00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034 #include "polarssl/config.h"
00035
00036 #if defined(POLARSSL_SSL_TLS_C)
00037
00038 #include "polarssl/debug.h"
00039 #include "polarssl/ssl.h"
00040
00041 #if defined(POLARSSL_MEMORY_C)
00042 #include "polarssl/memory.h"
00043 #else
00044 #define polarssl_malloc malloc
00045 #define polarssl_free free
00046 #endif
00047
00048 #include <stdlib.h>
00049
00050 #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
00051 !defined(EFI32)
00052 #define strcasecmp _stricmp
00053 #endif
00054
00055 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
00056
00057
00058
00059
00060
00061
00062
00063
00064 static unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] =
00065 {
00066 SSL_MAX_CONTENT_LEN,
00067 512,
00068 1024,
00069 2048,
00070 4096,
00071 };
00072 #endif
00073
00074 static int ssl_session_copy( ssl_session *dst, const ssl_session *src )
00075 {
00076 ssl_session_free( dst );
00077 memcpy( dst, src, sizeof( ssl_session ) );
00078
00079 #if defined(POLARSSL_X509_CRT_PARSE_C)
00080 if( src->peer_cert != NULL )
00081 {
00082 int ret;
00083
00084 dst->peer_cert = (x509_crt *) polarssl_malloc( sizeof(x509_crt) );
00085 if( dst->peer_cert == NULL )
00086 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
00087
00088 x509_crt_init( dst->peer_cert );
00089
00090 if( ( ret = x509_crt_parse( dst->peer_cert, src->peer_cert->raw.p,
00091 src->peer_cert->raw.len ) != 0 ) )
00092 {
00093 polarssl_free( dst->peer_cert );
00094 dst->peer_cert = NULL;
00095 return( ret );
00096 }
00097 }
00098 #endif
00099
00100 #if defined(POLARSSL_SSL_SESSION_TICKETS)
00101 if( src->ticket != NULL )
00102 {
00103 dst->ticket = (unsigned char *) polarssl_malloc( src->ticket_len );
00104 if( dst->ticket == NULL )
00105 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
00106
00107 memcpy( dst->ticket, src->ticket, src->ticket_len );
00108 }
00109 #endif
00110
00111 return( 0 );
00112 }
00113
00114 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
00115 int (*ssl_hw_record_init)(ssl_context *ssl,
00116 const unsigned char *key_enc, const unsigned char *key_dec,
00117 size_t keylen,
00118 const unsigned char *iv_enc, const unsigned char *iv_dec,
00119 size_t ivlen,
00120 const unsigned char *mac_enc, const unsigned char *mac_dec,
00121 size_t maclen) = NULL;
00122 int (*ssl_hw_record_activate)(ssl_context *ssl, int direction) = NULL;
00123 int (*ssl_hw_record_reset)(ssl_context *ssl) = NULL;
00124 int (*ssl_hw_record_write)(ssl_context *ssl) = NULL;
00125 int (*ssl_hw_record_read)(ssl_context *ssl) = NULL;
00126 int (*ssl_hw_record_finish)(ssl_context *ssl) = NULL;
00127 #endif
00128
00129
00130
00131
00132 #if defined(POLARSSL_SSL_PROTO_SSL3)
00133 static int ssl3_prf( const unsigned char *secret, size_t slen,
00134 const char *label,
00135 const unsigned char *random, size_t rlen,
00136 unsigned char *dstbuf, size_t dlen )
00137 {
00138 size_t i;
00139 md5_context md5;
00140 sha1_context sha1;
00141 unsigned char padding[16];
00142 unsigned char sha1sum[20];
00143 ((void)label);
00144
00145
00146
00147
00148
00149
00150
00151
00152
00153 for( i = 0; i < dlen / 16; i++ )
00154 {
00155 memset( padding, (unsigned char) ('A' + i), 1 + i );
00156
00157 sha1_starts( &sha1 );
00158 sha1_update( &sha1, padding, 1 + i );
00159 sha1_update( &sha1, secret, slen );
00160 sha1_update( &sha1, random, rlen );
00161 sha1_finish( &sha1, sha1sum );
00162
00163 md5_starts( &md5 );
00164 md5_update( &md5, secret, slen );
00165 md5_update( &md5, sha1sum, 20 );
00166 md5_finish( &md5, dstbuf + i * 16 );
00167 }
00168
00169 memset( &md5, 0, sizeof( md5 ) );
00170 memset( &sha1, 0, sizeof( sha1 ) );
00171
00172 memset( padding, 0, sizeof( padding ) );
00173 memset( sha1sum, 0, sizeof( sha1sum ) );
00174
00175 return( 0 );
00176 }
00177 #endif
00178
00179 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
00180 static int tls1_prf( const unsigned char *secret, size_t slen,
00181 const char *label,
00182 const unsigned char *random, size_t rlen,
00183 unsigned char *dstbuf, size_t dlen )
00184 {
00185 size_t nb, hs;
00186 size_t i, j, k;
00187 const unsigned char *S1, *S2;
00188 unsigned char tmp[128];
00189 unsigned char h_i[20];
00190
00191 if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
00192 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00193
00194 hs = ( slen + 1 ) / 2;
00195 S1 = secret;
00196 S2 = secret + slen - hs;
00197
00198 nb = strlen( label );
00199 memcpy( tmp + 20, label, nb );
00200 memcpy( tmp + 20 + nb, random, rlen );
00201 nb += rlen;
00202
00203
00204
00205
00206 md5_hmac( S1, hs, tmp + 20, nb, 4 + tmp );
00207
00208 for( i = 0; i < dlen; i += 16 )
00209 {
00210 md5_hmac( S1, hs, 4 + tmp, 16 + nb, h_i );
00211 md5_hmac( S1, hs, 4 + tmp, 16, 4 + tmp );
00212
00213 k = ( i + 16 > dlen ) ? dlen % 16 : 16;
00214
00215 for( j = 0; j < k; j++ )
00216 dstbuf[i + j] = h_i[j];
00217 }
00218
00219
00220
00221
00222 sha1_hmac( S2, hs, tmp + 20, nb, tmp );
00223
00224 for( i = 0; i < dlen; i += 20 )
00225 {
00226 sha1_hmac( S2, hs, tmp, 20 + nb, h_i );
00227 sha1_hmac( S2, hs, tmp, 20, tmp );
00228
00229 k = ( i + 20 > dlen ) ? dlen % 20 : 20;
00230
00231 for( j = 0; j < k; j++ )
00232 dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
00233 }
00234
00235 memset( tmp, 0, sizeof( tmp ) );
00236 memset( h_i, 0, sizeof( h_i ) );
00237
00238 return( 0 );
00239 }
00240 #endif
00241
00242 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
00243 #if defined(POLARSSL_SHA256_C)
00244 static int tls_prf_sha256( const unsigned char *secret, size_t slen,
00245 const char *label,
00246 const unsigned char *random, size_t rlen,
00247 unsigned char *dstbuf, size_t dlen )
00248 {
00249 size_t nb;
00250 size_t i, j, k;
00251 unsigned char tmp[128];
00252 unsigned char h_i[32];
00253
00254 if( sizeof( tmp ) < 32 + strlen( label ) + rlen )
00255 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00256
00257 nb = strlen( label );
00258 memcpy( tmp + 32, label, nb );
00259 memcpy( tmp + 32 + nb, random, rlen );
00260 nb += rlen;
00261
00262
00263
00264
00265 sha256_hmac( secret, slen, tmp + 32, nb, tmp, 0 );
00266
00267 for( i = 0; i < dlen; i += 32 )
00268 {
00269 sha256_hmac( secret, slen, tmp, 32 + nb, h_i, 0 );
00270 sha256_hmac( secret, slen, tmp, 32, tmp, 0 );
00271
00272 k = ( i + 32 > dlen ) ? dlen % 32 : 32;
00273
00274 for( j = 0; j < k; j++ )
00275 dstbuf[i + j] = h_i[j];
00276 }
00277
00278 memset( tmp, 0, sizeof( tmp ) );
00279 memset( h_i, 0, sizeof( h_i ) );
00280
00281 return( 0 );
00282 }
00283 #endif
00284
00285 #if defined(POLARSSL_SHA512_C)
00286 static int tls_prf_sha384( const unsigned char *secret, size_t slen,
00287 const char *label,
00288 const unsigned char *random, size_t rlen,
00289 unsigned char *dstbuf, size_t dlen )
00290 {
00291 size_t nb;
00292 size_t i, j, k;
00293 unsigned char tmp[128];
00294 unsigned char h_i[48];
00295
00296 if( sizeof( tmp ) < 48 + strlen( label ) + rlen )
00297 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00298
00299 nb = strlen( label );
00300 memcpy( tmp + 48, label, nb );
00301 memcpy( tmp + 48 + nb, random, rlen );
00302 nb += rlen;
00303
00304
00305
00306
00307 sha512_hmac( secret, slen, tmp + 48, nb, tmp, 1 );
00308
00309 for( i = 0; i < dlen; i += 48 )
00310 {
00311 sha512_hmac( secret, slen, tmp, 48 + nb, h_i, 1 );
00312 sha512_hmac( secret, slen, tmp, 48, tmp, 1 );
00313
00314 k = ( i + 48 > dlen ) ? dlen % 48 : 48;
00315
00316 for( j = 0; j < k; j++ )
00317 dstbuf[i + j] = h_i[j];
00318 }
00319
00320 memset( tmp, 0, sizeof( tmp ) );
00321 memset( h_i, 0, sizeof( h_i ) );
00322
00323 return( 0 );
00324 }
00325 #endif
00326 #endif
00327
00328 static void ssl_update_checksum_start(ssl_context *, const unsigned char *, size_t);
00329
00330 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
00331 defined(POLARSSL_SSL_PROTO_TLS1_1)
00332 static void ssl_update_checksum_md5sha1(ssl_context *, const unsigned char *, size_t);
00333 #endif
00334
00335 #if defined(POLARSSL_SSL_PROTO_SSL3)
00336 static void ssl_calc_verify_ssl(ssl_context *,unsigned char *);
00337 static void ssl_calc_finished_ssl(ssl_context *,unsigned char *,int);
00338 #endif
00339
00340 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
00341 static void ssl_calc_verify_tls(ssl_context *,unsigned char *);
00342 static void ssl_calc_finished_tls(ssl_context *,unsigned char *,int);
00343 #endif
00344
00345 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
00346 #if defined(POLARSSL_SHA256_C)
00347 static void ssl_update_checksum_sha256(ssl_context *, const unsigned char *, size_t);
00348 static void ssl_calc_verify_tls_sha256(ssl_context *,unsigned char *);
00349 static void ssl_calc_finished_tls_sha256(ssl_context *,unsigned char *,int);
00350 #endif
00351
00352 #if defined(POLARSSL_SHA512_C)
00353 static void ssl_update_checksum_sha384(ssl_context *, const unsigned char *, size_t);
00354 static void ssl_calc_verify_tls_sha384(ssl_context *,unsigned char *);
00355 static void ssl_calc_finished_tls_sha384(ssl_context *,unsigned char *,int);
00356 #endif
00357 #endif
00358
00359 int ssl_derive_keys( ssl_context *ssl )
00360 {
00361 int ret = 0;
00362 unsigned char tmp[64];
00363 unsigned char keyblk[256];
00364 unsigned char *key1;
00365 unsigned char *key2;
00366 unsigned char *mac_enc;
00367 unsigned char *mac_dec;
00368 size_t iv_copy_len;
00369 const cipher_info_t *cipher_info;
00370 const md_info_t *md_info;
00371
00372 ssl_session *session = ssl->session_negotiate;
00373 ssl_transform *transform = ssl->transform_negotiate;
00374 ssl_handshake_params *handshake = ssl->handshake;
00375
00376 SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
00377
00378 cipher_info = cipher_info_from_type( transform->ciphersuite_info->cipher );
00379 if( cipher_info == NULL )
00380 {
00381 SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
00382 transform->ciphersuite_info->cipher ) );
00383 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00384 }
00385
00386 md_info = md_info_from_type( transform->ciphersuite_info->mac );
00387 if( md_info == NULL )
00388 {
00389 SSL_DEBUG_MSG( 1, ( "md info for %d not found",
00390 transform->ciphersuite_info->mac ) );
00391 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00392 }
00393
00394
00395
00396
00397 #if defined(POLARSSL_SSL_PROTO_SSL3)
00398 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
00399 {
00400 handshake->tls_prf = ssl3_prf;
00401 handshake->calc_verify = ssl_calc_verify_ssl;
00402 handshake->calc_finished = ssl_calc_finished_ssl;
00403 }
00404 else
00405 #endif
00406 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
00407 if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
00408 {
00409 handshake->tls_prf = tls1_prf;
00410 handshake->calc_verify = ssl_calc_verify_tls;
00411 handshake->calc_finished = ssl_calc_finished_tls;
00412 }
00413 else
00414 #endif
00415 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
00416 #if defined(POLARSSL_SHA512_C)
00417 if( ssl->minor_ver == SSL_MINOR_VERSION_3 &&
00418 transform->ciphersuite_info->mac == POLARSSL_MD_SHA384 )
00419 {
00420 handshake->tls_prf = tls_prf_sha384;
00421 handshake->calc_verify = ssl_calc_verify_tls_sha384;
00422 handshake->calc_finished = ssl_calc_finished_tls_sha384;
00423 }
00424 else
00425 #endif
00426 #if defined(POLARSSL_SHA256_C)
00427 if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
00428 {
00429 handshake->tls_prf = tls_prf_sha256;
00430 handshake->calc_verify = ssl_calc_verify_tls_sha256;
00431 handshake->calc_finished = ssl_calc_finished_tls_sha256;
00432 }
00433 else
00434 #endif
00435 #endif
00436 {
00437 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
00438 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
00439 }
00440
00441
00442
00443
00444
00445
00446
00447
00448
00449
00450
00451 if( handshake->resume == 0 )
00452 {
00453 SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
00454 handshake->pmslen );
00455
00456 handshake->tls_prf( handshake->premaster, handshake->pmslen,
00457 "master secret",
00458 handshake->randbytes, 64, session->master, 48 );
00459
00460 memset( handshake->premaster, 0, sizeof( handshake->premaster ) );
00461 }
00462 else
00463 SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
00464
00465
00466
00467
00468 memcpy( tmp, handshake->randbytes, 64 );
00469 memcpy( handshake->randbytes, tmp + 32, 32 );
00470 memcpy( handshake->randbytes + 32, tmp, 32 );
00471 memset( tmp, 0, sizeof( tmp ) );
00472
00473
00474
00475
00476
00477
00478
00479
00480
00481
00482
00483
00484
00485 handshake->tls_prf( session->master, 48, "key expansion",
00486 handshake->randbytes, 64, keyblk, 256 );
00487
00488 SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
00489 ssl_get_ciphersuite_name( session->ciphersuite ) ) );
00490 SSL_DEBUG_BUF( 3, "master secret", session->master, 48 );
00491 SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
00492 SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
00493
00494 memset( handshake->randbytes, 0, sizeof( handshake->randbytes ) );
00495
00496
00497
00498
00499
00500 if( cipher_info->mode == POLARSSL_MODE_GCM )
00501 {
00502 transform->keylen = cipher_info->key_length;
00503 transform->keylen /= 8;
00504 transform->minlen = 1;
00505 transform->ivlen = 12;
00506 transform->fixed_ivlen = 4;
00507 transform->maclen = 0;
00508 }
00509 else
00510 {
00511 if( md_info->type != POLARSSL_MD_NONE )
00512 {
00513 int ret;
00514
00515 if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 )
00516 {
00517 SSL_DEBUG_RET( 1, "md_init_ctx", ret );
00518 return( ret );
00519 }
00520
00521 if( ( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 )
00522 {
00523 SSL_DEBUG_RET( 1, "md_init_ctx", ret );
00524 return( ret );
00525 }
00526
00527 transform->maclen = md_get_size( md_info );
00528
00529 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
00530
00531
00532
00533
00534
00535 if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
00536 transform->maclen = SSL_TRUNCATED_HMAC_LEN;
00537 #endif
00538 }
00539
00540 transform->keylen = cipher_info->key_length;
00541 transform->keylen /= 8;
00542 transform->ivlen = cipher_info->iv_size;
00543
00544 transform->minlen = transform->keylen;
00545 if( transform->minlen < transform->maclen )
00546 {
00547 if( cipher_info->mode == POLARSSL_MODE_STREAM )
00548 transform->minlen = transform->maclen;
00549 else
00550 transform->minlen += transform->keylen;
00551 }
00552 }
00553
00554 SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
00555 transform->keylen, transform->minlen, transform->ivlen,
00556 transform->maclen ) );
00557
00558
00559
00560
00561 if( ssl->endpoint == SSL_IS_CLIENT )
00562 {
00563 key1 = keyblk + transform->maclen * 2;
00564 key2 = keyblk + transform->maclen * 2 + transform->keylen;
00565
00566 mac_enc = keyblk;
00567 mac_dec = keyblk + transform->maclen;
00568
00569
00570
00571
00572 iv_copy_len = ( transform->fixed_ivlen ) ?
00573 transform->fixed_ivlen : transform->ivlen;
00574 memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len );
00575 memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
00576 iv_copy_len );
00577 }
00578 else
00579 {
00580 key1 = keyblk + transform->maclen * 2 + transform->keylen;
00581 key2 = keyblk + transform->maclen * 2;
00582
00583 mac_enc = keyblk + transform->maclen;
00584 mac_dec = keyblk;
00585
00586
00587
00588
00589 iv_copy_len = ( transform->fixed_ivlen ) ?
00590 transform->fixed_ivlen : transform->ivlen;
00591 memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len );
00592 memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
00593 iv_copy_len );
00594 }
00595
00596 #if defined(POLARSSL_SSL_PROTO_SSL3)
00597 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
00598 {
00599 memcpy( transform->mac_enc, mac_enc, transform->maclen );
00600 memcpy( transform->mac_dec, mac_dec, transform->maclen );
00601 }
00602 else
00603 #endif
00604 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
00605 defined(POLARSSL_SSL_PROTO_TLS1_2)
00606 if( ssl->minor_ver >= SSL_MINOR_VERSION_1 )
00607 {
00608 md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen );
00609 md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen );
00610 }
00611 else
00612 #endif
00613 {
00614 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
00615 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
00616 }
00617
00618 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
00619 if( ssl_hw_record_init != NULL)
00620 {
00621 int ret = 0;
00622
00623 SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_init()" ) );
00624
00625 if( ( ret = ssl_hw_record_init( ssl, key1, key2, transform->keylen,
00626 transform->iv_enc, transform->iv_dec,
00627 iv_copy_len,
00628 mac_enc, mac_dec,
00629 transform->maclen ) ) != 0 )
00630 {
00631 SSL_DEBUG_RET( 1, "ssl_hw_record_init", ret );
00632 return POLARSSL_ERR_SSL_HW_ACCEL_FAILED;
00633 }
00634 }
00635 #endif
00636
00637 if( ( ret = cipher_init_ctx( &transform->cipher_ctx_enc,
00638 cipher_info ) ) != 0 )
00639 {
00640 SSL_DEBUG_RET( 1, "cipher_init_ctx", ret );
00641 return( ret );
00642 }
00643
00644 if( ( ret = cipher_init_ctx( &transform->cipher_ctx_dec,
00645 cipher_info ) ) != 0 )
00646 {
00647 SSL_DEBUG_RET( 1, "cipher_init_ctx", ret );
00648 return( ret );
00649 }
00650
00651 if( ( ret = cipher_setkey( &transform->cipher_ctx_enc, key1,
00652 cipher_info->key_length,
00653 POLARSSL_ENCRYPT ) ) != 0 )
00654 {
00655 SSL_DEBUG_RET( 1, "cipher_setkey", ret );
00656 return( ret );
00657 }
00658
00659 if( ( ret = cipher_setkey( &transform->cipher_ctx_dec, key2,
00660 cipher_info->key_length,
00661 POLARSSL_DECRYPT ) ) != 0 )
00662 {
00663 SSL_DEBUG_RET( 1, "cipher_setkey", ret );
00664 return( ret );
00665 }
00666
00667 #if defined(POLARSSL_CIPHER_MODE_CBC)
00668 if( cipher_info->mode == POLARSSL_MODE_CBC )
00669 {
00670 if( ( ret = cipher_set_padding_mode( &transform->cipher_ctx_enc,
00671 POLARSSL_PADDING_NONE ) ) != 0 )
00672 {
00673 SSL_DEBUG_RET( 1, "cipher_set_padding_mode", ret );
00674 return( ret );
00675 }
00676
00677 if( ( ret = cipher_set_padding_mode( &transform->cipher_ctx_dec,
00678 POLARSSL_PADDING_NONE ) ) != 0 )
00679 {
00680 SSL_DEBUG_RET( 1, "cipher_set_padding_mode", ret );
00681 return( ret );
00682 }
00683 }
00684 #endif
00685
00686 memset( keyblk, 0, sizeof( keyblk ) );
00687
00688 #if defined(POLARSSL_ZLIB_SUPPORT)
00689
00690
00691 if( session->compression == SSL_COMPRESS_DEFLATE )
00692 {
00693 if( ssl->compress_buf == NULL )
00694 {
00695 SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) );
00696 ssl->compress_buf = polarssl_malloc( SSL_BUFFER_LEN );
00697 if( ssl->compress_buf == NULL )
00698 {
00699 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
00700 SSL_BUFFER_LEN ) );
00701 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
00702 }
00703 }
00704
00705 SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) );
00706
00707 memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) );
00708 memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) );
00709
00710 if( deflateInit( &transform->ctx_deflate, Z_DEFAULT_COMPRESSION ) != Z_OK ||
00711 inflateInit( &transform->ctx_inflate ) != Z_OK )
00712 {
00713 SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) );
00714 return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
00715 }
00716 }
00717 #endif
00718
00719 SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
00720
00721 return( 0 );
00722 }
00723
00724 #if defined(POLARSSL_SSL_PROTO_SSL3)
00725 void ssl_calc_verify_ssl( ssl_context *ssl, unsigned char hash[36] )
00726 {
00727 md5_context md5;
00728 sha1_context sha1;
00729 unsigned char pad_1[48];
00730 unsigned char pad_2[48];
00731
00732 SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) );
00733
00734 memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
00735 memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
00736
00737 memset( pad_1, 0x36, 48 );
00738 memset( pad_2, 0x5C, 48 );
00739
00740 md5_update( &md5, ssl->session_negotiate->master, 48 );
00741 md5_update( &md5, pad_1, 48 );
00742 md5_finish( &md5, hash );
00743
00744 md5_starts( &md5 );
00745 md5_update( &md5, ssl->session_negotiate->master, 48 );
00746 md5_update( &md5, pad_2, 48 );
00747 md5_update( &md5, hash, 16 );
00748 md5_finish( &md5, hash );
00749
00750 sha1_update( &sha1, ssl->session_negotiate->master, 48 );
00751 sha1_update( &sha1, pad_1, 40 );
00752 sha1_finish( &sha1, hash + 16 );
00753
00754 sha1_starts( &sha1 );
00755 sha1_update( &sha1, ssl->session_negotiate->master, 48 );
00756 sha1_update( &sha1, pad_2, 40 );
00757 sha1_update( &sha1, hash + 16, 20 );
00758 sha1_finish( &sha1, hash + 16 );
00759
00760 SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
00761 SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
00762
00763 return;
00764 }
00765 #endif
00766
00767 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
00768 void ssl_calc_verify_tls( ssl_context *ssl, unsigned char hash[36] )
00769 {
00770 md5_context md5;
00771 sha1_context sha1;
00772
00773 SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) );
00774
00775 memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
00776 memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
00777
00778 md5_finish( &md5, hash );
00779 sha1_finish( &sha1, hash + 16 );
00780
00781 SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
00782 SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
00783
00784 return;
00785 }
00786 #endif
00787
00788 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
00789 #if defined(POLARSSL_SHA256_C)
00790 void ssl_calc_verify_tls_sha256( ssl_context *ssl, unsigned char hash[32] )
00791 {
00792 sha256_context sha256;
00793
00794 SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
00795
00796 memcpy( &sha256, &ssl->handshake->fin_sha256, sizeof(sha256_context) );
00797 sha256_finish( &sha256, hash );
00798
00799 SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 );
00800 SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
00801
00802 return;
00803 }
00804 #endif
00805
00806 #if defined(POLARSSL_SHA512_C)
00807 void ssl_calc_verify_tls_sha384( ssl_context *ssl, unsigned char hash[48] )
00808 {
00809 sha512_context sha512;
00810
00811 SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
00812
00813 memcpy( &sha512, &ssl->handshake->fin_sha512, sizeof(sha512_context) );
00814 sha512_finish( &sha512, hash );
00815
00816 SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 );
00817 SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
00818
00819 return;
00820 }
00821 #endif
00822 #endif
00823
00824 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
00825 int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex )
00826 {
00827 unsigned char *p = ssl->handshake->premaster;
00828 unsigned char *end = p + sizeof( ssl->handshake->premaster );
00829
00830
00831
00832
00833
00834
00835
00836
00837 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
00838 if( key_ex == POLARSSL_KEY_EXCHANGE_PSK )
00839 {
00840 if( end - p < 2 + (int) ssl->psk_len )
00841 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00842
00843 *(p++) = (unsigned char)( ssl->psk_len >> 8 );
00844 *(p++) = (unsigned char)( ssl->psk_len );
00845 p += ssl->psk_len;
00846 }
00847 else
00848 #endif
00849 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
00850 if( key_ex == POLARSSL_KEY_EXCHANGE_RSA_PSK )
00851 {
00852
00853
00854
00855
00856 *p++ = 0;
00857 *p++ = 48;
00858 p += 48;
00859 }
00860 else
00861 #endif
00862 #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
00863 if( key_ex == POLARSSL_KEY_EXCHANGE_DHE_PSK )
00864 {
00865 int ret;
00866 size_t len = ssl->handshake->dhm_ctx.len;
00867
00868 if( end - p < 2 + (int) len )
00869 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00870
00871 *(p++) = (unsigned char)( len >> 8 );
00872 *(p++) = (unsigned char)( len );
00873 if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
00874 p, &len, ssl->f_rng, ssl->p_rng ) ) != 0 )
00875 {
00876 SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
00877 return( ret );
00878 }
00879 p += len;
00880
00881 SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
00882 }
00883 else
00884 #endif
00885 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
00886 if( key_ex == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
00887 {
00888 int ret;
00889 size_t zlen;
00890
00891 if( ( ret = ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
00892 p + 2, end - (p + 2),
00893 ssl->f_rng, ssl->p_rng ) ) != 0 )
00894 {
00895 SSL_DEBUG_RET( 1, "ecdh_calc_secret", ret );
00896 return( ret );
00897 }
00898
00899 *(p++) = (unsigned char)( zlen >> 8 );
00900 *(p++) = (unsigned char)( zlen );
00901 p += zlen;
00902
00903 SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
00904 }
00905 else
00906 #endif
00907 {
00908 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
00909 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
00910 }
00911
00912
00913 *(p++) = (unsigned char)( ssl->psk_len >> 8 );
00914 *(p++) = (unsigned char)( ssl->psk_len );
00915 memcpy( p, ssl->psk, ssl->psk_len );
00916 p += ssl->psk_len;
00917
00918 ssl->handshake->pmslen = p - ssl->handshake->premaster;
00919
00920 return( 0 );
00921 }
00922 #endif
00923
00924 #if defined(POLARSSL_SSL_PROTO_SSL3)
00925
00926
00927
00928 static void ssl_mac( md_context_t *md_ctx, unsigned char *secret,
00929 unsigned char *buf, size_t len,
00930 unsigned char *ctr, int type )
00931 {
00932 unsigned char header[11];
00933 unsigned char padding[48];
00934 int padlen = 0;
00935 int md_size = md_get_size( md_ctx->md_info );
00936 int md_type = md_get_type( md_ctx->md_info );
00937
00938 if( md_type == POLARSSL_MD_MD5 )
00939 padlen = 48;
00940 else if( md_type == POLARSSL_MD_SHA1 )
00941 padlen = 40;
00942 else if( md_type == POLARSSL_MD_SHA256 )
00943 padlen = 32;
00944
00945 memcpy( header, ctr, 8 );
00946 header[ 8] = (unsigned char) type;
00947 header[ 9] = (unsigned char)( len >> 8 );
00948 header[10] = (unsigned char)( len );
00949
00950 memset( padding, 0x36, padlen );
00951 md_starts( md_ctx );
00952 md_update( md_ctx, secret, md_size );
00953 md_update( md_ctx, padding, padlen );
00954 md_update( md_ctx, header, 11 );
00955 md_update( md_ctx, buf, len );
00956 md_finish( md_ctx, buf + len );
00957
00958 memset( padding, 0x5C, padlen );
00959 md_starts( md_ctx );
00960 md_update( md_ctx, secret, md_size );
00961 md_update( md_ctx, padding, padlen );
00962 md_update( md_ctx, buf + len, md_size );
00963 md_finish( md_ctx, buf + len );
00964 }
00965 #endif
00966
00967
00968
00969
00970 static int ssl_encrypt_buf( ssl_context *ssl )
00971 {
00972 size_t i;
00973
00974 SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
00975
00976
00977
00978
00979 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
00980 ( defined(POLARSSL_CIPHER_MODE_CBC) && \
00981 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
00982 if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode !=
00983 POLARSSL_MODE_GCM )
00984 {
00985 #if defined(POLARSSL_SSL_PROTO_SSL3)
00986 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
00987 {
00988 ssl_mac( &ssl->transform_out->md_ctx_enc,
00989 ssl->transform_out->mac_enc,
00990 ssl->out_msg, ssl->out_msglen,
00991 ssl->out_ctr, ssl->out_msgtype );
00992 }
00993 else
00994 #endif
00995 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
00996 defined(POLARSSL_SSL_PROTO_TLS1_2)
00997 if( ssl->minor_ver >= SSL_MINOR_VERSION_1 )
00998 {
00999 md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 13 );
01000 md_hmac_update( &ssl->transform_out->md_ctx_enc,
01001 ssl->out_msg, ssl->out_msglen );
01002 md_hmac_finish( &ssl->transform_out->md_ctx_enc,
01003 ssl->out_msg + ssl->out_msglen );
01004 md_hmac_reset( &ssl->transform_out->md_ctx_enc );
01005 }
01006 else
01007 #endif
01008 {
01009 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01010 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
01011 }
01012
01013 SSL_DEBUG_BUF( 4, "computed mac",
01014 ssl->out_msg + ssl->out_msglen,
01015 ssl->transform_out->maclen );
01016
01017 ssl->out_msglen += ssl->transform_out->maclen;
01018 }
01019 #endif
01020
01021
01022
01023
01024 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
01025 if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
01026 POLARSSL_MODE_STREAM )
01027 {
01028 int ret;
01029 size_t olen = 0;
01030
01031 SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
01032 "including %d bytes of padding",
01033 ssl->out_msglen, 0 ) );
01034
01035 SSL_DEBUG_BUF( 4, "before encrypt: output payload",
01036 ssl->out_msg, ssl->out_msglen );
01037
01038 if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
01039 {
01040 SSL_DEBUG_RET( 1, "cipher_reset", ret );
01041 return( ret );
01042 }
01043
01044 if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
01045 ssl->transform_out->iv_enc,
01046 ssl->transform_out->ivlen ) ) != 0 )
01047 {
01048 SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
01049 return( ret );
01050 }
01051
01052 if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
01053 ssl->out_msg, ssl->out_msglen, ssl->out_msg,
01054 &olen ) ) != 0 )
01055 {
01056 SSL_DEBUG_RET( 1, "cipher_update", ret );
01057 return( ret );
01058 }
01059
01060 if( ssl->out_msglen != olen )
01061 {
01062 SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
01063 ssl->out_msglen, olen ) );
01064 return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
01065 }
01066
01067 if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
01068 ssl->out_msg + olen, &olen ) ) != 0 )
01069 {
01070 SSL_DEBUG_RET( 1, "cipher_finish", ret );
01071 return( ret );
01072 }
01073
01074 if( 0 != olen )
01075 {
01076 SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
01077 0, olen ) );
01078 return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
01079 }
01080 }
01081 else
01082 #endif
01083 #if defined(POLARSSL_GCM_C)
01084 if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
01085 POLARSSL_MODE_GCM )
01086 {
01087 size_t enc_msglen, olen, totlen;
01088 unsigned char *enc_msg;
01089 unsigned char add_data[13];
01090 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
01091
01092 enc_msglen = ssl->out_msglen;
01093
01094 memcpy( add_data, ssl->out_ctr, 8 );
01095 add_data[8] = ssl->out_msgtype;
01096 add_data[9] = ssl->major_ver;
01097 add_data[10] = ssl->minor_ver;
01098 add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF;
01099 add_data[12] = ssl->out_msglen & 0xFF;
01100
01101 SSL_DEBUG_BUF( 4, "additional data used for AEAD",
01102 add_data, 13 );
01103
01104
01105
01106
01107 ret = ssl->f_rng( ssl->p_rng,
01108 ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
01109 ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
01110 if( ret != 0 )
01111 return( ret );
01112
01113 memcpy( ssl->out_iv,
01114 ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
01115 ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
01116
01117 SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
01118 ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
01119
01120
01121
01122
01123 enc_msg = ssl->out_msg;
01124 enc_msglen = ssl->out_msglen;
01125 ssl->out_msglen += ssl->transform_out->ivlen -
01126 ssl->transform_out->fixed_ivlen;
01127
01128 SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
01129 "including %d bytes of padding",
01130 ssl->out_msglen, 0 ) );
01131
01132 SSL_DEBUG_BUF( 4, "before encrypt: output payload",
01133 ssl->out_msg, ssl->out_msglen );
01134
01135
01136
01137
01138 if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
01139 ssl->transform_out->iv_enc,
01140 ssl->transform_out->ivlen ) ) != 0 ||
01141 ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
01142 {
01143 return( ret );
01144 }
01145
01146 if( ( ret = cipher_update_ad( &ssl->transform_out->cipher_ctx_enc,
01147 add_data, 13 ) ) != 0 )
01148 {
01149 return( ret );
01150 }
01151
01152 if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
01153 enc_msg, enc_msglen,
01154 enc_msg, &olen ) ) != 0 )
01155 {
01156 return( ret );
01157 }
01158 totlen = olen;
01159
01160 if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
01161 enc_msg + olen, &olen ) ) != 0 )
01162 {
01163 return( ret );
01164 }
01165 totlen += olen;
01166
01167 if( totlen != enc_msglen )
01168 {
01169 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01170 return( -1 );
01171 }
01172
01173
01174
01175
01176 ssl->out_msglen += 16;
01177
01178 if( ( ret = cipher_write_tag( &ssl->transform_out->cipher_ctx_enc,
01179 enc_msg + enc_msglen, 16 ) ) != 0 )
01180 {
01181 return( ret );
01182 }
01183
01184 SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, 16 );
01185 }
01186 else
01187 #endif
01188 #if defined(POLARSSL_CIPHER_MODE_CBC) && \
01189 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
01190 if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
01191 POLARSSL_MODE_CBC )
01192 {
01193 int ret;
01194 unsigned char *enc_msg;
01195 size_t enc_msglen, padlen, olen = 0;
01196
01197 padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) %
01198 ssl->transform_out->ivlen;
01199 if( padlen == ssl->transform_out->ivlen )
01200 padlen = 0;
01201
01202 for( i = 0; i <= padlen; i++ )
01203 ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen;
01204
01205 ssl->out_msglen += padlen + 1;
01206
01207 enc_msglen = ssl->out_msglen;
01208 enc_msg = ssl->out_msg;
01209
01210 #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
01211
01212
01213
01214
01215 if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
01216 {
01217
01218
01219
01220 int ret = ssl->f_rng( ssl->p_rng, ssl->transform_out->iv_enc,
01221 ssl->transform_out->ivlen );
01222 if( ret != 0 )
01223 return( ret );
01224
01225 memcpy( ssl->out_iv, ssl->transform_out->iv_enc,
01226 ssl->transform_out->ivlen );
01227
01228
01229
01230
01231 enc_msg = ssl->out_msg;
01232 enc_msglen = ssl->out_msglen;
01233 ssl->out_msglen += ssl->transform_out->ivlen;
01234 }
01235 #endif
01236
01237 SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
01238 "including %d bytes of IV and %d bytes of padding",
01239 ssl->out_msglen, ssl->transform_out->ivlen, padlen + 1 ) );
01240
01241 SSL_DEBUG_BUF( 4, "before encrypt: output payload",
01242 ssl->out_iv, ssl->out_msglen );
01243
01244 if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
01245 {
01246 SSL_DEBUG_RET( 1, "cipher_reset", ret );
01247 return( ret );
01248 }
01249
01250 if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
01251 ssl->transform_out->iv_enc,
01252 ssl->transform_out->ivlen ) ) != 0 )
01253 {
01254 SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
01255 return( ret );
01256 }
01257
01258 if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
01259 enc_msg, enc_msglen, enc_msg,
01260 &olen ) ) != 0 )
01261 {
01262 SSL_DEBUG_RET( 1, "cipher_update", ret );
01263 return( ret );
01264 }
01265
01266 enc_msglen -= olen;
01267
01268 if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
01269 enc_msg + olen, &olen ) ) != 0 )
01270 {
01271 SSL_DEBUG_RET( 1, "cipher_finish", ret );
01272 return( ret );
01273 }
01274
01275 if( enc_msglen != olen )
01276 {
01277 SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
01278 enc_msglen, olen ) );
01279 return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
01280 }
01281
01282 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
01283 if( ssl->minor_ver < SSL_MINOR_VERSION_2 )
01284 {
01285
01286
01287
01288 memcpy( ssl->transform_out->iv_enc,
01289 ssl->transform_out->cipher_ctx_enc.iv,
01290 ssl->transform_out->ivlen );
01291 }
01292 #endif
01293 }
01294 else
01295 #endif
01296
01297 {
01298 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01299 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
01300 }
01301
01302 for( i = 8; i > 0; i-- )
01303 if( ++ssl->out_ctr[i - 1] != 0 )
01304 break;
01305
01306 SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
01307
01308 return( 0 );
01309 }
01310
01311 #define POLARSSL_SSL_MAX_MAC_SIZE 48
01312
01313 static int ssl_decrypt_buf( ssl_context *ssl )
01314 {
01315 size_t i, padlen = 0, correct = 1;
01316 unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE];
01317
01318 SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
01319
01320 if( ssl->in_msglen < ssl->transform_in->minlen )
01321 {
01322 SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
01323 ssl->in_msglen, ssl->transform_in->minlen ) );
01324 return( POLARSSL_ERR_SSL_INVALID_MAC );
01325 }
01326
01327 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
01328 if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
01329 POLARSSL_MODE_STREAM )
01330 {
01331 int ret;
01332 size_t olen = 0;
01333
01334 padlen = 0;
01335
01336 if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
01337 {
01338 SSL_DEBUG_RET( 1, "cipher_reset", ret );
01339 return( ret );
01340 }
01341
01342 if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
01343 ssl->transform_in->iv_dec,
01344 ssl->transform_in->ivlen ) ) != 0 )
01345 {
01346 SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
01347 return( ret );
01348 }
01349
01350 if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
01351 ssl->in_msg, ssl->in_msglen, ssl->in_msg,
01352 &olen ) ) != 0 )
01353 {
01354 SSL_DEBUG_RET( 1, "cipher_update", ret );
01355 return( ret );
01356 }
01357
01358 if( ssl->in_msglen != olen )
01359 {
01360 SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
01361 return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
01362 }
01363
01364 if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
01365 ssl->in_msg + olen, &olen ) ) != 0 )
01366 {
01367 SSL_DEBUG_RET( 1, "cipher_finish", ret );
01368 return( ret );
01369 }
01370
01371 if( 0 != olen )
01372 {
01373 SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
01374 return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
01375 }
01376 }
01377 else
01378 #endif
01379 #if defined(POLARSSL_GCM_C)
01380 if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
01381 POLARSSL_MODE_GCM )
01382 {
01383 unsigned char *dec_msg;
01384 unsigned char *dec_msg_result;
01385 size_t dec_msglen, olen, totlen;
01386 unsigned char add_data[13];
01387 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
01388 size_t gcm_overhead = ssl->transform_in->ivlen +
01389 ssl->transform_in->fixed_ivlen +
01390 16;
01391
01392 if( ssl->in_msglen < gcm_overhead )
01393 return( POLARSSL_ERR_SSL_INVALID_MAC );
01394
01395 dec_msglen = ssl->in_msglen - gcm_overhead;
01396
01397 padlen = 0;
01398
01399 dec_msg = ssl->in_msg;
01400 dec_msg_result = ssl->in_msg;
01401 ssl->in_msglen = dec_msglen;
01402
01403 memcpy( add_data, ssl->in_ctr, 8 );
01404 add_data[8] = ssl->in_msgtype;
01405 add_data[9] = ssl->major_ver;
01406 add_data[10] = ssl->minor_ver;
01407 add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF;
01408 add_data[12] = ssl->in_msglen & 0xFF;
01409
01410 SSL_DEBUG_BUF( 4, "additional data used for AEAD",
01411 add_data, 13 );
01412
01413 memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
01414 ssl->in_iv,
01415 ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen );
01416
01417 SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec,
01418 ssl->transform_in->ivlen );
01419 SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 );
01420
01421
01422
01423
01424 if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
01425 ssl->transform_in->iv_dec,
01426 ssl->transform_in->ivlen ) ) != 0 ||
01427 ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
01428 {
01429 return( ret );
01430 }
01431
01432 if( ( ret = cipher_update_ad( &ssl->transform_in->cipher_ctx_dec,
01433 add_data, 13 ) ) != 0 )
01434 {
01435 return( ret );
01436 }
01437
01438 if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
01439 dec_msg, dec_msglen,
01440 dec_msg_result, &olen ) ) != 0 )
01441 {
01442 return( ret );
01443 }
01444 totlen = olen;
01445
01446 if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
01447 dec_msg_result + olen, &olen ) ) != 0 )
01448 {
01449 return( ret );
01450 }
01451 totlen += olen;
01452
01453 if( totlen != dec_msglen )
01454 {
01455 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01456 return( -1 );
01457 }
01458
01459
01460
01461
01462 if( ( ret = cipher_check_tag( &ssl->transform_in->cipher_ctx_dec,
01463 dec_msg + dec_msglen, 16 ) ) != 0 )
01464 {
01465 SSL_DEBUG_RET( 1, "cipher_check_tag", ret );
01466 return( POLARSSL_ERR_SSL_INVALID_MAC );
01467 }
01468
01469 }
01470 else
01471 #endif
01472 #if defined(POLARSSL_CIPHER_MODE_CBC) && \
01473 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
01474 if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
01475 POLARSSL_MODE_CBC )
01476 {
01477
01478
01479
01480 int ret;
01481 unsigned char *dec_msg;
01482 unsigned char *dec_msg_result;
01483 size_t dec_msglen;
01484 size_t minlen = 0;
01485 size_t olen = 0;
01486
01487
01488
01489
01490 if( ssl->in_msglen % ssl->transform_in->ivlen != 0 )
01491 {
01492 SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
01493 ssl->in_msglen, ssl->transform_in->ivlen ) );
01494 return( POLARSSL_ERR_SSL_INVALID_MAC );
01495 }
01496
01497 #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
01498 if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
01499 minlen += ssl->transform_in->ivlen;
01500 #endif
01501
01502 if( ssl->in_msglen < minlen + ssl->transform_in->ivlen ||
01503 ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 )
01504 {
01505 SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) + 1 ) ( + expl IV )",
01506 ssl->in_msglen, ssl->transform_in->ivlen, ssl->transform_in->maclen ) );
01507 return( POLARSSL_ERR_SSL_INVALID_MAC );
01508 }
01509
01510 dec_msglen = ssl->in_msglen;
01511 dec_msg = ssl->in_msg;
01512 dec_msg_result = ssl->in_msg;
01513
01514 #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
01515
01516
01517
01518 if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
01519 {
01520 dec_msglen -= ssl->transform_in->ivlen;
01521 ssl->in_msglen -= ssl->transform_in->ivlen;
01522
01523 for( i = 0; i < ssl->transform_in->ivlen; i++ )
01524 ssl->transform_in->iv_dec[i] = ssl->in_iv[i];
01525 }
01526 #endif
01527
01528 if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
01529 {
01530 SSL_DEBUG_RET( 1, "cipher_reset", ret );
01531 return( ret );
01532 }
01533
01534 if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
01535 ssl->transform_in->iv_dec,
01536 ssl->transform_in->ivlen ) ) != 0 )
01537 {
01538 SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
01539 return( ret );
01540 }
01541
01542 if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
01543 dec_msg, dec_msglen, dec_msg_result,
01544 &olen ) ) != 0 )
01545 {
01546 SSL_DEBUG_RET( 1, "cipher_update", ret );
01547 return( ret );
01548 }
01549
01550 dec_msglen -= olen;
01551 if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
01552 dec_msg_result + olen, &olen ) ) != 0 )
01553 {
01554 SSL_DEBUG_RET( 1, "cipher_finish", ret );
01555 return( ret );
01556 }
01557
01558 if( dec_msglen != olen )
01559 {
01560 SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
01561 return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
01562 }
01563
01564 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
01565 if( ssl->minor_ver < SSL_MINOR_VERSION_2 )
01566 {
01567
01568
01569
01570 memcpy( ssl->transform_in->iv_dec,
01571 ssl->transform_in->cipher_ctx_dec.iv,
01572 ssl->transform_in->ivlen );
01573 }
01574 #endif
01575
01576 padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
01577
01578 if( ssl->in_msglen < ssl->transform_in->maclen + padlen )
01579 {
01580 #if defined(POLARSSL_SSL_DEBUG_ALL)
01581 SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
01582 ssl->in_msglen, ssl->transform_in->maclen, padlen ) );
01583 #endif
01584 padlen = 0;
01585 correct = 0;
01586 }
01587
01588 #if defined(POLARSSL_SSL_PROTO_SSL3)
01589 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
01590 {
01591 if( padlen > ssl->transform_in->ivlen )
01592 {
01593 #if defined(POLARSSL_SSL_DEBUG_ALL)
01594 SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
01595 "should be no more than %d",
01596 padlen, ssl->transform_in->ivlen ) );
01597 #endif
01598 correct = 0;
01599 }
01600 }
01601 else
01602 #endif
01603 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
01604 defined(POLARSSL_SSL_PROTO_TLS1_2)
01605 if( ssl->minor_ver > SSL_MINOR_VERSION_0 )
01606 {
01607
01608
01609
01610
01611 size_t pad_count = 0, real_count = 1;
01612 size_t padding_idx = ssl->in_msglen - padlen - 1;
01613
01614 for( i = 1; i <= 256; i++ )
01615 {
01616 real_count &= ( i <= padlen );
01617 pad_count += real_count *
01618 ( ssl->in_msg[padding_idx + i] == padlen - 1 );
01619 }
01620
01621 correct &= ( pad_count == padlen );
01622
01623 #if defined(POLARSSL_SSL_DEBUG_ALL)
01624 if( padlen > 0 && correct == 0)
01625 SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
01626 #endif
01627 padlen &= correct * 0x1FF;
01628 }
01629 else
01630 #endif
01631
01632 {
01633 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01634 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
01635 }
01636 }
01637 else
01638 #endif
01639
01640 {
01641 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01642 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
01643 }
01644
01645 SSL_DEBUG_BUF( 4, "raw buffer after decryption",
01646 ssl->in_msg, ssl->in_msglen );
01647
01648
01649
01650
01651 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
01652 ( defined(POLARSSL_CIPHER_MODE_CBC) && \
01653 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
01654 if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode !=
01655 POLARSSL_MODE_GCM )
01656 {
01657 ssl->in_msglen -= ( ssl->transform_in->maclen + padlen );
01658
01659 ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
01660 ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
01661
01662 memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen );
01663
01664 #if defined(POLARSSL_SSL_PROTO_SSL3)
01665 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
01666 {
01667 ssl_mac( &ssl->transform_in->md_ctx_dec,
01668 ssl->transform_in->mac_dec,
01669 ssl->in_msg, ssl->in_msglen,
01670 ssl->in_ctr, ssl->in_msgtype );
01671 }
01672 else
01673 #endif
01674 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
01675 defined(POLARSSL_SSL_PROTO_TLS1_2)
01676 if( ssl->minor_ver > SSL_MINOR_VERSION_0 )
01677 {
01678
01679
01680
01681
01682
01683
01684
01685
01686
01687
01688
01689
01690
01691 size_t j, extra_run = 0;
01692 extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
01693 ( 13 + ssl->in_msglen + 8 ) / 64;
01694
01695 extra_run &= correct * 0xFF;
01696
01697 md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 13 );
01698 md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg,
01699 ssl->in_msglen );
01700 md_hmac_finish( &ssl->transform_in->md_ctx_dec,
01701 ssl->in_msg + ssl->in_msglen );
01702 for( j = 0; j < extra_run; j++ )
01703 md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
01704
01705 md_hmac_reset( &ssl->transform_in->md_ctx_dec );
01706 }
01707 else
01708 #endif
01709
01710 {
01711 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01712 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
01713 }
01714
01715 SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen );
01716 SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
01717 ssl->transform_in->maclen );
01718
01719 if( safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen,
01720 ssl->transform_in->maclen ) != 0 )
01721 {
01722 #if defined(POLARSSL_SSL_DEBUG_ALL)
01723 SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
01724 #endif
01725 correct = 0;
01726 }
01727
01728
01729
01730
01731 if( correct == 0 )
01732 return( POLARSSL_ERR_SSL_INVALID_MAC );
01733 }
01734 #endif
01735
01736 if( ssl->in_msglen == 0 )
01737 {
01738 ssl->nb_zero++;
01739
01740
01741
01742
01743
01744 if( ssl->nb_zero > 3 )
01745 {
01746 SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
01747 "messages, possible DoS attack" ) );
01748 return( POLARSSL_ERR_SSL_INVALID_MAC );
01749 }
01750 }
01751 else
01752 ssl->nb_zero = 0;
01753
01754 for( i = 8; i > 0; i-- )
01755 if( ++ssl->in_ctr[i - 1] != 0 )
01756 break;
01757
01758 SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
01759
01760 return( 0 );
01761 }
01762
01763 #if defined(POLARSSL_ZLIB_SUPPORT)
01764
01765
01766
01767 static int ssl_compress_buf( ssl_context *ssl )
01768 {
01769 int ret;
01770 unsigned char *msg_post = ssl->out_msg;
01771 size_t len_pre = ssl->out_msglen;
01772 unsigned char *msg_pre = ssl->compress_buf;
01773
01774 SSL_DEBUG_MSG( 2, ( "=> compress buf" ) );
01775
01776 if( len_pre == 0 )
01777 return( 0 );
01778
01779 memcpy( msg_pre, ssl->out_msg, len_pre );
01780
01781 SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
01782 ssl->out_msglen ) );
01783
01784 SSL_DEBUG_BUF( 4, "before compression: output payload",
01785 ssl->out_msg, ssl->out_msglen );
01786
01787 ssl->transform_out->ctx_deflate.next_in = msg_pre;
01788 ssl->transform_out->ctx_deflate.avail_in = len_pre;
01789 ssl->transform_out->ctx_deflate.next_out = msg_post;
01790 ssl->transform_out->ctx_deflate.avail_out = SSL_BUFFER_LEN;
01791
01792 ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
01793 if( ret != Z_OK )
01794 {
01795 SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) );
01796 return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
01797 }
01798
01799 ssl->out_msglen = SSL_BUFFER_LEN - ssl->transform_out->ctx_deflate.avail_out;
01800
01801 SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
01802 ssl->out_msglen ) );
01803
01804 SSL_DEBUG_BUF( 4, "after compression: output payload",
01805 ssl->out_msg, ssl->out_msglen );
01806
01807 SSL_DEBUG_MSG( 2, ( "<= compress buf" ) );
01808
01809 return( 0 );
01810 }
01811
01812 static int ssl_decompress_buf( ssl_context *ssl )
01813 {
01814 int ret;
01815 unsigned char *msg_post = ssl->in_msg;
01816 size_t len_pre = ssl->in_msglen;
01817 unsigned char *msg_pre = ssl->compress_buf;
01818
01819 SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) );
01820
01821 if( len_pre == 0 )
01822 return( 0 );
01823
01824 memcpy( msg_pre, ssl->in_msg, len_pre );
01825
01826 SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
01827 ssl->in_msglen ) );
01828
01829 SSL_DEBUG_BUF( 4, "before decompression: input payload",
01830 ssl->in_msg, ssl->in_msglen );
01831
01832 ssl->transform_in->ctx_inflate.next_in = msg_pre;
01833 ssl->transform_in->ctx_inflate.avail_in = len_pre;
01834 ssl->transform_in->ctx_inflate.next_out = msg_post;
01835 ssl->transform_in->ctx_inflate.avail_out = SSL_MAX_CONTENT_LEN;
01836
01837 ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
01838 if( ret != Z_OK )
01839 {
01840 SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) );
01841 return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
01842 }
01843
01844 ssl->in_msglen = SSL_MAX_CONTENT_LEN - ssl->transform_in->ctx_inflate.avail_out;
01845
01846 SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
01847 ssl->in_msglen ) );
01848
01849 SSL_DEBUG_BUF( 4, "after decompression: input payload",
01850 ssl->in_msg, ssl->in_msglen );
01851
01852 SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) );
01853
01854 return( 0 );
01855 }
01856 #endif
01857
01858
01859
01860
01861 int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
01862 {
01863 int ret;
01864 size_t len;
01865
01866 SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
01867
01868 while( ssl->in_left < nb_want )
01869 {
01870 len = nb_want - ssl->in_left;
01871 ret = ssl->f_recv( ssl->p_recv, ssl->in_hdr + ssl->in_left, len );
01872
01873 SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
01874 ssl->in_left, nb_want ) );
01875 SSL_DEBUG_RET( 2, "ssl->f_recv", ret );
01876
01877 if( ret == 0 )
01878 return( POLARSSL_ERR_SSL_CONN_EOF );
01879
01880 if( ret < 0 )
01881 return( ret );
01882
01883 ssl->in_left += ret;
01884 }
01885
01886 SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
01887
01888 return( 0 );
01889 }
01890
01891
01892
01893
01894 int ssl_flush_output( ssl_context *ssl )
01895 {
01896 int ret;
01897 unsigned char *buf;
01898
01899 SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
01900
01901 while( ssl->out_left > 0 )
01902 {
01903 SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
01904 5 + ssl->out_msglen, ssl->out_left ) );
01905
01906 buf = ssl->out_hdr + 5 + ssl->out_msglen - ssl->out_left;
01907 ret = ssl->f_send( ssl->p_send, buf, ssl->out_left );
01908
01909 SSL_DEBUG_RET( 2, "ssl->f_send", ret );
01910
01911 if( ret <= 0 )
01912 return( ret );
01913
01914 ssl->out_left -= ret;
01915 }
01916
01917 SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
01918
01919 return( 0 );
01920 }
01921
01922
01923
01924
01925 int ssl_write_record( ssl_context *ssl )
01926 {
01927 int ret, done = 0;
01928 size_t len = ssl->out_msglen;
01929
01930 SSL_DEBUG_MSG( 2, ( "=> write record" ) );
01931
01932 if( ssl->out_msgtype == SSL_MSG_HANDSHAKE )
01933 {
01934 ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 );
01935 ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 );
01936 ssl->out_msg[3] = (unsigned char)( ( len - 4 ) );
01937
01938 if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST )
01939 ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
01940 }
01941
01942 #if defined(POLARSSL_ZLIB_SUPPORT)
01943 if( ssl->transform_out != NULL &&
01944 ssl->session_out->compression == SSL_COMPRESS_DEFLATE )
01945 {
01946 if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
01947 {
01948 SSL_DEBUG_RET( 1, "ssl_compress_buf", ret );
01949 return( ret );
01950 }
01951
01952 len = ssl->out_msglen;
01953 }
01954 #endif
01955
01956 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
01957 if( ssl_hw_record_write != NULL)
01958 {
01959 SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_write()" ) );
01960
01961 ret = ssl_hw_record_write( ssl );
01962 if( ret != 0 && ret != POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH )
01963 {
01964 SSL_DEBUG_RET( 1, "ssl_hw_record_write", ret );
01965 return POLARSSL_ERR_SSL_HW_ACCEL_FAILED;
01966 }
01967
01968 if( ret == 0 )
01969 done = 1;
01970 }
01971 #endif
01972 if( !done )
01973 {
01974 ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
01975 ssl->out_hdr[1] = (unsigned char) ssl->major_ver;
01976 ssl->out_hdr[2] = (unsigned char) ssl->minor_ver;
01977 ssl->out_hdr[3] = (unsigned char)( len >> 8 );
01978 ssl->out_hdr[4] = (unsigned char)( len );
01979
01980 if( ssl->transform_out != NULL )
01981 {
01982 if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
01983 {
01984 SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
01985 return( ret );
01986 }
01987
01988 len = ssl->out_msglen;
01989 ssl->out_hdr[3] = (unsigned char)( len >> 8 );
01990 ssl->out_hdr[4] = (unsigned char)( len );
01991 }
01992
01993 ssl->out_left = 5 + ssl->out_msglen;
01994
01995 SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
01996 "version = [%d:%d], msglen = %d",
01997 ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2],
01998 ( ssl->out_hdr[3] << 8 ) | ssl->out_hdr[4] ) );
01999
02000 SSL_DEBUG_BUF( 4, "output record sent to network",
02001 ssl->out_hdr, 5 + ssl->out_msglen );
02002 }
02003
02004 if( ( ret = ssl_flush_output( ssl ) ) != 0 )
02005 {
02006 SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
02007 return( ret );
02008 }
02009
02010 SSL_DEBUG_MSG( 2, ( "<= write record" ) );
02011
02012 return( 0 );
02013 }
02014
02015 int ssl_read_record( ssl_context *ssl )
02016 {
02017 int ret, done = 0;
02018
02019 SSL_DEBUG_MSG( 2, ( "=> read record" ) );
02020
02021 SSL_DEBUG_BUF( 4, "input record from network",
02022 ssl->in_hdr, 5 + ssl->in_msglen );
02023
02024 if( ssl->in_hslen != 0 &&
02025 ssl->in_hslen < ssl->in_msglen )
02026 {
02027
02028
02029
02030 ssl->in_msglen -= ssl->in_hslen;
02031
02032 memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
02033 ssl->in_msglen );
02034
02035 ssl->in_hslen = 4;
02036 ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];
02037
02038 SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
02039 " %d, type = %d, hslen = %d",
02040 ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
02041
02042 if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
02043 {
02044 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
02045 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02046 }
02047
02048 if( ssl->in_msglen < ssl->in_hslen )
02049 {
02050 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
02051 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02052 }
02053
02054 ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
02055
02056 return( 0 );
02057 }
02058
02059 ssl->in_hslen = 0;
02060
02061
02062
02063
02064 if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
02065 {
02066 SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
02067 return( ret );
02068 }
02069
02070 ssl->in_msgtype = ssl->in_hdr[0];
02071 ssl->in_msglen = ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4];
02072
02073 SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
02074 "version = [%d:%d], msglen = %d",
02075 ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2],
02076 ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4] ) );
02077
02078 if( ssl->in_hdr[1] != ssl->major_ver )
02079 {
02080 SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
02081 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02082 }
02083
02084 if( ssl->in_hdr[2] > ssl->max_minor_ver )
02085 {
02086 SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
02087 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02088 }
02089
02090
02091
02092
02093 if( ssl->transform_in == NULL )
02094 {
02095 if( ssl->in_msglen < 1 ||
02096 ssl->in_msglen > SSL_MAX_CONTENT_LEN )
02097 {
02098 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
02099 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02100 }
02101 }
02102 else
02103 {
02104 if( ssl->in_msglen < ssl->transform_in->minlen )
02105 {
02106 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
02107 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02108 }
02109
02110 #if defined(POLARSSL_SSL_PROTO_SSL3)
02111 if( ssl->minor_ver == SSL_MINOR_VERSION_0 &&
02112 ssl->in_msglen > ssl->transform_in->minlen + SSL_MAX_CONTENT_LEN )
02113 {
02114 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
02115 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02116 }
02117 #endif
02118
02119 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
02120 defined(POLARSSL_SSL_PROTO_TLS1_2)
02121
02122
02123
02124 if( ssl->minor_ver >= SSL_MINOR_VERSION_1 &&
02125 ssl->in_msglen > ssl->transform_in->minlen + SSL_MAX_CONTENT_LEN + 256 )
02126 {
02127 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
02128 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02129 }
02130 #endif
02131 }
02132
02133
02134
02135
02136 if( ( ret = ssl_fetch_input( ssl, 5 + ssl->in_msglen ) ) != 0 )
02137 {
02138 SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
02139 return( ret );
02140 }
02141
02142 SSL_DEBUG_BUF( 4, "input record from network",
02143 ssl->in_hdr, 5 + ssl->in_msglen );
02144
02145 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
02146 if( ssl_hw_record_read != NULL)
02147 {
02148 SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_read()" ) );
02149
02150 ret = ssl_hw_record_read( ssl );
02151 if( ret != 0 && ret != POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH )
02152 {
02153 SSL_DEBUG_RET( 1, "ssl_hw_record_read", ret );
02154 return POLARSSL_ERR_SSL_HW_ACCEL_FAILED;
02155 }
02156
02157 if( ret == 0 )
02158 done = 1;
02159 }
02160 #endif
02161 if( !done && ssl->transform_in != NULL )
02162 {
02163 if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
02164 {
02165 #if defined(POLARSSL_SSL_ALERT_MESSAGES)
02166 if( ret == POLARSSL_ERR_SSL_INVALID_MAC )
02167 {
02168 ssl_send_alert_message( ssl,
02169 SSL_ALERT_LEVEL_FATAL,
02170 SSL_ALERT_MSG_BAD_RECORD_MAC );
02171 }
02172 #endif
02173 SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
02174 return( ret );
02175 }
02176
02177 SSL_DEBUG_BUF( 4, "input payload after decrypt",
02178 ssl->in_msg, ssl->in_msglen );
02179
02180 if( ssl->in_msglen > SSL_MAX_CONTENT_LEN )
02181 {
02182 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
02183 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02184 }
02185 }
02186
02187 #if defined(POLARSSL_ZLIB_SUPPORT)
02188 if( ssl->transform_in != NULL &&
02189 ssl->session_in->compression == SSL_COMPRESS_DEFLATE )
02190 {
02191 if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
02192 {
02193 SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret );
02194 return( ret );
02195 }
02196
02197 ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
02198 ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
02199 }
02200 #endif
02201
02202 if( ssl->in_msgtype != SSL_MSG_HANDSHAKE &&
02203 ssl->in_msgtype != SSL_MSG_ALERT &&
02204 ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC &&
02205 ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
02206 {
02207 SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
02208
02209 if( ( ret = ssl_send_alert_message( ssl,
02210 SSL_ALERT_LEVEL_FATAL,
02211 SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
02212 {
02213 return( ret );
02214 }
02215
02216 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02217 }
02218
02219 if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
02220 {
02221 ssl->in_hslen = 4;
02222 ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];
02223
02224 SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
02225 " %d, type = %d, hslen = %d",
02226 ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
02227
02228
02229
02230
02231 if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
02232 {
02233 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
02234 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02235 }
02236
02237 if( ssl->in_msglen < ssl->in_hslen )
02238 {
02239 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
02240 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02241 }
02242
02243 if( ssl->state != SSL_HANDSHAKE_OVER )
02244 ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
02245 }
02246
02247 if( ssl->in_msgtype == SSL_MSG_ALERT )
02248 {
02249 SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
02250 ssl->in_msg[0], ssl->in_msg[1] ) );
02251
02252
02253
02254
02255 if( ssl->in_msg[0] == SSL_ALERT_LEVEL_FATAL )
02256 {
02257 SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)",
02258 ssl->in_msg[1] ) );
02263 return( POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE );
02264 }
02265
02266 if( ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
02267 ssl->in_msg[1] == SSL_ALERT_MSG_CLOSE_NOTIFY )
02268 {
02269 SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
02270 return( POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY );
02271 }
02272 }
02273
02274 ssl->in_left = 0;
02275
02276 SSL_DEBUG_MSG( 2, ( "<= read record" ) );
02277
02278 return( 0 );
02279 }
02280
02281 int ssl_send_fatal_handshake_failure( ssl_context *ssl )
02282 {
02283 int ret;
02284
02285 if( ( ret = ssl_send_alert_message( ssl,
02286 SSL_ALERT_LEVEL_FATAL,
02287 SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 )
02288 {
02289 return( ret );
02290 }
02291
02292 return( 0 );
02293 }
02294
02295 int ssl_send_alert_message( ssl_context *ssl,
02296 unsigned char level,
02297 unsigned char message )
02298 {
02299 int ret;
02300
02301 SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
02302
02303 ssl->out_msgtype = SSL_MSG_ALERT;
02304 ssl->out_msglen = 2;
02305 ssl->out_msg[0] = level;
02306 ssl->out_msg[1] = message;
02307
02308 if( ( ret = ssl_write_record( ssl ) ) != 0 )
02309 {
02310 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
02311 return( ret );
02312 }
02313
02314 SSL_DEBUG_MSG( 2, ( "<= send alert message" ) );
02315
02316 return( 0 );
02317 }
02318
02319
02320
02321
02322 #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
02323 !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
02324 !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
02325 !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
02326 int ssl_write_certificate( ssl_context *ssl )
02327 {
02328 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
02329 const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
02330
02331 SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
02332
02333 if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
02334 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
02335 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
02336 {
02337 SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
02338 ssl->state++;
02339 return( 0 );
02340 }
02341
02342 SSL_DEBUG_MSG( 1, ( "should not happen" ) );
02343 return( ret );
02344 }
02345
02346 int ssl_parse_certificate( ssl_context *ssl )
02347 {
02348 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
02349 const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
02350
02351 SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
02352
02353 if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
02354 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
02355 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
02356 {
02357 SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
02358 ssl->state++;
02359 return( 0 );
02360 }
02361
02362 SSL_DEBUG_MSG( 1, ( "should not happen" ) );
02363 return( ret );
02364 }
02365 #else
02366 int ssl_write_certificate( ssl_context *ssl )
02367 {
02368 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
02369 size_t i, n;
02370 const x509_crt *crt;
02371 const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
02372
02373 SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
02374
02375 if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
02376 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
02377 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
02378 {
02379 SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
02380 ssl->state++;
02381 return( 0 );
02382 }
02383
02384 if( ssl->endpoint == SSL_IS_CLIENT )
02385 {
02386 if( ssl->client_auth == 0 )
02387 {
02388 SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
02389 ssl->state++;
02390 return( 0 );
02391 }
02392
02393 #if defined(POLARSSL_SSL_PROTO_SSL3)
02394
02395
02396
02397
02398 if( ssl_own_cert( ssl ) == NULL &&
02399 ssl->minor_ver == SSL_MINOR_VERSION_0 )
02400 {
02401 ssl->out_msglen = 2;
02402 ssl->out_msgtype = SSL_MSG_ALERT;
02403 ssl->out_msg[0] = SSL_ALERT_LEVEL_WARNING;
02404 ssl->out_msg[1] = SSL_ALERT_MSG_NO_CERT;
02405
02406 SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) );
02407 goto write_msg;
02408 }
02409 #endif
02410 }
02411 else
02412 {
02413 if( ssl_own_cert( ssl ) == NULL )
02414 {
02415 SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
02416 return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED );
02417 }
02418 }
02419
02420 SSL_DEBUG_CRT( 3, "own certificate", ssl_own_cert( ssl ) );
02421
02422
02423
02424
02425
02426
02427
02428
02429
02430
02431 i = 7;
02432 crt = ssl_own_cert( ssl );
02433
02434 while( crt != NULL )
02435 {
02436 n = crt->raw.len;
02437 if( i + 3 + n > SSL_MAX_CONTENT_LEN )
02438 {
02439 SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
02440 i + 3 + n, SSL_MAX_CONTENT_LEN ) );
02441 return( POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE );
02442 }
02443
02444 ssl->out_msg[i ] = (unsigned char)( n >> 16 );
02445 ssl->out_msg[i + 1] = (unsigned char)( n >> 8 );
02446 ssl->out_msg[i + 2] = (unsigned char)( n );
02447
02448 i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
02449 i += n; crt = crt->next;
02450 }
02451
02452 ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 );
02453 ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 );
02454 ssl->out_msg[6] = (unsigned char)( ( i - 7 ) );
02455
02456 ssl->out_msglen = i;
02457 ssl->out_msgtype = SSL_MSG_HANDSHAKE;
02458 ssl->out_msg[0] = SSL_HS_CERTIFICATE;
02459
02460 #if defined(POLARSSL_SSL_PROTO_SSL3)
02461 write_msg:
02462 #endif
02463
02464 ssl->state++;
02465
02466 if( ( ret = ssl_write_record( ssl ) ) != 0 )
02467 {
02468 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
02469 return( ret );
02470 }
02471
02472 SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
02473
02474 return( ret );
02475 }
02476
02477 int ssl_parse_certificate( ssl_context *ssl )
02478 {
02479 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
02480 size_t i, n;
02481 const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
02482
02483 SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
02484
02485 if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
02486 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
02487 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
02488 {
02489 SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
02490 ssl->state++;
02491 return( 0 );
02492 }
02493
02494 if( ssl->endpoint == SSL_IS_SERVER &&
02495 ssl->authmode == SSL_VERIFY_NONE )
02496 {
02497 ssl->session_negotiate->verify_result = BADCERT_SKIP_VERIFY;
02498 SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
02499 ssl->state++;
02500 return( 0 );
02501 }
02502
02503 if( ( ret = ssl_read_record( ssl ) ) != 0 )
02504 {
02505 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
02506 return( ret );
02507 }
02508
02509 ssl->state++;
02510
02511 #if defined(POLARSSL_SSL_PROTO_SSL3)
02512
02513
02514
02515 if( ssl->endpoint == SSL_IS_SERVER &&
02516 ssl->minor_ver == SSL_MINOR_VERSION_0 )
02517 {
02518 if( ssl->in_msglen == 2 &&
02519 ssl->in_msgtype == SSL_MSG_ALERT &&
02520 ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
02521 ssl->in_msg[1] == SSL_ALERT_MSG_NO_CERT )
02522 {
02523 SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
02524
02525 ssl->session_negotiate->verify_result = BADCERT_MISSING;
02526 if( ssl->authmode == SSL_VERIFY_OPTIONAL )
02527 return( 0 );
02528 else
02529 return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
02530 }
02531 }
02532 #endif
02533
02534 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
02535 defined(POLARSSL_SSL_PROTO_TLS1_2)
02536 if( ssl->endpoint == SSL_IS_SERVER &&
02537 ssl->minor_ver != SSL_MINOR_VERSION_0 )
02538 {
02539 if( ssl->in_hslen == 7 &&
02540 ssl->in_msgtype == SSL_MSG_HANDSHAKE &&
02541 ssl->in_msg[0] == SSL_HS_CERTIFICATE &&
02542 memcmp( ssl->in_msg + 4, "\0\0\0", 3 ) == 0 )
02543 {
02544 SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
02545
02546 ssl->session_negotiate->verify_result = BADCERT_MISSING;
02547 if( ssl->authmode == SSL_VERIFY_REQUIRED )
02548 return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
02549 else
02550 return( 0 );
02551 }
02552 }
02553 #endif
02554
02555
02556 if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
02557 {
02558 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
02559 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
02560 }
02561
02562 if( ssl->in_msg[0] != SSL_HS_CERTIFICATE || ssl->in_hslen < 10 )
02563 {
02564 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
02565 return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
02566 }
02567
02568
02569
02570
02571 n = ( ssl->in_msg[5] << 8 ) | ssl->in_msg[6];
02572
02573 if( ssl->in_msg[4] != 0 || ssl->in_hslen != 7 + n )
02574 {
02575 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
02576 return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
02577 }
02578
02579
02580 if( ssl->session_negotiate->peer_cert != NULL )
02581 {
02582 x509_crt_free( ssl->session_negotiate->peer_cert );
02583 polarssl_free( ssl->session_negotiate->peer_cert );
02584 }
02585
02586 if( ( ssl->session_negotiate->peer_cert = (x509_crt *) polarssl_malloc(
02587 sizeof( x509_crt ) ) ) == NULL )
02588 {
02589 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
02590 sizeof( x509_crt ) ) );
02591 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
02592 }
02593
02594 x509_crt_init( ssl->session_negotiate->peer_cert );
02595
02596 i = 7;
02597
02598 while( i < ssl->in_hslen )
02599 {
02600 if( ssl->in_msg[i] != 0 )
02601 {
02602 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
02603 return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
02604 }
02605
02606 n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
02607 | (unsigned int) ssl->in_msg[i + 2];
02608 i += 3;
02609
02610 if( n < 128 || i + n > ssl->in_hslen )
02611 {
02612 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
02613 return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
02614 }
02615
02616 ret = x509_crt_parse_der( ssl->session_negotiate->peer_cert,
02617 ssl->in_msg + i, n );
02618 if( ret != 0 )
02619 {
02620 SSL_DEBUG_RET( 1, " x509_crt_parse_der", ret );
02621 return( ret );
02622 }
02623
02624 i += n;
02625 }
02626
02627 SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
02628
02629 if( ssl->authmode != SSL_VERIFY_NONE )
02630 {
02631 if( ssl->ca_chain == NULL )
02632 {
02633 SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
02634 return( POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED );
02635 }
02636
02637 ret = x509_crt_verify( ssl->session_negotiate->peer_cert,
02638 ssl->ca_chain, ssl->ca_crl, ssl->peer_cn,
02639 &ssl->session_negotiate->verify_result,
02640 ssl->f_vrfy, ssl->p_vrfy );
02641
02642 if( ret != 0 )
02643 SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
02644
02645 if( ssl->authmode != SSL_VERIFY_REQUIRED )
02646 ret = 0;
02647 }
02648
02649 SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
02650
02651 return( ret );
02652 }
02653 #endif
02654
02655
02656
02657 int ssl_write_change_cipher_spec( ssl_context *ssl )
02658 {
02659 int ret;
02660
02661 SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
02662
02663 ssl->out_msgtype = SSL_MSG_CHANGE_CIPHER_SPEC;
02664 ssl->out_msglen = 1;
02665 ssl->out_msg[0] = 1;
02666
02667 ssl->state++;
02668
02669 if( ( ret = ssl_write_record( ssl ) ) != 0 )
02670 {
02671 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
02672 return( ret );
02673 }
02674
02675 SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
02676
02677 return( 0 );
02678 }
02679
02680 int ssl_parse_change_cipher_spec( ssl_context *ssl )
02681 {
02682 int ret;
02683
02684 SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
02685
02686 if( ( ret = ssl_read_record( ssl ) ) != 0 )
02687 {
02688 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
02689 return( ret );
02690 }
02691
02692 if( ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC )
02693 {
02694 SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
02695 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
02696 }
02697
02698 if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 )
02699 {
02700 SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
02701 return( POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
02702 }
02703
02704 ssl->state++;
02705
02706 SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
02707
02708 return( 0 );
02709 }
02710
02711 void ssl_optimize_checksum( ssl_context *ssl,
02712 const ssl_ciphersuite_t *ciphersuite_info )
02713 {
02714 ((void) ciphersuite_info);
02715
02716 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
02717 defined(POLARSSL_SSL_PROTO_TLS1_1)
02718 if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
02719 ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
02720 else
02721 #endif
02722 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
02723 #if defined(POLARSSL_SHA512_C)
02724 if( ciphersuite_info->mac == POLARSSL_MD_SHA384 )
02725 ssl->handshake->update_checksum = ssl_update_checksum_sha384;
02726 else
02727 #endif
02728 #if defined(POLARSSL_SHA256_C)
02729 if( ciphersuite_info->mac != POLARSSL_MD_SHA384 )
02730 ssl->handshake->update_checksum = ssl_update_checksum_sha256;
02731 else
02732 #endif
02733 #endif
02734
02735 return;
02736 }
02737
02738 static void ssl_update_checksum_start( ssl_context *ssl,
02739 const unsigned char *buf, size_t len )
02740 {
02741 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
02742 defined(POLARSSL_SSL_PROTO_TLS1_1)
02743 md5_update( &ssl->handshake->fin_md5 , buf, len );
02744 sha1_update( &ssl->handshake->fin_sha1, buf, len );
02745 #endif
02746 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
02747 #if defined(POLARSSL_SHA256_C)
02748 sha256_update( &ssl->handshake->fin_sha256, buf, len );
02749 #endif
02750 #if defined(POLARSSL_SHA512_C)
02751 sha512_update( &ssl->handshake->fin_sha512, buf, len );
02752 #endif
02753 #endif
02754 }
02755
02756 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
02757 defined(POLARSSL_SSL_PROTO_TLS1_1)
02758 static void ssl_update_checksum_md5sha1( ssl_context *ssl,
02759 const unsigned char *buf, size_t len )
02760 {
02761 md5_update( &ssl->handshake->fin_md5 , buf, len );
02762 sha1_update( &ssl->handshake->fin_sha1, buf, len );
02763 }
02764 #endif
02765
02766 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
02767 #if defined(POLARSSL_SHA256_C)
02768 static void ssl_update_checksum_sha256( ssl_context *ssl,
02769 const unsigned char *buf, size_t len )
02770 {
02771 sha256_update( &ssl->handshake->fin_sha256, buf, len );
02772 }
02773 #endif
02774
02775 #if defined(POLARSSL_SHA512_C)
02776 static void ssl_update_checksum_sha384( ssl_context *ssl,
02777 const unsigned char *buf, size_t len )
02778 {
02779 sha512_update( &ssl->handshake->fin_sha512, buf, len );
02780 }
02781 #endif
02782 #endif
02783
02784 #if defined(POLARSSL_SSL_PROTO_SSL3)
02785 static void ssl_calc_finished_ssl(
02786 ssl_context *ssl, unsigned char *buf, int from )
02787 {
02788 const char *sender;
02789 md5_context md5;
02790 sha1_context sha1;
02791
02792 unsigned char padbuf[48];
02793 unsigned char md5sum[16];
02794 unsigned char sha1sum[20];
02795
02796 ssl_session *session = ssl->session_negotiate;
02797 if( !session )
02798 session = ssl->session;
02799
02800 SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) );
02801
02802 memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
02803 memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
02804
02805
02806
02807
02808
02809
02810
02811
02812
02813
02814 #if !defined(POLARSSL_MD5_ALT)
02815 SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
02816 md5.state, sizeof( md5.state ) );
02817 #endif
02818
02819 #if !defined(POLARSSL_SHA1_ALT)
02820 SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
02821 sha1.state, sizeof( sha1.state ) );
02822 #endif
02823
02824 sender = ( from == SSL_IS_CLIENT ) ? "CLNT"
02825 : "SRVR";
02826
02827 memset( padbuf, 0x36, 48 );
02828
02829 md5_update( &md5, (const unsigned char *) sender, 4 );
02830 md5_update( &md5, session->master, 48 );
02831 md5_update( &md5, padbuf, 48 );
02832 md5_finish( &md5, md5sum );
02833
02834 sha1_update( &sha1, (const unsigned char *) sender, 4 );
02835 sha1_update( &sha1, session->master, 48 );
02836 sha1_update( &sha1, padbuf, 40 );
02837 sha1_finish( &sha1, sha1sum );
02838
02839 memset( padbuf, 0x5C, 48 );
02840
02841 md5_starts( &md5 );
02842 md5_update( &md5, session->master, 48 );
02843 md5_update( &md5, padbuf, 48 );
02844 md5_update( &md5, md5sum, 16 );
02845 md5_finish( &md5, buf );
02846
02847 sha1_starts( &sha1 );
02848 sha1_update( &sha1, session->master, 48 );
02849 sha1_update( &sha1, padbuf , 40 );
02850 sha1_update( &sha1, sha1sum, 20 );
02851 sha1_finish( &sha1, buf + 16 );
02852
02853 SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 );
02854
02855 memset( &md5, 0, sizeof( md5_context ) );
02856 memset( &sha1, 0, sizeof( sha1_context ) );
02857
02858 memset( padbuf, 0, sizeof( padbuf ) );
02859 memset( md5sum, 0, sizeof( md5sum ) );
02860 memset( sha1sum, 0, sizeof( sha1sum ) );
02861
02862 SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
02863 }
02864 #endif
02865
02866 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
02867 static void ssl_calc_finished_tls(
02868 ssl_context *ssl, unsigned char *buf, int from )
02869 {
02870 int len = 12;
02871 const char *sender;
02872 md5_context md5;
02873 sha1_context sha1;
02874 unsigned char padbuf[36];
02875
02876 ssl_session *session = ssl->session_negotiate;
02877 if( !session )
02878 session = ssl->session;
02879
02880 SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) );
02881
02882 memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
02883 memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
02884
02885
02886
02887
02888
02889
02890
02891 #if !defined(POLARSSL_MD5_ALT)
02892 SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
02893 md5.state, sizeof( md5.state ) );
02894 #endif
02895
02896 #if !defined(POLARSSL_SHA1_ALT)
02897 SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
02898 sha1.state, sizeof( sha1.state ) );
02899 #endif
02900
02901 sender = ( from == SSL_IS_CLIENT )
02902 ? "client finished"
02903 : "server finished";
02904
02905 md5_finish( &md5, padbuf );
02906 sha1_finish( &sha1, padbuf + 16 );
02907
02908 ssl->handshake->tls_prf( session->master, 48, sender,
02909 padbuf, 36, buf, len );
02910
02911 SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
02912
02913 memset( &md5, 0, sizeof( md5_context ) );
02914 memset( &sha1, 0, sizeof( sha1_context ) );
02915
02916 memset( padbuf, 0, sizeof( padbuf ) );
02917
02918 SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
02919 }
02920 #endif
02921
02922 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
02923 #if defined(POLARSSL_SHA256_C)
02924 static void ssl_calc_finished_tls_sha256(
02925 ssl_context *ssl, unsigned char *buf, int from )
02926 {
02927 int len = 12;
02928 const char *sender;
02929 sha256_context sha256;
02930 unsigned char padbuf[32];
02931
02932 ssl_session *session = ssl->session_negotiate;
02933 if( !session )
02934 session = ssl->session;
02935
02936 SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) );
02937
02938 memcpy( &sha256, &ssl->handshake->fin_sha256, sizeof(sha256_context) );
02939
02940
02941
02942
02943
02944
02945
02946 #if !defined(POLARSSL_SHA256_ALT)
02947 SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
02948 sha256.state, sizeof( sha256.state ) );
02949 #endif
02950
02951 sender = ( from == SSL_IS_CLIENT )
02952 ? "client finished"
02953 : "server finished";
02954
02955 sha256_finish( &sha256, padbuf );
02956
02957 ssl->handshake->tls_prf( session->master, 48, sender,
02958 padbuf, 32, buf, len );
02959
02960 SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
02961
02962 memset( &sha256, 0, sizeof( sha256_context ) );
02963
02964 memset( padbuf, 0, sizeof( padbuf ) );
02965
02966 SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
02967 }
02968 #endif
02969
02970 #if defined(POLARSSL_SHA512_C)
02971 static void ssl_calc_finished_tls_sha384(
02972 ssl_context *ssl, unsigned char *buf, int from )
02973 {
02974 int len = 12;
02975 const char *sender;
02976 sha512_context sha512;
02977 unsigned char padbuf[48];
02978
02979 ssl_session *session = ssl->session_negotiate;
02980 if( !session )
02981 session = ssl->session;
02982
02983 SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) );
02984
02985 memcpy( &sha512, &ssl->handshake->fin_sha512, sizeof(sha512_context) );
02986
02987
02988
02989
02990
02991
02992
02993 #if !defined(POLARSSL_SHA512_ALT)
02994 SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
02995 sha512.state, sizeof( sha512.state ) );
02996 #endif
02997
02998 sender = ( from == SSL_IS_CLIENT )
02999 ? "client finished"
03000 : "server finished";
03001
03002 sha512_finish( &sha512, padbuf );
03003
03004 ssl->handshake->tls_prf( session->master, 48, sender,
03005 padbuf, 48, buf, len );
03006
03007 SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
03008
03009 memset( &sha512, 0, sizeof( sha512_context ) );
03010
03011 memset( padbuf, 0, sizeof( padbuf ) );
03012
03013 SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
03014 }
03015 #endif
03016 #endif
03017
03018 void ssl_handshake_wrapup( ssl_context *ssl )
03019 {
03020 int resume = ssl->handshake->resume;
03021
03022 SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
03023
03024
03025
03026
03027 ssl_handshake_free( ssl->handshake );
03028 polarssl_free( ssl->handshake );
03029 ssl->handshake = NULL;
03030
03031 if( ssl->renegotiation == SSL_RENEGOTIATION )
03032 ssl->renegotiation = SSL_RENEGOTIATION_DONE;
03033
03034
03035
03036
03037 if( ssl->transform )
03038 {
03039 ssl_transform_free( ssl->transform );
03040 polarssl_free( ssl->transform );
03041 }
03042 ssl->transform = ssl->transform_negotiate;
03043 ssl->transform_negotiate = NULL;
03044
03045 if( ssl->session )
03046 {
03047 ssl_session_free( ssl->session );
03048 polarssl_free( ssl->session );
03049 }
03050 ssl->session = ssl->session_negotiate;
03051 ssl->session_negotiate = NULL;
03052
03053
03054
03055
03056 if( ssl->f_set_cache != NULL &&
03057 ssl->session->length != 0 &&
03058 resume == 0 )
03059 {
03060 if( ssl->f_set_cache( ssl->p_set_cache, ssl->session ) != 0 )
03061 SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
03062 }
03063
03064 ssl->state++;
03065
03066 SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
03067 }
03068
03069 int ssl_write_finished( ssl_context *ssl )
03070 {
03071 int ret, hash_len;
03072
03073 SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
03074
03075
03076
03077
03078 if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
03079 {
03080 ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen -
03081 ssl->transform_negotiate->fixed_ivlen;
03082 }
03083 else
03084 ssl->out_msg = ssl->out_iv;
03085
03086 ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->endpoint );
03087
03088
03089 hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12;
03090
03091 ssl->verify_data_len = hash_len;
03092 memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
03093
03094 ssl->out_msglen = 4 + hash_len;
03095 ssl->out_msgtype = SSL_MSG_HANDSHAKE;
03096 ssl->out_msg[0] = SSL_HS_FINISHED;
03097
03098
03099
03100
03101
03102 if( ssl->handshake->resume != 0 )
03103 {
03104 if( ssl->endpoint == SSL_IS_CLIENT )
03105 ssl->state = SSL_HANDSHAKE_WRAPUP;
03106 else
03107 ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
03108 }
03109 else
03110 ssl->state++;
03111
03112
03113
03114
03115 SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
03116 ssl->transform_out = ssl->transform_negotiate;
03117 ssl->session_out = ssl->session_negotiate;
03118 memset( ssl->out_ctr, 0, 8 );
03119
03120 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
03121 if( ssl_hw_record_activate != NULL)
03122 {
03123 if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_OUTBOUND ) ) != 0 )
03124 {
03125 SSL_DEBUG_RET( 1, "ssl_hw_record_activate", ret );
03126 return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );
03127 }
03128 }
03129 #endif
03130
03131 if( ( ret = ssl_write_record( ssl ) ) != 0 )
03132 {
03133 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
03134 return( ret );
03135 }
03136
03137 SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
03138
03139 return( 0 );
03140 }
03141
03142 int ssl_parse_finished( ssl_context *ssl )
03143 {
03144 int ret;
03145 unsigned int hash_len;
03146 unsigned char buf[36];
03147
03148 SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
03149
03150 ssl->handshake->calc_finished( ssl, buf, ssl->endpoint ^ 1 );
03151
03152
03153
03154
03155 SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
03156 ssl->transform_in = ssl->transform_negotiate;
03157 ssl->session_in = ssl->session_negotiate;
03158 memset( ssl->in_ctr, 0, 8 );
03159
03160
03161
03162
03163 if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
03164 {
03165 ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen -
03166 ssl->transform_negotiate->fixed_ivlen;
03167 }
03168 else
03169 ssl->in_msg = ssl->in_iv;
03170
03171 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
03172 if( ssl_hw_record_activate != NULL)
03173 {
03174 if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_INBOUND ) ) != 0 )
03175 {
03176 SSL_DEBUG_RET( 1, "ssl_hw_record_activate", ret );
03177 return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );
03178 }
03179 }
03180 #endif
03181
03182 if( ( ret = ssl_read_record( ssl ) ) != 0 )
03183 {
03184 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
03185 return( ret );
03186 }
03187
03188 if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
03189 {
03190 SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
03191 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
03192 }
03193
03194
03195 hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12;
03196
03197 if( ssl->in_msg[0] != SSL_HS_FINISHED ||
03198 ssl->in_hslen != 4 + hash_len )
03199 {
03200 SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
03201 return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
03202 }
03203
03204 if( safer_memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
03205 {
03206 SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
03207 return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
03208 }
03209
03210 ssl->verify_data_len = hash_len;
03211 memcpy( ssl->peer_verify_data, buf, hash_len );
03212
03213 if( ssl->handshake->resume != 0 )
03214 {
03215 if( ssl->endpoint == SSL_IS_CLIENT )
03216 ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
03217
03218 if( ssl->endpoint == SSL_IS_SERVER )
03219 ssl->state = SSL_HANDSHAKE_WRAPUP;
03220 }
03221 else
03222 ssl->state++;
03223
03224 SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
03225
03226 return( 0 );
03227 }
03228
03229 static int ssl_handshake_init( ssl_context *ssl )
03230 {
03231 if( ssl->transform_negotiate )
03232 ssl_transform_free( ssl->transform_negotiate );
03233 else
03234 {
03235 ssl->transform_negotiate =
03236 (ssl_transform *) polarssl_malloc( sizeof(ssl_transform) );
03237 }
03238
03239 if( ssl->session_negotiate )
03240 ssl_session_free( ssl->session_negotiate );
03241 else
03242 {
03243 ssl->session_negotiate =
03244 (ssl_session *) polarssl_malloc( sizeof(ssl_session) );
03245 }
03246
03247 if( ssl->handshake )
03248 ssl_handshake_free( ssl->handshake );
03249 else
03250 {
03251 ssl->handshake = (ssl_handshake_params *)
03252 polarssl_malloc( sizeof(ssl_handshake_params) );
03253 }
03254
03255 if( ssl->handshake == NULL ||
03256 ssl->transform_negotiate == NULL ||
03257 ssl->session_negotiate == NULL )
03258 {
03259 SSL_DEBUG_MSG( 1, ( "malloc() of ssl sub-contexts failed" ) );
03260 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03261 }
03262
03263 memset( ssl->handshake, 0, sizeof(ssl_handshake_params) );
03264 memset( ssl->transform_negotiate, 0, sizeof(ssl_transform) );
03265 memset( ssl->session_negotiate, 0, sizeof(ssl_session) );
03266
03267 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
03268 defined(POLARSSL_SSL_PROTO_TLS1_1)
03269 md5_starts( &ssl->handshake->fin_md5 );
03270 sha1_starts( &ssl->handshake->fin_sha1 );
03271 #endif
03272 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
03273 #if defined(POLARSSL_SHA256_C)
03274 sha256_starts( &ssl->handshake->fin_sha256, 0 );
03275 #endif
03276 #if defined(POLARSSL_SHA512_C)
03277 sha512_starts( &ssl->handshake->fin_sha512, 1 );
03278 #endif
03279 #endif
03280
03281 ssl->handshake->update_checksum = ssl_update_checksum_start;
03282 ssl->handshake->sig_alg = SSL_HASH_SHA1;
03283
03284 #if defined(POLARSSL_ECDH_C)
03285 ecdh_init( &ssl->handshake->ecdh_ctx );
03286 #endif
03287
03288 #if defined(POLARSSL_X509_CRT_PARSE_C)
03289 ssl->handshake->key_cert = ssl->key_cert;
03290 #endif
03291
03292 return( 0 );
03293 }
03294
03295
03296
03297
03298 int ssl_init( ssl_context *ssl )
03299 {
03300 int ret;
03301 int len = SSL_BUFFER_LEN;
03302
03303 memset( ssl, 0, sizeof( ssl_context ) );
03304
03305
03306
03307
03308 ssl->min_major_ver = SSL_MIN_MAJOR_VERSION;
03309 ssl->min_minor_ver = SSL_MIN_MINOR_VERSION;
03310 ssl->max_major_ver = SSL_MAX_MAJOR_VERSION;
03311 ssl->max_minor_ver = SSL_MAX_MINOR_VERSION;
03312
03313 ssl_set_ciphersuites( ssl, ssl_list_ciphersuites() );
03314
03315 #if defined(POLARSSL_DHM_C)
03316 if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
03317 POLARSSL_DHM_RFC5114_MODP_1024_P) ) != 0 ||
03318 ( ret = mpi_read_string( &ssl->dhm_G, 16,
03319 POLARSSL_DHM_RFC5114_MODP_1024_G) ) != 0 )
03320 {
03321 SSL_DEBUG_RET( 1, "mpi_read_string", ret );
03322 return( ret );
03323 }
03324 #endif
03325
03326
03327
03328
03329 ssl->in_ctr = (unsigned char *) polarssl_malloc( len );
03330 ssl->in_hdr = ssl->in_ctr + 8;
03331 ssl->in_iv = ssl->in_ctr + 13;
03332 ssl->in_msg = ssl->in_ctr + 13;
03333
03334 if( ssl->in_ctr == NULL )
03335 {
03336 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
03337 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03338 }
03339
03340 ssl->out_ctr = (unsigned char *) polarssl_malloc( len );
03341 ssl->out_hdr = ssl->out_ctr + 8;
03342 ssl->out_iv = ssl->out_ctr + 13;
03343 ssl->out_msg = ssl->out_ctr + 13;
03344
03345 if( ssl->out_ctr == NULL )
03346 {
03347 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
03348 polarssl_free( ssl-> in_ctr );
03349 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03350 }
03351
03352 memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
03353 memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
03354
03355 #if defined(POLARSSL_SSL_SESSION_TICKETS)
03356 ssl->ticket_lifetime = SSL_DEFAULT_TICKET_LIFETIME;
03357 #endif
03358
03359 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
03360 return( ret );
03361
03362 return( 0 );
03363 }
03364
03365
03366
03367
03368
03369 int ssl_session_reset( ssl_context *ssl )
03370 {
03371 int ret;
03372
03373 ssl->state = SSL_HELLO_REQUEST;
03374 ssl->renegotiation = SSL_INITIAL_HANDSHAKE;
03375 ssl->secure_renegotiation = SSL_LEGACY_RENEGOTIATION;
03376
03377 ssl->verify_data_len = 0;
03378 memset( ssl->own_verify_data, 0, 36 );
03379 memset( ssl->peer_verify_data, 0, 36 );
03380
03381 ssl->in_offt = NULL;
03382
03383 ssl->in_msg = ssl->in_ctr + 13;
03384 ssl->in_msgtype = 0;
03385 ssl->in_msglen = 0;
03386 ssl->in_left = 0;
03387
03388 ssl->in_hslen = 0;
03389 ssl->nb_zero = 0;
03390 ssl->record_read = 0;
03391
03392 ssl->out_msg = ssl->out_ctr + 13;
03393 ssl->out_msgtype = 0;
03394 ssl->out_msglen = 0;
03395 ssl->out_left = 0;
03396
03397 ssl->transform_in = NULL;
03398 ssl->transform_out = NULL;
03399
03400 memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
03401 memset( ssl->in_ctr, 0, SSL_BUFFER_LEN );
03402
03403 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
03404 if( ssl_hw_record_reset != NULL)
03405 {
03406 SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_reset()" ) );
03407 if( ( ret = ssl_hw_record_reset( ssl ) ) != 0 )
03408 {
03409 SSL_DEBUG_RET( 1, "ssl_hw_record_reset", ret );
03410 return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );
03411 }
03412 }
03413 #endif
03414
03415 if( ssl->transform )
03416 {
03417 ssl_transform_free( ssl->transform );
03418 polarssl_free( ssl->transform );
03419 ssl->transform = NULL;
03420 }
03421
03422 if( ssl->session )
03423 {
03424 ssl_session_free( ssl->session );
03425 polarssl_free( ssl->session );
03426 ssl->session = NULL;
03427 }
03428
03429 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
03430 return( ret );
03431
03432 return( 0 );
03433 }
03434
03435 #if defined(POLARSSL_SSL_SESSION_TICKETS)
03436
03437
03438
03439 static int ssl_ticket_keys_init( ssl_context *ssl )
03440 {
03441 int ret;
03442 ssl_ticket_keys *tkeys;
03443 unsigned char buf[16];
03444
03445 if( ssl->ticket_keys != NULL )
03446 return( 0 );
03447
03448 tkeys = (ssl_ticket_keys *) polarssl_malloc( sizeof(ssl_ticket_keys) );
03449 if( tkeys == NULL )
03450 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03451
03452 if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->key_name, 16 ) ) != 0 )
03453 return( ret );
03454
03455 if( ( ret = ssl->f_rng( ssl->p_rng, buf, 16 ) ) != 0 ||
03456 ( ret = aes_setkey_enc( &tkeys->enc, buf, 128 ) ) != 0 ||
03457 ( ret = aes_setkey_dec( &tkeys->dec, buf, 128 ) ) != 0 )
03458 {
03459 return( ret );
03460 }
03461
03462 if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->mac_key, 16 ) ) != 0 )
03463 return( ret );
03464
03465 ssl->ticket_keys = tkeys;
03466
03467 return( 0 );
03468 }
03469 #endif
03470
03471
03472
03473
03474 void ssl_set_endpoint( ssl_context *ssl, int endpoint )
03475 {
03476 ssl->endpoint = endpoint;
03477
03478 #if defined(POLARSSL_SSL_SESSION_TICKETS)
03479 if( endpoint == SSL_IS_CLIENT )
03480 ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
03481 #endif
03482 }
03483
03484 void ssl_set_authmode( ssl_context *ssl, int authmode )
03485 {
03486 ssl->authmode = authmode;
03487 }
03488
03489 #if defined(POLARSSL_X509_CRT_PARSE_C)
03490 void ssl_set_verify( ssl_context *ssl,
03491 int (*f_vrfy)(void *, x509_crt *, int, int *),
03492 void *p_vrfy )
03493 {
03494 ssl->f_vrfy = f_vrfy;
03495 ssl->p_vrfy = p_vrfy;
03496 }
03497 #endif
03498
03499 void ssl_set_rng( ssl_context *ssl,
03500 int (*f_rng)(void *, unsigned char *, size_t),
03501 void *p_rng )
03502 {
03503 ssl->f_rng = f_rng;
03504 ssl->p_rng = p_rng;
03505 }
03506
03507 void ssl_set_dbg( ssl_context *ssl,
03508 void (*f_dbg)(void *, int, const char *),
03509 void *p_dbg )
03510 {
03511 ssl->f_dbg = f_dbg;
03512 ssl->p_dbg = p_dbg;
03513 }
03514
03515 void ssl_set_bio( ssl_context *ssl,
03516 int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
03517 int (*f_send)(void *, const unsigned char *, size_t), void *p_send )
03518 {
03519 ssl->f_recv = f_recv;
03520 ssl->f_send = f_send;
03521 ssl->p_recv = p_recv;
03522 ssl->p_send = p_send;
03523 }
03524
03525 void ssl_set_session_cache( ssl_context *ssl,
03526 int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
03527 int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache )
03528 {
03529 ssl->f_get_cache = f_get_cache;
03530 ssl->p_get_cache = p_get_cache;
03531 ssl->f_set_cache = f_set_cache;
03532 ssl->p_set_cache = p_set_cache;
03533 }
03534
03535 int ssl_set_session( ssl_context *ssl, const ssl_session *session )
03536 {
03537 int ret;
03538
03539 if( ssl == NULL ||
03540 session == NULL ||
03541 ssl->session_negotiate == NULL ||
03542 ssl->endpoint != SSL_IS_CLIENT )
03543 {
03544 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03545 }
03546
03547 if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 )
03548 return( ret );
03549
03550 ssl->handshake->resume = 1;
03551
03552 return( 0 );
03553 }
03554
03555 void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites )
03556 {
03557 ssl->ciphersuite_list[SSL_MINOR_VERSION_0] = ciphersuites;
03558 ssl->ciphersuite_list[SSL_MINOR_VERSION_1] = ciphersuites;
03559 ssl->ciphersuite_list[SSL_MINOR_VERSION_2] = ciphersuites;
03560 ssl->ciphersuite_list[SSL_MINOR_VERSION_3] = ciphersuites;
03561 }
03562
03563 void ssl_set_ciphersuites_for_version( ssl_context *ssl, const int *ciphersuites,
03564 int major, int minor )
03565 {
03566 if( major != SSL_MAJOR_VERSION_3 )
03567 return;
03568
03569 if( minor < SSL_MINOR_VERSION_0 || minor > SSL_MINOR_VERSION_3 )
03570 return;
03571
03572 ssl->ciphersuite_list[minor] = ciphersuites;
03573 }
03574
03575 #if defined(POLARSSL_X509_CRT_PARSE_C)
03576
03577 static ssl_key_cert *ssl_add_key_cert( ssl_context *ssl )
03578 {
03579 ssl_key_cert *key_cert, *last;
03580
03581 key_cert = (ssl_key_cert *) polarssl_malloc( sizeof(ssl_key_cert) );
03582 if( key_cert == NULL )
03583 return( NULL );
03584
03585 memset( key_cert, 0, sizeof( ssl_key_cert ) );
03586
03587
03588 if( ssl->key_cert == NULL )
03589 {
03590 ssl->key_cert = key_cert;
03591 ssl->handshake->key_cert = key_cert;
03592 }
03593 else
03594 {
03595 last = ssl->key_cert;
03596 while( last->next != NULL )
03597 last = last->next;
03598 last->next = key_cert;
03599 }
03600
03601 return key_cert;
03602 }
03603
03604 void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
03605 x509_crl *ca_crl, const char *peer_cn )
03606 {
03607 ssl->ca_chain = ca_chain;
03608 ssl->ca_crl = ca_crl;
03609 ssl->peer_cn = peer_cn;
03610 }
03611
03612 int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
03613 pk_context *pk_key )
03614 {
03615 ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
03616
03617 if( key_cert == NULL )
03618 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03619
03620 key_cert->cert = own_cert;
03621 key_cert->key = pk_key;
03622
03623 return( 0 );
03624 }
03625
03626 #if defined(POLARSSL_RSA_C)
03627 int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
03628 rsa_context *rsa_key )
03629 {
03630 int ret;
03631 ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
03632
03633 if( key_cert == NULL )
03634 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03635
03636 key_cert->key = (pk_context *) polarssl_malloc( sizeof(pk_context) );
03637 if( key_cert->key == NULL )
03638 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03639
03640 pk_init( key_cert->key );
03641
03642 ret = pk_init_ctx( key_cert->key, pk_info_from_type( POLARSSL_PK_RSA ) );
03643 if( ret != 0 )
03644 return( ret );
03645
03646 if( ( ret = rsa_copy( pk_rsa( *key_cert->key ), rsa_key ) ) != 0 )
03647 return( ret );
03648
03649 key_cert->cert = own_cert;
03650 key_cert->key_own_alloc = 1;
03651
03652 return( 0 );
03653 }
03654 #endif
03655
03656 int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
03657 void *rsa_key,
03658 rsa_decrypt_func rsa_decrypt,
03659 rsa_sign_func rsa_sign,
03660 rsa_key_len_func rsa_key_len )
03661 {
03662 int ret;
03663 ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
03664
03665 if( key_cert == NULL )
03666 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03667
03668 key_cert->key = (pk_context *) polarssl_malloc( sizeof(pk_context) );
03669 if( key_cert->key == NULL )
03670 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03671
03672 pk_init( key_cert->key );
03673
03674 if( ( ret = pk_init_ctx_rsa_alt( key_cert->key, rsa_key,
03675 rsa_decrypt, rsa_sign, rsa_key_len ) ) != 0 )
03676 return( ret );
03677
03678 key_cert->cert = own_cert;
03679 key_cert->key_own_alloc = 1;
03680
03681 return( 0 );
03682 }
03683 #endif
03684
03685 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
03686 int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
03687 const unsigned char *psk_identity, size_t psk_identity_len )
03688 {
03689 if( psk == NULL || psk_identity == NULL )
03690 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03691
03692 if( ssl->psk != NULL )
03693 {
03694 polarssl_free( ssl->psk );
03695 polarssl_free( ssl->psk_identity );
03696 }
03697
03698 ssl->psk_len = psk_len;
03699 ssl->psk_identity_len = psk_identity_len;
03700
03701 ssl->psk = (unsigned char *) polarssl_malloc( ssl->psk_len );
03702 ssl->psk_identity = (unsigned char *) polarssl_malloc( ssl->psk_identity_len );
03703
03704 if( ssl->psk == NULL || ssl->psk_identity == NULL )
03705 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03706
03707 memcpy( ssl->psk, psk, ssl->psk_len );
03708 memcpy( ssl->psk_identity, psk_identity, ssl->psk_identity_len );
03709
03710 return( 0 );
03711 }
03712
03713 void ssl_set_psk_cb( ssl_context *ssl,
03714 int (*f_psk)(void *, ssl_context *, const unsigned char *,
03715 size_t),
03716 void *p_psk )
03717 {
03718 ssl->f_psk = f_psk;
03719 ssl->p_psk = p_psk;
03720 }
03721 #endif
03722
03723 #if defined(POLARSSL_DHM_C)
03724 int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G )
03725 {
03726 int ret;
03727
03728 if( ( ret = mpi_read_string( &ssl->dhm_P, 16, dhm_P ) ) != 0 )
03729 {
03730 SSL_DEBUG_RET( 1, "mpi_read_string", ret );
03731 return( ret );
03732 }
03733
03734 if( ( ret = mpi_read_string( &ssl->dhm_G, 16, dhm_G ) ) != 0 )
03735 {
03736 SSL_DEBUG_RET( 1, "mpi_read_string", ret );
03737 return( ret );
03738 }
03739
03740 return( 0 );
03741 }
03742
03743 int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx )
03744 {
03745 int ret;
03746
03747 if( ( ret = mpi_copy(&ssl->dhm_P, &dhm_ctx->P) ) != 0 )
03748 {
03749 SSL_DEBUG_RET( 1, "mpi_copy", ret );
03750 return( ret );
03751 }
03752
03753 if( ( ret = mpi_copy(&ssl->dhm_G, &dhm_ctx->G) ) != 0 )
03754 {
03755 SSL_DEBUG_RET( 1, "mpi_copy", ret );
03756 return( ret );
03757 }
03758
03759 return( 0 );
03760 }
03761 #endif
03762
03763 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
03764 int ssl_set_hostname( ssl_context *ssl, const char *hostname )
03765 {
03766 if( hostname == NULL )
03767 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03768
03769 ssl->hostname_len = strlen( hostname );
03770
03771 if( ssl->hostname_len + 1 == 0 )
03772 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03773
03774 ssl->hostname = (unsigned char *) polarssl_malloc( ssl->hostname_len + 1 );
03775
03776 if( ssl->hostname == NULL )
03777 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03778
03779 memcpy( ssl->hostname, (const unsigned char *) hostname,
03780 ssl->hostname_len );
03781
03782 ssl->hostname[ssl->hostname_len] = '\0';
03783
03784 return( 0 );
03785 }
03786
03787 void ssl_set_sni( ssl_context *ssl,
03788 int (*f_sni)(void *, ssl_context *,
03789 const unsigned char *, size_t),
03790 void *p_sni )
03791 {
03792 ssl->f_sni = f_sni;
03793 ssl->p_sni = p_sni;
03794 }
03795 #endif
03796
03797 void ssl_set_max_version( ssl_context *ssl, int major, int minor )
03798 {
03799 if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION &&
03800 minor >= SSL_MIN_MINOR_VERSION && minor <= SSL_MAX_MINOR_VERSION )
03801 {
03802 ssl->max_major_ver = major;
03803 ssl->max_minor_ver = minor;
03804 }
03805 }
03806
03807 void ssl_set_min_version( ssl_context *ssl, int major, int minor )
03808 {
03809 if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION &&
03810 minor >= SSL_MIN_MINOR_VERSION && minor <= SSL_MAX_MINOR_VERSION )
03811 {
03812 ssl->min_major_ver = major;
03813 ssl->min_minor_ver = minor;
03814 }
03815 }
03816
03817 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
03818 int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
03819 {
03820 if( mfl_code >= sizeof( mfl_code_to_length ) ||
03821 mfl_code_to_length[mfl_code] > SSL_MAX_CONTENT_LEN )
03822 {
03823 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03824 }
03825
03826 ssl->mfl_code = mfl_code;
03827
03828 return( 0 );
03829 }
03830 #endif
03831
03832 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
03833 int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
03834 {
03835 if( ssl->endpoint != SSL_IS_CLIENT )
03836 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03837
03838 ssl->trunc_hmac = truncate;
03839
03840 return( 0 );
03841 }
03842 #endif
03843
03844 void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
03845 {
03846 ssl->disable_renegotiation = renegotiation;
03847 }
03848
03849 void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy )
03850 {
03851 ssl->allow_legacy_renegotiation = allow_legacy;
03852 }
03853
03854 #if defined(POLARSSL_SSL_SESSION_TICKETS)
03855 int ssl_set_session_tickets( ssl_context *ssl, int use_tickets )
03856 {
03857 ssl->session_tickets = use_tickets;
03858
03859 if( ssl->endpoint == SSL_IS_CLIENT )
03860 return( 0 );
03861
03862 if( ssl->f_rng == NULL )
03863 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03864
03865 return( ssl_ticket_keys_init( ssl ) );
03866 }
03867
03868 void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime )
03869 {
03870 ssl->ticket_lifetime = lifetime;
03871 }
03872 #endif
03873
03874
03875
03876
03877 size_t ssl_get_bytes_avail( const ssl_context *ssl )
03878 {
03879 return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
03880 }
03881
03882 int ssl_get_verify_result( const ssl_context *ssl )
03883 {
03884 return( ssl->session->verify_result );
03885 }
03886
03887 const char *ssl_get_ciphersuite( const ssl_context *ssl )
03888 {
03889 if( ssl == NULL || ssl->session == NULL )
03890 return NULL;
03891
03892 return ssl_get_ciphersuite_name( ssl->session->ciphersuite );
03893 }
03894
03895 const char *ssl_get_version( const ssl_context *ssl )
03896 {
03897 switch( ssl->minor_ver )
03898 {
03899 case SSL_MINOR_VERSION_0:
03900 return( "SSLv3.0" );
03901
03902 case SSL_MINOR_VERSION_1:
03903 return( "TLSv1.0" );
03904
03905 case SSL_MINOR_VERSION_2:
03906 return( "TLSv1.1" );
03907
03908 case SSL_MINOR_VERSION_3:
03909 return( "TLSv1.2" );
03910
03911 default:
03912 break;
03913 }
03914 return( "unknown" );
03915 }
03916
03917 #if defined(POLARSSL_X509_CRT_PARSE_C)
03918 const x509_crt *ssl_get_peer_cert( const ssl_context *ssl )
03919 {
03920 if( ssl == NULL || ssl->session == NULL )
03921 return NULL;
03922
03923 return ssl->session->peer_cert;
03924 }
03925 #endif
03926
03927 int ssl_get_session( const ssl_context *ssl, ssl_session *dst )
03928 {
03929 if( ssl == NULL ||
03930 dst == NULL ||
03931 ssl->session == NULL ||
03932 ssl->endpoint != SSL_IS_CLIENT )
03933 {
03934 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03935 }
03936
03937 return( ssl_session_copy( dst, ssl->session ) );
03938 }
03939
03940
03941
03942
03943 int ssl_handshake_step( ssl_context *ssl )
03944 {
03945 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
03946
03947 #if defined(POLARSSL_SSL_CLI_C)
03948 if( ssl->endpoint == SSL_IS_CLIENT )
03949 ret = ssl_handshake_client_step( ssl );
03950 #endif
03951
03952 #if defined(POLARSSL_SSL_SRV_C)
03953 if( ssl->endpoint == SSL_IS_SERVER )
03954 ret = ssl_handshake_server_step( ssl );
03955 #endif
03956
03957 return( ret );
03958 }
03959
03960
03961
03962
03963 int ssl_handshake( ssl_context *ssl )
03964 {
03965 int ret = 0;
03966
03967 SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
03968
03969 while( ssl->state != SSL_HANDSHAKE_OVER )
03970 {
03971 ret = ssl_handshake_step( ssl );
03972
03973 if( ret != 0 )
03974 break;
03975 }
03976
03977 SSL_DEBUG_MSG( 2, ( "<= handshake" ) );
03978
03979 return( ret );
03980 }
03981
03982 #if defined(POLARSSL_SSL_SRV_C)
03983
03984
03985
03986 static int ssl_write_hello_request( ssl_context *ssl )
03987 {
03988 int ret;
03989
03990 SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
03991
03992 ssl->out_msglen = 4;
03993 ssl->out_msgtype = SSL_MSG_HANDSHAKE;
03994 ssl->out_msg[0] = SSL_HS_HELLO_REQUEST;
03995
03996 if( ( ret = ssl_write_record( ssl ) ) != 0 )
03997 {
03998 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
03999 return( ret );
04000 }
04001
04002 ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
04003
04004 SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
04005
04006 return( 0 );
04007 }
04008 #endif
04009
04010
04011
04012
04013
04014
04015
04016
04017
04018
04019 static int ssl_start_renegotiation( ssl_context *ssl )
04020 {
04021 int ret;
04022
04023 SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
04024
04025 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
04026 return( ret );
04027
04028 ssl->state = SSL_HELLO_REQUEST;
04029 ssl->renegotiation = SSL_RENEGOTIATION;
04030
04031 if( ( ret = ssl_handshake( ssl ) ) != 0 )
04032 {
04033 SSL_DEBUG_RET( 1, "ssl_handshake", ret );
04034 return( ret );
04035 }
04036
04037 SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) );
04038
04039 return( 0 );
04040 }
04041
04042
04043
04044
04045
04046 int ssl_renegotiate( ssl_context *ssl )
04047 {
04048 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
04049
04050 #if defined(POLARSSL_SSL_SRV_C)
04051
04052 if( ssl->endpoint == SSL_IS_SERVER )
04053 {
04054 if( ssl->state != SSL_HANDSHAKE_OVER )
04055 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
04056
04057 return( ssl_write_hello_request( ssl ) );
04058 }
04059 #endif
04060
04061 #if defined(POLARSSL_SSL_CLI_C)
04062
04063
04064
04065
04066 if( ssl->renegotiation != SSL_RENEGOTIATION )
04067 {
04068 if( ssl->state != SSL_HANDSHAKE_OVER )
04069 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
04070
04071 if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
04072 {
04073 SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
04074 return( ret );
04075 }
04076 }
04077 else
04078 {
04079 if( ( ret = ssl_handshake( ssl ) ) != 0 )
04080 {
04081 SSL_DEBUG_RET( 1, "ssl_handshake", ret );
04082 return( ret );
04083 }
04084 }
04085 #endif
04086
04087 return( ret );
04088 }
04089
04090
04091
04092
04093 int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
04094 {
04095 int ret;
04096 size_t n;
04097
04098 SSL_DEBUG_MSG( 2, ( "=> read" ) );
04099
04100 if( ssl->state != SSL_HANDSHAKE_OVER )
04101 {
04102 if( ( ret = ssl_handshake( ssl ) ) != 0 )
04103 {
04104 SSL_DEBUG_RET( 1, "ssl_handshake", ret );
04105 return( ret );
04106 }
04107 }
04108
04109 if( ssl->in_offt == NULL )
04110 {
04111 if( ( ret = ssl_read_record( ssl ) ) != 0 )
04112 {
04113 if( ret == POLARSSL_ERR_SSL_CONN_EOF )
04114 return( 0 );
04115
04116 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
04117 return( ret );
04118 }
04119
04120 if( ssl->in_msglen == 0 &&
04121 ssl->in_msgtype == SSL_MSG_APPLICATION_DATA )
04122 {
04123
04124
04125
04126 if( ( ret = ssl_read_record( ssl ) ) != 0 )
04127 {
04128 if( ret == POLARSSL_ERR_SSL_CONN_EOF )
04129 return( 0 );
04130
04131 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
04132 return( ret );
04133 }
04134 }
04135
04136 if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
04137 {
04138 SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
04139
04140 if( ssl->endpoint == SSL_IS_CLIENT &&
04141 ( ssl->in_msg[0] != SSL_HS_HELLO_REQUEST ||
04142 ssl->in_hslen != 4 ) )
04143 {
04144 SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
04145 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
04146 }
04147
04148 if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED ||
04149 ( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
04150 ssl->allow_legacy_renegotiation == SSL_LEGACY_NO_RENEGOTIATION ) )
04151 {
04152 SSL_DEBUG_MSG( 3, ( "ignoring renegotiation, sending alert" ) );
04153
04154 #if defined(POLARSSL_SSL_PROTO_SSL3)
04155 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
04156 {
04157
04158
04159
04160 if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
04161 return( ret );
04162 }
04163 else
04164 #endif
04165 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
04166 defined(POLARSSL_SSL_PROTO_TLS1_2)
04167 if( ssl->minor_ver >= SSL_MINOR_VERSION_1 )
04168 {
04169 if( ( ret = ssl_send_alert_message( ssl,
04170 SSL_ALERT_LEVEL_WARNING,
04171 SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
04172 {
04173 return( ret );
04174 }
04175 }
04176 else
04177 #endif
04178 {
04179 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
04180 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
04181 }
04182 }
04183 else
04184 {
04185 if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
04186 {
04187 SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
04188 return( ret );
04189 }
04190
04191 return( POLARSSL_ERR_NET_WANT_READ );
04192 }
04193 }
04194 else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
04195 {
04196 SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
04197 "but not honored by client" ) );
04198 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
04199 }
04200 else if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
04201 {
04202 SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
04203 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
04204 }
04205
04206 ssl->in_offt = ssl->in_msg;
04207 }
04208
04209 n = ( len < ssl->in_msglen )
04210 ? len : ssl->in_msglen;
04211
04212 memcpy( buf, ssl->in_offt, n );
04213 ssl->in_msglen -= n;
04214
04215 if( ssl->in_msglen == 0 )
04216
04217 ssl->in_offt = NULL;
04218 else
04219
04220 ssl->in_offt += n;
04221
04222 SSL_DEBUG_MSG( 2, ( "<= read" ) );
04223
04224 return( (int) n );
04225 }
04226
04227
04228
04229
04230 int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
04231 {
04232 int ret;
04233 size_t n;
04234 unsigned int max_len = SSL_MAX_CONTENT_LEN;
04235
04236 SSL_DEBUG_MSG( 2, ( "=> write" ) );
04237
04238 if( ssl->state != SSL_HANDSHAKE_OVER )
04239 {
04240 if( ( ret = ssl_handshake( ssl ) ) != 0 )
04241 {
04242 SSL_DEBUG_RET( 1, "ssl_handshake", ret );
04243 return( ret );
04244 }
04245 }
04246
04247 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
04248
04249
04250
04251 max_len = mfl_code_to_length[ssl->mfl_code];
04252
04253
04254
04255
04256 if( ssl->session_out != NULL &&
04257 mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
04258 {
04259 max_len = mfl_code_to_length[ssl->session_out->mfl_code];
04260 }
04261 #endif
04262
04263 n = ( len < max_len) ? len : max_len;
04264
04265 if( ssl->out_left != 0 )
04266 {
04267 if( ( ret = ssl_flush_output( ssl ) ) != 0 )
04268 {
04269 SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
04270 return( ret );
04271 }
04272 }
04273 else
04274 {
04275 ssl->out_msglen = n;
04276 ssl->out_msgtype = SSL_MSG_APPLICATION_DATA;
04277 memcpy( ssl->out_msg, buf, n );
04278
04279 if( ( ret = ssl_write_record( ssl ) ) != 0 )
04280 {
04281 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
04282 return( ret );
04283 }
04284 }
04285
04286 SSL_DEBUG_MSG( 2, ( "<= write" ) );
04287
04288 return( (int) n );
04289 }
04290
04291
04292
04293
04294 int ssl_close_notify( ssl_context *ssl )
04295 {
04296 int ret;
04297
04298 SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
04299
04300 if( ( ret = ssl_flush_output( ssl ) ) != 0 )
04301 {
04302 SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
04303 return( ret );
04304 }
04305
04306 if( ssl->state == SSL_HANDSHAKE_OVER )
04307 {
04308 if( ( ret = ssl_send_alert_message( ssl,
04309 SSL_ALERT_LEVEL_WARNING,
04310 SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 )
04311 {
04312 return( ret );
04313 }
04314 }
04315
04316 SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
04317
04318 return( ret );
04319 }
04320
04321 void ssl_transform_free( ssl_transform *transform )
04322 {
04323 #if defined(POLARSSL_ZLIB_SUPPORT)
04324 deflateEnd( &transform->ctx_deflate );
04325 inflateEnd( &transform->ctx_inflate );
04326 #endif
04327
04328 cipher_free_ctx( &transform->cipher_ctx_enc );
04329 cipher_free_ctx( &transform->cipher_ctx_dec );
04330
04331 md_free_ctx( &transform->md_ctx_enc );
04332 md_free_ctx( &transform->md_ctx_dec );
04333
04334 memset( transform, 0, sizeof( ssl_transform ) );
04335 }
04336
04337 #if defined(POLARSSL_X509_CRT_PARSE_C)
04338 static void ssl_key_cert_free( ssl_key_cert *key_cert )
04339 {
04340 ssl_key_cert *cur = key_cert, *next;
04341
04342 while( cur != NULL )
04343 {
04344 next = cur->next;
04345
04346 if( cur->key_own_alloc )
04347 {
04348 pk_free( cur->key );
04349 polarssl_free( cur->key );
04350 }
04351 polarssl_free( cur );
04352
04353 cur = next;
04354 }
04355 }
04356 #endif
04357
04358 void ssl_handshake_free( ssl_handshake_params *handshake )
04359 {
04360 #if defined(POLARSSL_DHM_C)
04361 dhm_free( &handshake->dhm_ctx );
04362 #endif
04363 #if defined(POLARSSL_ECDH_C)
04364 ecdh_free( &handshake->ecdh_ctx );
04365 #endif
04366
04367 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
04368
04369 polarssl_free( (void *) handshake->curves );
04370 #endif
04371
04372 #if defined(POLARSSL_X509_CRT_PARSE_C) && \
04373 defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
04374
04375
04376
04377
04378 if( handshake->sni_key_cert != NULL )
04379 {
04380 ssl_key_cert *cur = handshake->sni_key_cert, *next;
04381
04382 while( cur != NULL )
04383 {
04384 next = cur->next;
04385 polarssl_free( cur );
04386 cur = next;
04387 }
04388 }
04389 #endif
04390
04391 memset( handshake, 0, sizeof( ssl_handshake_params ) );
04392 }
04393
04394 void ssl_session_free( ssl_session *session )
04395 {
04396 #if defined(POLARSSL_X509_CRT_PARSE_C)
04397 if( session->peer_cert != NULL )
04398 {
04399 x509_crt_free( session->peer_cert );
04400 polarssl_free( session->peer_cert );
04401 }
04402 #endif
04403
04404 #if defined(POLARSSL_SSL_SESSION_TICKETS)
04405 polarssl_free( session->ticket );
04406 #endif
04407
04408 memset( session, 0, sizeof( ssl_session ) );
04409 }
04410
04411
04412
04413
04414 void ssl_free( ssl_context *ssl )
04415 {
04416 SSL_DEBUG_MSG( 2, ( "=> free" ) );
04417
04418 if( ssl->out_ctr != NULL )
04419 {
04420 memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
04421 polarssl_free( ssl->out_ctr );
04422 }
04423
04424 if( ssl->in_ctr != NULL )
04425 {
04426 memset( ssl->in_ctr, 0, SSL_BUFFER_LEN );
04427 polarssl_free( ssl->in_ctr );
04428 }
04429
04430 #if defined(POLARSSL_ZLIB_SUPPORT)
04431 if( ssl->compress_buf != NULL )
04432 {
04433 memset( ssl->compress_buf, 0, SSL_BUFFER_LEN );
04434 polarssl_free( ssl->compress_buf );
04435 }
04436 #endif
04437
04438 #if defined(POLARSSL_DHM_C)
04439 mpi_free( &ssl->dhm_P );
04440 mpi_free( &ssl->dhm_G );
04441 #endif
04442
04443 if( ssl->transform )
04444 {
04445 ssl_transform_free( ssl->transform );
04446 polarssl_free( ssl->transform );
04447 }
04448
04449 if( ssl->handshake )
04450 {
04451 ssl_handshake_free( ssl->handshake );
04452 ssl_transform_free( ssl->transform_negotiate );
04453 ssl_session_free( ssl->session_negotiate );
04454
04455 polarssl_free( ssl->handshake );
04456 polarssl_free( ssl->transform_negotiate );
04457 polarssl_free( ssl->session_negotiate );
04458 }
04459
04460 if( ssl->session )
04461 {
04462 ssl_session_free( ssl->session );
04463 polarssl_free( ssl->session );
04464 }
04465
04466 #if defined(POLARSSL_SSL_SESSION_TICKETS)
04467 polarssl_free( ssl->ticket_keys );
04468 #endif
04469
04470 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
04471 if ( ssl->hostname != NULL )
04472 {
04473 memset( ssl->hostname, 0, ssl->hostname_len );
04474 polarssl_free( ssl->hostname );
04475 ssl->hostname_len = 0;
04476 }
04477 #endif
04478
04479 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
04480 if( ssl->psk != NULL )
04481 {
04482 memset( ssl->psk, 0, ssl->psk_len );
04483 memset( ssl->psk_identity, 0, ssl->psk_identity_len );
04484 polarssl_free( ssl->psk );
04485 polarssl_free( ssl->psk_identity );
04486 ssl->psk_len = 0;
04487 ssl->psk_identity_len = 0;
04488 }
04489 #endif
04490
04491 #if defined(POLARSSL_X509_CRT_PARSE_C)
04492 ssl_key_cert_free( ssl->key_cert );
04493 #endif
04494
04495 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
04496 if( ssl_hw_record_finish != NULL )
04497 {
04498 SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_finish()" ) );
04499 ssl_hw_record_finish( ssl );
04500 }
04501 #endif
04502
04503 SSL_DEBUG_MSG( 2, ( "<= free" ) );
04504
04505
04506 memset( ssl, 0, sizeof( ssl_context ) );
04507 }
04508
04509 #if defined(POLARSSL_PK_C)
04510
04511
04512
04513 unsigned char ssl_sig_from_pk( pk_context *pk )
04514 {
04515 #if defined(POLARSSL_RSA_C)
04516 if( pk_can_do( pk, POLARSSL_PK_RSA ) )
04517 return( SSL_SIG_RSA );
04518 #endif
04519 #if defined(POLARSSL_ECDSA_C)
04520 if( pk_can_do( pk, POLARSSL_PK_ECDSA ) )
04521 return( SSL_SIG_ECDSA );
04522 #endif
04523 return( SSL_SIG_ANON );
04524 }
04525
04526 pk_type_t ssl_pk_alg_from_sig( unsigned char sig )
04527 {
04528 switch( sig )
04529 {
04530 #if defined(POLARSSL_RSA_C)
04531 case SSL_SIG_RSA:
04532 return( POLARSSL_PK_RSA );
04533 #endif
04534 #if defined(POLARSSL_ECDSA_C)
04535 case SSL_SIG_ECDSA:
04536 return( POLARSSL_PK_ECDSA );
04537 #endif
04538 default:
04539 return( POLARSSL_PK_NONE );
04540 }
04541 }
04542 #endif
04543
04544
04545
04546
04547 md_type_t ssl_md_alg_from_hash( unsigned char hash )
04548 {
04549 switch( hash )
04550 {
04551 #if defined(POLARSSL_MD5_C)
04552 case SSL_HASH_MD5:
04553 return( POLARSSL_MD_MD5 );
04554 #endif
04555 #if defined(POLARSSL_SHA1_C)
04556 case SSL_HASH_SHA1:
04557 return( POLARSSL_MD_SHA1 );
04558 #endif
04559 #if defined(POLARSSL_SHA256_C)
04560 case SSL_HASH_SHA224:
04561 return( POLARSSL_MD_SHA224 );
04562 case SSL_HASH_SHA256:
04563 return( POLARSSL_MD_SHA256 );
04564 #endif
04565 #if defined(POLARSSL_SHA512_C)
04566 case SSL_HASH_SHA384:
04567 return( POLARSSL_MD_SHA384 );
04568 case SSL_HASH_SHA512:
04569 return( POLARSSL_MD_SHA512 );
04570 #endif
04571 default:
04572 return( POLARSSL_MD_NONE );
04573 }
04574 }
04575
04576 #endif
