
| rahul_dahiya |
0:fb8047b156bb | 6082 | if( psk == NULL || ssl->handshake == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6083 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6084 | |
| rahul_dahiya |
0:fb8047b156bb | 6085 | if( psk_len > MBEDTLS_PSK_MAX_LEN ) |
| rahul_dahiya |
0:fb8047b156bb | 6086 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6087 | |
| rahul_dahiya |
0:fb8047b156bb | 6088 | if( ssl->handshake->psk != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6089 | mbedtls_free( ssl->handshake->psk ); |
| rahul_dahiya |
0:fb8047b156bb | 6090 | |
| rahul_dahiya |
0:fb8047b156bb | 6091 | if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6092 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 6093 | |
| rahul_dahiya |
0:fb8047b156bb | 6094 | ssl->handshake->psk_len = psk_len; |
| rahul_dahiya |
0:fb8047b156bb | 6095 | memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len ); |
| rahul_dahiya |
0:fb8047b156bb | 6096 | |
| rahul_dahiya |
0:fb8047b156bb | 6097 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 6098 | } |
| rahul_dahiya |
0:fb8047b156bb | 6099 | |
| rahul_dahiya |
0:fb8047b156bb | 6100 | void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 6101 | int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, |
| rahul_dahiya |
0:fb8047b156bb | 6102 | size_t), |
| rahul_dahiya |
0:fb8047b156bb | 6103 | void *p_psk ) |
| rahul_dahiya |
0:fb8047b156bb | 6104 | { |
| rahul_dahiya |
0:fb8047b156bb | 6105 | conf->f_psk = f_psk; |
| rahul_dahiya |
0:fb8047b156bb | 6106 | conf->p_psk = p_psk; |
| rahul_dahiya |
0:fb8047b156bb | 6107 | } |
| rahul_dahiya |
0:fb8047b156bb | 6108 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 6109 | |
| rahul_dahiya |
0:fb8047b156bb | 6110 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 6111 | int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ) |
| rahul_dahiya |
0:fb8047b156bb | 6112 | { |
| rahul_dahiya |
0:fb8047b156bb | 6113 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 6114 | |
| rahul_dahiya |
0:fb8047b156bb | 6115 | if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 || |
| rahul_dahiya |
0:fb8047b156bb | 6116 | ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6117 | { |
| rahul_dahiya |
0:fb8047b156bb | 6118 | mbedtls_mpi_free( &conf->dhm_P ); |
| rahul_dahiya |
0:fb8047b156bb | 6119 | mbedtls_mpi_free( &conf->dhm_G ); |
| rahul_dahiya |
0:fb8047b156bb | 6120 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6121 | } |
| rahul_dahiya |
0:fb8047b156bb | 6122 | |
| rahul_dahiya |
0:fb8047b156bb | 6123 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 6124 | } |
| rahul_dahiya |
0:fb8047b156bb | 6125 | |
| rahul_dahiya |
0:fb8047b156bb | 6126 | int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ) |
| rahul_dahiya |
0:fb8047b156bb | 6127 | { |
| rahul_dahiya |
0:fb8047b156bb | 6128 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 6129 | |
| rahul_dahiya |
0:fb8047b156bb | 6130 | if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 || |
| rahul_dahiya |
0:fb8047b156bb | 6131 | ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6132 | { |
| rahul_dahiya |
0:fb8047b156bb | 6133 | mbedtls_mpi_free( &conf->dhm_P ); |
| rahul_dahiya |
0:fb8047b156bb | 6134 | mbedtls_mpi_free( &conf->dhm_G ); |
| rahul_dahiya |
0:fb8047b156bb | 6135 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6136 | } |
| rahul_dahiya |
0:fb8047b156bb | 6137 | |
| rahul_dahiya |
0:fb8047b156bb | 6138 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 6139 | } |
| rahul_dahiya |
0:fb8047b156bb | 6140 | #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */ |
| rahul_dahiya |
0:fb8047b156bb | 6141 | |
| rahul_dahiya |
0:fb8047b156bb | 6142 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 6143 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6144 | * Set the minimum length for Diffie-Hellman parameters |
| rahul_dahiya |
0:fb8047b156bb | 6145 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6146 | void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 6147 | unsigned int bitlen ) |
| rahul_dahiya |
0:fb8047b156bb | 6148 | { |
| rahul_dahiya |
0:fb8047b156bb | 6149 | conf->dhm_min_bitlen = bitlen; |
| rahul_dahiya |
0:fb8047b156bb | 6150 | } |
| rahul_dahiya |
0:fb8047b156bb | 6151 | #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ |
| rahul_dahiya |
0:fb8047b156bb | 6152 | |
| rahul_dahiya |
0:fb8047b156bb | 6153 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 6154 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6155 | * Set allowed/preferred hashes for handshake signatures |
| rahul_dahiya |
0:fb8047b156bb | 6156 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6157 | void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 6158 | const int *hashes ) |
| rahul_dahiya |
0:fb8047b156bb | 6159 | { |
| rahul_dahiya |
0:fb8047b156bb | 6160 | conf->sig_hashes = hashes; |
| rahul_dahiya |
0:fb8047b156bb | 6161 | } |
| rahul_dahiya |
0:fb8047b156bb | 6162 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6163 | |
| rahul_dahiya |
0:fb8047b156bb | 6164 | #if defined(MBEDTLS_ECP_C) |
| rahul_dahiya |
0:fb8047b156bb | 6165 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6166 | * Set the allowed elliptic curves |
| rahul_dahiya |
0:fb8047b156bb | 6167 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6168 | void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 6169 | const mbedtls_ecp_group_id *curve_list ) |
| rahul_dahiya |
0:fb8047b156bb | 6170 | { |
| rahul_dahiya |
0:fb8047b156bb | 6171 | conf->curve_list = curve_list; |
| rahul_dahiya |
0:fb8047b156bb | 6172 | } |
| rahul_dahiya |
0:fb8047b156bb | 6173 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6174 | |
| rahul_dahiya |
0:fb8047b156bb | 6175 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| rahul_dahiya |
0:fb8047b156bb | 6176 | int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) |
| rahul_dahiya |
0:fb8047b156bb | 6177 | { |
| rahul_dahiya |
0:fb8047b156bb | 6178 | size_t hostname_len; |
| rahul_dahiya |
0:fb8047b156bb | 6179 | |
| rahul_dahiya |
0:fb8047b156bb | 6180 | if( hostname == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6181 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6182 | |
| rahul_dahiya |
0:fb8047b156bb | 6183 | hostname_len = strlen( hostname ); |
| rahul_dahiya |
0:fb8047b156bb | 6184 | |
| rahul_dahiya |
0:fb8047b156bb | 6185 | if( hostname_len + 1 == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6186 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6187 | |
| rahul_dahiya |
0:fb8047b156bb | 6188 | if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) |
| rahul_dahiya |
0:fb8047b156bb | 6189 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6190 | |
| rahul_dahiya |
0:fb8047b156bb | 6191 | ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); |
| rahul_dahiya |
0:fb8047b156bb | 6192 | |
| rahul_dahiya |
0:fb8047b156bb | 6193 | if( ssl->hostname == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6194 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 6195 | |
| rahul_dahiya |
0:fb8047b156bb | 6196 | memcpy( ssl->hostname, hostname, hostname_len ); |
| rahul_dahiya |
0:fb8047b156bb | 6197 | |
| rahul_dahiya |
0:fb8047b156bb | 6198 | ssl->hostname[hostname_len] = '\0'; |
| rahul_dahiya |
0:fb8047b156bb | 6199 | |
| rahul_dahiya |
0:fb8047b156bb | 6200 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 6201 | } |
| rahul_dahiya |
0:fb8047b156bb | 6202 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6203 | |
| rahul_dahiya |
0:fb8047b156bb | 6204 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| rahul_dahiya |
0:fb8047b156bb | 6205 | void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 6206 | int (*f_sni)(void *, mbedtls_ssl_context *, |
| rahul_dahiya |
0:fb8047b156bb | 6207 | const unsigned char *, size_t), |
| rahul_dahiya |
0:fb8047b156bb | 6208 | void *p_sni ) |
| rahul_dahiya |
0:fb8047b156bb | 6209 | { |
| rahul_dahiya |
0:fb8047b156bb | 6210 | conf->f_sni = f_sni; |
| rahul_dahiya |
0:fb8047b156bb | 6211 | conf->p_sni = p_sni; |
| rahul_dahiya |
0:fb8047b156bb | 6212 | } |
| rahul_dahiya |
0:fb8047b156bb | 6213 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
| rahul_dahiya |
0:fb8047b156bb | 6214 | |
| rahul_dahiya |
0:fb8047b156bb | 6215 | #if defined(MBEDTLS_SSL_ALPN) |
| rahul_dahiya |
0:fb8047b156bb | 6216 | int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ) |
| rahul_dahiya |
0:fb8047b156bb | 6217 | { |
| rahul_dahiya |
0:fb8047b156bb | 6218 | size_t cur_len, tot_len; |
| rahul_dahiya |
0:fb8047b156bb | 6219 | const char **p; |
| rahul_dahiya |
0:fb8047b156bb | 6220 | |
| rahul_dahiya |
0:fb8047b156bb | 6221 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6222 | * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings |
| rahul_dahiya |
0:fb8047b156bb | 6223 | * MUST NOT be truncated." |
| rahul_dahiya |
0:fb8047b156bb | 6224 | * We check lengths now rather than later. |
| rahul_dahiya |
0:fb8047b156bb | 6225 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6226 | tot_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 6227 | for( p = protos; *p != NULL; p++ ) |
| rahul_dahiya |
0:fb8047b156bb | 6228 | { |
| rahul_dahiya |
0:fb8047b156bb | 6229 | cur_len = strlen( *p ); |
| rahul_dahiya |
0:fb8047b156bb | 6230 | tot_len += cur_len; |
| rahul_dahiya |
0:fb8047b156bb | 6231 | |
| rahul_dahiya |
0:fb8047b156bb | 6232 | if( cur_len == 0 || cur_len > 255 || tot_len > 65535 ) |
| rahul_dahiya |
0:fb8047b156bb | 6233 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6234 | } |
| rahul_dahiya |
0:fb8047b156bb | 6235 | |
| rahul_dahiya |
0:fb8047b156bb | 6236 | conf->alpn_list = protos; |
| rahul_dahiya |
0:fb8047b156bb | 6237 | |
| rahul_dahiya |
0:fb8047b156bb | 6238 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 6239 | } |
| rahul_dahiya |
0:fb8047b156bb | 6240 | |
| rahul_dahiya |
0:fb8047b156bb | 6241 | const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6242 | { |
| rahul_dahiya |
0:fb8047b156bb | 6243 | return( ssl->alpn_chosen ); |
| rahul_dahiya |
0:fb8047b156bb | 6244 | } |
| rahul_dahiya |
0:fb8047b156bb | 6245 | #endif /* MBEDTLS_SSL_ALPN */ |
| rahul_dahiya |
0:fb8047b156bb | 6246 | |
| rahul_dahiya |
0:fb8047b156bb | 6247 | void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) |
| rahul_dahiya |
0:fb8047b156bb | 6248 | { |
| rahul_dahiya |
0:fb8047b156bb | 6249 | conf->max_major_ver = major; |
| rahul_dahiya |
0:fb8047b156bb | 6250 | conf->max_minor_ver = minor; |
| rahul_dahiya |
0:fb8047b156bb | 6251 | } |
| rahul_dahiya |
0:fb8047b156bb | 6252 | |
| rahul_dahiya |
0:fb8047b156bb | 6253 | void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ) |
| rahul_dahiya |
0:fb8047b156bb | 6254 | { |
| rahul_dahiya |
0:fb8047b156bb | 6255 | conf->min_major_ver = major; |
| rahul_dahiya |
0:fb8047b156bb | 6256 | conf->min_minor_ver = minor; |
| rahul_dahiya |
0:fb8047b156bb | 6257 | } |
| rahul_dahiya |
0:fb8047b156bb | 6258 | |
| rahul_dahiya |
0:fb8047b156bb | 6259 | #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 6260 | void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ) |
| rahul_dahiya |
0:fb8047b156bb | 6261 | { |
| rahul_dahiya |
0:fb8047b156bb | 6262 | conf->fallback = fallback; |
| rahul_dahiya |
0:fb8047b156bb | 6263 | } |
| rahul_dahiya |
0:fb8047b156bb | 6264 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6265 | |
| rahul_dahiya |
0:fb8047b156bb | 6266 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 6267 | void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 6268 | char cert_req_ca_list ) |
| rahul_dahiya |
0:fb8047b156bb | 6269 | { |
| rahul_dahiya |
0:fb8047b156bb | 6270 | conf->cert_req_ca_list = cert_req_ca_list; |
| rahul_dahiya |
0:fb8047b156bb | 6271 | } |
| rahul_dahiya |
0:fb8047b156bb | 6272 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6273 | |
| rahul_dahiya |
0:fb8047b156bb | 6274 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 6275 | void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ) |
| rahul_dahiya |
0:fb8047b156bb | 6276 | { |
| rahul_dahiya |
0:fb8047b156bb | 6277 | conf->encrypt_then_mac = etm; |
| rahul_dahiya |
0:fb8047b156bb | 6278 | } |
| rahul_dahiya |
0:fb8047b156bb | 6279 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6280 | |
| rahul_dahiya |
0:fb8047b156bb | 6281 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
| rahul_dahiya |
0:fb8047b156bb | 6282 | void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ) |
| rahul_dahiya |
0:fb8047b156bb | 6283 | { |
| rahul_dahiya |
0:fb8047b156bb | 6284 | conf->extended_ms = ems; |
| rahul_dahiya |
0:fb8047b156bb | 6285 | } |
| rahul_dahiya |
0:fb8047b156bb | 6286 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6287 | |
| rahul_dahiya |
0:fb8047b156bb | 6288 | #if defined(MBEDTLS_ARC4_C) |
| rahul_dahiya |
0:fb8047b156bb | 6289 | void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ) |
| rahul_dahiya |
0:fb8047b156bb | 6290 | { |
| rahul_dahiya |
0:fb8047b156bb | 6291 | conf->arc4_disabled = arc4; |
| rahul_dahiya |
0:fb8047b156bb | 6292 | } |
| rahul_dahiya |
0:fb8047b156bb | 6293 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6294 | |
| rahul_dahiya |
0:fb8047b156bb | 6295 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| rahul_dahiya |
0:fb8047b156bb | 6296 | int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code ) |
| rahul_dahiya |
0:fb8047b156bb | 6297 | { |
| rahul_dahiya |
0:fb8047b156bb | 6298 | if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID || |
| rahul_dahiya |
0:fb8047b156bb | 6299 | mfl_code_to_length[mfl_code] > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
| rahul_dahiya |
0:fb8047b156bb | 6300 | { |
| rahul_dahiya |
0:fb8047b156bb | 6301 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6302 | } |
| rahul_dahiya |
0:fb8047b156bb | 6303 | |
| rahul_dahiya |
0:fb8047b156bb | 6304 | conf->mfl_code = mfl_code; |
| rahul_dahiya |
0:fb8047b156bb | 6305 | |
| rahul_dahiya |
0:fb8047b156bb | 6306 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 6307 | } |
| rahul_dahiya |
0:fb8047b156bb | 6308 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
| rahul_dahiya |
0:fb8047b156bb | 6309 | |
| rahul_dahiya |
0:fb8047b156bb | 6310 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
| rahul_dahiya |
0:fb8047b156bb | 6311 | void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ) |
| rahul_dahiya |
0:fb8047b156bb | 6312 | { |
| rahul_dahiya |
0:fb8047b156bb | 6313 | conf->trunc_hmac = truncate; |
| rahul_dahiya |
0:fb8047b156bb | 6314 | } |
| rahul_dahiya |
0:fb8047b156bb | 6315 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
| rahul_dahiya |
0:fb8047b156bb | 6316 | |
| rahul_dahiya |
0:fb8047b156bb | 6317 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
| rahul_dahiya |
0:fb8047b156bb | 6318 | void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split ) |
| rahul_dahiya |
0:fb8047b156bb | 6319 | { |
| rahul_dahiya |
0:fb8047b156bb | 6320 | conf->cbc_record_splitting = split; |
| rahul_dahiya |
0:fb8047b156bb | 6321 | } |
| rahul_dahiya |
0:fb8047b156bb | 6322 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6323 | |
| rahul_dahiya |
0:fb8047b156bb | 6324 | void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ) |
| rahul_dahiya |
0:fb8047b156bb | 6325 | { |
| rahul_dahiya |
0:fb8047b156bb | 6326 | conf->allow_legacy_renegotiation = allow_legacy; |
| rahul_dahiya |
0:fb8047b156bb | 6327 | } |
| rahul_dahiya |
0:fb8047b156bb | 6328 | |
| rahul_dahiya |
0:fb8047b156bb | 6329 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 6330 | void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ) |
| rahul_dahiya |
0:fb8047b156bb | 6331 | { |
| rahul_dahiya |
0:fb8047b156bb | 6332 | conf->disable_renegotiation = renegotiation; |
| rahul_dahiya |
0:fb8047b156bb | 6333 | } |
| rahul_dahiya |
0:fb8047b156bb | 6334 | |
| rahul_dahiya |
0:fb8047b156bb | 6335 | void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ) |
| rahul_dahiya |
0:fb8047b156bb | 6336 | { |
| rahul_dahiya |
0:fb8047b156bb | 6337 | conf->renego_max_records = max_records; |
| rahul_dahiya |
0:fb8047b156bb | 6338 | } |
| rahul_dahiya |
0:fb8047b156bb | 6339 | |
| rahul_dahiya |
0:fb8047b156bb | 6340 | void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 6341 | const unsigned char period[8] ) |
| rahul_dahiya |
0:fb8047b156bb | 6342 | { |
| rahul_dahiya |
0:fb8047b156bb | 6343 | memcpy( conf->renego_period, period, 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 6344 | } |
| rahul_dahiya |
0:fb8047b156bb | 6345 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
| rahul_dahiya |
0:fb8047b156bb | 6346 | |
| rahul_dahiya |
0:fb8047b156bb | 6347 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| rahul_dahiya |
0:fb8047b156bb | 6348 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 6349 | void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ) |
| rahul_dahiya |
0:fb8047b156bb | 6350 | { |
| rahul_dahiya |
0:fb8047b156bb | 6351 | conf->session_tickets = use_tickets; |
| rahul_dahiya |
0:fb8047b156bb | 6352 | } |
| rahul_dahiya |
0:fb8047b156bb | 6353 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6354 | |
| rahul_dahiya |
0:fb8047b156bb | 6355 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 6356 | void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 6357 | mbedtls_ssl_ticket_write_t *f_ticket_write, |
| rahul_dahiya |
0:fb8047b156bb | 6358 | mbedtls_ssl_ticket_parse_t *f_ticket_parse, |
| rahul_dahiya |
0:fb8047b156bb | 6359 | void *p_ticket ) |
| rahul_dahiya |
0:fb8047b156bb | 6360 | { |
| rahul_dahiya |
0:fb8047b156bb | 6361 | conf->f_ticket_write = f_ticket_write; |
| rahul_dahiya |
0:fb8047b156bb | 6362 | conf->f_ticket_parse = f_ticket_parse; |
| rahul_dahiya |
0:fb8047b156bb | 6363 | conf->p_ticket = p_ticket; |
| rahul_dahiya |
0:fb8047b156bb | 6364 | } |
| rahul_dahiya |
0:fb8047b156bb | 6365 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6366 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
| rahul_dahiya |
0:fb8047b156bb | 6367 | |
| rahul_dahiya |
0:fb8047b156bb | 6368 | #if defined(MBEDTLS_SSL_EXPORT_KEYS) |
| rahul_dahiya |
0:fb8047b156bb | 6369 | void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 6370 | mbedtls_ssl_export_keys_t *f_export_keys, |
| rahul_dahiya |
0:fb8047b156bb | 6371 | void *p_export_keys ) |
| rahul_dahiya |
0:fb8047b156bb | 6372 | { |
| rahul_dahiya |
0:fb8047b156bb | 6373 | conf->f_export_keys = f_export_keys; |
| rahul_dahiya |
0:fb8047b156bb | 6374 | conf->p_export_keys = p_export_keys; |
| rahul_dahiya |
0:fb8047b156bb | 6375 | } |
| rahul_dahiya |
0:fb8047b156bb | 6376 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6377 | |
| rahul_dahiya |
0:fb8047b156bb | 6378 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6379 | * SSL get accessors |
| rahul_dahiya |
0:fb8047b156bb | 6380 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6381 | size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6382 | { |
| rahul_dahiya |
0:fb8047b156bb | 6383 | return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); |
| rahul_dahiya |
0:fb8047b156bb | 6384 | } |
| rahul_dahiya |
0:fb8047b156bb | 6385 | |
| rahul_dahiya |
0:fb8047b156bb | 6386 | uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6387 | { |
| rahul_dahiya |
0:fb8047b156bb | 6388 | if( ssl->session != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6389 | return( ssl->session->verify_result ); |
| rahul_dahiya |
0:fb8047b156bb | 6390 | |
| rahul_dahiya |
0:fb8047b156bb | 6391 | if( ssl->session_negotiate != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6392 | return( ssl->session_negotiate->verify_result ); |
| rahul_dahiya |
0:fb8047b156bb | 6393 | |
| rahul_dahiya |
0:fb8047b156bb | 6394 | return( 0xFFFFFFFF ); |
| rahul_dahiya |
0:fb8047b156bb | 6395 | } |
| rahul_dahiya |
0:fb8047b156bb | 6396 | |
| rahul_dahiya |
0:fb8047b156bb | 6397 | const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6398 | { |
| rahul_dahiya |
0:fb8047b156bb | 6399 | if( ssl == NULL || ssl->session == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6400 | return( NULL ); |
| rahul_dahiya |
0:fb8047b156bb | 6401 | |
| rahul_dahiya |
0:fb8047b156bb | 6402 | return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite ); |
| rahul_dahiya |
0:fb8047b156bb | 6403 | } |
| rahul_dahiya |
0:fb8047b156bb | 6404 | |
| rahul_dahiya |
0:fb8047b156bb | 6405 | const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6406 | { |
| rahul_dahiya |
0:fb8047b156bb | 6407 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 6408 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 6409 | { |
| rahul_dahiya |
0:fb8047b156bb | 6410 | switch( ssl->minor_ver ) |
| rahul_dahiya |
0:fb8047b156bb | 6411 | { |
| rahul_dahiya |
0:fb8047b156bb | 6412 | case MBEDTLS_SSL_MINOR_VERSION_2: |
| rahul_dahiya |
0:fb8047b156bb | 6413 | return( "DTLSv1.0" ); |
| rahul_dahiya |
0:fb8047b156bb | 6414 | |
| rahul_dahiya |
0:fb8047b156bb | 6415 | case MBEDTLS_SSL_MINOR_VERSION_3: |
| rahul_dahiya |
0:fb8047b156bb | 6416 | return( "DTLSv1.2" ); |
| rahul_dahiya |
0:fb8047b156bb | 6417 | |
| rahul_dahiya |
0:fb8047b156bb | 6418 | default: |
| rahul_dahiya |
0:fb8047b156bb | 6419 | return( "unknown (DTLS)" ); |
| rahul_dahiya |
0:fb8047b156bb | 6420 | } |
| rahul_dahiya |
0:fb8047b156bb | 6421 | } |
| rahul_dahiya |
0:fb8047b156bb | 6422 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6423 | |
| rahul_dahiya |
0:fb8047b156bb | 6424 | switch( ssl->minor_ver ) |
| rahul_dahiya |
0:fb8047b156bb | 6425 | { |
| rahul_dahiya |
0:fb8047b156bb | 6426 | case MBEDTLS_SSL_MINOR_VERSION_0: |
| rahul_dahiya |
0:fb8047b156bb | 6427 | return( "SSLv3.0" ); |
| rahul_dahiya |
0:fb8047b156bb | 6428 | |
| rahul_dahiya |
0:fb8047b156bb | 6429 | case MBEDTLS_SSL_MINOR_VERSION_1: |
| rahul_dahiya |
0:fb8047b156bb | 6430 | return( "TLSv1.0" ); |
| rahul_dahiya |
0:fb8047b156bb | 6431 | |
| rahul_dahiya |
0:fb8047b156bb | 6432 | case MBEDTLS_SSL_MINOR_VERSION_2: |
| rahul_dahiya |
0:fb8047b156bb | 6433 | return( "TLSv1.1" ); |
| rahul_dahiya |
0:fb8047b156bb | 6434 | |
| rahul_dahiya |
0:fb8047b156bb | 6435 | case MBEDTLS_SSL_MINOR_VERSION_3: |
| rahul_dahiya |
0:fb8047b156bb | 6436 | return( "TLSv1.2" ); |
| rahul_dahiya |
0:fb8047b156bb | 6437 | |
| rahul_dahiya |
0:fb8047b156bb | 6438 | default: |
| rahul_dahiya |
0:fb8047b156bb | 6439 | return( "unknown" ); |
| rahul_dahiya |
0:fb8047b156bb | 6440 | } |
| rahul_dahiya |
0:fb8047b156bb | 6441 | } |
| rahul_dahiya |
0:fb8047b156bb | 6442 | |
| rahul_dahiya |
0:fb8047b156bb | 6443 | int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6444 | { |
| rahul_dahiya |
0:fb8047b156bb | 6445 | size_t transform_expansion; |
| rahul_dahiya |
0:fb8047b156bb | 6446 | const mbedtls_ssl_transform *transform = ssl->transform_out; |
| rahul_dahiya |
0:fb8047b156bb | 6447 | |
| rahul_dahiya |
0:fb8047b156bb | 6448 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| rahul_dahiya |
0:fb8047b156bb | 6449 | if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6450 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
| rahul_dahiya |
0:fb8047b156bb | 6451 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6452 | |
| rahul_dahiya |
0:fb8047b156bb | 6453 | if( transform == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6454 | return( (int) mbedtls_ssl_hdr_len( ssl ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6455 | |
| rahul_dahiya |
0:fb8047b156bb | 6456 | switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) ) |
| rahul_dahiya |
0:fb8047b156bb | 6457 | { |
| rahul_dahiya |
0:fb8047b156bb | 6458 | case MBEDTLS_MODE_GCM: |
| rahul_dahiya |
0:fb8047b156bb | 6459 | case MBEDTLS_MODE_CCM: |
| rahul_dahiya |
0:fb8047b156bb | 6460 | case MBEDTLS_MODE_STREAM: |
| rahul_dahiya |
0:fb8047b156bb | 6461 | transform_expansion = transform->minlen; |
| rahul_dahiya |
0:fb8047b156bb | 6462 | break; |
| rahul_dahiya |
0:fb8047b156bb | 6463 | |
| rahul_dahiya |
0:fb8047b156bb | 6464 | case MBEDTLS_MODE_CBC: |
| rahul_dahiya |
0:fb8047b156bb | 6465 | transform_expansion = transform->maclen |
| rahul_dahiya |
0:fb8047b156bb | 6466 | + mbedtls_cipher_get_block_size( &transform->cipher_ctx_enc ); |
| rahul_dahiya |
0:fb8047b156bb | 6467 | break; |
| rahul_dahiya |
0:fb8047b156bb | 6468 | |
| rahul_dahiya |
0:fb8047b156bb | 6469 | default: |
| rahul_dahiya |
0:fb8047b156bb | 6470 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6471 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 6472 | } |
| rahul_dahiya |
0:fb8047b156bb | 6473 | |
| rahul_dahiya |
0:fb8047b156bb | 6474 | return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6475 | } |
| rahul_dahiya |
0:fb8047b156bb | 6476 | |
| rahul_dahiya |
0:fb8047b156bb | 6477 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| rahul_dahiya |
0:fb8047b156bb | 6478 | size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6479 | { |
| rahul_dahiya |
0:fb8047b156bb | 6480 | size_t max_len; |
| rahul_dahiya |
0:fb8047b156bb | 6481 | |
| rahul_dahiya |
0:fb8047b156bb | 6482 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6483 | * Assume mfl_code is correct since it was checked when set |
| rahul_dahiya |
0:fb8047b156bb | 6484 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6485 | max_len = mfl_code_to_length[ssl->conf->mfl_code]; |
| rahul_dahiya |
0:fb8047b156bb | 6486 | |
| rahul_dahiya |
0:fb8047b156bb | 6487 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6488 | * Check if a smaller max length was negotiated |
| rahul_dahiya |
0:fb8047b156bb | 6489 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6490 | if( ssl->session_out != NULL && |
| rahul_dahiya |
0:fb8047b156bb | 6491 | mfl_code_to_length[ssl->session_out->mfl_code] < max_len ) |
| rahul_dahiya |
0:fb8047b156bb | 6492 | { |
| rahul_dahiya |
0:fb8047b156bb | 6493 | max_len = mfl_code_to_length[ssl->session_out->mfl_code]; |
| rahul_dahiya |
0:fb8047b156bb | 6494 | } |
| rahul_dahiya |
0:fb8047b156bb | 6495 | |
| rahul_dahiya |
0:fb8047b156bb | 6496 | return max_len; |
| rahul_dahiya |
0:fb8047b156bb | 6497 | } |
| rahul_dahiya |
0:fb8047b156bb | 6498 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
| rahul_dahiya |
0:fb8047b156bb | 6499 | |
| rahul_dahiya |
0:fb8047b156bb | 6500 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| rahul_dahiya |
0:fb8047b156bb | 6501 | const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6502 | { |
| rahul_dahiya |
0:fb8047b156bb | 6503 | if( ssl == NULL || ssl->session == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6504 | return( NULL ); |
| rahul_dahiya |
0:fb8047b156bb | 6505 | |
| rahul_dahiya |
0:fb8047b156bb | 6506 | return( ssl->session->peer_cert ); |
| rahul_dahiya |
0:fb8047b156bb | 6507 | } |
| rahul_dahiya |
0:fb8047b156bb | 6508 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| rahul_dahiya |
0:fb8047b156bb | 6509 | |
| rahul_dahiya |
0:fb8047b156bb | 6510 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 6511 | int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *dst ) |
| rahul_dahiya |
0:fb8047b156bb | 6512 | { |
| rahul_dahiya |
0:fb8047b156bb | 6513 | if( ssl == NULL || |
| rahul_dahiya |
0:fb8047b156bb | 6514 | dst == NULL || |
| rahul_dahiya |
0:fb8047b156bb | 6515 | ssl->session == NULL || |
| rahul_dahiya |
0:fb8047b156bb | 6516 | ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) |
| rahul_dahiya |
0:fb8047b156bb | 6517 | { |
| rahul_dahiya |
0:fb8047b156bb | 6518 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6519 | } |
| rahul_dahiya |
0:fb8047b156bb | 6520 | |
| rahul_dahiya |
0:fb8047b156bb | 6521 | return( ssl_session_copy( dst, ssl->session ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6522 | } |
| rahul_dahiya |
0:fb8047b156bb | 6523 | #endif /* MBEDTLS_SSL_CLI_C */ |
| rahul_dahiya |
0:fb8047b156bb | 6524 | |
| rahul_dahiya |
0:fb8047b156bb | 6525 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6526 | * Perform a single step of the SSL handshake |
| rahul_dahiya |
0:fb8047b156bb | 6527 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6528 | int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6529 | { |
| rahul_dahiya |
0:fb8047b156bb | 6530 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
| rahul_dahiya |
0:fb8047b156bb | 6531 | |
| rahul_dahiya |
0:fb8047b156bb | 6532 | if( ssl == NULL || ssl->conf == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6533 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6534 | |
| rahul_dahiya |
0:fb8047b156bb | 6535 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 6536 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| rahul_dahiya |
0:fb8047b156bb | 6537 | ret = mbedtls_ssl_handshake_client_step( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 6538 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6539 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 6540 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| rahul_dahiya |
0:fb8047b156bb | 6541 | ret = mbedtls_ssl_handshake_server_step( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 6542 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6543 | |
| rahul_dahiya |
0:fb8047b156bb | 6544 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6545 | } |
| rahul_dahiya |
0:fb8047b156bb | 6546 | |
| rahul_dahiya |
0:fb8047b156bb | 6547 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6548 | * Perform the SSL handshake |
| rahul_dahiya |
0:fb8047b156bb | 6549 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6550 | int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6551 | { |
| rahul_dahiya |
0:fb8047b156bb | 6552 | int ret = 0; |
| rahul_dahiya |
0:fb8047b156bb | 6553 | |
| rahul_dahiya |
0:fb8047b156bb | 6554 | if( ssl == NULL || ssl->conf == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6555 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6556 | |
| rahul_dahiya |
0:fb8047b156bb | 6557 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6558 | |
| rahul_dahiya |
0:fb8047b156bb | 6559 | while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| rahul_dahiya |
0:fb8047b156bb | 6560 | { |
| rahul_dahiya |
0:fb8047b156bb | 6561 | ret = mbedtls_ssl_handshake_step( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 6562 | |
| rahul_dahiya |
0:fb8047b156bb | 6563 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6564 | break; |
| rahul_dahiya |
0:fb8047b156bb | 6565 | } |
| rahul_dahiya |
0:fb8047b156bb | 6566 | |
| rahul_dahiya |
0:fb8047b156bb | 6567 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6568 | |
| rahul_dahiya |
0:fb8047b156bb | 6569 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6570 | } |
| rahul_dahiya |
0:fb8047b156bb | 6571 | |
| rahul_dahiya |
0:fb8047b156bb | 6572 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 6573 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 6574 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6575 | * Write HelloRequest to request renegotiation on server |
| rahul_dahiya |
0:fb8047b156bb | 6576 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6577 | static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6578 | { |
| rahul_dahiya |
0:fb8047b156bb | 6579 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 6580 | |
| rahul_dahiya |
0:fb8047b156bb | 6581 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6582 | |
| rahul_dahiya |
0:fb8047b156bb | 6583 | ssl->out_msglen = 4; |
| rahul_dahiya |
0:fb8047b156bb | 6584 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
| rahul_dahiya |
0:fb8047b156bb | 6585 | ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; |
| rahul_dahiya |
0:fb8047b156bb | 6586 | |
| rahul_dahiya |
0:fb8047b156bb | 6587 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6588 | { |
| rahul_dahiya |
0:fb8047b156bb | 6589 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6590 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6591 | } |
| rahul_dahiya |
0:fb8047b156bb | 6592 | |
| rahul_dahiya |
0:fb8047b156bb | 6593 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6594 | |
| rahul_dahiya |
0:fb8047b156bb | 6595 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 6596 | } |
| rahul_dahiya |
0:fb8047b156bb | 6597 | #endif /* MBEDTLS_SSL_SRV_C */ |
| rahul_dahiya |
0:fb8047b156bb | 6598 | |
| rahul_dahiya |
0:fb8047b156bb | 6599 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6600 | * Actually renegotiate current connection, triggered by either: |
| rahul_dahiya |
0:fb8047b156bb | 6601 | * - any side: calling mbedtls_ssl_renegotiate(), |
| rahul_dahiya |
0:fb8047b156bb | 6602 | * - client: receiving a HelloRequest during mbedtls_ssl_read(), |
| rahul_dahiya |
0:fb8047b156bb | 6603 | * - server: receiving any handshake message on server during mbedtls_ssl_read() after |
| rahul_dahiya |
0:fb8047b156bb | 6604 | * the initial handshake is completed. |
| rahul_dahiya |
0:fb8047b156bb | 6605 | * If the handshake doesn't complete due to waiting for I/O, it will continue |
| rahul_dahiya |
0:fb8047b156bb | 6606 | * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively. |
| rahul_dahiya |
0:fb8047b156bb | 6607 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6608 | static int ssl_start_renegotiation( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6609 | { |
| rahul_dahiya |
0:fb8047b156bb | 6610 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 6611 | |
| rahul_dahiya |
0:fb8047b156bb | 6612 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6613 | |
| rahul_dahiya |
0:fb8047b156bb | 6614 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6615 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6616 | |
| rahul_dahiya |
0:fb8047b156bb | 6617 | /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and |
| rahul_dahiya |
0:fb8047b156bb | 6618 | * the ServerHello will have message_seq = 1" */ |
| rahul_dahiya |
0:fb8047b156bb | 6619 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 6620 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| rahul_dahiya |
0:fb8047b156bb | 6621 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
| rahul_dahiya |
0:fb8047b156bb | 6622 | { |
| rahul_dahiya |
0:fb8047b156bb | 6623 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| rahul_dahiya |
0:fb8047b156bb | 6624 | ssl->handshake->out_msg_seq = 1; |
| rahul_dahiya |
0:fb8047b156bb | 6625 | else |
| rahul_dahiya |
0:fb8047b156bb | 6626 | ssl->handshake->in_msg_seq = 1; |
| rahul_dahiya |
0:fb8047b156bb | 6627 | } |
| rahul_dahiya |
0:fb8047b156bb | 6628 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6629 | |
| rahul_dahiya |
0:fb8047b156bb | 6630 | ssl->state = MBEDTLS_SSL_HELLO_REQUEST; |
| rahul_dahiya |
0:fb8047b156bb | 6631 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; |
| rahul_dahiya |
0:fb8047b156bb | 6632 | |
| rahul_dahiya |
0:fb8047b156bb | 6633 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6634 | { |
| rahul_dahiya |
0:fb8047b156bb | 6635 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6636 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6637 | } |
| rahul_dahiya |
0:fb8047b156bb | 6638 | |
| rahul_dahiya |
0:fb8047b156bb | 6639 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6640 | |
| rahul_dahiya |
0:fb8047b156bb | 6641 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 6642 | } |
| rahul_dahiya |
0:fb8047b156bb | 6643 | |
| rahul_dahiya |
0:fb8047b156bb | 6644 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6645 | * Renegotiate current connection on client, |
| rahul_dahiya |
0:fb8047b156bb | 6646 | * or request renegotiation on server |
| rahul_dahiya |
0:fb8047b156bb | 6647 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6648 | int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6649 | { |
| rahul_dahiya |
0:fb8047b156bb | 6650 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
| rahul_dahiya |
0:fb8047b156bb | 6651 | |
| rahul_dahiya |
0:fb8047b156bb | 6652 | if( ssl == NULL || ssl->conf == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6653 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6654 | |
| rahul_dahiya |
0:fb8047b156bb | 6655 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 6656 | /* On server, just send the request */ |
| rahul_dahiya |
0:fb8047b156bb | 6657 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) |
| rahul_dahiya |
0:fb8047b156bb | 6658 | { |
| rahul_dahiya |
0:fb8047b156bb | 6659 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| rahul_dahiya |
0:fb8047b156bb | 6660 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6661 | |
| rahul_dahiya |
0:fb8047b156bb | 6662 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; |
| rahul_dahiya |
0:fb8047b156bb | 6663 | |
| rahul_dahiya |
0:fb8047b156bb | 6664 | /* Did we already try/start sending HelloRequest? */ |
| rahul_dahiya |
0:fb8047b156bb | 6665 | if( ssl->out_left != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6666 | return( mbedtls_ssl_flush_output( ssl ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6667 | |
| rahul_dahiya |
0:fb8047b156bb | 6668 | return( ssl_write_hello_request( ssl ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6669 | } |
| rahul_dahiya |
0:fb8047b156bb | 6670 | #endif /* MBEDTLS_SSL_SRV_C */ |
| rahul_dahiya |
0:fb8047b156bb | 6671 | |
| rahul_dahiya |
0:fb8047b156bb | 6672 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 6673 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6674 | * On client, either start the renegotiation process or, |
| rahul_dahiya |
0:fb8047b156bb | 6675 | * if already in progress, continue the handshake |
| rahul_dahiya |
0:fb8047b156bb | 6676 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6677 | if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
| rahul_dahiya |
0:fb8047b156bb | 6678 | { |
| rahul_dahiya |
0:fb8047b156bb | 6679 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| rahul_dahiya |
0:fb8047b156bb | 6680 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6681 | |
| rahul_dahiya |
0:fb8047b156bb | 6682 | if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6683 | { |
| rahul_dahiya |
0:fb8047b156bb | 6684 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6685 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6686 | } |
| rahul_dahiya |
0:fb8047b156bb | 6687 | } |
| rahul_dahiya |
0:fb8047b156bb | 6688 | else |
| rahul_dahiya |
0:fb8047b156bb | 6689 | { |
| rahul_dahiya |
0:fb8047b156bb | 6690 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6691 | { |
| rahul_dahiya |
0:fb8047b156bb | 6692 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6693 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6694 | } |
| rahul_dahiya |
0:fb8047b156bb | 6695 | } |
| rahul_dahiya |
0:fb8047b156bb | 6696 | #endif /* MBEDTLS_SSL_CLI_C */ |
| rahul_dahiya |
0:fb8047b156bb | 6697 | |
| rahul_dahiya |
0:fb8047b156bb | 6698 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6699 | } |
| rahul_dahiya |
0:fb8047b156bb | 6700 | |
| rahul_dahiya |
0:fb8047b156bb | 6701 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6702 | * Check record counters and renegotiate if they're above the limit. |
| rahul_dahiya |
0:fb8047b156bb | 6703 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6704 | static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 6705 | { |
| rahul_dahiya |
0:fb8047b156bb | 6706 | size_t ep_len = ssl_ep_len( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 6707 | int in_ctr_cmp; |
| rahul_dahiya |
0:fb8047b156bb | 6708 | int out_ctr_cmp; |
| rahul_dahiya |
0:fb8047b156bb | 6709 | |
| rahul_dahiya |
0:fb8047b156bb | 6710 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || |
| rahul_dahiya |
0:fb8047b156bb | 6711 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || |
| rahul_dahiya |
0:fb8047b156bb | 6712 | ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) |
| rahul_dahiya |
0:fb8047b156bb | 6713 | { |
| rahul_dahiya |
0:fb8047b156bb | 6714 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 6715 | } |
| rahul_dahiya |
0:fb8047b156bb | 6716 | |
| rahul_dahiya |
0:fb8047b156bb | 6717 | in_ctr_cmp = memcmp( ssl->in_ctr + ep_len, |
| rahul_dahiya |
0:fb8047b156bb | 6718 | ssl->conf->renego_period + ep_len, 8 - ep_len ); |
| rahul_dahiya |
0:fb8047b156bb | 6719 | out_ctr_cmp = memcmp( ssl->out_ctr + ep_len, |
| rahul_dahiya |
0:fb8047b156bb | 6720 | ssl->conf->renego_period + ep_len, 8 - ep_len ); |
| rahul_dahiya |
0:fb8047b156bb | 6721 | |
| rahul_dahiya |
0:fb8047b156bb | 6722 | if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6723 | { |
| rahul_dahiya |
0:fb8047b156bb | 6724 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 6725 | } |
| rahul_dahiya |
0:fb8047b156bb | 6726 | |
| rahul_dahiya |
0:fb8047b156bb | 6727 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6728 | return( mbedtls_ssl_renegotiate( ssl ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6729 | } |
| rahul_dahiya |
0:fb8047b156bb | 6730 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
| rahul_dahiya |
0:fb8047b156bb | 6731 | |
| rahul_dahiya |
0:fb8047b156bb | 6732 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6733 | * Receive application data decrypted from the SSL layer |
| rahul_dahiya |
0:fb8047b156bb | 6734 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6735 | int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 6736 | { |
| rahul_dahiya |
0:fb8047b156bb | 6737 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 6738 | size_t n; |
| rahul_dahiya |
0:fb8047b156bb | 6739 | |
| rahul_dahiya |
0:fb8047b156bb | 6740 | if( ssl == NULL || ssl->conf == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6741 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 6742 | |
| rahul_dahiya |
0:fb8047b156bb | 6743 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6744 | |
| rahul_dahiya |
0:fb8047b156bb | 6745 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 6746 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 6747 | { |
| rahul_dahiya |
0:fb8047b156bb | 6748 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6749 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6750 | |
| rahul_dahiya |
0:fb8047b156bb | 6751 | if( ssl->handshake != NULL && |
| rahul_dahiya |
0:fb8047b156bb | 6752 | ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) |
| rahul_dahiya |
0:fb8047b156bb | 6753 | { |
| rahul_dahiya |
0:fb8047b156bb | 6754 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6755 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6756 | } |
| rahul_dahiya |
0:fb8047b156bb | 6757 | } |
| rahul_dahiya |
0:fb8047b156bb | 6758 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6759 | |
| rahul_dahiya |
0:fb8047b156bb | 6760 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6761 | * Check if renegotiation is necessary and/or handshake is |
| rahul_dahiya |
0:fb8047b156bb | 6762 | * in process. If yes, perform/continue, and fall through |
| rahul_dahiya |
0:fb8047b156bb | 6763 | * if an unexpected packet is received while the client |
| rahul_dahiya |
0:fb8047b156bb | 6764 | * is waiting for the ServerHello. |
| rahul_dahiya |
0:fb8047b156bb | 6765 | * |
| rahul_dahiya |
0:fb8047b156bb | 6766 | * (There is no equivalent to the last condition on |
| rahul_dahiya |
0:fb8047b156bb | 6767 | * the server-side as it is not treated as within |
| rahul_dahiya |
0:fb8047b156bb | 6768 | * a handshake while waiting for the ClientHello |
| rahul_dahiya |
0:fb8047b156bb | 6769 | * after a renegotiation request.) |
| rahul_dahiya |
0:fb8047b156bb | 6770 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6771 | |
| rahul_dahiya |
0:fb8047b156bb | 6772 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 6773 | ret = ssl_check_ctr_renegotiate( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 6774 | if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && |
| rahul_dahiya |
0:fb8047b156bb | 6775 | ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6776 | { |
| rahul_dahiya |
0:fb8047b156bb | 6777 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6778 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6779 | } |
| rahul_dahiya |
0:fb8047b156bb | 6780 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6781 | |
| rahul_dahiya |
0:fb8047b156bb | 6782 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| rahul_dahiya |
0:fb8047b156bb | 6783 | { |
| rahul_dahiya |
0:fb8047b156bb | 6784 | ret = mbedtls_ssl_handshake( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 6785 | if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && |
| rahul_dahiya |
0:fb8047b156bb | 6786 | ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6787 | { |
| rahul_dahiya |
0:fb8047b156bb | 6788 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6789 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6790 | } |
| rahul_dahiya |
0:fb8047b156bb | 6791 | } |
| rahul_dahiya |
0:fb8047b156bb | 6792 | |
| rahul_dahiya |
0:fb8047b156bb | 6793 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6794 | * TODO |
| rahul_dahiya |
0:fb8047b156bb | 6795 | * |
| rahul_dahiya |
0:fb8047b156bb | 6796 | * The logic should be streamlined here: |
| rahul_dahiya |
0:fb8047b156bb | 6797 | * |
| rahul_dahiya |
0:fb8047b156bb | 6798 | * Instead of |
| rahul_dahiya |
0:fb8047b156bb | 6799 | * |
| rahul_dahiya |
0:fb8047b156bb | 6800 | * - Manually checking whether ssl->in_offt is NULL |
| rahul_dahiya |
0:fb8047b156bb | 6801 | * - Fetching a new record if yes |
| rahul_dahiya |
0:fb8047b156bb | 6802 | * - Setting ssl->in_offt if one finds an application record |
| rahul_dahiya |
0:fb8047b156bb | 6803 | * - Resetting keep_current_message after handling the application data |
| rahul_dahiya |
0:fb8047b156bb | 6804 | * |
| rahul_dahiya |
0:fb8047b156bb | 6805 | * one should |
| rahul_dahiya |
0:fb8047b156bb | 6806 | * |
| rahul_dahiya |
0:fb8047b156bb | 6807 | * - Adapt read_record to set ssl->in_offt automatically |
| rahul_dahiya |
0:fb8047b156bb | 6808 | * when a new application data record is processed. |
| rahul_dahiya |
0:fb8047b156bb | 6809 | * - Always call mbedtls_ssl_read_record here. |
| rahul_dahiya |
0:fb8047b156bb | 6810 | * |
| rahul_dahiya |
0:fb8047b156bb | 6811 | * This way, the logic of ssl_read would be much clearer: |
| rahul_dahiya |
0:fb8047b156bb | 6812 | * |
| rahul_dahiya |
0:fb8047b156bb | 6813 | * (1) Always call record layer and see what kind of record is on |
| rahul_dahiya |
0:fb8047b156bb | 6814 | * and have it ready for consumption (in particular, in_offt |
| rahul_dahiya |
0:fb8047b156bb | 6815 | * properly set for application data records). |
| rahul_dahiya |
0:fb8047b156bb | 6816 | * (2) If it's application data (either freshly fetched |
| rahul_dahiya |
0:fb8047b156bb | 6817 | * or something already being partially processed), |
| rahul_dahiya |
0:fb8047b156bb | 6818 | * serve the read request from it. |
| rahul_dahiya |
0:fb8047b156bb | 6819 | * (3) If it's something different from application data, |
| rahul_dahiya |
0:fb8047b156bb | 6820 | * handle it accordingly, e.g. potentially start a |
| rahul_dahiya |
0:fb8047b156bb | 6821 | * renegotiation. |
| rahul_dahiya |
0:fb8047b156bb | 6822 | * |
| rahul_dahiya |
0:fb8047b156bb | 6823 | * This will also remove the need to manually reset |
| rahul_dahiya |
0:fb8047b156bb | 6824 | * ssl->keep_current_message = 0 below. |
| rahul_dahiya |
0:fb8047b156bb | 6825 | * |
| rahul_dahiya |
0:fb8047b156bb | 6826 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6827 | |
| rahul_dahiya |
0:fb8047b156bb | 6828 | if( ssl->in_offt == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 6829 | { |
| rahul_dahiya |
0:fb8047b156bb | 6830 | /* Start timer if not already running */ |
| rahul_dahiya |
0:fb8047b156bb | 6831 | if( ssl->f_get_timer != NULL && |
| rahul_dahiya |
0:fb8047b156bb | 6832 | ssl->f_get_timer( ssl->p_timer ) == -1 ) |
| rahul_dahiya |
0:fb8047b156bb | 6833 | { |
| rahul_dahiya |
0:fb8047b156bb | 6834 | ssl_set_timer( ssl, ssl->conf->read_timeout ); |
| rahul_dahiya |
0:fb8047b156bb | 6835 | } |
| rahul_dahiya |
0:fb8047b156bb | 6836 | |
| rahul_dahiya |
0:fb8047b156bb | 6837 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6838 | { |
| rahul_dahiya |
0:fb8047b156bb | 6839 | if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) |
| rahul_dahiya |
0:fb8047b156bb | 6840 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 6841 | |
| rahul_dahiya |
0:fb8047b156bb | 6842 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6843 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6844 | } |
| rahul_dahiya |
0:fb8047b156bb | 6845 | |
| rahul_dahiya |
0:fb8047b156bb | 6846 | if( ssl->in_msglen == 0 && |
| rahul_dahiya |
0:fb8047b156bb | 6847 | ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
| rahul_dahiya |
0:fb8047b156bb | 6848 | { |
| rahul_dahiya |
0:fb8047b156bb | 6849 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6850 | * OpenSSL sends empty messages to randomize the IV |
| rahul_dahiya |
0:fb8047b156bb | 6851 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6852 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6853 | { |
| rahul_dahiya |
0:fb8047b156bb | 6854 | if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) |
| rahul_dahiya |
0:fb8047b156bb | 6855 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 6856 | |
| rahul_dahiya |
0:fb8047b156bb | 6857 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6858 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6859 | } |
| rahul_dahiya |
0:fb8047b156bb | 6860 | } |
| rahul_dahiya |
0:fb8047b156bb | 6861 | |
| rahul_dahiya |
0:fb8047b156bb | 6862 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 6863 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 6864 | { |
| rahul_dahiya |
0:fb8047b156bb | 6865 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6866 | |
| rahul_dahiya |
0:fb8047b156bb | 6867 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6868 | * - For client-side, expect SERVER_HELLO_REQUEST. |
| rahul_dahiya |
0:fb8047b156bb | 6869 | * - For server-side, expect CLIENT_HELLO. |
| rahul_dahiya |
0:fb8047b156bb | 6870 | * - Fail (TLS) or silently drop record (DTLS) in other cases. |
| rahul_dahiya |
0:fb8047b156bb | 6871 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6872 | |
| rahul_dahiya |
0:fb8047b156bb | 6873 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 6874 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && |
| rahul_dahiya |
0:fb8047b156bb | 6875 | ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST || |
| rahul_dahiya |
0:fb8047b156bb | 6876 | ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) ) |
| rahul_dahiya |
0:fb8047b156bb | 6877 | { |
| rahul_dahiya |
0:fb8047b156bb | 6878 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6879 | |
| rahul_dahiya |
0:fb8047b156bb | 6880 | /* With DTLS, drop the packet (probably from last handshake) */ |
| rahul_dahiya |
0:fb8047b156bb | 6881 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 6882 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 6883 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
| rahul_dahiya |
0:fb8047b156bb | 6884 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6885 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 6886 | } |
| rahul_dahiya |
0:fb8047b156bb | 6887 | #endif /* MBEDTLS_SSL_CLI_C */ |
| rahul_dahiya |
0:fb8047b156bb | 6888 | |
| rahul_dahiya |
0:fb8047b156bb | 6889 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 6890 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| rahul_dahiya |
0:fb8047b156bb | 6891 | ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) |
| rahul_dahiya |
0:fb8047b156bb | 6892 | { |
| rahul_dahiya |
0:fb8047b156bb | 6893 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6894 | |
| rahul_dahiya |
0:fb8047b156bb | 6895 | /* With DTLS, drop the packet (probably from last handshake) */ |
| rahul_dahiya |
0:fb8047b156bb | 6896 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 6897 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 6898 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
| rahul_dahiya |
0:fb8047b156bb | 6899 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6900 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 6901 | } |
| rahul_dahiya |
0:fb8047b156bb | 6902 | #endif /* MBEDTLS_SSL_SRV_C */ |
| rahul_dahiya |
0:fb8047b156bb | 6903 | |
| rahul_dahiya |
0:fb8047b156bb | 6904 | /* Determine whether renegotiation attempt should be accepted */ |
| rahul_dahiya |
0:fb8047b156bb | 6905 | |
| rahul_dahiya |
0:fb8047b156bb | 6906 | if( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || |
| rahul_dahiya |
0:fb8047b156bb | 6907 | ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && |
| rahul_dahiya |
0:fb8047b156bb | 6908 | ssl->conf->allow_legacy_renegotiation == |
| rahul_dahiya |
0:fb8047b156bb | 6909 | MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) |
| rahul_dahiya |
0:fb8047b156bb | 6910 | { |
| rahul_dahiya |
0:fb8047b156bb | 6911 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6912 | * Refuse renegotiation |
| rahul_dahiya |
0:fb8047b156bb | 6913 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6914 | |
| rahul_dahiya |
0:fb8047b156bb | 6915 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6916 | |
| rahul_dahiya |
0:fb8047b156bb | 6917 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| rahul_dahiya |
0:fb8047b156bb | 6918 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6919 | { |
| rahul_dahiya |
0:fb8047b156bb | 6920 | /* SSLv3 does not have a "no_renegotiation" warning, so |
| rahul_dahiya |
0:fb8047b156bb | 6921 | we send a fatal alert and abort the connection. */ |
| rahul_dahiya |
0:fb8047b156bb | 6922 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 6923 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 6924 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 6925 | } |
| rahul_dahiya |
0:fb8047b156bb | 6926 | else |
| rahul_dahiya |
0:fb8047b156bb | 6927 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| rahul_dahiya |
0:fb8047b156bb | 6928 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 6929 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 6930 | if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) |
| rahul_dahiya |
0:fb8047b156bb | 6931 | { |
| rahul_dahiya |
0:fb8047b156bb | 6932 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 6933 | MBEDTLS_SSL_ALERT_LEVEL_WARNING, |
| rahul_dahiya |
0:fb8047b156bb | 6934 | MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6935 | { |
| rahul_dahiya |
0:fb8047b156bb | 6936 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6937 | } |
| rahul_dahiya |
0:fb8047b156bb | 6938 | } |
| rahul_dahiya |
0:fb8047b156bb | 6939 | else |
| rahul_dahiya |
0:fb8047b156bb | 6940 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || |
| rahul_dahiya |
0:fb8047b156bb | 6941 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 6942 | { |
| rahul_dahiya |
0:fb8047b156bb | 6943 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6944 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 6945 | } |
| rahul_dahiya |
0:fb8047b156bb | 6946 | } |
| rahul_dahiya |
0:fb8047b156bb | 6947 | else |
| rahul_dahiya |
0:fb8047b156bb | 6948 | { |
| rahul_dahiya |
0:fb8047b156bb | 6949 | /* |
| rahul_dahiya |
0:fb8047b156bb | 6950 | * Accept renegotiation request |
| rahul_dahiya |
0:fb8047b156bb | 6951 | */ |
| rahul_dahiya |
0:fb8047b156bb | 6952 | |
| rahul_dahiya |
0:fb8047b156bb | 6953 | /* DTLS clients need to know renego is server-initiated */ |
| rahul_dahiya |
0:fb8047b156bb | 6954 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 6955 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| rahul_dahiya |
0:fb8047b156bb | 6956 | ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| rahul_dahiya |
0:fb8047b156bb | 6957 | { |
| rahul_dahiya |
0:fb8047b156bb | 6958 | ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; |
| rahul_dahiya |
0:fb8047b156bb | 6959 | } |
| rahul_dahiya |
0:fb8047b156bb | 6960 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 6961 | ret = ssl_start_renegotiation( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 6962 | if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && |
| rahul_dahiya |
0:fb8047b156bb | 6963 | ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6964 | { |
| rahul_dahiya |
0:fb8047b156bb | 6965 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6966 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 6967 | } |
| rahul_dahiya |
0:fb8047b156bb | 6968 | } |
| rahul_dahiya |
0:fb8047b156bb | 6969 | |
| rahul_dahiya |
0:fb8047b156bb | 6970 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
| rahul_dahiya |
0:fb8047b156bb | 6971 | } |
| rahul_dahiya |
0:fb8047b156bb | 6972 | else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
| rahul_dahiya |
0:fb8047b156bb | 6973 | { |
| rahul_dahiya |
0:fb8047b156bb | 6974 | if( ssl->conf->renego_max_records >= 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 6975 | { |
| rahul_dahiya |
0:fb8047b156bb | 6976 | if( ++ssl->renego_records_seen > ssl->conf->renego_max_records ) |
| rahul_dahiya |
0:fb8047b156bb | 6977 | { |
| rahul_dahiya |
0:fb8047b156bb | 6978 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, " |
| rahul_dahiya |
0:fb8047b156bb | 6979 | "but not honored by client" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6980 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 6981 | } |
| rahul_dahiya |
0:fb8047b156bb | 6982 | } |
| rahul_dahiya |
0:fb8047b156bb | 6983 | } |
| rahul_dahiya |
0:fb8047b156bb | 6984 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
| rahul_dahiya |
0:fb8047b156bb | 6985 | |
| rahul_dahiya |
0:fb8047b156bb | 6986 | /* Fatal and closure alerts handled by mbedtls_ssl_read_record() */ |
| rahul_dahiya |
0:fb8047b156bb | 6987 | if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) |
| rahul_dahiya |
0:fb8047b156bb | 6988 | { |
| rahul_dahiya |
0:fb8047b156bb | 6989 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6990 | return( MBEDTLS_ERR_SSL_WANT_READ ); |
| rahul_dahiya |
0:fb8047b156bb | 6991 | } |
| rahul_dahiya |
0:fb8047b156bb | 6992 | |
| rahul_dahiya |
0:fb8047b156bb | 6993 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) |
| rahul_dahiya |
0:fb8047b156bb | 6994 | { |
| rahul_dahiya |
0:fb8047b156bb | 6995 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 6996 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 6997 | } |
| rahul_dahiya |
0:fb8047b156bb | 6998 | |
| rahul_dahiya |
0:fb8047b156bb | 6999 | ssl->in_offt = ssl->in_msg; |
| rahul_dahiya |
0:fb8047b156bb | 7000 | |
| rahul_dahiya |
0:fb8047b156bb | 7001 | /* We're going to return something now, cancel timer, |
| rahul_dahiya |
0:fb8047b156bb | 7002 | * except if handshake (renegotiation) is in progress */ |
| rahul_dahiya |
0:fb8047b156bb | 7003 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
| rahul_dahiya |
0:fb8047b156bb | 7004 | ssl_set_timer( ssl, 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 7005 | |
| rahul_dahiya |
0:fb8047b156bb | 7006 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 7007 | /* If we requested renego but received AppData, resend HelloRequest. |
| rahul_dahiya |
0:fb8047b156bb | 7008 | * Do it now, after setting in_offt, to avoid taking this branch |
| rahul_dahiya |
0:fb8047b156bb | 7009 | * again if ssl_write_hello_request() returns WANT_WRITE */ |
| rahul_dahiya |
0:fb8047b156bb | 7010 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 7011 | if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && |
| rahul_dahiya |
0:fb8047b156bb | 7012 | ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) |
| rahul_dahiya |
0:fb8047b156bb | 7013 | { |
| rahul_dahiya |
0:fb8047b156bb | 7014 | if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7015 | { |
| rahul_dahiya |
0:fb8047b156bb | 7016 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7017 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7018 | } |
| rahul_dahiya |
0:fb8047b156bb | 7019 | } |
| rahul_dahiya |
0:fb8047b156bb | 7020 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ |
| rahul_dahiya |
0:fb8047b156bb | 7021 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| rahul_dahiya |
0:fb8047b156bb | 7022 | } |
| rahul_dahiya |
0:fb8047b156bb | 7023 | |
| rahul_dahiya |
0:fb8047b156bb | 7024 | n = ( len < ssl->in_msglen ) |
| rahul_dahiya |
0:fb8047b156bb | 7025 | ? len : ssl->in_msglen; |
| rahul_dahiya |
0:fb8047b156bb | 7026 | |
| rahul_dahiya |
0:fb8047b156bb | 7027 | memcpy( buf, ssl->in_offt, n ); |
| rahul_dahiya |
0:fb8047b156bb | 7028 | ssl->in_msglen -= n; |
| rahul_dahiya |
0:fb8047b156bb | 7029 | |
| rahul_dahiya |
0:fb8047b156bb | 7030 | if( ssl->in_msglen == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7031 | { |
| rahul_dahiya |
0:fb8047b156bb | 7032 | /* all bytes consumed */ |
| rahul_dahiya |
0:fb8047b156bb | 7033 | ssl->in_offt = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 7034 | ssl->keep_current_message = 0; |
| rahul_dahiya |
0:fb8047b156bb | 7035 | } |
| rahul_dahiya |
0:fb8047b156bb | 7036 | else |
| rahul_dahiya |
0:fb8047b156bb | 7037 | { |
| rahul_dahiya |
0:fb8047b156bb | 7038 | /* more data available */ |
| rahul_dahiya |
0:fb8047b156bb | 7039 | ssl->in_offt += n; |
| rahul_dahiya |
0:fb8047b156bb | 7040 | } |
| rahul_dahiya |
0:fb8047b156bb | 7041 | |
| rahul_dahiya |
0:fb8047b156bb | 7042 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7043 | |
| rahul_dahiya |
0:fb8047b156bb | 7044 | return( (int) n ); |
| rahul_dahiya |
0:fb8047b156bb | 7045 | } |
| rahul_dahiya |
0:fb8047b156bb | 7046 | |
| rahul_dahiya |
0:fb8047b156bb | 7047 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7048 | * Send application data to be encrypted by the SSL layer, |
| rahul_dahiya |
0:fb8047b156bb | 7049 | * taking care of max fragment length and buffer size |
| rahul_dahiya |
0:fb8047b156bb | 7050 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7051 | static int ssl_write_real( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 7052 | const unsigned char *buf, size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 7053 | { |
| rahul_dahiya |
0:fb8047b156bb | 7054 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 7055 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| rahul_dahiya |
0:fb8047b156bb | 7056 | size_t max_len = mbedtls_ssl_get_max_frag_len( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 7057 | |
| rahul_dahiya |
0:fb8047b156bb | 7058 | if( len > max_len ) |
| rahul_dahiya |
0:fb8047b156bb | 7059 | { |
| rahul_dahiya |
0:fb8047b156bb | 7060 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 7061 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 7062 | { |
| rahul_dahiya |
0:fb8047b156bb | 7063 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) " |
| rahul_dahiya |
0:fb8047b156bb | 7064 | "maximum fragment length: %d > %d", |
| rahul_dahiya |
0:fb8047b156bb | 7065 | len, max_len ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7066 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 7067 | } |
| rahul_dahiya |
0:fb8047b156bb | 7068 | else |
| rahul_dahiya |
0:fb8047b156bb | 7069 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7070 | len = max_len; |
| rahul_dahiya |
0:fb8047b156bb | 7071 | } |
| rahul_dahiya |
0:fb8047b156bb | 7072 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
| rahul_dahiya |
0:fb8047b156bb | 7073 | |
| rahul_dahiya |
0:fb8047b156bb | 7074 | if( ssl->out_left != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7075 | { |
| rahul_dahiya |
0:fb8047b156bb | 7076 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7077 | { |
| rahul_dahiya |
0:fb8047b156bb | 7078 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7079 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7080 | } |
| rahul_dahiya |
0:fb8047b156bb | 7081 | } |
| rahul_dahiya |
0:fb8047b156bb | 7082 | else |
| rahul_dahiya |
0:fb8047b156bb | 7083 | { |
| rahul_dahiya |
0:fb8047b156bb | 7084 | ssl->out_msglen = len; |
| rahul_dahiya |
0:fb8047b156bb | 7085 | ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; |
| rahul_dahiya |
0:fb8047b156bb | 7086 | memcpy( ssl->out_msg, buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 7087 | |
| rahul_dahiya |
0:fb8047b156bb | 7088 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7089 | { |
| rahul_dahiya |
0:fb8047b156bb | 7090 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7091 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7092 | } |
| rahul_dahiya |
0:fb8047b156bb | 7093 | } |
| rahul_dahiya |
0:fb8047b156bb | 7094 | |
| rahul_dahiya |
0:fb8047b156bb | 7095 | return( (int) len ); |
| rahul_dahiya |
0:fb8047b156bb | 7096 | } |
| rahul_dahiya |
0:fb8047b156bb | 7097 | |
| rahul_dahiya |
0:fb8047b156bb | 7098 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7099 | * Write application data, doing 1/n-1 splitting if necessary. |
| rahul_dahiya |
0:fb8047b156bb | 7100 | * |
| rahul_dahiya |
0:fb8047b156bb | 7101 | * With non-blocking I/O, ssl_write_real() may return WANT_WRITE, |
| rahul_dahiya |
0:fb8047b156bb | 7102 | * then the caller will call us again with the same arguments, so |
| rahul_dahiya |
0:fb8047b156bb | 7103 | * remember wether we already did the split or not. |
| rahul_dahiya |
0:fb8047b156bb | 7104 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7105 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
| rahul_dahiya |
0:fb8047b156bb | 7106 | static int ssl_write_split( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 7107 | const unsigned char *buf, size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 7108 | { |
| rahul_dahiya |
0:fb8047b156bb | 7109 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 7110 | |
| rahul_dahiya |
0:fb8047b156bb | 7111 | if( ssl->conf->cbc_record_splitting == |
| rahul_dahiya |
0:fb8047b156bb | 7112 | MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || |
| rahul_dahiya |
0:fb8047b156bb | 7113 | len <= 1 || |
| rahul_dahiya |
0:fb8047b156bb | 7114 | ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 || |
| rahul_dahiya |
0:fb8047b156bb | 7115 | mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ) |
| rahul_dahiya |
0:fb8047b156bb | 7116 | != MBEDTLS_MODE_CBC ) |
| rahul_dahiya |
0:fb8047b156bb | 7117 | { |
| rahul_dahiya |
0:fb8047b156bb | 7118 | return( ssl_write_real( ssl, buf, len ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7119 | } |
| rahul_dahiya |
0:fb8047b156bb | 7120 | |
| rahul_dahiya |
0:fb8047b156bb | 7121 | if( ssl->split_done == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7122 | { |
| rahul_dahiya |
0:fb8047b156bb | 7123 | if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7124 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7125 | ssl->split_done = 1; |
| rahul_dahiya |
0:fb8047b156bb | 7126 | } |
| rahul_dahiya |
0:fb8047b156bb | 7127 | |
| rahul_dahiya |
0:fb8047b156bb | 7128 | if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7129 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7130 | ssl->split_done = 0; |
| rahul_dahiya |
0:fb8047b156bb | 7131 | |
| rahul_dahiya |
0:fb8047b156bb | 7132 | return( ret + 1 ); |
| rahul_dahiya |
0:fb8047b156bb | 7133 | } |
| rahul_dahiya |
0:fb8047b156bb | 7134 | #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ |
| rahul_dahiya |
0:fb8047b156bb | 7135 | |
| rahul_dahiya |
0:fb8047b156bb | 7136 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7137 | * Write application data (public-facing wrapper) |
| rahul_dahiya |
0:fb8047b156bb | 7138 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7139 | int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 7140 | { |
| rahul_dahiya |
0:fb8047b156bb | 7141 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 7142 | |
| rahul_dahiya |
0:fb8047b156bb | 7143 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7144 | |
| rahul_dahiya |
0:fb8047b156bb | 7145 | if( ssl == NULL || ssl->conf == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7146 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 7147 | |
| rahul_dahiya |
0:fb8047b156bb | 7148 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 7149 | if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7150 | { |
| rahul_dahiya |
0:fb8047b156bb | 7151 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7152 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7153 | } |
| rahul_dahiya |
0:fb8047b156bb | 7154 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7155 | |
| rahul_dahiya |
0:fb8047b156bb | 7156 | if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) |
| rahul_dahiya |
0:fb8047b156bb | 7157 | { |
| rahul_dahiya |
0:fb8047b156bb | 7158 | if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7159 | { |
| rahul_dahiya |
0:fb8047b156bb | 7160 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7161 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7162 | } |
| rahul_dahiya |
0:fb8047b156bb | 7163 | } |
| rahul_dahiya |
0:fb8047b156bb | 7164 | |
| rahul_dahiya |
0:fb8047b156bb | 7165 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
| rahul_dahiya |
0:fb8047b156bb | 7166 | ret = ssl_write_split( ssl, buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 7167 | #else |
| rahul_dahiya |
0:fb8047b156bb | 7168 | ret = ssl_write_real( ssl, buf, len ); |
| rahul_dahiya |
0:fb8047b156bb | 7169 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7170 | |
| rahul_dahiya |
0:fb8047b156bb | 7171 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7172 | |
| rahul_dahiya |
0:fb8047b156bb | 7173 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7174 | } |
| rahul_dahiya |
0:fb8047b156bb | 7175 | |
| rahul_dahiya |
0:fb8047b156bb | 7176 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7177 | * Notify the peer that the connection is being closed |
| rahul_dahiya |
0:fb8047b156bb | 7178 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7179 | int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 7180 | { |
| rahul_dahiya |
0:fb8047b156bb | 7181 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 7182 | |
| rahul_dahiya |
0:fb8047b156bb | 7183 | if( ssl == NULL || ssl->conf == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7184 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 7185 | |
| rahul_dahiya |
0:fb8047b156bb | 7186 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7187 | |
| rahul_dahiya |
0:fb8047b156bb | 7188 | if( ssl->out_left != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7189 | return( mbedtls_ssl_flush_output( ssl ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7190 | |
| rahul_dahiya |
0:fb8047b156bb | 7191 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) |
| rahul_dahiya |
0:fb8047b156bb | 7192 | { |
| rahul_dahiya |
0:fb8047b156bb | 7193 | if( ( ret = mbedtls_ssl_send_alert_message( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 7194 | MBEDTLS_SSL_ALERT_LEVEL_WARNING, |
| rahul_dahiya |
0:fb8047b156bb | 7195 | MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7196 | { |
| rahul_dahiya |
0:fb8047b156bb | 7197 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7198 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7199 | } |
| rahul_dahiya |
0:fb8047b156bb | 7200 | } |
| rahul_dahiya |
0:fb8047b156bb | 7201 | |
| rahul_dahiya |
0:fb8047b156bb | 7202 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7203 | |
| rahul_dahiya |
0:fb8047b156bb | 7204 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 7205 | } |
| rahul_dahiya |
0:fb8047b156bb | 7206 | |
| rahul_dahiya |
0:fb8047b156bb | 7207 | void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) |
| rahul_dahiya |
0:fb8047b156bb | 7208 | { |
| rahul_dahiya |
0:fb8047b156bb | 7209 | if( transform == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7210 | return; |
| rahul_dahiya |
0:fb8047b156bb | 7211 | |
| rahul_dahiya |
0:fb8047b156bb | 7212 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| rahul_dahiya |
0:fb8047b156bb | 7213 | deflateEnd( &transform->ctx_deflate ); |
| rahul_dahiya |
0:fb8047b156bb | 7214 | inflateEnd( &transform->ctx_inflate ); |
| rahul_dahiya |
0:fb8047b156bb | 7215 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7216 | |
| rahul_dahiya |
0:fb8047b156bb | 7217 | mbedtls_cipher_free( &transform->cipher_ctx_enc ); |
| rahul_dahiya |
0:fb8047b156bb | 7218 | mbedtls_cipher_free( &transform->cipher_ctx_dec ); |
| rahul_dahiya |
0:fb8047b156bb | 7219 | |
| rahul_dahiya |
0:fb8047b156bb | 7220 | mbedtls_md_free( &transform->md_ctx_enc ); |
| rahul_dahiya |
0:fb8047b156bb | 7221 | mbedtls_md_free( &transform->md_ctx_dec ); |
| rahul_dahiya |
0:fb8047b156bb | 7222 | |
| rahul_dahiya |
0:fb8047b156bb | 7223 | mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7224 | } |
| rahul_dahiya |
0:fb8047b156bb | 7225 | |
| rahul_dahiya |
0:fb8047b156bb | 7226 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| rahul_dahiya |
0:fb8047b156bb | 7227 | static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert ) |
| rahul_dahiya |
0:fb8047b156bb | 7228 | { |
| rahul_dahiya |
0:fb8047b156bb | 7229 | mbedtls_ssl_key_cert *cur = key_cert, *next; |
| rahul_dahiya |
0:fb8047b156bb | 7230 | |
| rahul_dahiya |
0:fb8047b156bb | 7231 | while( cur != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7232 | { |
| rahul_dahiya |
0:fb8047b156bb | 7233 | next = cur->next; |
| rahul_dahiya |
0:fb8047b156bb | 7234 | mbedtls_free( cur ); |
| rahul_dahiya |
0:fb8047b156bb | 7235 | cur = next; |
| rahul_dahiya |
0:fb8047b156bb | 7236 | } |
| rahul_dahiya |
0:fb8047b156bb | 7237 | } |
| rahul_dahiya |
0:fb8047b156bb | 7238 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| rahul_dahiya |
0:fb8047b156bb | 7239 | |
| rahul_dahiya |
0:fb8047b156bb | 7240 | void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) |
| rahul_dahiya |
0:fb8047b156bb | 7241 | { |
| rahul_dahiya |
0:fb8047b156bb | 7242 | if( handshake == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7243 | return; |
| rahul_dahiya |
0:fb8047b156bb | 7244 | |
| rahul_dahiya |
0:fb8047b156bb | 7245 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 7246 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 7247 | mbedtls_md5_free( &handshake->fin_md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 7248 | mbedtls_sha1_free( &handshake->fin_sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 7249 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7250 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 7251 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 7252 | mbedtls_sha256_free( &handshake->fin_sha256 ); |
| rahul_dahiya |
0:fb8047b156bb | 7253 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7254 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 7255 | mbedtls_sha512_free( &handshake->fin_sha512 ); |
| rahul_dahiya |
0:fb8047b156bb | 7256 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7257 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 7258 | |
| rahul_dahiya |
0:fb8047b156bb | 7259 | #if defined(MBEDTLS_DHM_C) |
| rahul_dahiya |
0:fb8047b156bb | 7260 | mbedtls_dhm_free( &handshake->dhm_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 7261 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7262 | #if defined(MBEDTLS_ECDH_C) |
| rahul_dahiya |
0:fb8047b156bb | 7263 | mbedtls_ecdh_free( &handshake->ecdh_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 7264 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7265 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 7266 | mbedtls_ecjpake_free( &handshake->ecjpake_ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 7267 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 7268 | mbedtls_free( handshake->ecjpake_cache ); |
| rahul_dahiya |
0:fb8047b156bb | 7269 | handshake->ecjpake_cache = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 7270 | handshake->ecjpake_cache_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 7271 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7272 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7273 | |
| rahul_dahiya |
0:fb8047b156bb | 7274 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ |
| rahul_dahiya |
0:fb8047b156bb | 7275 | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 7276 | /* explicit void pointer cast for buggy MS compiler */ |
| rahul_dahiya |
0:fb8047b156bb | 7277 | mbedtls_free( (void *) handshake->curves ); |
| rahul_dahiya |
0:fb8047b156bb | 7278 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7279 | |
| rahul_dahiya |
0:fb8047b156bb | 7280 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 7281 | if( handshake->psk != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7282 | { |
| rahul_dahiya |
0:fb8047b156bb | 7283 | mbedtls_zeroize( handshake->psk, handshake->psk_len ); |
| rahul_dahiya |
0:fb8047b156bb | 7284 | mbedtls_free( handshake->psk ); |
| rahul_dahiya |
0:fb8047b156bb | 7285 | } |
| rahul_dahiya |
0:fb8047b156bb | 7286 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7287 | |
| rahul_dahiya |
0:fb8047b156bb | 7288 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ |
| rahul_dahiya |
0:fb8047b156bb | 7289 | defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| rahul_dahiya |
0:fb8047b156bb | 7290 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7291 | * Free only the linked list wrapper, not the keys themselves |
| rahul_dahiya |
0:fb8047b156bb | 7292 | * since the belong to the SNI callback |
| rahul_dahiya |
0:fb8047b156bb | 7293 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7294 | if( handshake->sni_key_cert != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7295 | { |
| rahul_dahiya |
0:fb8047b156bb | 7296 | mbedtls_ssl_key_cert *cur = handshake->sni_key_cert, *next; |
| rahul_dahiya |
0:fb8047b156bb | 7297 | |
| rahul_dahiya |
0:fb8047b156bb | 7298 | while( cur != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7299 | { |
| rahul_dahiya |
0:fb8047b156bb | 7300 | next = cur->next; |
| rahul_dahiya |
0:fb8047b156bb | 7301 | mbedtls_free( cur ); |
| rahul_dahiya |
0:fb8047b156bb | 7302 | cur = next; |
| rahul_dahiya |
0:fb8047b156bb | 7303 | } |
| rahul_dahiya |
0:fb8047b156bb | 7304 | } |
| rahul_dahiya |
0:fb8047b156bb | 7305 | #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
| rahul_dahiya |
0:fb8047b156bb | 7306 | |
| rahul_dahiya |
0:fb8047b156bb | 7307 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 7308 | mbedtls_free( handshake->verify_cookie ); |
| rahul_dahiya |
0:fb8047b156bb | 7309 | mbedtls_free( handshake->hs_msg ); |
| rahul_dahiya |
0:fb8047b156bb | 7310 | ssl_flight_free( handshake->flight ); |
| rahul_dahiya |
0:fb8047b156bb | 7311 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7312 | |
| rahul_dahiya |
0:fb8047b156bb | 7313 | mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7314 | } |
| rahul_dahiya |
0:fb8047b156bb | 7315 | |
| rahul_dahiya |
0:fb8047b156bb | 7316 | void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) |
| rahul_dahiya |
0:fb8047b156bb | 7317 | { |
| rahul_dahiya |
0:fb8047b156bb | 7318 | if( session == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7319 | return; |
| rahul_dahiya |
0:fb8047b156bb | 7320 | |
| rahul_dahiya |
0:fb8047b156bb | 7321 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| rahul_dahiya |
0:fb8047b156bb | 7322 | if( session->peer_cert != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7323 | { |
| rahul_dahiya |
0:fb8047b156bb | 7324 | mbedtls_x509_crt_free( session->peer_cert ); |
| rahul_dahiya |
0:fb8047b156bb | 7325 | mbedtls_free( session->peer_cert ); |
| rahul_dahiya |
0:fb8047b156bb | 7326 | } |
| rahul_dahiya |
0:fb8047b156bb | 7327 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7328 | |
| rahul_dahiya |
0:fb8047b156bb | 7329 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 7330 | mbedtls_free( session->ticket ); |
| rahul_dahiya |
0:fb8047b156bb | 7331 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7332 | |
| rahul_dahiya |
0:fb8047b156bb | 7333 | mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7334 | } |
| rahul_dahiya |
0:fb8047b156bb | 7335 | |
| rahul_dahiya |
0:fb8047b156bb | 7336 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7337 | * Free an SSL context |
| rahul_dahiya |
0:fb8047b156bb | 7338 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7339 | void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 7340 | { |
| rahul_dahiya |
0:fb8047b156bb | 7341 | if( ssl == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7342 | return; |
| rahul_dahiya |
0:fb8047b156bb | 7343 | |
| rahul_dahiya |
0:fb8047b156bb | 7344 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7345 | |
| rahul_dahiya |
0:fb8047b156bb | 7346 | if( ssl->out_buf != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7347 | { |
| rahul_dahiya |
0:fb8047b156bb | 7348 | mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN ); |
| rahul_dahiya |
0:fb8047b156bb | 7349 | mbedtls_free( ssl->out_buf ); |
| rahul_dahiya |
0:fb8047b156bb | 7350 | } |
| rahul_dahiya |
0:fb8047b156bb | 7351 | |
| rahul_dahiya |
0:fb8047b156bb | 7352 | if( ssl->in_buf != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7353 | { |
| rahul_dahiya |
0:fb8047b156bb | 7354 | mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN ); |
| rahul_dahiya |
0:fb8047b156bb | 7355 | mbedtls_free( ssl->in_buf ); |
| rahul_dahiya |
0:fb8047b156bb | 7356 | } |
| rahul_dahiya |
0:fb8047b156bb | 7357 | |
| rahul_dahiya |
0:fb8047b156bb | 7358 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| rahul_dahiya |
0:fb8047b156bb | 7359 | if( ssl->compress_buf != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7360 | { |
| rahul_dahiya |
0:fb8047b156bb | 7361 | mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN ); |
| rahul_dahiya |
0:fb8047b156bb | 7362 | mbedtls_free( ssl->compress_buf ); |
| rahul_dahiya |
0:fb8047b156bb | 7363 | } |
| rahul_dahiya |
0:fb8047b156bb | 7364 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7365 | |
| rahul_dahiya |
0:fb8047b156bb | 7366 | if( ssl->transform ) |
| rahul_dahiya |
0:fb8047b156bb | 7367 | { |
| rahul_dahiya |
0:fb8047b156bb | 7368 | mbedtls_ssl_transform_free( ssl->transform ); |
| rahul_dahiya |
0:fb8047b156bb | 7369 | mbedtls_free( ssl->transform ); |
| rahul_dahiya |
0:fb8047b156bb | 7370 | } |
| rahul_dahiya |
0:fb8047b156bb | 7371 | |
| rahul_dahiya |
0:fb8047b156bb | 7372 | if( ssl->handshake ) |
| rahul_dahiya |
0:fb8047b156bb | 7373 | { |
| rahul_dahiya |
0:fb8047b156bb | 7374 | mbedtls_ssl_handshake_free( ssl->handshake ); |
| rahul_dahiya |
0:fb8047b156bb | 7375 | mbedtls_ssl_transform_free( ssl->transform_negotiate ); |
| rahul_dahiya |
0:fb8047b156bb | 7376 | mbedtls_ssl_session_free( ssl->session_negotiate ); |
| rahul_dahiya |
0:fb8047b156bb | 7377 | |
| rahul_dahiya |
0:fb8047b156bb | 7378 | mbedtls_free( ssl->handshake ); |
| rahul_dahiya |
0:fb8047b156bb | 7379 | mbedtls_free( ssl->transform_negotiate ); |
| rahul_dahiya |
0:fb8047b156bb | 7380 | mbedtls_free( ssl->session_negotiate ); |
| rahul_dahiya |
0:fb8047b156bb | 7381 | } |
| rahul_dahiya |
0:fb8047b156bb | 7382 | |
| rahul_dahiya |
0:fb8047b156bb | 7383 | if( ssl->session ) |
| rahul_dahiya |
0:fb8047b156bb | 7384 | { |
| rahul_dahiya |
0:fb8047b156bb | 7385 | mbedtls_ssl_session_free( ssl->session ); |
| rahul_dahiya |
0:fb8047b156bb | 7386 | mbedtls_free( ssl->session ); |
| rahul_dahiya |
0:fb8047b156bb | 7387 | } |
| rahul_dahiya |
0:fb8047b156bb | 7388 | |
| rahul_dahiya |
0:fb8047b156bb | 7389 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| rahul_dahiya |
0:fb8047b156bb | 7390 | if( ssl->hostname != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7391 | { |
| rahul_dahiya |
0:fb8047b156bb | 7392 | mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7393 | mbedtls_free( ssl->hostname ); |
| rahul_dahiya |
0:fb8047b156bb | 7394 | } |
| rahul_dahiya |
0:fb8047b156bb | 7395 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7396 | |
| rahul_dahiya |
0:fb8047b156bb | 7397 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
| rahul_dahiya |
0:fb8047b156bb | 7398 | if( mbedtls_ssl_hw_record_finish != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7399 | { |
| rahul_dahiya |
0:fb8047b156bb | 7400 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_finish()" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7401 | mbedtls_ssl_hw_record_finish( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 7402 | } |
| rahul_dahiya |
0:fb8047b156bb | 7403 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7404 | |
| rahul_dahiya |
0:fb8047b156bb | 7405 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 7406 | mbedtls_free( ssl->cli_id ); |
| rahul_dahiya |
0:fb8047b156bb | 7407 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7408 | |
| rahul_dahiya |
0:fb8047b156bb | 7409 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7410 | |
| rahul_dahiya |
0:fb8047b156bb | 7411 | /* Actually clear after last debug message */ |
| rahul_dahiya |
0:fb8047b156bb | 7412 | mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7413 | } |
| rahul_dahiya |
0:fb8047b156bb | 7414 | |
| rahul_dahiya |
0:fb8047b156bb | 7415 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7416 | * Initialze mbedtls_ssl_config |
| rahul_dahiya |
0:fb8047b156bb | 7417 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7418 | void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) |
| rahul_dahiya |
0:fb8047b156bb | 7419 | { |
| rahul_dahiya |
0:fb8047b156bb | 7420 | memset( conf, 0, sizeof( mbedtls_ssl_config ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7421 | } |
| rahul_dahiya |
0:fb8047b156bb | 7422 | |
| rahul_dahiya |
0:fb8047b156bb | 7423 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 7424 | static int ssl_preset_default_hashes[] = { |
| rahul_dahiya |
0:fb8047b156bb | 7425 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 7426 | MBEDTLS_MD_SHA512, |
| rahul_dahiya |
0:fb8047b156bb | 7427 | MBEDTLS_MD_SHA384, |
| rahul_dahiya |
0:fb8047b156bb | 7428 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7429 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 7430 | MBEDTLS_MD_SHA256, |
| rahul_dahiya |
0:fb8047b156bb | 7431 | MBEDTLS_MD_SHA224, |
| rahul_dahiya |
0:fb8047b156bb | 7432 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7433 | #if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE) |
| rahul_dahiya |
0:fb8047b156bb | 7434 | MBEDTLS_MD_SHA1, |
| rahul_dahiya |
0:fb8047b156bb | 7435 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7436 | MBEDTLS_MD_NONE |
| rahul_dahiya |
0:fb8047b156bb | 7437 | }; |
| rahul_dahiya |
0:fb8047b156bb | 7438 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7439 | |
| rahul_dahiya |
0:fb8047b156bb | 7440 | static int ssl_preset_suiteb_ciphersuites[] = { |
| rahul_dahiya |
0:fb8047b156bb | 7441 | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| rahul_dahiya |
0:fb8047b156bb | 7442 | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
| rahul_dahiya |
0:fb8047b156bb | 7443 | 0 |
| rahul_dahiya |
0:fb8047b156bb | 7444 | }; |
| rahul_dahiya |
0:fb8047b156bb | 7445 | |
| rahul_dahiya |
0:fb8047b156bb | 7446 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 7447 | static int ssl_preset_suiteb_hashes[] = { |
| rahul_dahiya |
0:fb8047b156bb | 7448 | MBEDTLS_MD_SHA256, |
| rahul_dahiya |
0:fb8047b156bb | 7449 | MBEDTLS_MD_SHA384, |
| rahul_dahiya |
0:fb8047b156bb | 7450 | MBEDTLS_MD_NONE |
| rahul_dahiya |
0:fb8047b156bb | 7451 | }; |
| rahul_dahiya |
0:fb8047b156bb | 7452 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7453 | |
| rahul_dahiya |
0:fb8047b156bb | 7454 | #if defined(MBEDTLS_ECP_C) |
| rahul_dahiya |
0:fb8047b156bb | 7455 | static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = { |
| rahul_dahiya |
0:fb8047b156bb | 7456 | MBEDTLS_ECP_DP_SECP256R1, |
| rahul_dahiya |
0:fb8047b156bb | 7457 | MBEDTLS_ECP_DP_SECP384R1, |
| rahul_dahiya |
0:fb8047b156bb | 7458 | MBEDTLS_ECP_DP_NONE |
| rahul_dahiya |
0:fb8047b156bb | 7459 | }; |
| rahul_dahiya |
0:fb8047b156bb | 7460 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7461 | |
| rahul_dahiya |
0:fb8047b156bb | 7462 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7463 | * Load default in mbedtls_ssl_config |
| rahul_dahiya |
0:fb8047b156bb | 7464 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7465 | int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, |
| rahul_dahiya |
0:fb8047b156bb | 7466 | int endpoint, int transport, int preset ) |
| rahul_dahiya |
0:fb8047b156bb | 7467 | { |
| rahul_dahiya |
0:fb8047b156bb | 7468 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 7469 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 7470 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7471 | |
| rahul_dahiya |
0:fb8047b156bb | 7472 | /* Use the functions here so that they are covered in tests, |
| rahul_dahiya |
0:fb8047b156bb | 7473 | * but otherwise access member directly for efficiency */ |
| rahul_dahiya |
0:fb8047b156bb | 7474 | mbedtls_ssl_conf_endpoint( conf, endpoint ); |
| rahul_dahiya |
0:fb8047b156bb | 7475 | mbedtls_ssl_conf_transport( conf, transport ); |
| rahul_dahiya |
0:fb8047b156bb | 7476 | |
| rahul_dahiya |
0:fb8047b156bb | 7477 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7478 | * Things that are common to all presets |
| rahul_dahiya |
0:fb8047b156bb | 7479 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7480 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 7481 | if( endpoint == MBEDTLS_SSL_IS_CLIENT ) |
| rahul_dahiya |
0:fb8047b156bb | 7482 | { |
| rahul_dahiya |
0:fb8047b156bb | 7483 | conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; |
| rahul_dahiya |
0:fb8047b156bb | 7484 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| rahul_dahiya |
0:fb8047b156bb | 7485 | conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED; |
| rahul_dahiya |
0:fb8047b156bb | 7486 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7487 | } |
| rahul_dahiya |
0:fb8047b156bb | 7488 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7489 | |
| rahul_dahiya |
0:fb8047b156bb | 7490 | #if defined(MBEDTLS_ARC4_C) |
| rahul_dahiya |
0:fb8047b156bb | 7491 | conf->arc4_disabled = MBEDTLS_SSL_ARC4_DISABLED; |
| rahul_dahiya |
0:fb8047b156bb | 7492 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7493 | |
| rahul_dahiya |
0:fb8047b156bb | 7494 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 7495 | conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; |
| rahul_dahiya |
0:fb8047b156bb | 7496 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7497 | |
| rahul_dahiya |
0:fb8047b156bb | 7498 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
| rahul_dahiya |
0:fb8047b156bb | 7499 | conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; |
| rahul_dahiya |
0:fb8047b156bb | 7500 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7501 | |
| rahul_dahiya |
0:fb8047b156bb | 7502 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
| rahul_dahiya |
0:fb8047b156bb | 7503 | conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED; |
| rahul_dahiya |
0:fb8047b156bb | 7504 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7505 | |
| rahul_dahiya |
0:fb8047b156bb | 7506 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 7507 | conf->f_cookie_write = ssl_cookie_write_dummy; |
| rahul_dahiya |
0:fb8047b156bb | 7508 | conf->f_cookie_check = ssl_cookie_check_dummy; |
| rahul_dahiya |
0:fb8047b156bb | 7509 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7510 | |
| rahul_dahiya |
0:fb8047b156bb | 7511 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| rahul_dahiya |
0:fb8047b156bb | 7512 | conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED; |
| rahul_dahiya |
0:fb8047b156bb | 7513 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7514 | |
| rahul_dahiya |
0:fb8047b156bb | 7515 | #if defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 7516 | conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; |
| rahul_dahiya |
0:fb8047b156bb | 7517 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7518 | |
| rahul_dahiya |
0:fb8047b156bb | 7519 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 7520 | conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN; |
| rahul_dahiya |
0:fb8047b156bb | 7521 | conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX; |
| rahul_dahiya |
0:fb8047b156bb | 7522 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7523 | |
| rahul_dahiya |
0:fb8047b156bb | 7524 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 7525 | conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; |
| rahul_dahiya |
0:fb8047b156bb | 7526 | memset( conf->renego_period, 0x00, 2 ); |
| rahul_dahiya |
0:fb8047b156bb | 7527 | memset( conf->renego_period + 2, 0xFF, 6 ); |
| rahul_dahiya |
0:fb8047b156bb | 7528 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7529 | |
| rahul_dahiya |
0:fb8047b156bb | 7530 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
| rahul_dahiya |
0:fb8047b156bb | 7531 | if( endpoint == MBEDTLS_SSL_IS_SERVER ) |
| rahul_dahiya |
0:fb8047b156bb | 7532 | { |
| rahul_dahiya |
0:fb8047b156bb | 7533 | if( ( ret = mbedtls_ssl_conf_dh_param( conf, |
| rahul_dahiya |
0:fb8047b156bb | 7534 | MBEDTLS_DHM_RFC5114_MODP_2048_P, |
| rahul_dahiya |
0:fb8047b156bb | 7535 | MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7536 | { |
| rahul_dahiya |
0:fb8047b156bb | 7537 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7538 | } |
| rahul_dahiya |
0:fb8047b156bb | 7539 | } |
| rahul_dahiya |
0:fb8047b156bb | 7540 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7541 | |
| rahul_dahiya |
0:fb8047b156bb | 7542 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7543 | * Preset-specific defaults |
| rahul_dahiya |
0:fb8047b156bb | 7544 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7545 | switch( preset ) |
| rahul_dahiya |
0:fb8047b156bb | 7546 | { |
| rahul_dahiya |
0:fb8047b156bb | 7547 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7548 | * NSA Suite B |
| rahul_dahiya |
0:fb8047b156bb | 7549 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7550 | case MBEDTLS_SSL_PRESET_SUITEB: |
| rahul_dahiya |
0:fb8047b156bb | 7551 | conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; |
| rahul_dahiya |
0:fb8047b156bb | 7552 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ |
| rahul_dahiya |
0:fb8047b156bb | 7553 | conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; |
| rahul_dahiya |
0:fb8047b156bb | 7554 | conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; |
| rahul_dahiya |
0:fb8047b156bb | 7555 | |
| rahul_dahiya |
0:fb8047b156bb | 7556 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = |
| rahul_dahiya |
0:fb8047b156bb | 7557 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = |
| rahul_dahiya |
0:fb8047b156bb | 7558 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = |
| rahul_dahiya |
0:fb8047b156bb | 7559 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = |
| rahul_dahiya |
0:fb8047b156bb | 7560 | ssl_preset_suiteb_ciphersuites; |
| rahul_dahiya |
0:fb8047b156bb | 7561 | |
| rahul_dahiya |
0:fb8047b156bb | 7562 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| rahul_dahiya |
0:fb8047b156bb | 7563 | conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; |
| rahul_dahiya |
0:fb8047b156bb | 7564 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7565 | |
| rahul_dahiya |
0:fb8047b156bb | 7566 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 7567 | conf->sig_hashes = ssl_preset_suiteb_hashes; |
| rahul_dahiya |
0:fb8047b156bb | 7568 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7569 | |
| rahul_dahiya |
0:fb8047b156bb | 7570 | #if defined(MBEDTLS_ECP_C) |
| rahul_dahiya |
0:fb8047b156bb | 7571 | conf->curve_list = ssl_preset_suiteb_curves; |
| rahul_dahiya |
0:fb8047b156bb | 7572 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7573 | break; |
| rahul_dahiya |
0:fb8047b156bb | 7574 | |
| rahul_dahiya |
0:fb8047b156bb | 7575 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7576 | * Default |
| rahul_dahiya |
0:fb8047b156bb | 7577 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7578 | default: |
| rahul_dahiya |
0:fb8047b156bb | 7579 | conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; |
| rahul_dahiya |
0:fb8047b156bb | 7580 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */ |
| rahul_dahiya |
0:fb8047b156bb | 7581 | conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; |
| rahul_dahiya |
0:fb8047b156bb | 7582 | conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; |
| rahul_dahiya |
0:fb8047b156bb | 7583 | |
| rahul_dahiya |
0:fb8047b156bb | 7584 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 7585 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 7586 | conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2; |
| rahul_dahiya |
0:fb8047b156bb | 7587 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7588 | |
| rahul_dahiya |
0:fb8047b156bb | 7589 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = |
| rahul_dahiya |
0:fb8047b156bb | 7590 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = |
| rahul_dahiya |
0:fb8047b156bb | 7591 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = |
| rahul_dahiya |
0:fb8047b156bb | 7592 | conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = |
| rahul_dahiya |
0:fb8047b156bb | 7593 | mbedtls_ssl_list_ciphersuites(); |
| rahul_dahiya |
0:fb8047b156bb | 7594 | |
| rahul_dahiya |
0:fb8047b156bb | 7595 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| rahul_dahiya |
0:fb8047b156bb | 7596 | conf->cert_profile = &mbedtls_x509_crt_profile_default; |
| rahul_dahiya |
0:fb8047b156bb | 7597 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7598 | |
| rahul_dahiya |
0:fb8047b156bb | 7599 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 7600 | conf->sig_hashes = ssl_preset_default_hashes; |
| rahul_dahiya |
0:fb8047b156bb | 7601 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7602 | |
| rahul_dahiya |
0:fb8047b156bb | 7603 | #if defined(MBEDTLS_ECP_C) |
| rahul_dahiya |
0:fb8047b156bb | 7604 | conf->curve_list = mbedtls_ecp_grp_id_list(); |
| rahul_dahiya |
0:fb8047b156bb | 7605 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7606 | |
| rahul_dahiya |
0:fb8047b156bb | 7607 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 7608 | conf->dhm_min_bitlen = 1024; |
| rahul_dahiya |
0:fb8047b156bb | 7609 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7610 | } |
| rahul_dahiya |
0:fb8047b156bb | 7611 | |
| rahul_dahiya |
0:fb8047b156bb | 7612 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 7613 | } |
| rahul_dahiya |
0:fb8047b156bb | 7614 | |
| rahul_dahiya |
0:fb8047b156bb | 7615 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7616 | * Free mbedtls_ssl_config |
| rahul_dahiya |
0:fb8047b156bb | 7617 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7618 | void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) |
| rahul_dahiya |
0:fb8047b156bb | 7619 | { |
| rahul_dahiya |
0:fb8047b156bb | 7620 | #if defined(MBEDTLS_DHM_C) |
| rahul_dahiya |
0:fb8047b156bb | 7621 | mbedtls_mpi_free( &conf->dhm_P ); |
| rahul_dahiya |
0:fb8047b156bb | 7622 | mbedtls_mpi_free( &conf->dhm_G ); |
| rahul_dahiya |
0:fb8047b156bb | 7623 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7624 | |
| rahul_dahiya |
0:fb8047b156bb | 7625 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 7626 | if( conf->psk != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7627 | { |
| rahul_dahiya |
0:fb8047b156bb | 7628 | mbedtls_zeroize( conf->psk, conf->psk_len ); |
| rahul_dahiya |
0:fb8047b156bb | 7629 | mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len ); |
| rahul_dahiya |
0:fb8047b156bb | 7630 | mbedtls_free( conf->psk ); |
| rahul_dahiya |
0:fb8047b156bb | 7631 | mbedtls_free( conf->psk_identity ); |
| rahul_dahiya |
0:fb8047b156bb | 7632 | conf->psk_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 7633 | conf->psk_identity_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 7634 | } |
| rahul_dahiya |
0:fb8047b156bb | 7635 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7636 | |
| rahul_dahiya |
0:fb8047b156bb | 7637 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| rahul_dahiya |
0:fb8047b156bb | 7638 | ssl_key_cert_free( conf->key_cert ); |
| rahul_dahiya |
0:fb8047b156bb | 7639 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7640 | |
| rahul_dahiya |
0:fb8047b156bb | 7641 | mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7642 | } |
| rahul_dahiya |
0:fb8047b156bb | 7643 | |
| rahul_dahiya |
0:fb8047b156bb | 7644 | #if defined(MBEDTLS_PK_C) && \ |
| rahul_dahiya |
0:fb8047b156bb | 7645 | ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) ) |
| rahul_dahiya |
0:fb8047b156bb | 7646 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7647 | * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX |
| rahul_dahiya |
0:fb8047b156bb | 7648 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7649 | unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ) |
| rahul_dahiya |
0:fb8047b156bb | 7650 | { |
| rahul_dahiya |
0:fb8047b156bb | 7651 | #if defined(MBEDTLS_RSA_C) |
| rahul_dahiya |
0:fb8047b156bb | 7652 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) ) |
| rahul_dahiya |
0:fb8047b156bb | 7653 | return( MBEDTLS_SSL_SIG_RSA ); |
| rahul_dahiya |
0:fb8047b156bb | 7654 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7655 | #if defined(MBEDTLS_ECDSA_C) |
| rahul_dahiya |
0:fb8047b156bb | 7656 | if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) ) |
| rahul_dahiya |
0:fb8047b156bb | 7657 | return( MBEDTLS_SSL_SIG_ECDSA ); |
| rahul_dahiya |
0:fb8047b156bb | 7658 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7659 | return( MBEDTLS_SSL_SIG_ANON ); |
| rahul_dahiya |
0:fb8047b156bb | 7660 | } |
| rahul_dahiya |
0:fb8047b156bb | 7661 | |
| rahul_dahiya |
0:fb8047b156bb | 7662 | unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type ) |
| rahul_dahiya |
0:fb8047b156bb | 7663 | { |
| rahul_dahiya |
0:fb8047b156bb | 7664 | switch( type ) { |
| rahul_dahiya |
0:fb8047b156bb | 7665 | case MBEDTLS_PK_RSA: |
| rahul_dahiya |
0:fb8047b156bb | 7666 | return( MBEDTLS_SSL_SIG_RSA ); |
| rahul_dahiya |
0:fb8047b156bb | 7667 | case MBEDTLS_PK_ECDSA: |
| rahul_dahiya |
0:fb8047b156bb | 7668 | case MBEDTLS_PK_ECKEY: |
| rahul_dahiya |
0:fb8047b156bb | 7669 | return( MBEDTLS_SSL_SIG_ECDSA ); |
| rahul_dahiya |
0:fb8047b156bb | 7670 | default: |
| rahul_dahiya |
0:fb8047b156bb | 7671 | return( MBEDTLS_SSL_SIG_ANON ); |
| rahul_dahiya |
0:fb8047b156bb | 7672 | } |
| rahul_dahiya |
0:fb8047b156bb | 7673 | } |
| rahul_dahiya |
0:fb8047b156bb | 7674 | |
| rahul_dahiya |
0:fb8047b156bb | 7675 | mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ) |
| rahul_dahiya |
0:fb8047b156bb | 7676 | { |
| rahul_dahiya |
0:fb8047b156bb | 7677 | switch( sig ) |
| rahul_dahiya |
0:fb8047b156bb | 7678 | { |
| rahul_dahiya |
0:fb8047b156bb | 7679 | #if defined(MBEDTLS_RSA_C) |
| rahul_dahiya |
0:fb8047b156bb | 7680 | case MBEDTLS_SSL_SIG_RSA: |
| rahul_dahiya |
0:fb8047b156bb | 7681 | return( MBEDTLS_PK_RSA ); |
| rahul_dahiya |
0:fb8047b156bb | 7682 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7683 | #if defined(MBEDTLS_ECDSA_C) |
| rahul_dahiya |
0:fb8047b156bb | 7684 | case MBEDTLS_SSL_SIG_ECDSA: |
| rahul_dahiya |
0:fb8047b156bb | 7685 | return( MBEDTLS_PK_ECDSA ); |
| rahul_dahiya |
0:fb8047b156bb | 7686 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7687 | default: |
| rahul_dahiya |
0:fb8047b156bb | 7688 | return( MBEDTLS_PK_NONE ); |
| rahul_dahiya |
0:fb8047b156bb | 7689 | } |
| rahul_dahiya |
0:fb8047b156bb | 7690 | } |
| rahul_dahiya |
0:fb8047b156bb | 7691 | #endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */ |
| rahul_dahiya |
0:fb8047b156bb | 7692 | |
| rahul_dahiya |
0:fb8047b156bb | 7693 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ |
| rahul_dahiya |
0:fb8047b156bb | 7694 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 7695 | |
| rahul_dahiya |
0:fb8047b156bb | 7696 | /* Find an entry in a signature-hash set matching a given hash algorithm. */ |
| rahul_dahiya |
0:fb8047b156bb | 7697 | mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, |
| rahul_dahiya |
0:fb8047b156bb | 7698 | mbedtls_pk_type_t sig_alg ) |
| rahul_dahiya |
0:fb8047b156bb | 7699 | { |
| rahul_dahiya |
0:fb8047b156bb | 7700 | switch( sig_alg ) |
| rahul_dahiya |
0:fb8047b156bb | 7701 | { |
| rahul_dahiya |
0:fb8047b156bb | 7702 | case MBEDTLS_PK_RSA: |
| rahul_dahiya |
0:fb8047b156bb | 7703 | return( set->rsa ); |
| rahul_dahiya |
0:fb8047b156bb | 7704 | case MBEDTLS_PK_ECDSA: |
| rahul_dahiya |
0:fb8047b156bb | 7705 | return( set->ecdsa ); |
| rahul_dahiya |
0:fb8047b156bb | 7706 | default: |
| rahul_dahiya |
0:fb8047b156bb | 7707 | return( MBEDTLS_MD_NONE ); |
| rahul_dahiya |
0:fb8047b156bb | 7708 | } |
| rahul_dahiya |
0:fb8047b156bb | 7709 | } |
| rahul_dahiya |
0:fb8047b156bb | 7710 | |
| rahul_dahiya |
0:fb8047b156bb | 7711 | /* Add a signature-hash-pair to a signature-hash set */ |
| rahul_dahiya |
0:fb8047b156bb | 7712 | void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, |
| rahul_dahiya |
0:fb8047b156bb | 7713 | mbedtls_pk_type_t sig_alg, |
| rahul_dahiya |
0:fb8047b156bb | 7714 | mbedtls_md_type_t md_alg ) |
| rahul_dahiya |
0:fb8047b156bb | 7715 | { |
| rahul_dahiya |
0:fb8047b156bb | 7716 | switch( sig_alg ) |
| rahul_dahiya |
0:fb8047b156bb | 7717 | { |
| rahul_dahiya |
0:fb8047b156bb | 7718 | case MBEDTLS_PK_RSA: |
| rahul_dahiya |
0:fb8047b156bb | 7719 | if( set->rsa == MBEDTLS_MD_NONE ) |
| rahul_dahiya |
0:fb8047b156bb | 7720 | set->rsa = md_alg; |
| rahul_dahiya |
0:fb8047b156bb | 7721 | break; |
| rahul_dahiya |
0:fb8047b156bb | 7722 | |
| rahul_dahiya |
0:fb8047b156bb | 7723 | case MBEDTLS_PK_ECDSA: |
| rahul_dahiya |
0:fb8047b156bb | 7724 | if( set->ecdsa == MBEDTLS_MD_NONE ) |
| rahul_dahiya |
0:fb8047b156bb | 7725 | set->ecdsa = md_alg; |
| rahul_dahiya |
0:fb8047b156bb | 7726 | break; |
| rahul_dahiya |
0:fb8047b156bb | 7727 | |
| rahul_dahiya |
0:fb8047b156bb | 7728 | default: |
| rahul_dahiya |
0:fb8047b156bb | 7729 | break; |
| rahul_dahiya |
0:fb8047b156bb | 7730 | } |
| rahul_dahiya |
0:fb8047b156bb | 7731 | } |
| rahul_dahiya |
0:fb8047b156bb | 7732 | |
| rahul_dahiya |
0:fb8047b156bb | 7733 | /* Allow exactly one hash algorithm for each signature. */ |
| rahul_dahiya |
0:fb8047b156bb | 7734 | void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, |
| rahul_dahiya |
0:fb8047b156bb | 7735 | mbedtls_md_type_t md_alg ) |
| rahul_dahiya |
0:fb8047b156bb | 7736 | { |
| rahul_dahiya |
0:fb8047b156bb | 7737 | set->rsa = md_alg; |
| rahul_dahiya |
0:fb8047b156bb | 7738 | set->ecdsa = md_alg; |
| rahul_dahiya |
0:fb8047b156bb | 7739 | } |
| rahul_dahiya |
0:fb8047b156bb | 7740 | |
| rahul_dahiya |
0:fb8047b156bb | 7741 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2) && |
| rahul_dahiya |
0:fb8047b156bb | 7742 | MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 7743 | |
| rahul_dahiya |
0:fb8047b156bb | 7744 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7745 | * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX |
| rahul_dahiya |
0:fb8047b156bb | 7746 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7747 | mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ) |
| rahul_dahiya |
0:fb8047b156bb | 7748 | { |
| rahul_dahiya |
0:fb8047b156bb | 7749 | switch( hash ) |
| rahul_dahiya |
0:fb8047b156bb | 7750 | { |
| rahul_dahiya |
0:fb8047b156bb | 7751 | #if defined(MBEDTLS_MD5_C) |
| rahul_dahiya |
0:fb8047b156bb | 7752 | case MBEDTLS_SSL_HASH_MD5: |
| rahul_dahiya |
0:fb8047b156bb | 7753 | return( MBEDTLS_MD_MD5 ); |
| rahul_dahiya |
0:fb8047b156bb | 7754 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7755 | #if defined(MBEDTLS_SHA1_C) |
| rahul_dahiya |
0:fb8047b156bb | 7756 | case MBEDTLS_SSL_HASH_SHA1: |
| rahul_dahiya |
0:fb8047b156bb | 7757 | return( MBEDTLS_MD_SHA1 ); |
| rahul_dahiya |
0:fb8047b156bb | 7758 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7759 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 7760 | case MBEDTLS_SSL_HASH_SHA224: |
| rahul_dahiya |
0:fb8047b156bb | 7761 | return( MBEDTLS_MD_SHA224 ); |
| rahul_dahiya |
0:fb8047b156bb | 7762 | case MBEDTLS_SSL_HASH_SHA256: |
| rahul_dahiya |
0:fb8047b156bb | 7763 | return( MBEDTLS_MD_SHA256 ); |
| rahul_dahiya |
0:fb8047b156bb | 7764 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7765 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 7766 | case MBEDTLS_SSL_HASH_SHA384: |
| rahul_dahiya |
0:fb8047b156bb | 7767 | return( MBEDTLS_MD_SHA384 ); |
| rahul_dahiya |
0:fb8047b156bb | 7768 | case MBEDTLS_SSL_HASH_SHA512: |
| rahul_dahiya |
0:fb8047b156bb | 7769 | return( MBEDTLS_MD_SHA512 ); |
| rahul_dahiya |
0:fb8047b156bb | 7770 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7771 | default: |
| rahul_dahiya |
0:fb8047b156bb | 7772 | return( MBEDTLS_MD_NONE ); |
| rahul_dahiya |
0:fb8047b156bb | 7773 | } |
| rahul_dahiya |
0:fb8047b156bb | 7774 | } |
| rahul_dahiya |
0:fb8047b156bb | 7775 | |
| rahul_dahiya |
0:fb8047b156bb | 7776 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7777 | * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX |
| rahul_dahiya |
0:fb8047b156bb | 7778 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7779 | unsigned char mbedtls_ssl_hash_from_md_alg( int md ) |
| rahul_dahiya |
0:fb8047b156bb | 7780 | { |
| rahul_dahiya |
0:fb8047b156bb | 7781 | switch( md ) |
| rahul_dahiya |
0:fb8047b156bb | 7782 | { |
| rahul_dahiya |
0:fb8047b156bb | 7783 | #if defined(MBEDTLS_MD5_C) |
| rahul_dahiya |
0:fb8047b156bb | 7784 | case MBEDTLS_MD_MD5: |
| rahul_dahiya |
0:fb8047b156bb | 7785 | return( MBEDTLS_SSL_HASH_MD5 ); |
| rahul_dahiya |
0:fb8047b156bb | 7786 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7787 | #if defined(MBEDTLS_SHA1_C) |
| rahul_dahiya |
0:fb8047b156bb | 7788 | case MBEDTLS_MD_SHA1: |
| rahul_dahiya |
0:fb8047b156bb | 7789 | return( MBEDTLS_SSL_HASH_SHA1 ); |
| rahul_dahiya |
0:fb8047b156bb | 7790 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7791 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 7792 | case MBEDTLS_MD_SHA224: |
| rahul_dahiya |
0:fb8047b156bb | 7793 | return( MBEDTLS_SSL_HASH_SHA224 ); |
| rahul_dahiya |
0:fb8047b156bb | 7794 | case MBEDTLS_MD_SHA256: |
| rahul_dahiya |
0:fb8047b156bb | 7795 | return( MBEDTLS_SSL_HASH_SHA256 ); |
| rahul_dahiya |
0:fb8047b156bb | 7796 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7797 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 7798 | case MBEDTLS_MD_SHA384: |
| rahul_dahiya |
0:fb8047b156bb | 7799 | return( MBEDTLS_SSL_HASH_SHA384 ); |
| rahul_dahiya |
0:fb8047b156bb | 7800 | case MBEDTLS_MD_SHA512: |
| rahul_dahiya |
0:fb8047b156bb | 7801 | return( MBEDTLS_SSL_HASH_SHA512 ); |
| rahul_dahiya |
0:fb8047b156bb | 7802 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7803 | default: |
| rahul_dahiya |
0:fb8047b156bb | 7804 | return( MBEDTLS_SSL_HASH_NONE ); |
| rahul_dahiya |
0:fb8047b156bb | 7805 | } |
| rahul_dahiya |
0:fb8047b156bb | 7806 | } |
| rahul_dahiya |
0:fb8047b156bb | 7807 | |
| rahul_dahiya |
0:fb8047b156bb | 7808 | #if defined(MBEDTLS_ECP_C) |
| rahul_dahiya |
0:fb8047b156bb | 7809 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7810 | * Check if a curve proposed by the peer is in our list. |
| rahul_dahiya |
0:fb8047b156bb | 7811 | * Return 0 if we're willing to use it, -1 otherwise. |
| rahul_dahiya |
0:fb8047b156bb | 7812 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7813 | int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ) |
| rahul_dahiya |
0:fb8047b156bb | 7814 | { |
| rahul_dahiya |
0:fb8047b156bb | 7815 | const mbedtls_ecp_group_id *gid; |
| rahul_dahiya |
0:fb8047b156bb | 7816 | |
| rahul_dahiya |
0:fb8047b156bb | 7817 | if( ssl->conf->curve_list == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7818 | return( -1 ); |
| rahul_dahiya |
0:fb8047b156bb | 7819 | |
| rahul_dahiya |
0:fb8047b156bb | 7820 | for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) |
| rahul_dahiya |
0:fb8047b156bb | 7821 | if( *gid == grp_id ) |
| rahul_dahiya |
0:fb8047b156bb | 7822 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 7823 | |
| rahul_dahiya |
0:fb8047b156bb | 7824 | return( -1 ); |
| rahul_dahiya |
0:fb8047b156bb | 7825 | } |
| rahul_dahiya |
0:fb8047b156bb | 7826 | #endif /* MBEDTLS_ECP_C */ |
| rahul_dahiya |
0:fb8047b156bb | 7827 | |
| rahul_dahiya |
0:fb8047b156bb | 7828 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 7829 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7830 | * Check if a hash proposed by the peer is in our list. |
| rahul_dahiya |
0:fb8047b156bb | 7831 | * Return 0 if we're willing to use it, -1 otherwise. |
| rahul_dahiya |
0:fb8047b156bb | 7832 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7833 | int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 7834 | mbedtls_md_type_t md ) |
| rahul_dahiya |
0:fb8047b156bb | 7835 | { |
| rahul_dahiya |
0:fb8047b156bb | 7836 | const int *cur; |
| rahul_dahiya |
0:fb8047b156bb | 7837 | |
| rahul_dahiya |
0:fb8047b156bb | 7838 | if( ssl->conf->sig_hashes == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 7839 | return( -1 ); |
| rahul_dahiya |
0:fb8047b156bb | 7840 | |
| rahul_dahiya |
0:fb8047b156bb | 7841 | for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) |
| rahul_dahiya |
0:fb8047b156bb | 7842 | if( *cur == (int) md ) |
| rahul_dahiya |
0:fb8047b156bb | 7843 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 7844 | |
| rahul_dahiya |
0:fb8047b156bb | 7845 | return( -1 ); |
| rahul_dahiya |
0:fb8047b156bb | 7846 | } |
| rahul_dahiya |
0:fb8047b156bb | 7847 | #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 7848 | |
| rahul_dahiya |
0:fb8047b156bb | 7849 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| rahul_dahiya |
0:fb8047b156bb | 7850 | int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, |
| rahul_dahiya |
0:fb8047b156bb | 7851 | const mbedtls_ssl_ciphersuite_t *ciphersuite, |
| rahul_dahiya |
0:fb8047b156bb | 7852 | int cert_endpoint, |
| rahul_dahiya |
0:fb8047b156bb | 7853 | uint32_t *flags ) |
| rahul_dahiya |
0:fb8047b156bb | 7854 | { |
| rahul_dahiya |
0:fb8047b156bb | 7855 | int ret = 0; |
| rahul_dahiya |
0:fb8047b156bb | 7856 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) |
| rahul_dahiya |
0:fb8047b156bb | 7857 | int usage = 0; |
| rahul_dahiya |
0:fb8047b156bb | 7858 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7859 | #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
| rahul_dahiya |
0:fb8047b156bb | 7860 | const char *ext_oid; |
| rahul_dahiya |
0:fb8047b156bb | 7861 | size_t ext_len; |
| rahul_dahiya |
0:fb8047b156bb | 7862 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7863 | |
| rahul_dahiya |
0:fb8047b156bb | 7864 | #if !defined(MBEDTLS_X509_CHECK_KEY_USAGE) && \ |
| rahul_dahiya |
0:fb8047b156bb | 7865 | !defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
| rahul_dahiya |
0:fb8047b156bb | 7866 | ((void) cert); |
| rahul_dahiya |
0:fb8047b156bb | 7867 | ((void) cert_endpoint); |
| rahul_dahiya |
0:fb8047b156bb | 7868 | ((void) flags); |
| rahul_dahiya |
0:fb8047b156bb | 7869 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7870 | |
| rahul_dahiya |
0:fb8047b156bb | 7871 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) |
| rahul_dahiya |
0:fb8047b156bb | 7872 | if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) |
| rahul_dahiya |
0:fb8047b156bb | 7873 | { |
| rahul_dahiya |
0:fb8047b156bb | 7874 | /* Server part of the key exchange */ |
| rahul_dahiya |
0:fb8047b156bb | 7875 | switch( ciphersuite->key_exchange ) |
| rahul_dahiya |
0:fb8047b156bb | 7876 | { |
| rahul_dahiya |
0:fb8047b156bb | 7877 | case MBEDTLS_KEY_EXCHANGE_RSA: |
| rahul_dahiya |
0:fb8047b156bb | 7878 | case MBEDTLS_KEY_EXCHANGE_RSA_PSK: |
| rahul_dahiya |
0:fb8047b156bb | 7879 | usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; |
| rahul_dahiya |
0:fb8047b156bb | 7880 | break; |
| rahul_dahiya |
0:fb8047b156bb | 7881 | |
| rahul_dahiya |
0:fb8047b156bb | 7882 | case MBEDTLS_KEY_EXCHANGE_DHE_RSA: |
| rahul_dahiya |
0:fb8047b156bb | 7883 | case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: |
| rahul_dahiya |
0:fb8047b156bb | 7884 | case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: |
| rahul_dahiya |
0:fb8047b156bb | 7885 | usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; |
| rahul_dahiya |
0:fb8047b156bb | 7886 | break; |
| rahul_dahiya |
0:fb8047b156bb | 7887 | |
| rahul_dahiya |
0:fb8047b156bb | 7888 | case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: |
| rahul_dahiya |
0:fb8047b156bb | 7889 | case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: |
| rahul_dahiya |
0:fb8047b156bb | 7890 | usage = MBEDTLS_X509_KU_KEY_AGREEMENT; |
| rahul_dahiya |
0:fb8047b156bb | 7891 | break; |
| rahul_dahiya |
0:fb8047b156bb | 7892 | |
| rahul_dahiya |
0:fb8047b156bb | 7893 | /* Don't use default: we want warnings when adding new values */ |
| rahul_dahiya |
0:fb8047b156bb | 7894 | case MBEDTLS_KEY_EXCHANGE_NONE: |
| rahul_dahiya |
0:fb8047b156bb | 7895 | case MBEDTLS_KEY_EXCHANGE_PSK: |
| rahul_dahiya |
0:fb8047b156bb | 7896 | case MBEDTLS_KEY_EXCHANGE_DHE_PSK: |
| rahul_dahiya |
0:fb8047b156bb | 7897 | case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: |
| rahul_dahiya |
0:fb8047b156bb | 7898 | case MBEDTLS_KEY_EXCHANGE_ECJPAKE: |
| rahul_dahiya |
0:fb8047b156bb | 7899 | usage = 0; |
| rahul_dahiya |
0:fb8047b156bb | 7900 | } |
| rahul_dahiya |
0:fb8047b156bb | 7901 | } |
| rahul_dahiya |
0:fb8047b156bb | 7902 | else |
| rahul_dahiya |
0:fb8047b156bb | 7903 | { |
| rahul_dahiya |
0:fb8047b156bb | 7904 | /* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */ |
| rahul_dahiya |
0:fb8047b156bb | 7905 | usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; |
| rahul_dahiya |
0:fb8047b156bb | 7906 | } |
| rahul_dahiya |
0:fb8047b156bb | 7907 | |
| rahul_dahiya |
0:fb8047b156bb | 7908 | if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7909 | { |
| rahul_dahiya |
0:fb8047b156bb | 7910 | *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE; |
| rahul_dahiya |
0:fb8047b156bb | 7911 | ret = -1; |
| rahul_dahiya |
0:fb8047b156bb | 7912 | } |
| rahul_dahiya |
0:fb8047b156bb | 7913 | #else |
| rahul_dahiya |
0:fb8047b156bb | 7914 | ((void) ciphersuite); |
| rahul_dahiya |
0:fb8047b156bb | 7915 | #endif /* MBEDTLS_X509_CHECK_KEY_USAGE */ |
| rahul_dahiya |
0:fb8047b156bb | 7916 | |
| rahul_dahiya |
0:fb8047b156bb | 7917 | #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) |
| rahul_dahiya |
0:fb8047b156bb | 7918 | if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) |
| rahul_dahiya |
0:fb8047b156bb | 7919 | { |
| rahul_dahiya |
0:fb8047b156bb | 7920 | ext_oid = MBEDTLS_OID_SERVER_AUTH; |
| rahul_dahiya |
0:fb8047b156bb | 7921 | ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH ); |
| rahul_dahiya |
0:fb8047b156bb | 7922 | } |
| rahul_dahiya |
0:fb8047b156bb | 7923 | else |
| rahul_dahiya |
0:fb8047b156bb | 7924 | { |
| rahul_dahiya |
0:fb8047b156bb | 7925 | ext_oid = MBEDTLS_OID_CLIENT_AUTH; |
| rahul_dahiya |
0:fb8047b156bb | 7926 | ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH ); |
| rahul_dahiya |
0:fb8047b156bb | 7927 | } |
| rahul_dahiya |
0:fb8047b156bb | 7928 | |
| rahul_dahiya |
0:fb8047b156bb | 7929 | if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 7930 | { |
| rahul_dahiya |
0:fb8047b156bb | 7931 | *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE; |
| rahul_dahiya |
0:fb8047b156bb | 7932 | ret = -1; |
| rahul_dahiya |
0:fb8047b156bb | 7933 | } |
| rahul_dahiya |
0:fb8047b156bb | 7934 | #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ |
| rahul_dahiya |
0:fb8047b156bb | 7935 | |
| rahul_dahiya |
0:fb8047b156bb | 7936 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 7937 | } |
| rahul_dahiya |
0:fb8047b156bb | 7938 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| rahul_dahiya |
0:fb8047b156bb | 7939 | |
| rahul_dahiya |
0:fb8047b156bb | 7940 | /* |
| rahul_dahiya |
0:fb8047b156bb | 7941 | * Convert version numbers to/from wire format |
| rahul_dahiya |
0:fb8047b156bb | 7942 | * and, for DTLS, to/from TLS equivalent. |
| rahul_dahiya |
0:fb8047b156bb | 7943 | * |
| rahul_dahiya |
0:fb8047b156bb | 7944 | * For TLS this is the identity. |
| rahul_dahiya |
0:fb8047b156bb | 7945 | * For DTLS, use 1's complement (v -> 255 - v, and then map as follows: |
| rahul_dahiya |
0:fb8047b156bb | 7946 | * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) |
| rahul_dahiya |
0:fb8047b156bb | 7947 | * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) |
| rahul_dahiya |
0:fb8047b156bb | 7948 | */ |
| rahul_dahiya |
0:fb8047b156bb | 7949 | void mbedtls_ssl_write_version( int major, int minor, int transport, |
| rahul_dahiya |
0:fb8047b156bb | 7950 | unsigned char ver[2] ) |
| rahul_dahiya |
0:fb8047b156bb | 7951 | { |
| rahul_dahiya |
0:fb8047b156bb | 7952 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 7953 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 7954 | { |
| rahul_dahiya |
0:fb8047b156bb | 7955 | if( minor == MBEDTLS_SSL_MINOR_VERSION_2 ) |
| rahul_dahiya |
0:fb8047b156bb | 7956 | --minor; /* DTLS 1.0 stored as TLS 1.1 internally */ |
| rahul_dahiya |
0:fb8047b156bb | 7957 | |
| rahul_dahiya |
0:fb8047b156bb | 7958 | ver[0] = (unsigned char)( 255 - ( major - 2 ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7959 | ver[1] = (unsigned char)( 255 - ( minor - 1 ) ); |
| rahul_dahiya |
0:fb8047b156bb | 7960 | } |
| rahul_dahiya |
0:fb8047b156bb | 7961 | else |
| rahul_dahiya |
0:fb8047b156bb | 7962 | #else |
| rahul_dahiya |
0:fb8047b156bb | 7963 | ((void) transport); |
| rahul_dahiya |
0:fb8047b156bb | 7964 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7965 | { |
| rahul_dahiya |
0:fb8047b156bb | 7966 | ver[0] = (unsigned char) major; |
| rahul_dahiya |
0:fb8047b156bb | 7967 | ver[1] = (unsigned char) minor; |
| rahul_dahiya |
0:fb8047b156bb | 7968 | } |
| rahul_dahiya |
0:fb8047b156bb | 7969 | } |
| rahul_dahiya |
0:fb8047b156bb | 7970 | |
| rahul_dahiya |
0:fb8047b156bb | 7971 | void mbedtls_ssl_read_version( int *major, int *minor, int transport, |
| rahul_dahiya |
0:fb8047b156bb | 7972 | const unsigned char ver[2] ) |
| rahul_dahiya |
0:fb8047b156bb | 7973 | { |
| rahul_dahiya |
0:fb8047b156bb | 7974 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 7975 | if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 7976 | { |
| rahul_dahiya |
0:fb8047b156bb | 7977 | *major = 255 - ver[0] + 2; |
| rahul_dahiya |
0:fb8047b156bb | 7978 | *minor = 255 - ver[1] + 1; |
| rahul_dahiya |
0:fb8047b156bb | 7979 | |
| rahul_dahiya |
0:fb8047b156bb | 7980 | if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 ) |
| rahul_dahiya |
0:fb8047b156bb | 7981 | ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */ |
| rahul_dahiya |
0:fb8047b156bb | 7982 | } |
| rahul_dahiya |
0:fb8047b156bb | 7983 | else |
| rahul_dahiya |
0:fb8047b156bb | 7984 | #else |
| rahul_dahiya |
0:fb8047b156bb | 7985 | ((void) transport); |
| rahul_dahiya |
0:fb8047b156bb | 7986 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 7987 | { |
| rahul_dahiya |
0:fb8047b156bb | 7988 | *major = ver[0]; |
| rahul_dahiya |
0:fb8047b156bb | 7989 | *minor = ver[1]; |
| rahul_dahiya |
0:fb8047b156bb | 7990 | } |
| rahul_dahiya |
0:fb8047b156bb | 7991 | } |
| rahul_dahiya |
0:fb8047b156bb | 7992 | |
| rahul_dahiya |
0:fb8047b156bb | 7993 | int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) |
| rahul_dahiya |
0:fb8047b156bb | 7994 | { |
| rahul_dahiya |
0:fb8047b156bb | 7995 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 7996 | if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 7997 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
| rahul_dahiya |
0:fb8047b156bb | 7998 | |
| rahul_dahiya |
0:fb8047b156bb | 7999 | switch( md ) |
| rahul_dahiya |
0:fb8047b156bb | 8000 | { |
| rahul_dahiya |
0:fb8047b156bb | 8001 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 8002 | #if defined(MBEDTLS_MD5_C) |
| rahul_dahiya |
0:fb8047b156bb | 8003 | case MBEDTLS_SSL_HASH_MD5: |
| rahul_dahiya |
0:fb8047b156bb | 8004 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
| rahul_dahiya |
0:fb8047b156bb | 8005 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 8006 | #if defined(MBEDTLS_SHA1_C) |
| rahul_dahiya |
0:fb8047b156bb | 8007 | case MBEDTLS_SSL_HASH_SHA1: |
| rahul_dahiya |
0:fb8047b156bb | 8008 | ssl->handshake->calc_verify = ssl_calc_verify_tls; |
| rahul_dahiya |
0:fb8047b156bb | 8009 | break; |
| rahul_dahiya |
0:fb8047b156bb | 8010 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 8011 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ |
| rahul_dahiya |
0:fb8047b156bb | 8012 | #if defined(MBEDTLS_SHA512_C) |
| rahul_dahiya |
0:fb8047b156bb | 8013 | case MBEDTLS_SSL_HASH_SHA384: |
| rahul_dahiya |
0:fb8047b156bb | 8014 | ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384; |
| rahul_dahiya |
0:fb8047b156bb | 8015 | break; |
| rahul_dahiya |
0:fb8047b156bb | 8016 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 8017 | #if defined(MBEDTLS_SHA256_C) |
| rahul_dahiya |
0:fb8047b156bb | 8018 | case MBEDTLS_SSL_HASH_SHA256: |
| rahul_dahiya |
0:fb8047b156bb | 8019 | ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256; |
| rahul_dahiya |
0:fb8047b156bb | 8020 | break; |
| rahul_dahiya |
0:fb8047b156bb | 8021 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 8022 | default: |
| rahul_dahiya |
0:fb8047b156bb | 8023 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
| rahul_dahiya |
0:fb8047b156bb | 8024 | } |
| rahul_dahiya |
0:fb8047b156bb | 8025 | |
| rahul_dahiya |
0:fb8047b156bb | 8026 | return 0; |
| rahul_dahiya |
0:fb8047b156bb | 8027 | #else /* !MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 8028 | (void) ssl; |
| rahul_dahiya |
0:fb8047b156bb | 8029 | (void) md; |
| rahul_dahiya |
0:fb8047b156bb | 8030 | |
| rahul_dahiya |
0:fb8047b156bb | 8031 | return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; |
| rahul_dahiya |
0:fb8047b156bb | 8032 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 8033 | } |
| rahul_dahiya |
0:fb8047b156bb | 8034 | |
| rahul_dahiya |
0:fb8047b156bb | 8035 | #endif /* MBEDTLS_SSL_TLS_C */ |