00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034 #include "polarssl/config.h"
00035
00036 #if defined(POLARSSL_SSL_TLS_C)
00037
00038 #include "polarssl/debug.h"
00039 #include "polarssl/ssl.h"
00040
00041 #if defined(POLARSSL_MEMORY_C)
00042 #include "polarssl/memory.h"
00043 #else
00044 #define polarssl_malloc malloc
00045 #define polarssl_free free
00046 #endif
00047
00048 #include <stdlib.h>
00049
00050 #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
00051 !defined(EFI32)
00052 #define strcasecmp _stricmp
00053 #endif
00054
00055 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
00056
00057
00058
00059
00060
00061
00062
00063
00064 static unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] =
00065 {
00066 SSL_MAX_CONTENT_LEN,
00067 512,
00068 1024,
00069 2048,
00070 4096,
00071 };
00072 #endif
00073
00074 static int ssl_session_copy( ssl_session *dst, const ssl_session *src )
00075 {
00076 ssl_session_free( dst );
00077 memcpy( dst, src, sizeof( ssl_session ) );
00078
00079 #if defined(POLARSSL_X509_CRT_PARSE_C)
00080 if( src->peer_cert != NULL )
00081 {
00082 int ret;
00083
00084 dst->peer_cert = (x509_crt *) polarssl_malloc( sizeof(x509_crt) );
00085 if( dst->peer_cert == NULL )
00086 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
00087
00088 x509_crt_init( dst->peer_cert );
00089
00090 if( ( ret = x509_crt_parse( dst->peer_cert, src->peer_cert->raw.p,
00091 src->peer_cert->raw.len ) != 0 ) )
00092 {
00093 polarssl_free( dst->peer_cert );
00094 dst->peer_cert = NULL;
00095 return( ret );
00096 }
00097 }
00098 #endif
00099
00100 #if defined(POLARSSL_SSL_SESSION_TICKETS)
00101 if( src->ticket != NULL )
00102 {
00103 dst->ticket = (unsigned char *) polarssl_malloc( src->ticket_len );
00104 if( dst->ticket == NULL )
00105 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
00106
00107 memcpy( dst->ticket, src->ticket, src->ticket_len );
00108 }
00109 #endif
00110
00111 return( 0 );
00112 }
00113
00114 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
00115 int (*ssl_hw_record_init)(ssl_context *ssl,
00116 const unsigned char *key_enc, const unsigned char *key_dec,
00117 size_t keylen,
00118 const unsigned char *iv_enc, const unsigned char *iv_dec,
00119 size_t ivlen,
00120 const unsigned char *mac_enc, const unsigned char *mac_dec,
00121 size_t maclen) = NULL;
00122 int (*ssl_hw_record_activate)(ssl_context *ssl, int direction) = NULL;
00123 int (*ssl_hw_record_reset)(ssl_context *ssl) = NULL;
00124 int (*ssl_hw_record_write)(ssl_context *ssl) = NULL;
00125 int (*ssl_hw_record_read)(ssl_context *ssl) = NULL;
00126 int (*ssl_hw_record_finish)(ssl_context *ssl) = NULL;
00127 #endif
00128
00129
00130
00131
00132 #if defined(POLARSSL_SSL_PROTO_SSL3)
00133 static int ssl3_prf( const unsigned char *secret, size_t slen,
00134 const char *label,
00135 const unsigned char *random, size_t rlen,
00136 unsigned char *dstbuf, size_t dlen )
00137 {
00138 size_t i;
00139 md5_context md5;
00140 sha1_context sha1;
00141 unsigned char padding[16];
00142 unsigned char sha1sum[20];
00143 ((void)label);
00144
00145
00146
00147
00148
00149
00150
00151
00152
00153 for( i = 0; i < dlen / 16; i++ )
00154 {
00155 memset( padding, (unsigned char) ('A' + i), 1 + i );
00156
00157 sha1_starts( &sha1 );
00158 sha1_update( &sha1, padding, 1 + i );
00159 sha1_update( &sha1, secret, slen );
00160 sha1_update( &sha1, random, rlen );
00161 sha1_finish( &sha1, sha1sum );
00162
00163 md5_starts( &md5 );
00164 md5_update( &md5, secret, slen );
00165 md5_update( &md5, sha1sum, 20 );
00166 md5_finish( &md5, dstbuf + i * 16 );
00167 }
00168
00169 memset( &md5, 0, sizeof( md5 ) );
00170 memset( &sha1, 0, sizeof( sha1 ) );
00171
00172 memset( padding, 0, sizeof( padding ) );
00173 memset( sha1sum, 0, sizeof( sha1sum ) );
00174
00175 return( 0 );
00176 }
00177 #endif
00178
00179 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
00180 static int tls1_prf( const unsigned char *secret, size_t slen,
00181 const char *label,
00182 const unsigned char *random, size_t rlen,
00183 unsigned char *dstbuf, size_t dlen )
00184 {
00185 size_t nb, hs;
00186 size_t i, j, k;
00187 const unsigned char *S1, *S2;
00188 unsigned char tmp[128];
00189 unsigned char h_i[20];
00190
00191 if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
00192 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00193
00194 hs = ( slen + 1 ) / 2;
00195 S1 = secret;
00196 S2 = secret + slen - hs;
00197
00198 nb = strlen( label );
00199 memcpy( tmp + 20, label, nb );
00200 memcpy( tmp + 20 + nb, random, rlen );
00201 nb += rlen;
00202
00203
00204
00205
00206 md5_hmac( S1, hs, tmp + 20, nb, 4 + tmp );
00207
00208 for( i = 0; i < dlen; i += 16 )
00209 {
00210 md5_hmac( S1, hs, 4 + tmp, 16 + nb, h_i );
00211 md5_hmac( S1, hs, 4 + tmp, 16, 4 + tmp );
00212
00213 k = ( i + 16 > dlen ) ? dlen % 16 : 16;
00214
00215 for( j = 0; j < k; j++ )
00216 dstbuf[i + j] = h_i[j];
00217 }
00218
00219
00220
00221
00222 sha1_hmac( S2, hs, tmp + 20, nb, tmp );
00223
00224 for( i = 0; i < dlen; i += 20 )
00225 {
00226 sha1_hmac( S2, hs, tmp, 20 + nb, h_i );
00227 sha1_hmac( S2, hs, tmp, 20, tmp );
00228
00229 k = ( i + 20 > dlen ) ? dlen % 20 : 20;
00230
00231 for( j = 0; j < k; j++ )
00232 dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
00233 }
00234
00235 memset( tmp, 0, sizeof( tmp ) );
00236 memset( h_i, 0, sizeof( h_i ) );
00237
00238 return( 0 );
00239 }
00240 #endif
00241
00242 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
00243 #if defined(POLARSSL_SHA256_C)
00244 static int tls_prf_sha256( const unsigned char *secret, size_t slen,
00245 const char *label,
00246 const unsigned char *random, size_t rlen,
00247 unsigned char *dstbuf, size_t dlen )
00248 {
00249 size_t nb;
00250 size_t i, j, k;
00251 unsigned char tmp[128];
00252 unsigned char h_i[32];
00253
00254 if( sizeof( tmp ) < 32 + strlen( label ) + rlen )
00255 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00256
00257 nb = strlen( label );
00258 memcpy( tmp + 32, label, nb );
00259 memcpy( tmp + 32 + nb, random, rlen );
00260 nb += rlen;
00261
00262
00263
00264
00265 sha256_hmac( secret, slen, tmp + 32, nb, tmp, 0 );
00266
00267 for( i = 0; i < dlen; i += 32 )
00268 {
00269 sha256_hmac( secret, slen, tmp, 32 + nb, h_i, 0 );
00270 sha256_hmac( secret, slen, tmp, 32, tmp, 0 );
00271
00272 k = ( i + 32 > dlen ) ? dlen % 32 : 32;
00273
00274 for( j = 0; j < k; j++ )
00275 dstbuf[i + j] = h_i[j];
00276 }
00277
00278 memset( tmp, 0, sizeof( tmp ) );
00279 memset( h_i, 0, sizeof( h_i ) );
00280
00281 return( 0 );
00282 }
00283 #endif
00284
00285 #if defined(POLARSSL_SHA512_C)
00286 static int tls_prf_sha384( const unsigned char *secret, size_t slen,
00287 const char *label,
00288 const unsigned char *random, size_t rlen,
00289 unsigned char *dstbuf, size_t dlen )
00290 {
00291 size_t nb;
00292 size_t i, j, k;
00293 unsigned char tmp[128];
00294 unsigned char h_i[48];
00295
00296 if( sizeof( tmp ) < 48 + strlen( label ) + rlen )
00297 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00298
00299 nb = strlen( label );
00300 memcpy( tmp + 48, label, nb );
00301 memcpy( tmp + 48 + nb, random, rlen );
00302 nb += rlen;
00303
00304
00305
00306
00307 sha512_hmac( secret, slen, tmp + 48, nb, tmp, 1 );
00308
00309 for( i = 0; i < dlen; i += 48 )
00310 {
00311 sha512_hmac( secret, slen, tmp, 48 + nb, h_i, 1 );
00312 sha512_hmac( secret, slen, tmp, 48, tmp, 1 );
00313
00314 k = ( i + 48 > dlen ) ? dlen % 48 : 48;
00315
00316 for( j = 0; j < k; j++ )
00317 dstbuf[i + j] = h_i[j];
00318 }
00319
00320 memset( tmp, 0, sizeof( tmp ) );
00321 memset( h_i, 0, sizeof( h_i ) );
00322
00323 return( 0 );
00324 }
00325 #endif
00326 #endif
00327
00328 static void ssl_update_checksum_start(ssl_context *, const unsigned char *, size_t);
00329
00330 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
00331 defined(POLARSSL_SSL_PROTO_TLS1_1)
00332 static void ssl_update_checksum_md5sha1(ssl_context *, const unsigned char *, size_t);
00333 #endif
00334
00335 #if defined(POLARSSL_SSL_PROTO_SSL3)
00336 static void ssl_calc_verify_ssl(ssl_context *,unsigned char *);
00337 static void ssl_calc_finished_ssl(ssl_context *,unsigned char *,int);
00338 #endif
00339
00340 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
00341 static void ssl_calc_verify_tls(ssl_context *,unsigned char *);
00342 static void ssl_calc_finished_tls(ssl_context *,unsigned char *,int);
00343 #endif
00344
00345 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
00346 #if defined(POLARSSL_SHA256_C)
00347 static void ssl_update_checksum_sha256(ssl_context *, const unsigned char *, size_t);
00348 static void ssl_calc_verify_tls_sha256(ssl_context *,unsigned char *);
00349 static void ssl_calc_finished_tls_sha256(ssl_context *,unsigned char *,int);
00350 #endif
00351
00352 #if defined(POLARSSL_SHA512_C)
00353 static void ssl_update_checksum_sha384(ssl_context *, const unsigned char *, size_t);
00354 static void ssl_calc_verify_tls_sha384(ssl_context *,unsigned char *);
00355 static void ssl_calc_finished_tls_sha384(ssl_context *,unsigned char *,int);
00356 #endif
00357 #endif
00358
00359 int ssl_derive_keys( ssl_context *ssl )
00360 {
00361 int ret = 0;
00362 unsigned char tmp[64];
00363 unsigned char keyblk[256];
00364 unsigned char *key1;
00365 unsigned char *key2;
00366 unsigned char *mac_enc;
00367 unsigned char *mac_dec;
00368 size_t iv_copy_len;
00369 const cipher_info_t *cipher_info;
00370 const md_info_t *md_info;
00371
00372 ssl_session *session = ssl->session_negotiate;
00373 ssl_transform *transform = ssl->transform_negotiate;
00374 ssl_handshake_params *handshake = ssl->handshake;
00375
00376 SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
00377
00378 cipher_info = cipher_info_from_type( transform->ciphersuite_info->cipher );
00379 if( cipher_info == NULL )
00380 {
00381 SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
00382 transform->ciphersuite_info->cipher ) );
00383 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00384 }
00385
00386 md_info = md_info_from_type( transform->ciphersuite_info->mac );
00387 if( md_info == NULL )
00388 {
00389 SSL_DEBUG_MSG( 1, ( "md info for %d not found",
00390 transform->ciphersuite_info->mac ) );
00391 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00392 }
00393
00394
00395
00396
00397 #if defined(POLARSSL_SSL_PROTO_SSL3)
00398 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
00399 {
00400 handshake->tls_prf = ssl3_prf;
00401 handshake->calc_verify = ssl_calc_verify_ssl;
00402 handshake->calc_finished = ssl_calc_finished_ssl;
00403 }
00404 else
00405 #endif
00406 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
00407 if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
00408 {
00409 handshake->tls_prf = tls1_prf;
00410 handshake->calc_verify = ssl_calc_verify_tls;
00411 handshake->calc_finished = ssl_calc_finished_tls;
00412 }
00413 else
00414 #endif
00415 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
00416 #if defined(POLARSSL_SHA512_C)
00417 if( ssl->minor_ver == SSL_MINOR_VERSION_3 &&
00418 transform->ciphersuite_info->mac == POLARSSL_MD_SHA384 )
00419 {
00420 handshake->tls_prf = tls_prf_sha384;
00421 handshake->calc_verify = ssl_calc_verify_tls_sha384;
00422 handshake->calc_finished = ssl_calc_finished_tls_sha384;
00423 }
00424 else
00425 #endif
00426 #if defined(POLARSSL_SHA256_C)
00427 if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
00428 {
00429 handshake->tls_prf = tls_prf_sha256;
00430 handshake->calc_verify = ssl_calc_verify_tls_sha256;
00431 handshake->calc_finished = ssl_calc_finished_tls_sha256;
00432 }
00433 else
00434 #endif
00435 #endif
00436 {
00437 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
00438 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
00439 }
00440
00441
00442
00443
00444
00445
00446
00447
00448
00449
00450
00451 if( handshake->resume == 0 )
00452 {
00453 SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
00454 handshake->pmslen );
00455
00456 handshake->tls_prf( handshake->premaster, handshake->pmslen,
00457 "master secret",
00458 handshake->randbytes, 64, session->master, 48 );
00459
00460 memset( handshake->premaster, 0, sizeof( handshake->premaster ) );
00461 }
00462 else
00463 SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
00464
00465
00466
00467
00468 memcpy( tmp, handshake->randbytes, 64 );
00469 memcpy( handshake->randbytes, tmp + 32, 32 );
00470 memcpy( handshake->randbytes + 32, tmp, 32 );
00471 memset( tmp, 0, sizeof( tmp ) );
00472
00473
00474
00475
00476
00477
00478
00479
00480
00481
00482
00483
00484
00485 handshake->tls_prf( session->master, 48, "key expansion",
00486 handshake->randbytes, 64, keyblk, 256 );
00487
00488 SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
00489 ssl_get_ciphersuite_name( session->ciphersuite ) ) );
00490 SSL_DEBUG_BUF( 3, "master secret", session->master, 48 );
00491 SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
00492 SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
00493
00494 memset( handshake->randbytes, 0, sizeof( handshake->randbytes ) );
00495
00496
00497
00498
00499
00500 if( cipher_info->mode == POLARSSL_MODE_GCM )
00501 {
00502 transform->keylen = cipher_info->key_length;
00503 transform->keylen /= 8;
00504 transform->minlen = 1;
00505 transform->ivlen = 12;
00506 transform->fixed_ivlen = 4;
00507 transform->maclen = 0;
00508 }
00509 else
00510 {
00511 if( md_info->type != POLARSSL_MD_NONE )
00512 {
00513 int ret;
00514
00515 if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 )
00516 {
00517 SSL_DEBUG_RET( 1, "md_init_ctx", ret );
00518 return( ret );
00519 }
00520
00521 if( ( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 )
00522 {
00523 SSL_DEBUG_RET( 1, "md_init_ctx", ret );
00524 return( ret );
00525 }
00526
00527 transform->maclen = md_get_size( md_info );
00528
00529 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
00530
00531
00532
00533
00534
00535 if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
00536 transform->maclen = SSL_TRUNCATED_HMAC_LEN;
00537 #endif
00538 }
00539
00540 transform->keylen = cipher_info->key_length;
00541 transform->keylen /= 8;
00542 transform->ivlen = cipher_info->iv_size;
00543
00544 transform->minlen = transform->keylen;
00545 if( transform->minlen < transform->maclen )
00546 {
00547 if( cipher_info->mode == POLARSSL_MODE_STREAM )
00548 transform->minlen = transform->maclen;
00549 else
00550 transform->minlen += transform->keylen;
00551 }
00552 }
00553
00554 SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
00555 transform->keylen, transform->minlen, transform->ivlen,
00556 transform->maclen ) );
00557
00558
00559
00560
00561 if( ssl->endpoint == SSL_IS_CLIENT )
00562 {
00563 key1 = keyblk + transform->maclen * 2;
00564 key2 = keyblk + transform->maclen * 2 + transform->keylen;
00565
00566 mac_enc = keyblk;
00567 mac_dec = keyblk + transform->maclen;
00568
00569
00570
00571
00572 iv_copy_len = ( transform->fixed_ivlen ) ?
00573 transform->fixed_ivlen : transform->ivlen;
00574 memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len );
00575 memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
00576 iv_copy_len );
00577 }
00578 else
00579 {
00580 key1 = keyblk + transform->maclen * 2 + transform->keylen;
00581 key2 = keyblk + transform->maclen * 2;
00582
00583 mac_enc = keyblk + transform->maclen;
00584 mac_dec = keyblk;
00585
00586
00587
00588
00589 iv_copy_len = ( transform->fixed_ivlen ) ?
00590 transform->fixed_ivlen : transform->ivlen;
00591 memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len );
00592 memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
00593 iv_copy_len );
00594 }
00595
00596 #if defined(POLARSSL_SSL_PROTO_SSL3)
00597 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
00598 {
00599 memcpy( transform->mac_enc, mac_enc, transform->maclen );
00600 memcpy( transform->mac_dec, mac_dec, transform->maclen );
00601 }
00602 else
00603 #endif
00604 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
00605 defined(POLARSSL_SSL_PROTO_TLS1_2)
00606 if( ssl->minor_ver >= SSL_MINOR_VERSION_1 )
00607 {
00608 md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen );
00609 md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen );
00610 }
00611 else
00612 #endif
00613 {
00614 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
00615 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
00616 }
00617
00618 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
00619 if( ssl_hw_record_init != NULL)
00620 {
00621 int ret = 0;
00622
00623 SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_init()" ) );
00624
00625 if( ( ret = ssl_hw_record_init( ssl, key1, key2, transform->keylen,
00626 transform->iv_enc, transform->iv_dec,
00627 iv_copy_len,
00628 mac_enc, mac_dec,
00629 transform->maclen ) ) != 0 )
00630 {
00631 SSL_DEBUG_RET( 1, "ssl_hw_record_init", ret );
00632 return POLARSSL_ERR_SSL_HW_ACCEL_FAILED;
00633 }
00634 }
00635 #endif
00636
00637 if( ( ret = cipher_init_ctx( &transform->cipher_ctx_enc,
00638 cipher_info ) ) != 0 )
00639 {
00640 SSL_DEBUG_RET( 1, "cipher_init_ctx", ret );
00641 return( ret );
00642 }
00643
00644 if( ( ret = cipher_init_ctx( &transform->cipher_ctx_dec,
00645 cipher_info ) ) != 0 )
00646 {
00647 SSL_DEBUG_RET( 1, "cipher_init_ctx", ret );
00648 return( ret );
00649 }
00650
00651 if( ( ret = cipher_setkey( &transform->cipher_ctx_enc, key1,
00652 cipher_info->key_length,
00653 POLARSSL_ENCRYPT ) ) != 0 )
00654 {
00655 SSL_DEBUG_RET( 1, "cipher_setkey", ret );
00656 return( ret );
00657 }
00658
00659 if( ( ret = cipher_setkey( &transform->cipher_ctx_dec, key2,
00660 cipher_info->key_length,
00661 POLARSSL_DECRYPT ) ) != 0 )
00662 {
00663 SSL_DEBUG_RET( 1, "cipher_setkey", ret );
00664 return( ret );
00665 }
00666
00667 #if defined(POLARSSL_CIPHER_MODE_CBC)
00668 if( cipher_info->mode == POLARSSL_MODE_CBC )
00669 {
00670 if( ( ret = cipher_set_padding_mode( &transform->cipher_ctx_enc,
00671 POLARSSL_PADDING_NONE ) ) != 0 )
00672 {
00673 SSL_DEBUG_RET( 1, "cipher_set_padding_mode", ret );
00674 return( ret );
00675 }
00676
00677 if( ( ret = cipher_set_padding_mode( &transform->cipher_ctx_dec,
00678 POLARSSL_PADDING_NONE ) ) != 0 )
00679 {
00680 SSL_DEBUG_RET( 1, "cipher_set_padding_mode", ret );
00681 return( ret );
00682 }
00683 }
00684 #endif
00685
00686 memset( keyblk, 0, sizeof( keyblk ) );
00687
00688 #if defined(POLARSSL_ZLIB_SUPPORT)
00689
00690
00691 if( session->compression == SSL_COMPRESS_DEFLATE )
00692 {
00693 if( ssl->compress_buf == NULL )
00694 {
00695 SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) );
00696 ssl->compress_buf = polarssl_malloc( SSL_BUFFER_LEN );
00697 if( ssl->compress_buf == NULL )
00698 {
00699 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
00700 SSL_BUFFER_LEN ) );
00701 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
00702 }
00703 }
00704
00705 SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) );
00706
00707 memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) );
00708 memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) );
00709
00710 if( deflateInit( &transform->ctx_deflate, Z_DEFAULT_COMPRESSION ) != Z_OK ||
00711 inflateInit( &transform->ctx_inflate ) != Z_OK )
00712 {
00713 SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) );
00714 return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
00715 }
00716 }
00717 #endif
00718
00719 SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
00720
00721 return( 0 );
00722 }
00723
00724 #if defined(POLARSSL_SSL_PROTO_SSL3)
00725 void ssl_calc_verify_ssl( ssl_context *ssl, unsigned char hash[36] )
00726 {
00727 md5_context md5;
00728 sha1_context sha1;
00729 unsigned char pad_1[48];
00730 unsigned char pad_2[48];
00731
00732 SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) );
00733
00734 memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
00735 memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
00736
00737 memset( pad_1, 0x36, 48 );
00738 memset( pad_2, 0x5C, 48 );
00739
00740 md5_update( &md5, ssl->session_negotiate->master, 48 );
00741 md5_update( &md5, pad_1, 48 );
00742 md5_finish( &md5, hash );
00743
00744 md5_starts( &md5 );
00745 md5_update( &md5, ssl->session_negotiate->master, 48 );
00746 md5_update( &md5, pad_2, 48 );
00747 md5_update( &md5, hash, 16 );
00748 md5_finish( &md5, hash );
00749
00750 sha1_update( &sha1, ssl->session_negotiate->master, 48 );
00751 sha1_update( &sha1, pad_1, 40 );
00752 sha1_finish( &sha1, hash + 16 );
00753
00754 sha1_starts( &sha1 );
00755 sha1_update( &sha1, ssl->session_negotiate->master, 48 );
00756 sha1_update( &sha1, pad_2, 40 );
00757 sha1_update( &sha1, hash + 16, 20 );
00758 sha1_finish( &sha1, hash + 16 );
00759
00760 SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
00761 SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
00762
00763 return;
00764 }
00765 #endif
00766
00767 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
00768 void ssl_calc_verify_tls( ssl_context *ssl, unsigned char hash[36] )
00769 {
00770 md5_context md5;
00771 sha1_context sha1;
00772
00773 SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) );
00774
00775 memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
00776 memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
00777
00778 md5_finish( &md5, hash );
00779 sha1_finish( &sha1, hash + 16 );
00780
00781 SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
00782 SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
00783
00784 return;
00785 }
00786 #endif
00787
00788 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
00789 #if defined(POLARSSL_SHA256_C)
00790 void ssl_calc_verify_tls_sha256( ssl_context *ssl, unsigned char hash[32] )
00791 {
00792 sha256_context sha256;
00793
00794 SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
00795
00796 memcpy( &sha256, &ssl->handshake->fin_sha256, sizeof(sha256_context) );
00797 sha256_finish( &sha256, hash );
00798
00799 SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 );
00800 SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
00801
00802 return;
00803 }
00804 #endif
00805
00806 #if defined(POLARSSL_SHA512_C)
00807 void ssl_calc_verify_tls_sha384( ssl_context *ssl, unsigned char hash[48] )
00808 {
00809 sha512_context sha512;
00810
00811 SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
00812
00813 memcpy( &sha512, &ssl->handshake->fin_sha512, sizeof(sha512_context) );
00814 sha512_finish( &sha512, hash );
00815
00816 SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 );
00817 SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
00818
00819 return;
00820 }
00821 #endif
00822 #endif
00823
00824 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
00825 int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex )
00826 {
00827 unsigned char *p = ssl->handshake->premaster;
00828 unsigned char *end = p + sizeof( ssl->handshake->premaster );
00829
00830
00831
00832
00833
00834
00835
00836
00837 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
00838 if( key_ex == POLARSSL_KEY_EXCHANGE_PSK )
00839 {
00840 if( end - p < 2 + (int) ssl->psk_len )
00841 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00842
00843 *(p++) = (unsigned char)( ssl->psk_len >> 8 );
00844 *(p++) = (unsigned char)( ssl->psk_len );
00845 p += ssl->psk_len;
00846 }
00847 else
00848 #endif
00849 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
00850 if( key_ex == POLARSSL_KEY_EXCHANGE_RSA_PSK )
00851 {
00852
00853
00854
00855
00856 *p++ = 0;
00857 *p++ = 48;
00858 p += 48;
00859 }
00860 else
00861 #endif
00862 #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
00863 if( key_ex == POLARSSL_KEY_EXCHANGE_DHE_PSK )
00864 {
00865 int ret;
00866 size_t len = ssl->handshake->dhm_ctx.len;
00867
00868 if( end - p < 2 + (int) len )
00869 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00870
00871 *(p++) = (unsigned char)( len >> 8 );
00872 *(p++) = (unsigned char)( len );
00873 if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
00874 p, &len, ssl->f_rng, ssl->p_rng ) ) != 0 )
00875 {
00876 SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
00877 return( ret );
00878 }
00879 p += len;
00880
00881 SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
00882 }
00883 else
00884 #endif
00885 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
00886 if( key_ex == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
00887 {
00888 int ret;
00889 size_t zlen;
00890
00891 if( ( ret = ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
00892 p + 2, end - (p + 2),
00893 ssl->f_rng, ssl->p_rng ) ) != 0 )
00894 {
00895 SSL_DEBUG_RET( 1, "ecdh_calc_secret", ret );
00896 return( ret );
00897 }
00898
00899 *(p++) = (unsigned char)( zlen >> 8 );
00900 *(p++) = (unsigned char)( zlen );
00901 p += zlen;
00902
00903 SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
00904 }
00905 else
00906 #endif
00907 {
00908 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
00909 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
00910 }
00911
00912
00913 *(p++) = (unsigned char)( ssl->psk_len >> 8 );
00914 *(p++) = (unsigned char)( ssl->psk_len );
00915 memcpy( p, ssl->psk, ssl->psk_len );
00916 p += ssl->psk_len;
00917
00918 ssl->handshake->pmslen = p - ssl->handshake->premaster;
00919
00920 return( 0 );
00921 }
00922 #endif
00923
00924 #if defined(POLARSSL_SSL_PROTO_SSL3)
00925
00926
00927
00928 static void ssl_mac( md_context_t *md_ctx, unsigned char *secret,
00929 unsigned char *buf, size_t len,
00930 unsigned char *ctr, int type )
00931 {
00932 unsigned char header[11];
00933 unsigned char padding[48];
00934 int padlen = 0;
00935 int md_size = md_get_size( md_ctx->md_info );
00936 int md_type = md_get_type( md_ctx->md_info );
00937
00938 if( md_type == POLARSSL_MD_MD5 )
00939 padlen = 48;
00940 else if( md_type == POLARSSL_MD_SHA1 )
00941 padlen = 40;
00942 else if( md_type == POLARSSL_MD_SHA256 )
00943 padlen = 32;
00944
00945 memcpy( header, ctr, 8 );
00946 header[ 8] = (unsigned char) type;
00947 header[ 9] = (unsigned char)( len >> 8 );
00948 header[10] = (unsigned char)( len );
00949
00950 memset( padding, 0x36, padlen );
00951 md_starts( md_ctx );
00952 md_update( md_ctx, secret, md_size );
00953 md_update( md_ctx, padding, padlen );
00954 md_update( md_ctx, header, 11 );
00955 md_update( md_ctx, buf, len );
00956 md_finish( md_ctx, buf + len );
00957
00958 memset( padding, 0x5C, padlen );
00959 md_starts( md_ctx );
00960 md_update( md_ctx, secret, md_size );
00961 md_update( md_ctx, padding, padlen );
00962 md_update( md_ctx, buf + len, md_size );
00963 md_finish( md_ctx, buf + len );
00964 }
00965 #endif
00966
00967
00968
00969
00970 static int ssl_encrypt_buf( ssl_context *ssl )
00971 {
00972 size_t i;
00973
00974 SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
00975
00976
00977
00978
00979 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
00980 ( defined(POLARSSL_CIPHER_MODE_CBC) && \
00981 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
00982 if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode !=
00983 POLARSSL_MODE_GCM )
00984 {
00985 #if defined(POLARSSL_SSL_PROTO_SSL3)
00986 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
00987 {
00988 ssl_mac( &ssl->transform_out->md_ctx_enc,
00989 ssl->transform_out->mac_enc,
00990 ssl->out_msg, ssl->out_msglen,
00991 ssl->out_ctr, ssl->out_msgtype );
00992 }
00993 else
00994 #endif
00995 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
00996 defined(POLARSSL_SSL_PROTO_TLS1_2)
00997 if( ssl->minor_ver >= SSL_MINOR_VERSION_1 )
00998 {
00999 md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 13 );
01000 md_hmac_update( &ssl->transform_out->md_ctx_enc,
01001 ssl->out_msg, ssl->out_msglen );
01002 md_hmac_finish( &ssl->transform_out->md_ctx_enc,
01003 ssl->out_msg + ssl->out_msglen );
01004 md_hmac_reset( &ssl->transform_out->md_ctx_enc );
01005 }
01006 else
01007 #endif
01008 {
01009 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01010 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
01011 }
01012
01013 SSL_DEBUG_BUF( 4, "computed mac",
01014 ssl->out_msg + ssl->out_msglen,
01015 ssl->transform_out->maclen );
01016
01017 ssl->out_msglen += ssl->transform_out->maclen;
01018 }
01019 #endif
01020
01021
01022
01023
01024 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
01025 if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
01026 POLARSSL_MODE_STREAM )
01027 {
01028 int ret;
01029 size_t olen = 0;
01030
01031 SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
01032 "including %d bytes of padding",
01033 ssl->out_msglen, 0 ) );
01034
01035 SSL_DEBUG_BUF( 4, "before encrypt: output payload",
01036 ssl->out_msg, ssl->out_msglen );
01037
01038 if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
01039 {
01040 SSL_DEBUG_RET( 1, "cipher_reset", ret );
01041 return( ret );
01042 }
01043
01044 if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
01045 ssl->transform_out->iv_enc,
01046 ssl->transform_out->ivlen ) ) != 0 )
01047 {
01048 SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
01049 return( ret );
01050 }
01051
01052 if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
01053 ssl->out_msg, ssl->out_msglen, ssl->out_msg,
01054 &olen ) ) != 0 )
01055 {
01056 SSL_DEBUG_RET( 1, "cipher_update", ret );
01057 return( ret );
01058 }
01059
01060 if( ssl->out_msglen != olen )
01061 {
01062 SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
01063 ssl->out_msglen, olen ) );
01064 return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
01065 }
01066
01067 if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
01068 ssl->out_msg + olen, &olen ) ) != 0 )
01069 {
01070 SSL_DEBUG_RET( 1, "cipher_finish", ret );
01071 return( ret );
01072 }
01073
01074 if( 0 != olen )
01075 {
01076 SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
01077 0, olen ) );
01078 return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
01079 }
01080 }
01081 else
01082 #endif
01083 #if defined(POLARSSL_GCM_C)
01084 if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
01085 POLARSSL_MODE_GCM )
01086 {
01087 size_t enc_msglen, olen, totlen;
01088 unsigned char *enc_msg;
01089 unsigned char add_data[13];
01090 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
01091
01092 enc_msglen = ssl->out_msglen;
01093
01094 memcpy( add_data, ssl->out_ctr, 8 );
01095 add_data[8] = ssl->out_msgtype;
01096 add_data[9] = ssl->major_ver;
01097 add_data[10] = ssl->minor_ver;
01098 add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF;
01099 add_data[12] = ssl->out_msglen & 0xFF;
01100
01101 SSL_DEBUG_BUF( 4, "additional data used for AEAD",
01102 add_data, 13 );
01103
01104
01105
01106
01107 ret = ssl->f_rng( ssl->p_rng,
01108 ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
01109 ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
01110 if( ret != 0 )
01111 return( ret );
01112
01113 memcpy( ssl->out_iv,
01114 ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
01115 ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
01116
01117 SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
01118 ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
01119
01120
01121
01122
01123 enc_msg = ssl->out_msg;
01124 enc_msglen = ssl->out_msglen;
01125 ssl->out_msglen += ssl->transform_out->ivlen -
01126 ssl->transform_out->fixed_ivlen;
01127
01128 SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
01129 "including %d bytes of padding",
01130 ssl->out_msglen, 0 ) );
01131
01132 SSL_DEBUG_BUF( 4, "before encrypt: output payload",
01133 ssl->out_msg, ssl->out_msglen );
01134
01135
01136
01137
01138 if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
01139 ssl->transform_out->iv_enc,
01140 ssl->transform_out->ivlen ) ) != 0 ||
01141 ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
01142 {
01143 return( ret );
01144 }
01145
01146 if( ( ret = cipher_update_ad( &ssl->transform_out->cipher_ctx_enc,
01147 add_data, 13 ) ) != 0 )
01148 {
01149 return( ret );
01150 }
01151
01152 if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
01153 enc_msg, enc_msglen,
01154 enc_msg, &olen ) ) != 0 )
01155 {
01156 return( ret );
01157 }
01158 totlen = olen;
01159
01160 if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
01161 enc_msg + olen, &olen ) ) != 0 )
01162 {
01163 return( ret );
01164 }
01165 totlen += olen;
01166
01167 if( totlen != enc_msglen )
01168 {
01169 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01170 return( -1 );
01171 }
01172
01173
01174
01175
01176 ssl->out_msglen += 16;
01177
01178 if( ( ret = cipher_write_tag( &ssl->transform_out->cipher_ctx_enc,
01179 enc_msg + enc_msglen, 16 ) ) != 0 )
01180 {
01181 return( ret );
01182 }
01183
01184 SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, 16 );
01185 }
01186 else
01187 #endif
01188 #if defined(POLARSSL_CIPHER_MODE_CBC) && \
01189 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
01190 if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
01191 POLARSSL_MODE_CBC )
01192 {
01193 int ret;
01194 unsigned char *enc_msg;
01195 size_t enc_msglen, padlen, olen = 0;
01196
01197 padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) %
01198 ssl->transform_out->ivlen;
01199 if( padlen == ssl->transform_out->ivlen )
01200 padlen = 0;
01201
01202 for( i = 0; i <= padlen; i++ )
01203 ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen;
01204
01205 ssl->out_msglen += padlen + 1;
01206
01207 enc_msglen = ssl->out_msglen;
01208 enc_msg = ssl->out_msg;
01209
01210 #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
01211
01212
01213
01214
01215 if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
01216 {
01217
01218
01219
01220 int ret = ssl->f_rng( ssl->p_rng, ssl->transform_out->iv_enc,
01221 ssl->transform_out->ivlen );
01222 if( ret != 0 )
01223 return( ret );
01224
01225 memcpy( ssl->out_iv, ssl->transform_out->iv_enc,
01226 ssl->transform_out->ivlen );
01227
01228
01229
01230
01231 enc_msg = ssl->out_msg;
01232 enc_msglen = ssl->out_msglen;
01233 ssl->out_msglen += ssl->transform_out->ivlen;
01234 }
01235 #endif
01236
01237 SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
01238 "including %d bytes of IV and %d bytes of padding",
01239 ssl->out_msglen, ssl->transform_out->ivlen, padlen + 1 ) );
01240
01241 SSL_DEBUG_BUF( 4, "before encrypt: output payload",
01242 ssl->out_iv, ssl->out_msglen );
01243
01244 if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
01245 {
01246 SSL_DEBUG_RET( 1, "cipher_reset", ret );
01247 return( ret );
01248 }
01249
01250 if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
01251 ssl->transform_out->iv_enc,
01252 ssl->transform_out->ivlen ) ) != 0 )
01253 {
01254 SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
01255 return( ret );
01256 }
01257
01258 if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
01259 enc_msg, enc_msglen, enc_msg,
01260 &olen ) ) != 0 )
01261 {
01262 SSL_DEBUG_RET( 1, "cipher_update", ret );
01263 return( ret );
01264 }
01265
01266 enc_msglen -= olen;
01267
01268 if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
01269 enc_msg + olen, &olen ) ) != 0 )
01270 {
01271 SSL_DEBUG_RET( 1, "cipher_finish", ret );
01272 return( ret );
01273 }
01274
01275 if( enc_msglen != olen )
01276 {
01277 SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
01278 enc_msglen, olen ) );
01279 return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
01280 }
01281
01282 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
01283 if( ssl->minor_ver < SSL_MINOR_VERSION_2 )
01284 {
01285
01286
01287
01288 memcpy( ssl->transform_out->iv_enc,
01289 ssl->transform_out->cipher_ctx_enc.iv,
01290 ssl->transform_out->ivlen );
01291 }
01292 #endif
01293 }
01294 else
01295 #endif
01296
01297 {
01298 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01299 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
01300 }
01301
01302 for( i = 8; i > 0; i-- )
01303 if( ++ssl->out_ctr[i - 1] != 0 )
01304 break;
01305
01306 SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
01307
01308 return( 0 );
01309 }
01310
01311 #define POLARSSL_SSL_MAX_MAC_SIZE 48
01312
01313 static int ssl_decrypt_buf( ssl_context *ssl )
01314 {
01315 size_t i, padlen = 0, correct = 1;
01316 unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE];
01317
01318 SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
01319
01320 if( ssl->in_msglen < ssl->transform_in->minlen )
01321 {
01322 SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
01323 ssl->in_msglen, ssl->transform_in->minlen ) );
01324 return( POLARSSL_ERR_SSL_INVALID_MAC );
01325 }
01326
01327 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
01328 if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
01329 POLARSSL_MODE_STREAM )
01330 {
01331 int ret;
01332 size_t olen = 0;
01333
01334 padlen = 0;
01335
01336 if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
01337 {
01338 SSL_DEBUG_RET( 1, "cipher_reset", ret );
01339 return( ret );
01340 }
01341
01342 if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
01343 ssl->transform_in->iv_dec,
01344 ssl->transform_in->ivlen ) ) != 0 )
01345 {
01346 SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
01347 return( ret );
01348 }
01349
01350 if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
01351 ssl->in_msg, ssl->in_msglen, ssl->in_msg,
01352 &olen ) ) != 0 )
01353 {
01354 SSL_DEBUG_RET( 1, "cipher_update", ret );
01355 return( ret );
01356 }
01357
01358 if( ssl->in_msglen != olen )
01359 {
01360 SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
01361 return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
01362 }
01363
01364 if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
01365 ssl->in_msg + olen, &olen ) ) != 0 )
01366 {
01367 SSL_DEBUG_RET( 1, "cipher_finish", ret );
01368 return( ret );
01369 }
01370
01371 if( 0 != olen )
01372 {
01373 SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
01374 return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
01375 }
01376 }
01377 else
01378 #endif
01379 #if defined(POLARSSL_GCM_C)
01380 if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
01381 POLARSSL_MODE_GCM )
01382 {
01383 unsigned char *dec_msg;
01384 unsigned char *dec_msg_result;
01385 size_t dec_msglen, olen, totlen;
01386 unsigned char add_data[13];
01387 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
01388
01389 padlen = 0;
01390
01391 dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
01392 ssl->transform_in->fixed_ivlen );
01393 dec_msglen -= 16;
01394 dec_msg = ssl->in_msg;
01395 dec_msg_result = ssl->in_msg;
01396 ssl->in_msglen = dec_msglen;
01397
01398 memcpy( add_data, ssl->in_ctr, 8 );
01399 add_data[8] = ssl->in_msgtype;
01400 add_data[9] = ssl->major_ver;
01401 add_data[10] = ssl->minor_ver;
01402 add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF;
01403 add_data[12] = ssl->in_msglen & 0xFF;
01404
01405 SSL_DEBUG_BUF( 4, "additional data used for AEAD",
01406 add_data, 13 );
01407
01408 memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
01409 ssl->in_iv,
01410 ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen );
01411
01412 SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec,
01413 ssl->transform_in->ivlen );
01414 SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 );
01415
01416
01417
01418
01419 if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
01420 ssl->transform_in->iv_dec,
01421 ssl->transform_in->ivlen ) ) != 0 ||
01422 ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
01423 {
01424 return( ret );
01425 }
01426
01427 if( ( ret = cipher_update_ad( &ssl->transform_in->cipher_ctx_dec,
01428 add_data, 13 ) ) != 0 )
01429 {
01430 return( ret );
01431 }
01432
01433 if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
01434 dec_msg, dec_msglen,
01435 dec_msg_result, &olen ) ) != 0 )
01436 {
01437 return( ret );
01438 }
01439 totlen = olen;
01440
01441 if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
01442 dec_msg_result + olen, &olen ) ) != 0 )
01443 {
01444 return( ret );
01445 }
01446 totlen += olen;
01447
01448 if( totlen != dec_msglen )
01449 {
01450 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01451 return( -1 );
01452 }
01453
01454
01455
01456
01457 if( ( ret = cipher_check_tag( &ssl->transform_in->cipher_ctx_dec,
01458 dec_msg + dec_msglen, 16 ) ) != 0 )
01459 {
01460 SSL_DEBUG_RET( 1, "cipher_check_tag", ret );
01461 return( POLARSSL_ERR_SSL_INVALID_MAC );
01462 }
01463
01464 }
01465 else
01466 #endif
01467 #if defined(POLARSSL_CIPHER_MODE_CBC) && \
01468 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
01469 if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
01470 POLARSSL_MODE_CBC )
01471 {
01472
01473
01474
01475 int ret;
01476 unsigned char *dec_msg;
01477 unsigned char *dec_msg_result;
01478 size_t dec_msglen;
01479 size_t minlen = 0;
01480 size_t olen = 0;
01481
01482
01483
01484
01485 if( ssl->in_msglen % ssl->transform_in->ivlen != 0 )
01486 {
01487 SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
01488 ssl->in_msglen, ssl->transform_in->ivlen ) );
01489 return( POLARSSL_ERR_SSL_INVALID_MAC );
01490 }
01491
01492 #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
01493 if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
01494 minlen += ssl->transform_in->ivlen;
01495 #endif
01496
01497 if( ssl->in_msglen < minlen + ssl->transform_in->ivlen ||
01498 ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 )
01499 {
01500 SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) + 1 ) ( + expl IV )",
01501 ssl->in_msglen, ssl->transform_in->ivlen, ssl->transform_in->maclen ) );
01502 return( POLARSSL_ERR_SSL_INVALID_MAC );
01503 }
01504
01505 dec_msglen = ssl->in_msglen;
01506 dec_msg = ssl->in_msg;
01507 dec_msg_result = ssl->in_msg;
01508
01509 #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
01510
01511
01512
01513 if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
01514 {
01515 dec_msglen -= ssl->transform_in->ivlen;
01516 ssl->in_msglen -= ssl->transform_in->ivlen;
01517
01518 for( i = 0; i < ssl->transform_in->ivlen; i++ )
01519 ssl->transform_in->iv_dec[i] = ssl->in_iv[i];
01520 }
01521 #endif
01522
01523 if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
01524 {
01525 SSL_DEBUG_RET( 1, "cipher_reset", ret );
01526 return( ret );
01527 }
01528
01529 if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
01530 ssl->transform_in->iv_dec,
01531 ssl->transform_in->ivlen ) ) != 0 )
01532 {
01533 SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
01534 return( ret );
01535 }
01536
01537 if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
01538 dec_msg, dec_msglen, dec_msg_result,
01539 &olen ) ) != 0 )
01540 {
01541 SSL_DEBUG_RET( 1, "cipher_update", ret );
01542 return( ret );
01543 }
01544
01545 dec_msglen -= olen;
01546 if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
01547 dec_msg_result + olen, &olen ) ) != 0 )
01548 {
01549 SSL_DEBUG_RET( 1, "cipher_finish", ret );
01550 return( ret );
01551 }
01552
01553 if( dec_msglen != olen )
01554 {
01555 SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
01556 return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
01557 }
01558
01559 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
01560 if( ssl->minor_ver < SSL_MINOR_VERSION_2 )
01561 {
01562
01563
01564
01565 memcpy( ssl->transform_in->iv_dec,
01566 ssl->transform_in->cipher_ctx_dec.iv,
01567 ssl->transform_in->ivlen );
01568 }
01569 #endif
01570
01571 padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
01572
01573 if( ssl->in_msglen < ssl->transform_in->maclen + padlen )
01574 {
01575 #if defined(POLARSSL_SSL_DEBUG_ALL)
01576 SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
01577 ssl->in_msglen, ssl->transform_in->maclen, padlen ) );
01578 #endif
01579 padlen = 0;
01580 correct = 0;
01581 }
01582
01583 #if defined(POLARSSL_SSL_PROTO_SSL3)
01584 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
01585 {
01586 if( padlen > ssl->transform_in->ivlen )
01587 {
01588 #if defined(POLARSSL_SSL_DEBUG_ALL)
01589 SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
01590 "should be no more than %d",
01591 padlen, ssl->transform_in->ivlen ) );
01592 #endif
01593 correct = 0;
01594 }
01595 }
01596 else
01597 #endif
01598 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
01599 defined(POLARSSL_SSL_PROTO_TLS1_2)
01600 if( ssl->minor_ver > SSL_MINOR_VERSION_0 )
01601 {
01602
01603
01604
01605
01606 size_t pad_count = 0, real_count = 1;
01607 size_t padding_idx = ssl->in_msglen - padlen - 1;
01608
01609 for( i = 1; i <= 256; i++ )
01610 {
01611 real_count &= ( i <= padlen );
01612 pad_count += real_count *
01613 ( ssl->in_msg[padding_idx + i] == padlen - 1 );
01614 }
01615
01616 correct &= ( pad_count == padlen );
01617
01618 #if defined(POLARSSL_SSL_DEBUG_ALL)
01619 if( padlen > 0 && correct == 0)
01620 SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
01621 #endif
01622 padlen &= correct * 0x1FF;
01623 }
01624 else
01625 #endif
01626
01627 {
01628 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01629 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
01630 }
01631 }
01632 else
01633 #endif
01634
01635 {
01636 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01637 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
01638 }
01639
01640 SSL_DEBUG_BUF( 4, "raw buffer after decryption",
01641 ssl->in_msg, ssl->in_msglen );
01642
01643
01644
01645
01646 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
01647 ( defined(POLARSSL_CIPHER_MODE_CBC) && \
01648 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
01649 if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode !=
01650 POLARSSL_MODE_GCM )
01651 {
01652 ssl->in_msglen -= ( ssl->transform_in->maclen + padlen );
01653
01654 ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
01655 ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
01656
01657 memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen );
01658
01659 #if defined(POLARSSL_SSL_PROTO_SSL3)
01660 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
01661 {
01662 ssl_mac( &ssl->transform_in->md_ctx_dec,
01663 ssl->transform_in->mac_dec,
01664 ssl->in_msg, ssl->in_msglen,
01665 ssl->in_ctr, ssl->in_msgtype );
01666 }
01667 else
01668 #endif
01669 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
01670 defined(POLARSSL_SSL_PROTO_TLS1_2)
01671 if( ssl->minor_ver > SSL_MINOR_VERSION_0 )
01672 {
01673
01674
01675
01676
01677
01678
01679
01680
01681
01682
01683
01684
01685
01686 size_t j, extra_run = 0;
01687 extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
01688 ( 13 + ssl->in_msglen + 8 ) / 64;
01689
01690 extra_run &= correct * 0xFF;
01691
01692 md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 13 );
01693 md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg,
01694 ssl->in_msglen );
01695 md_hmac_finish( &ssl->transform_in->md_ctx_dec,
01696 ssl->in_msg + ssl->in_msglen );
01697 for( j = 0; j < extra_run; j++ )
01698 md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
01699
01700 md_hmac_reset( &ssl->transform_in->md_ctx_dec );
01701 }
01702 else
01703 #endif
01704
01705 {
01706 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
01707 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
01708 }
01709
01710 SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen );
01711 SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
01712 ssl->transform_in->maclen );
01713
01714 if( safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen,
01715 ssl->transform_in->maclen ) != 0 )
01716 {
01717 #if defined(POLARSSL_SSL_DEBUG_ALL)
01718 SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
01719 #endif
01720 correct = 0;
01721 }
01722
01723
01724
01725
01726 if( correct == 0 )
01727 return( POLARSSL_ERR_SSL_INVALID_MAC );
01728 }
01729 #endif
01730
01731 if( ssl->in_msglen == 0 )
01732 {
01733 ssl->nb_zero++;
01734
01735
01736
01737
01738
01739 if( ssl->nb_zero > 3 )
01740 {
01741 SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
01742 "messages, possible DoS attack" ) );
01743 return( POLARSSL_ERR_SSL_INVALID_MAC );
01744 }
01745 }
01746 else
01747 ssl->nb_zero = 0;
01748
01749 for( i = 8; i > 0; i-- )
01750 if( ++ssl->in_ctr[i - 1] != 0 )
01751 break;
01752
01753 SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
01754
01755 return( 0 );
01756 }
01757
01758 #if defined(POLARSSL_ZLIB_SUPPORT)
01759
01760
01761
01762 static int ssl_compress_buf( ssl_context *ssl )
01763 {
01764 int ret;
01765 unsigned char *msg_post = ssl->out_msg;
01766 size_t len_pre = ssl->out_msglen;
01767 unsigned char *msg_pre = ssl->compress_buf;
01768
01769 SSL_DEBUG_MSG( 2, ( "=> compress buf" ) );
01770
01771 if( len_pre == 0 )
01772 return( 0 );
01773
01774 memcpy( msg_pre, ssl->out_msg, len_pre );
01775
01776 SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
01777 ssl->out_msglen ) );
01778
01779 SSL_DEBUG_BUF( 4, "before compression: output payload",
01780 ssl->out_msg, ssl->out_msglen );
01781
01782 ssl->transform_out->ctx_deflate.next_in = msg_pre;
01783 ssl->transform_out->ctx_deflate.avail_in = len_pre;
01784 ssl->transform_out->ctx_deflate.next_out = msg_post;
01785 ssl->transform_out->ctx_deflate.avail_out = SSL_BUFFER_LEN;
01786
01787 ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
01788 if( ret != Z_OK )
01789 {
01790 SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) );
01791 return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
01792 }
01793
01794 ssl->out_msglen = SSL_BUFFER_LEN - ssl->transform_out->ctx_deflate.avail_out;
01795
01796 SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
01797 ssl->out_msglen ) );
01798
01799 SSL_DEBUG_BUF( 4, "after compression: output payload",
01800 ssl->out_msg, ssl->out_msglen );
01801
01802 SSL_DEBUG_MSG( 2, ( "<= compress buf" ) );
01803
01804 return( 0 );
01805 }
01806
01807 static int ssl_decompress_buf( ssl_context *ssl )
01808 {
01809 int ret;
01810 unsigned char *msg_post = ssl->in_msg;
01811 size_t len_pre = ssl->in_msglen;
01812 unsigned char *msg_pre = ssl->compress_buf;
01813
01814 SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) );
01815
01816 if( len_pre == 0 )
01817 return( 0 );
01818
01819 memcpy( msg_pre, ssl->in_msg, len_pre );
01820
01821 SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
01822 ssl->in_msglen ) );
01823
01824 SSL_DEBUG_BUF( 4, "before decompression: input payload",
01825 ssl->in_msg, ssl->in_msglen );
01826
01827 ssl->transform_in->ctx_inflate.next_in = msg_pre;
01828 ssl->transform_in->ctx_inflate.avail_in = len_pre;
01829 ssl->transform_in->ctx_inflate.next_out = msg_post;
01830 ssl->transform_in->ctx_inflate.avail_out = SSL_MAX_CONTENT_LEN;
01831
01832 ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
01833 if( ret != Z_OK )
01834 {
01835 SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) );
01836 return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
01837 }
01838
01839 ssl->in_msglen = SSL_MAX_CONTENT_LEN - ssl->transform_in->ctx_inflate.avail_out;
01840
01841 SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
01842 ssl->in_msglen ) );
01843
01844 SSL_DEBUG_BUF( 4, "after decompression: input payload",
01845 ssl->in_msg, ssl->in_msglen );
01846
01847 SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) );
01848
01849 return( 0 );
01850 }
01851 #endif
01852
01853
01854
01855
01856 int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
01857 {
01858 int ret;
01859 size_t len;
01860
01861 SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
01862
01863 while( ssl->in_left < nb_want )
01864 {
01865 len = nb_want - ssl->in_left;
01866 ret = ssl->f_recv( ssl->p_recv, ssl->in_hdr + ssl->in_left, len );
01867
01868 SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
01869 ssl->in_left, nb_want ) );
01870 SSL_DEBUG_RET( 2, "ssl->f_recv", ret );
01871
01872 if( ret == 0 )
01873 return( POLARSSL_ERR_SSL_CONN_EOF );
01874
01875 if( ret < 0 )
01876 return( ret );
01877
01878 ssl->in_left += ret;
01879 }
01880
01881 SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
01882
01883 return( 0 );
01884 }
01885
01886
01887
01888
01889 int ssl_flush_output( ssl_context *ssl )
01890 {
01891 int ret;
01892 unsigned char *buf;
01893
01894 SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
01895
01896 while( ssl->out_left > 0 )
01897 {
01898 SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
01899 5 + ssl->out_msglen, ssl->out_left ) );
01900
01901 buf = ssl->out_hdr + 5 + ssl->out_msglen - ssl->out_left;
01902 ret = ssl->f_send( ssl->p_send, buf, ssl->out_left );
01903
01904 SSL_DEBUG_RET( 2, "ssl->f_send", ret );
01905
01906 if( ret <= 0 )
01907 return( ret );
01908
01909 ssl->out_left -= ret;
01910 }
01911
01912 SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
01913
01914 return( 0 );
01915 }
01916
01917
01918
01919
01920 int ssl_write_record( ssl_context *ssl )
01921 {
01922 int ret, done = 0;
01923 size_t len = ssl->out_msglen;
01924
01925 SSL_DEBUG_MSG( 2, ( "=> write record" ) );
01926
01927 if( ssl->out_msgtype == SSL_MSG_HANDSHAKE )
01928 {
01929 ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 );
01930 ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 );
01931 ssl->out_msg[3] = (unsigned char)( ( len - 4 ) );
01932
01933 if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST )
01934 ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
01935 }
01936
01937 #if defined(POLARSSL_ZLIB_SUPPORT)
01938 if( ssl->transform_out != NULL &&
01939 ssl->session_out->compression == SSL_COMPRESS_DEFLATE )
01940 {
01941 if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
01942 {
01943 SSL_DEBUG_RET( 1, "ssl_compress_buf", ret );
01944 return( ret );
01945 }
01946
01947 len = ssl->out_msglen;
01948 }
01949 #endif
01950
01951 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
01952 if( ssl_hw_record_write != NULL)
01953 {
01954 SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_write()" ) );
01955
01956 ret = ssl_hw_record_write( ssl );
01957 if( ret != 0 && ret != POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH )
01958 {
01959 SSL_DEBUG_RET( 1, "ssl_hw_record_write", ret );
01960 return POLARSSL_ERR_SSL_HW_ACCEL_FAILED;
01961 }
01962
01963 if( ret == 0 )
01964 done = 1;
01965 }
01966 #endif
01967 if( !done )
01968 {
01969 ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
01970 ssl->out_hdr[1] = (unsigned char) ssl->major_ver;
01971 ssl->out_hdr[2] = (unsigned char) ssl->minor_ver;
01972 ssl->out_hdr[3] = (unsigned char)( len >> 8 );
01973 ssl->out_hdr[4] = (unsigned char)( len );
01974
01975 if( ssl->transform_out != NULL )
01976 {
01977 if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
01978 {
01979 SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
01980 return( ret );
01981 }
01982
01983 len = ssl->out_msglen;
01984 ssl->out_hdr[3] = (unsigned char)( len >> 8 );
01985 ssl->out_hdr[4] = (unsigned char)( len );
01986 }
01987
01988 ssl->out_left = 5 + ssl->out_msglen;
01989
01990 SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
01991 "version = [%d:%d], msglen = %d",
01992 ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2],
01993 ( ssl->out_hdr[3] << 8 ) | ssl->out_hdr[4] ) );
01994
01995 SSL_DEBUG_BUF( 4, "output record sent to network",
01996 ssl->out_hdr, 5 + ssl->out_msglen );
01997 }
01998
01999 if( ( ret = ssl_flush_output( ssl ) ) != 0 )
02000 {
02001 SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
02002 return( ret );
02003 }
02004
02005 SSL_DEBUG_MSG( 2, ( "<= write record" ) );
02006
02007 return( 0 );
02008 }
02009
02010 int ssl_read_record( ssl_context *ssl )
02011 {
02012 int ret, done = 0;
02013
02014 SSL_DEBUG_MSG( 2, ( "=> read record" ) );
02015
02016 SSL_DEBUG_BUF( 4, "input record from network",
02017 ssl->in_hdr, 5 + ssl->in_msglen );
02018
02019 if( ssl->in_hslen != 0 &&
02020 ssl->in_hslen < ssl->in_msglen )
02021 {
02022
02023
02024
02025 ssl->in_msglen -= ssl->in_hslen;
02026
02027 memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
02028 ssl->in_msglen );
02029
02030 ssl->in_hslen = 4;
02031 ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];
02032
02033 SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
02034 " %d, type = %d, hslen = %d",
02035 ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
02036
02037 if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
02038 {
02039 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
02040 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02041 }
02042
02043 if( ssl->in_msglen < ssl->in_hslen )
02044 {
02045 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
02046 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02047 }
02048
02049 ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
02050
02051 return( 0 );
02052 }
02053
02054 ssl->in_hslen = 0;
02055
02056
02057
02058
02059 if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
02060 {
02061 SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
02062 return( ret );
02063 }
02064
02065 ssl->in_msgtype = ssl->in_hdr[0];
02066 ssl->in_msglen = ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4];
02067
02068 SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
02069 "version = [%d:%d], msglen = %d",
02070 ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2],
02071 ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4] ) );
02072
02073 if( ssl->in_hdr[1] != ssl->major_ver )
02074 {
02075 SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
02076 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02077 }
02078
02079 if( ssl->in_hdr[2] > ssl->max_minor_ver )
02080 {
02081 SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
02082 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02083 }
02084
02085
02086
02087
02088 if( ssl->transform_in == NULL )
02089 {
02090 if( ssl->in_msglen < 1 ||
02091 ssl->in_msglen > SSL_MAX_CONTENT_LEN )
02092 {
02093 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
02094 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02095 }
02096 }
02097 else
02098 {
02099 if( ssl->in_msglen < ssl->transform_in->minlen )
02100 {
02101 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
02102 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02103 }
02104
02105 #if defined(POLARSSL_SSL_PROTO_SSL3)
02106 if( ssl->minor_ver == SSL_MINOR_VERSION_0 &&
02107 ssl->in_msglen > ssl->transform_in->minlen + SSL_MAX_CONTENT_LEN )
02108 {
02109 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
02110 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02111 }
02112 #endif
02113
02114 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
02115 defined(POLARSSL_SSL_PROTO_TLS1_2)
02116
02117
02118
02119 if( ssl->minor_ver >= SSL_MINOR_VERSION_1 &&
02120 ssl->in_msglen > ssl->transform_in->minlen + SSL_MAX_CONTENT_LEN + 256 )
02121 {
02122 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
02123 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02124 }
02125 #endif
02126 }
02127
02128
02129
02130
02131 if( ( ret = ssl_fetch_input( ssl, 5 + ssl->in_msglen ) ) != 0 )
02132 {
02133 SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
02134 return( ret );
02135 }
02136
02137 SSL_DEBUG_BUF( 4, "input record from network",
02138 ssl->in_hdr, 5 + ssl->in_msglen );
02139
02140 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
02141 if( ssl_hw_record_read != NULL)
02142 {
02143 SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_read()" ) );
02144
02145 ret = ssl_hw_record_read( ssl );
02146 if( ret != 0 && ret != POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH )
02147 {
02148 SSL_DEBUG_RET( 1, "ssl_hw_record_read", ret );
02149 return POLARSSL_ERR_SSL_HW_ACCEL_FAILED;
02150 }
02151
02152 if( ret == 0 )
02153 done = 1;
02154 }
02155 #endif
02156 if( !done && ssl->transform_in != NULL )
02157 {
02158 if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
02159 {
02160 #if defined(POLARSSL_SSL_ALERT_MESSAGES)
02161 if( ret == POLARSSL_ERR_SSL_INVALID_MAC )
02162 {
02163 ssl_send_alert_message( ssl,
02164 SSL_ALERT_LEVEL_FATAL,
02165 SSL_ALERT_MSG_BAD_RECORD_MAC );
02166 }
02167 #endif
02168 SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
02169 return( ret );
02170 }
02171
02172 SSL_DEBUG_BUF( 4, "input payload after decrypt",
02173 ssl->in_msg, ssl->in_msglen );
02174
02175 if( ssl->in_msglen > SSL_MAX_CONTENT_LEN )
02176 {
02177 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
02178 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02179 }
02180 }
02181
02182 #if defined(POLARSSL_ZLIB_SUPPORT)
02183 if( ssl->transform_in != NULL &&
02184 ssl->session_in->compression == SSL_COMPRESS_DEFLATE )
02185 {
02186 if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
02187 {
02188 SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret );
02189 return( ret );
02190 }
02191
02192 ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
02193 ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
02194 }
02195 #endif
02196
02197 if( ssl->in_msgtype != SSL_MSG_HANDSHAKE &&
02198 ssl->in_msgtype != SSL_MSG_ALERT &&
02199 ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC &&
02200 ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
02201 {
02202 SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
02203
02204 if( ( ret = ssl_send_alert_message( ssl,
02205 SSL_ALERT_LEVEL_FATAL,
02206 SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
02207 {
02208 return( ret );
02209 }
02210
02211 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02212 }
02213
02214 if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
02215 {
02216 ssl->in_hslen = 4;
02217 ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];
02218
02219 SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
02220 " %d, type = %d, hslen = %d",
02221 ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
02222
02223
02224
02225
02226 if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
02227 {
02228 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
02229 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02230 }
02231
02232 if( ssl->in_msglen < ssl->in_hslen )
02233 {
02234 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
02235 return( POLARSSL_ERR_SSL_INVALID_RECORD );
02236 }
02237
02238 if( ssl->state != SSL_HANDSHAKE_OVER )
02239 ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
02240 }
02241
02242 if( ssl->in_msgtype == SSL_MSG_ALERT )
02243 {
02244 SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
02245 ssl->in_msg[0], ssl->in_msg[1] ) );
02246
02247
02248
02249
02250 if( ssl->in_msg[0] == SSL_ALERT_LEVEL_FATAL )
02251 {
02252 SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)",
02253 ssl->in_msg[1] ) );
02258 return( POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE );
02259 }
02260
02261 if( ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
02262 ssl->in_msg[1] == SSL_ALERT_MSG_CLOSE_NOTIFY )
02263 {
02264 SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
02265 return( POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY );
02266 }
02267 }
02268
02269 ssl->in_left = 0;
02270
02271 SSL_DEBUG_MSG( 2, ( "<= read record" ) );
02272
02273 return( 0 );
02274 }
02275
02276 int ssl_send_fatal_handshake_failure( ssl_context *ssl )
02277 {
02278 int ret;
02279
02280 if( ( ret = ssl_send_alert_message( ssl,
02281 SSL_ALERT_LEVEL_FATAL,
02282 SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 )
02283 {
02284 return( ret );
02285 }
02286
02287 return( 0 );
02288 }
02289
02290 int ssl_send_alert_message( ssl_context *ssl,
02291 unsigned char level,
02292 unsigned char message )
02293 {
02294 int ret;
02295
02296 SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
02297
02298 ssl->out_msgtype = SSL_MSG_ALERT;
02299 ssl->out_msglen = 2;
02300 ssl->out_msg[0] = level;
02301 ssl->out_msg[1] = message;
02302
02303 if( ( ret = ssl_write_record( ssl ) ) != 0 )
02304 {
02305 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
02306 return( ret );
02307 }
02308
02309 SSL_DEBUG_MSG( 2, ( "<= send alert message" ) );
02310
02311 return( 0 );
02312 }
02313
02314
02315
02316
02317 #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
02318 !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
02319 !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
02320 !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
02321 int ssl_write_certificate( ssl_context *ssl )
02322 {
02323 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
02324 const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
02325
02326 SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
02327
02328 if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
02329 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
02330 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
02331 {
02332 SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
02333 ssl->state++;
02334 return( 0 );
02335 }
02336
02337 SSL_DEBUG_MSG( 1, ( "should not happen" ) );
02338 return( ret );
02339 }
02340
02341 int ssl_parse_certificate( ssl_context *ssl )
02342 {
02343 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
02344 const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
02345
02346 SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
02347
02348 if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
02349 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
02350 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
02351 {
02352 SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
02353 ssl->state++;
02354 return( 0 );
02355 }
02356
02357 SSL_DEBUG_MSG( 1, ( "should not happen" ) );
02358 return( ret );
02359 }
02360 #else
02361 int ssl_write_certificate( ssl_context *ssl )
02362 {
02363 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
02364 size_t i, n;
02365 const x509_crt *crt;
02366 const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
02367
02368 SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
02369
02370 if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
02371 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
02372 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
02373 {
02374 SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
02375 ssl->state++;
02376 return( 0 );
02377 }
02378
02379 if( ssl->endpoint == SSL_IS_CLIENT )
02380 {
02381 if( ssl->client_auth == 0 )
02382 {
02383 SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
02384 ssl->state++;
02385 return( 0 );
02386 }
02387
02388 #if defined(POLARSSL_SSL_PROTO_SSL3)
02389
02390
02391
02392
02393 if( ssl_own_cert( ssl ) == NULL &&
02394 ssl->minor_ver == SSL_MINOR_VERSION_0 )
02395 {
02396 ssl->out_msglen = 2;
02397 ssl->out_msgtype = SSL_MSG_ALERT;
02398 ssl->out_msg[0] = SSL_ALERT_LEVEL_WARNING;
02399 ssl->out_msg[1] = SSL_ALERT_MSG_NO_CERT;
02400
02401 SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) );
02402 goto write_msg;
02403 }
02404 #endif
02405 }
02406 else
02407 {
02408 if( ssl_own_cert( ssl ) == NULL )
02409 {
02410 SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
02411 return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED );
02412 }
02413 }
02414
02415 SSL_DEBUG_CRT( 3, "own certificate", ssl_own_cert( ssl ) );
02416
02417
02418
02419
02420
02421
02422
02423
02424
02425
02426 i = 7;
02427 crt = ssl_own_cert( ssl );
02428
02429 while( crt != NULL )
02430 {
02431 n = crt->raw.len;
02432 if( i + 3 + n > SSL_MAX_CONTENT_LEN )
02433 {
02434 SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
02435 i + 3 + n, SSL_MAX_CONTENT_LEN ) );
02436 return( POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE );
02437 }
02438
02439 ssl->out_msg[i ] = (unsigned char)( n >> 16 );
02440 ssl->out_msg[i + 1] = (unsigned char)( n >> 8 );
02441 ssl->out_msg[i + 2] = (unsigned char)( n );
02442
02443 i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
02444 i += n; crt = crt->next;
02445 }
02446
02447 ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 );
02448 ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 );
02449 ssl->out_msg[6] = (unsigned char)( ( i - 7 ) );
02450
02451 ssl->out_msglen = i;
02452 ssl->out_msgtype = SSL_MSG_HANDSHAKE;
02453 ssl->out_msg[0] = SSL_HS_CERTIFICATE;
02454
02455 #if defined(POLARSSL_SSL_PROTO_SSL3)
02456 write_msg:
02457 #endif
02458
02459 ssl->state++;
02460
02461 if( ( ret = ssl_write_record( ssl ) ) != 0 )
02462 {
02463 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
02464 return( ret );
02465 }
02466
02467 SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
02468
02469 return( ret );
02470 }
02471
02472 int ssl_parse_certificate( ssl_context *ssl )
02473 {
02474 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
02475 size_t i, n;
02476 const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
02477
02478 SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
02479
02480 if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
02481 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
02482 ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
02483 {
02484 SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
02485 ssl->state++;
02486 return( 0 );
02487 }
02488
02489 if( ssl->endpoint == SSL_IS_SERVER &&
02490 ssl->authmode == SSL_VERIFY_NONE )
02491 {
02492 ssl->session_negotiate->verify_result = BADCERT_SKIP_VERIFY;
02493 SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
02494 ssl->state++;
02495 return( 0 );
02496 }
02497
02498 if( ( ret = ssl_read_record( ssl ) ) != 0 )
02499 {
02500 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
02501 return( ret );
02502 }
02503
02504 ssl->state++;
02505
02506 #if defined(POLARSSL_SSL_PROTO_SSL3)
02507
02508
02509
02510 if( ssl->endpoint == SSL_IS_SERVER &&
02511 ssl->minor_ver == SSL_MINOR_VERSION_0 )
02512 {
02513 if( ssl->in_msglen == 2 &&
02514 ssl->in_msgtype == SSL_MSG_ALERT &&
02515 ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
02516 ssl->in_msg[1] == SSL_ALERT_MSG_NO_CERT )
02517 {
02518 SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
02519
02520 ssl->session_negotiate->verify_result = BADCERT_MISSING;
02521 if( ssl->authmode == SSL_VERIFY_OPTIONAL )
02522 return( 0 );
02523 else
02524 return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
02525 }
02526 }
02527 #endif
02528
02529 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
02530 defined(POLARSSL_SSL_PROTO_TLS1_2)
02531 if( ssl->endpoint == SSL_IS_SERVER &&
02532 ssl->minor_ver != SSL_MINOR_VERSION_0 )
02533 {
02534 if( ssl->in_hslen == 7 &&
02535 ssl->in_msgtype == SSL_MSG_HANDSHAKE &&
02536 ssl->in_msg[0] == SSL_HS_CERTIFICATE &&
02537 memcmp( ssl->in_msg + 4, "\0\0\0", 3 ) == 0 )
02538 {
02539 SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
02540
02541 ssl->session_negotiate->verify_result = BADCERT_MISSING;
02542 if( ssl->authmode == SSL_VERIFY_REQUIRED )
02543 return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
02544 else
02545 return( 0 );
02546 }
02547 }
02548 #endif
02549
02550
02551 if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
02552 {
02553 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
02554 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
02555 }
02556
02557 if( ssl->in_msg[0] != SSL_HS_CERTIFICATE || ssl->in_hslen < 10 )
02558 {
02559 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
02560 return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
02561 }
02562
02563
02564
02565
02566 n = ( ssl->in_msg[5] << 8 ) | ssl->in_msg[6];
02567
02568 if( ssl->in_msg[4] != 0 || ssl->in_hslen != 7 + n )
02569 {
02570 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
02571 return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
02572 }
02573
02574
02575 if( ssl->session_negotiate->peer_cert != NULL )
02576 {
02577 x509_crt_free( ssl->session_negotiate->peer_cert );
02578 polarssl_free( ssl->session_negotiate->peer_cert );
02579 }
02580
02581 if( ( ssl->session_negotiate->peer_cert = (x509_crt *) polarssl_malloc(
02582 sizeof( x509_crt ) ) ) == NULL )
02583 {
02584 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
02585 sizeof( x509_crt ) ) );
02586 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
02587 }
02588
02589 x509_crt_init( ssl->session_negotiate->peer_cert );
02590
02591 i = 7;
02592
02593 while( i < ssl->in_hslen )
02594 {
02595 if( ssl->in_msg[i] != 0 )
02596 {
02597 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
02598 return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
02599 }
02600
02601 n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
02602 | (unsigned int) ssl->in_msg[i + 2];
02603 i += 3;
02604
02605 if( n < 128 || i + n > ssl->in_hslen )
02606 {
02607 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
02608 return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
02609 }
02610
02611 ret = x509_crt_parse_der( ssl->session_negotiate->peer_cert,
02612 ssl->in_msg + i, n );
02613 if( ret != 0 )
02614 {
02615 SSL_DEBUG_RET( 1, " x509_crt_parse_der", ret );
02616 return( ret );
02617 }
02618
02619 i += n;
02620 }
02621
02622 SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
02623
02624 if( ssl->authmode != SSL_VERIFY_NONE )
02625 {
02626 if( ssl->ca_chain == NULL )
02627 {
02628 SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
02629 return( POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED );
02630 }
02631
02632 ret = x509_crt_verify( ssl->session_negotiate->peer_cert,
02633 ssl->ca_chain, ssl->ca_crl, ssl->peer_cn,
02634 &ssl->session_negotiate->verify_result,
02635 ssl->f_vrfy, ssl->p_vrfy );
02636
02637 if( ret != 0 )
02638 SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
02639
02640 if( ssl->authmode != SSL_VERIFY_REQUIRED )
02641 ret = 0;
02642 }
02643
02644 SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
02645
02646 return( ret );
02647 }
02648 #endif
02649
02650
02651
02652 int ssl_write_change_cipher_spec( ssl_context *ssl )
02653 {
02654 int ret;
02655
02656 SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
02657
02658 ssl->out_msgtype = SSL_MSG_CHANGE_CIPHER_SPEC;
02659 ssl->out_msglen = 1;
02660 ssl->out_msg[0] = 1;
02661
02662 ssl->state++;
02663
02664 if( ( ret = ssl_write_record( ssl ) ) != 0 )
02665 {
02666 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
02667 return( ret );
02668 }
02669
02670 SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
02671
02672 return( 0 );
02673 }
02674
02675 int ssl_parse_change_cipher_spec( ssl_context *ssl )
02676 {
02677 int ret;
02678
02679 SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
02680
02681 if( ( ret = ssl_read_record( ssl ) ) != 0 )
02682 {
02683 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
02684 return( ret );
02685 }
02686
02687 if( ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC )
02688 {
02689 SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
02690 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
02691 }
02692
02693 if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 )
02694 {
02695 SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
02696 return( POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
02697 }
02698
02699 ssl->state++;
02700
02701 SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
02702
02703 return( 0 );
02704 }
02705
02706 void ssl_optimize_checksum( ssl_context *ssl,
02707 const ssl_ciphersuite_t *ciphersuite_info )
02708 {
02709 ((void) ciphersuite_info);
02710
02711 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
02712 defined(POLARSSL_SSL_PROTO_TLS1_1)
02713 if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
02714 ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
02715 else
02716 #endif
02717 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
02718 #if defined(POLARSSL_SHA512_C)
02719 if( ciphersuite_info->mac == POLARSSL_MD_SHA384 )
02720 ssl->handshake->update_checksum = ssl_update_checksum_sha384;
02721 else
02722 #endif
02723 #if defined(POLARSSL_SHA256_C)
02724 if( ciphersuite_info->mac != POLARSSL_MD_SHA384 )
02725 ssl->handshake->update_checksum = ssl_update_checksum_sha256;
02726 else
02727 #endif
02728 #endif
02729
02730 return;
02731 }
02732
02733 static void ssl_update_checksum_start( ssl_context *ssl,
02734 const unsigned char *buf, size_t len )
02735 {
02736 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
02737 defined(POLARSSL_SSL_PROTO_TLS1_1)
02738 md5_update( &ssl->handshake->fin_md5 , buf, len );
02739 sha1_update( &ssl->handshake->fin_sha1, buf, len );
02740 #endif
02741 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
02742 #if defined(POLARSSL_SHA256_C)
02743 sha256_update( &ssl->handshake->fin_sha256, buf, len );
02744 #endif
02745 #if defined(POLARSSL_SHA512_C)
02746 sha512_update( &ssl->handshake->fin_sha512, buf, len );
02747 #endif
02748 #endif
02749 }
02750
02751 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
02752 defined(POLARSSL_SSL_PROTO_TLS1_1)
02753 static void ssl_update_checksum_md5sha1( ssl_context *ssl,
02754 const unsigned char *buf, size_t len )
02755 {
02756 md5_update( &ssl->handshake->fin_md5 , buf, len );
02757 sha1_update( &ssl->handshake->fin_sha1, buf, len );
02758 }
02759 #endif
02760
02761 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
02762 #if defined(POLARSSL_SHA256_C)
02763 static void ssl_update_checksum_sha256( ssl_context *ssl,
02764 const unsigned char *buf, size_t len )
02765 {
02766 sha256_update( &ssl->handshake->fin_sha256, buf, len );
02767 }
02768 #endif
02769
02770 #if defined(POLARSSL_SHA512_C)
02771 static void ssl_update_checksum_sha384( ssl_context *ssl,
02772 const unsigned char *buf, size_t len )
02773 {
02774 sha512_update( &ssl->handshake->fin_sha512, buf, len );
02775 }
02776 #endif
02777 #endif
02778
02779 #if defined(POLARSSL_SSL_PROTO_SSL3)
02780 static void ssl_calc_finished_ssl(
02781 ssl_context *ssl, unsigned char *buf, int from )
02782 {
02783 const char *sender;
02784 md5_context md5;
02785 sha1_context sha1;
02786
02787 unsigned char padbuf[48];
02788 unsigned char md5sum[16];
02789 unsigned char sha1sum[20];
02790
02791 ssl_session *session = ssl->session_negotiate;
02792 if( !session )
02793 session = ssl->session;
02794
02795 SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) );
02796
02797 memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
02798 memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
02799
02800
02801
02802
02803
02804
02805
02806
02807
02808
02809 #if !defined(POLARSSL_MD5_ALT)
02810 SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
02811 md5.state, sizeof( md5.state ) );
02812 #endif
02813
02814 #if !defined(POLARSSL_SHA1_ALT)
02815 SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
02816 sha1.state, sizeof( sha1.state ) );
02817 #endif
02818
02819 sender = ( from == SSL_IS_CLIENT ) ? "CLNT"
02820 : "SRVR";
02821
02822 memset( padbuf, 0x36, 48 );
02823
02824 md5_update( &md5, (const unsigned char *) sender, 4 );
02825 md5_update( &md5, session->master, 48 );
02826 md5_update( &md5, padbuf, 48 );
02827 md5_finish( &md5, md5sum );
02828
02829 sha1_update( &sha1, (const unsigned char *) sender, 4 );
02830 sha1_update( &sha1, session->master, 48 );
02831 sha1_update( &sha1, padbuf, 40 );
02832 sha1_finish( &sha1, sha1sum );
02833
02834 memset( padbuf, 0x5C, 48 );
02835
02836 md5_starts( &md5 );
02837 md5_update( &md5, session->master, 48 );
02838 md5_update( &md5, padbuf, 48 );
02839 md5_update( &md5, md5sum, 16 );
02840 md5_finish( &md5, buf );
02841
02842 sha1_starts( &sha1 );
02843 sha1_update( &sha1, session->master, 48 );
02844 sha1_update( &sha1, padbuf , 40 );
02845 sha1_update( &sha1, sha1sum, 20 );
02846 sha1_finish( &sha1, buf + 16 );
02847
02848 SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 );
02849
02850 memset( &md5, 0, sizeof( md5_context ) );
02851 memset( &sha1, 0, sizeof( sha1_context ) );
02852
02853 memset( padbuf, 0, sizeof( padbuf ) );
02854 memset( md5sum, 0, sizeof( md5sum ) );
02855 memset( sha1sum, 0, sizeof( sha1sum ) );
02856
02857 SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
02858 }
02859 #endif
02860
02861 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
02862 static void ssl_calc_finished_tls(
02863 ssl_context *ssl, unsigned char *buf, int from )
02864 {
02865 int len = 12;
02866 const char *sender;
02867 md5_context md5;
02868 sha1_context sha1;
02869 unsigned char padbuf[36];
02870
02871 ssl_session *session = ssl->session_negotiate;
02872 if( !session )
02873 session = ssl->session;
02874
02875 SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) );
02876
02877 memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
02878 memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
02879
02880
02881
02882
02883
02884
02885
02886 #if !defined(POLARSSL_MD5_ALT)
02887 SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
02888 md5.state, sizeof( md5.state ) );
02889 #endif
02890
02891 #if !defined(POLARSSL_SHA1_ALT)
02892 SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
02893 sha1.state, sizeof( sha1.state ) );
02894 #endif
02895
02896 sender = ( from == SSL_IS_CLIENT )
02897 ? "client finished"
02898 : "server finished";
02899
02900 md5_finish( &md5, padbuf );
02901 sha1_finish( &sha1, padbuf + 16 );
02902
02903 ssl->handshake->tls_prf( session->master, 48, sender,
02904 padbuf, 36, buf, len );
02905
02906 SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
02907
02908 memset( &md5, 0, sizeof( md5_context ) );
02909 memset( &sha1, 0, sizeof( sha1_context ) );
02910
02911 memset( padbuf, 0, sizeof( padbuf ) );
02912
02913 SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
02914 }
02915 #endif
02916
02917 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
02918 #if defined(POLARSSL_SHA256_C)
02919 static void ssl_calc_finished_tls_sha256(
02920 ssl_context *ssl, unsigned char *buf, int from )
02921 {
02922 int len = 12;
02923 const char *sender;
02924 sha256_context sha256;
02925 unsigned char padbuf[32];
02926
02927 ssl_session *session = ssl->session_negotiate;
02928 if( !session )
02929 session = ssl->session;
02930
02931 SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) );
02932
02933 memcpy( &sha256, &ssl->handshake->fin_sha256, sizeof(sha256_context) );
02934
02935
02936
02937
02938
02939
02940
02941 #if !defined(POLARSSL_SHA256_ALT)
02942 SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
02943 sha256.state, sizeof( sha256.state ) );
02944 #endif
02945
02946 sender = ( from == SSL_IS_CLIENT )
02947 ? "client finished"
02948 : "server finished";
02949
02950 sha256_finish( &sha256, padbuf );
02951
02952 ssl->handshake->tls_prf( session->master, 48, sender,
02953 padbuf, 32, buf, len );
02954
02955 SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
02956
02957 memset( &sha256, 0, sizeof( sha256_context ) );
02958
02959 memset( padbuf, 0, sizeof( padbuf ) );
02960
02961 SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
02962 }
02963 #endif
02964
02965 #if defined(POLARSSL_SHA512_C)
02966 static void ssl_calc_finished_tls_sha384(
02967 ssl_context *ssl, unsigned char *buf, int from )
02968 {
02969 int len = 12;
02970 const char *sender;
02971 sha512_context sha512;
02972 unsigned char padbuf[48];
02973
02974 ssl_session *session = ssl->session_negotiate;
02975 if( !session )
02976 session = ssl->session;
02977
02978 SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) );
02979
02980 memcpy( &sha512, &ssl->handshake->fin_sha512, sizeof(sha512_context) );
02981
02982
02983
02984
02985
02986
02987
02988 #if !defined(POLARSSL_SHA512_ALT)
02989 SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
02990 sha512.state, sizeof( sha512.state ) );
02991 #endif
02992
02993 sender = ( from == SSL_IS_CLIENT )
02994 ? "client finished"
02995 : "server finished";
02996
02997 sha512_finish( &sha512, padbuf );
02998
02999 ssl->handshake->tls_prf( session->master, 48, sender,
03000 padbuf, 48, buf, len );
03001
03002 SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
03003
03004 memset( &sha512, 0, sizeof( sha512_context ) );
03005
03006 memset( padbuf, 0, sizeof( padbuf ) );
03007
03008 SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
03009 }
03010 #endif
03011 #endif
03012
03013 void ssl_handshake_wrapup( ssl_context *ssl )
03014 {
03015 int resume = ssl->handshake->resume;
03016
03017 SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
03018
03019
03020
03021
03022 ssl_handshake_free( ssl->handshake );
03023 polarssl_free( ssl->handshake );
03024 ssl->handshake = NULL;
03025
03026 if( ssl->renegotiation == SSL_RENEGOTIATION )
03027 ssl->renegotiation = SSL_RENEGOTIATION_DONE;
03028
03029
03030
03031
03032 if( ssl->transform )
03033 {
03034 ssl_transform_free( ssl->transform );
03035 polarssl_free( ssl->transform );
03036 }
03037 ssl->transform = ssl->transform_negotiate;
03038 ssl->transform_negotiate = NULL;
03039
03040 if( ssl->session )
03041 {
03042 ssl_session_free( ssl->session );
03043 polarssl_free( ssl->session );
03044 }
03045 ssl->session = ssl->session_negotiate;
03046 ssl->session_negotiate = NULL;
03047
03048
03049
03050
03051 if( ssl->f_set_cache != NULL &&
03052 ssl->session->length != 0 &&
03053 resume == 0 )
03054 {
03055 if( ssl->f_set_cache( ssl->p_set_cache, ssl->session ) != 0 )
03056 SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
03057 }
03058
03059 ssl->state++;
03060
03061 SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
03062 }
03063
03064 int ssl_write_finished( ssl_context *ssl )
03065 {
03066 int ret, hash_len;
03067
03068 SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
03069
03070
03071
03072
03073 if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
03074 {
03075 ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen -
03076 ssl->transform_negotiate->fixed_ivlen;
03077 }
03078 else
03079 ssl->out_msg = ssl->out_iv;
03080
03081 ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->endpoint );
03082
03083
03084 hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12;
03085
03086 ssl->verify_data_len = hash_len;
03087 memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
03088
03089 ssl->out_msglen = 4 + hash_len;
03090 ssl->out_msgtype = SSL_MSG_HANDSHAKE;
03091 ssl->out_msg[0] = SSL_HS_FINISHED;
03092
03093
03094
03095
03096
03097 if( ssl->handshake->resume != 0 )
03098 {
03099 if( ssl->endpoint == SSL_IS_CLIENT )
03100 ssl->state = SSL_HANDSHAKE_WRAPUP;
03101 else
03102 ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
03103 }
03104 else
03105 ssl->state++;
03106
03107
03108
03109
03110 SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
03111 ssl->transform_out = ssl->transform_negotiate;
03112 ssl->session_out = ssl->session_negotiate;
03113 memset( ssl->out_ctr, 0, 8 );
03114
03115 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
03116 if( ssl_hw_record_activate != NULL)
03117 {
03118 if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_OUTBOUND ) ) != 0 )
03119 {
03120 SSL_DEBUG_RET( 1, "ssl_hw_record_activate", ret );
03121 return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );
03122 }
03123 }
03124 #endif
03125
03126 if( ( ret = ssl_write_record( ssl ) ) != 0 )
03127 {
03128 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
03129 return( ret );
03130 }
03131
03132 SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
03133
03134 return( 0 );
03135 }
03136
03137 int ssl_parse_finished( ssl_context *ssl )
03138 {
03139 int ret;
03140 unsigned int hash_len;
03141 unsigned char buf[36];
03142
03143 SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
03144
03145 ssl->handshake->calc_finished( ssl, buf, ssl->endpoint ^ 1 );
03146
03147
03148
03149
03150 SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
03151 ssl->transform_in = ssl->transform_negotiate;
03152 ssl->session_in = ssl->session_negotiate;
03153 memset( ssl->in_ctr, 0, 8 );
03154
03155
03156
03157
03158 if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
03159 {
03160 ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen -
03161 ssl->transform_negotiate->fixed_ivlen;
03162 }
03163 else
03164 ssl->in_msg = ssl->in_iv;
03165
03166 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
03167 if( ssl_hw_record_activate != NULL)
03168 {
03169 if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_INBOUND ) ) != 0 )
03170 {
03171 SSL_DEBUG_RET( 1, "ssl_hw_record_activate", ret );
03172 return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );
03173 }
03174 }
03175 #endif
03176
03177 if( ( ret = ssl_read_record( ssl ) ) != 0 )
03178 {
03179 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
03180 return( ret );
03181 }
03182
03183 if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
03184 {
03185 SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
03186 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
03187 }
03188
03189
03190 hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12;
03191
03192 if( ssl->in_msg[0] != SSL_HS_FINISHED ||
03193 ssl->in_hslen != 4 + hash_len )
03194 {
03195 SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
03196 return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
03197 }
03198
03199 if( safer_memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
03200 {
03201 SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
03202 return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
03203 }
03204
03205 ssl->verify_data_len = hash_len;
03206 memcpy( ssl->peer_verify_data, buf, hash_len );
03207
03208 if( ssl->handshake->resume != 0 )
03209 {
03210 if( ssl->endpoint == SSL_IS_CLIENT )
03211 ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
03212
03213 if( ssl->endpoint == SSL_IS_SERVER )
03214 ssl->state = SSL_HANDSHAKE_WRAPUP;
03215 }
03216 else
03217 ssl->state++;
03218
03219 SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
03220
03221 return( 0 );
03222 }
03223
03224 static int ssl_handshake_init( ssl_context *ssl )
03225 {
03226 if( ssl->transform_negotiate )
03227 ssl_transform_free( ssl->transform_negotiate );
03228 else
03229 {
03230 ssl->transform_negotiate =
03231 (ssl_transform *) polarssl_malloc( sizeof(ssl_transform) );
03232 }
03233
03234 if( ssl->session_negotiate )
03235 ssl_session_free( ssl->session_negotiate );
03236 else
03237 {
03238 ssl->session_negotiate =
03239 (ssl_session *) polarssl_malloc( sizeof(ssl_session) );
03240 }
03241
03242 if( ssl->handshake )
03243 ssl_handshake_free( ssl->handshake );
03244 else
03245 {
03246 ssl->handshake = (ssl_handshake_params *)
03247 polarssl_malloc( sizeof(ssl_handshake_params) );
03248 }
03249
03250 if( ssl->handshake == NULL ||
03251 ssl->transform_negotiate == NULL ||
03252 ssl->session_negotiate == NULL )
03253 {
03254 SSL_DEBUG_MSG( 1, ( "malloc() of ssl sub-contexts failed" ) );
03255 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03256 }
03257
03258 memset( ssl->handshake, 0, sizeof(ssl_handshake_params) );
03259 memset( ssl->transform_negotiate, 0, sizeof(ssl_transform) );
03260 memset( ssl->session_negotiate, 0, sizeof(ssl_session) );
03261
03262 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
03263 defined(POLARSSL_SSL_PROTO_TLS1_1)
03264 md5_starts( &ssl->handshake->fin_md5 );
03265 sha1_starts( &ssl->handshake->fin_sha1 );
03266 #endif
03267 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
03268 #if defined(POLARSSL_SHA256_C)
03269 sha256_starts( &ssl->handshake->fin_sha256, 0 );
03270 #endif
03271 #if defined(POLARSSL_SHA512_C)
03272 sha512_starts( &ssl->handshake->fin_sha512, 1 );
03273 #endif
03274 #endif
03275
03276 ssl->handshake->update_checksum = ssl_update_checksum_start;
03277 ssl->handshake->sig_alg = SSL_HASH_SHA1;
03278
03279 #if defined(POLARSSL_ECDH_C)
03280 ecdh_init( &ssl->handshake->ecdh_ctx );
03281 #endif
03282
03283 #if defined(POLARSSL_X509_CRT_PARSE_C)
03284 ssl->handshake->key_cert = ssl->key_cert;
03285 #endif
03286
03287 return( 0 );
03288 }
03289
03290
03291
03292
03293 int ssl_init( ssl_context *ssl )
03294 {
03295 int ret;
03296 int len = SSL_BUFFER_LEN;
03297
03298 memset( ssl, 0, sizeof( ssl_context ) );
03299
03300
03301
03302
03303 ssl->min_major_ver = SSL_MIN_MAJOR_VERSION;
03304 ssl->min_minor_ver = SSL_MIN_MINOR_VERSION;
03305 ssl->max_major_ver = SSL_MAX_MAJOR_VERSION;
03306 ssl->max_minor_ver = SSL_MAX_MINOR_VERSION;
03307
03308 ssl_set_ciphersuites( ssl, ssl_list_ciphersuites() );
03309
03310 #if defined(POLARSSL_DHM_C)
03311 if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
03312 POLARSSL_DHM_RFC5114_MODP_1024_P) ) != 0 ||
03313 ( ret = mpi_read_string( &ssl->dhm_G, 16,
03314 POLARSSL_DHM_RFC5114_MODP_1024_G) ) != 0 )
03315 {
03316 SSL_DEBUG_RET( 1, "mpi_read_string", ret );
03317 return( ret );
03318 }
03319 #endif
03320
03321
03322
03323
03324 ssl->in_ctr = (unsigned char *) polarssl_malloc( len );
03325 ssl->in_hdr = ssl->in_ctr + 8;
03326 ssl->in_iv = ssl->in_ctr + 13;
03327 ssl->in_msg = ssl->in_ctr + 13;
03328
03329 if( ssl->in_ctr == NULL )
03330 {
03331 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
03332 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03333 }
03334
03335 ssl->out_ctr = (unsigned char *) polarssl_malloc( len );
03336 ssl->out_hdr = ssl->out_ctr + 8;
03337 ssl->out_iv = ssl->out_ctr + 13;
03338 ssl->out_msg = ssl->out_ctr + 13;
03339
03340 if( ssl->out_ctr == NULL )
03341 {
03342 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
03343 polarssl_free( ssl-> in_ctr );
03344 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03345 }
03346
03347 memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
03348 memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
03349
03350 #if defined(POLARSSL_SSL_SESSION_TICKETS)
03351 ssl->ticket_lifetime = SSL_DEFAULT_TICKET_LIFETIME;
03352 #endif
03353
03354 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
03355 return( ret );
03356
03357 return( 0 );
03358 }
03359
03360
03361
03362
03363
03364 int ssl_session_reset( ssl_context *ssl )
03365 {
03366 int ret;
03367
03368 ssl->state = SSL_HELLO_REQUEST;
03369 ssl->renegotiation = SSL_INITIAL_HANDSHAKE;
03370 ssl->secure_renegotiation = SSL_LEGACY_RENEGOTIATION;
03371
03372 ssl->verify_data_len = 0;
03373 memset( ssl->own_verify_data, 0, 36 );
03374 memset( ssl->peer_verify_data, 0, 36 );
03375
03376 ssl->in_offt = NULL;
03377
03378 ssl->in_msg = ssl->in_ctr + 13;
03379 ssl->in_msgtype = 0;
03380 ssl->in_msglen = 0;
03381 ssl->in_left = 0;
03382
03383 ssl->in_hslen = 0;
03384 ssl->nb_zero = 0;
03385 ssl->record_read = 0;
03386
03387 ssl->out_msg = ssl->out_ctr + 13;
03388 ssl->out_msgtype = 0;
03389 ssl->out_msglen = 0;
03390 ssl->out_left = 0;
03391
03392 ssl->transform_in = NULL;
03393 ssl->transform_out = NULL;
03394
03395 memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
03396 memset( ssl->in_ctr, 0, SSL_BUFFER_LEN );
03397
03398 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
03399 if( ssl_hw_record_reset != NULL)
03400 {
03401 SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_reset()" ) );
03402 if( ( ret = ssl_hw_record_reset( ssl ) ) != 0 )
03403 {
03404 SSL_DEBUG_RET( 1, "ssl_hw_record_reset", ret );
03405 return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );
03406 }
03407 }
03408 #endif
03409
03410 if( ssl->transform )
03411 {
03412 ssl_transform_free( ssl->transform );
03413 polarssl_free( ssl->transform );
03414 ssl->transform = NULL;
03415 }
03416
03417 if( ssl->session )
03418 {
03419 ssl_session_free( ssl->session );
03420 polarssl_free( ssl->session );
03421 ssl->session = NULL;
03422 }
03423
03424 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
03425 return( ret );
03426
03427 return( 0 );
03428 }
03429
03430 #if defined(POLARSSL_SSL_SESSION_TICKETS)
03431
03432
03433
03434 static int ssl_ticket_keys_init( ssl_context *ssl )
03435 {
03436 int ret;
03437 ssl_ticket_keys *tkeys;
03438 unsigned char buf[16];
03439
03440 if( ssl->ticket_keys != NULL )
03441 return( 0 );
03442
03443 tkeys = (ssl_ticket_keys *) polarssl_malloc( sizeof(ssl_ticket_keys) );
03444 if( tkeys == NULL )
03445 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03446
03447 if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->key_name, 16 ) ) != 0 )
03448 return( ret );
03449
03450 if( ( ret = ssl->f_rng( ssl->p_rng, buf, 16 ) ) != 0 ||
03451 ( ret = aes_setkey_enc( &tkeys->enc, buf, 128 ) ) != 0 ||
03452 ( ret = aes_setkey_dec( &tkeys->dec, buf, 128 ) ) != 0 )
03453 {
03454 return( ret );
03455 }
03456
03457 if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->mac_key, 16 ) ) != 0 )
03458 return( ret );
03459
03460 ssl->ticket_keys = tkeys;
03461
03462 return( 0 );
03463 }
03464 #endif
03465
03466
03467
03468
03469 void ssl_set_endpoint( ssl_context *ssl, int endpoint )
03470 {
03471 ssl->endpoint = endpoint;
03472
03473 #if defined(POLARSSL_SSL_SESSION_TICKETS)
03474 if( endpoint == SSL_IS_CLIENT )
03475 ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
03476 #endif
03477 }
03478
03479 void ssl_set_authmode( ssl_context *ssl, int authmode )
03480 {
03481 ssl->authmode = authmode;
03482 }
03483
03484 #if defined(POLARSSL_X509_CRT_PARSE_C)
03485 void ssl_set_verify( ssl_context *ssl,
03486 int (*f_vrfy)(void *, x509_crt *, int, int *),
03487 void *p_vrfy )
03488 {
03489 ssl->f_vrfy = f_vrfy;
03490 ssl->p_vrfy = p_vrfy;
03491 }
03492 #endif
03493
03494 void ssl_set_rng( ssl_context *ssl,
03495 int (*f_rng)(void *, unsigned char *, size_t),
03496 void *p_rng )
03497 {
03498 ssl->f_rng = f_rng;
03499 ssl->p_rng = p_rng;
03500 }
03501
03502 void ssl_set_dbg( ssl_context *ssl,
03503 void (*f_dbg)(void *, int, const char *),
03504 void *p_dbg )
03505 {
03506 ssl->f_dbg = f_dbg;
03507 ssl->p_dbg = p_dbg;
03508 }
03509
03510 void ssl_set_bio( ssl_context *ssl,
03511 int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
03512 int (*f_send)(void *, const unsigned char *, size_t), void *p_send )
03513 {
03514 ssl->f_recv = f_recv;
03515 ssl->f_send = f_send;
03516 ssl->p_recv = p_recv;
03517 ssl->p_send = p_send;
03518 }
03519
03520 void ssl_set_session_cache( ssl_context *ssl,
03521 int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
03522 int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache )
03523 {
03524 ssl->f_get_cache = f_get_cache;
03525 ssl->p_get_cache = p_get_cache;
03526 ssl->f_set_cache = f_set_cache;
03527 ssl->p_set_cache = p_set_cache;
03528 }
03529
03530 int ssl_set_session( ssl_context *ssl, const ssl_session *session )
03531 {
03532 int ret;
03533
03534 if( ssl == NULL ||
03535 session == NULL ||
03536 ssl->session_negotiate == NULL ||
03537 ssl->endpoint != SSL_IS_CLIENT )
03538 {
03539 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03540 }
03541
03542 if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 )
03543 return( ret );
03544
03545 ssl->handshake->resume = 1;
03546
03547 return( 0 );
03548 }
03549
03550 void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites )
03551 {
03552 ssl->ciphersuite_list[SSL_MINOR_VERSION_0] = ciphersuites;
03553 ssl->ciphersuite_list[SSL_MINOR_VERSION_1] = ciphersuites;
03554 ssl->ciphersuite_list[SSL_MINOR_VERSION_2] = ciphersuites;
03555 ssl->ciphersuite_list[SSL_MINOR_VERSION_3] = ciphersuites;
03556 }
03557
03558 void ssl_set_ciphersuites_for_version( ssl_context *ssl, const int *ciphersuites,
03559 int major, int minor )
03560 {
03561 if( major != SSL_MAJOR_VERSION_3 )
03562 return;
03563
03564 if( minor < SSL_MINOR_VERSION_0 || minor > SSL_MINOR_VERSION_3 )
03565 return;
03566
03567 ssl->ciphersuite_list[minor] = ciphersuites;
03568 }
03569
03570 #if defined(POLARSSL_X509_CRT_PARSE_C)
03571
03572 static ssl_key_cert *ssl_add_key_cert( ssl_context *ssl )
03573 {
03574 ssl_key_cert *key_cert, *last;
03575
03576 key_cert = (ssl_key_cert *) polarssl_malloc( sizeof(ssl_key_cert) );
03577 if( key_cert == NULL )
03578 return( NULL );
03579
03580 memset( key_cert, 0, sizeof( ssl_key_cert ) );
03581
03582
03583 if( ssl->key_cert == NULL )
03584 {
03585 ssl->key_cert = key_cert;
03586 ssl->handshake->key_cert = key_cert;
03587 }
03588 else
03589 {
03590 last = ssl->key_cert;
03591 while( last->next != NULL )
03592 last = last->next;
03593 last->next = key_cert;
03594 }
03595
03596 return key_cert;
03597 }
03598
03599 void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
03600 x509_crl *ca_crl, const char *peer_cn )
03601 {
03602 ssl->ca_chain = ca_chain;
03603 ssl->ca_crl = ca_crl;
03604 ssl->peer_cn = peer_cn;
03605 }
03606
03607 int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
03608 pk_context *pk_key )
03609 {
03610 ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
03611
03612 if( key_cert == NULL )
03613 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03614
03615 key_cert->cert = own_cert;
03616 key_cert->key = pk_key;
03617
03618 return( 0 );
03619 }
03620
03621 #if defined(POLARSSL_RSA_C)
03622 int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
03623 rsa_context *rsa_key )
03624 {
03625 int ret;
03626 ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
03627
03628 if( key_cert == NULL )
03629 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03630
03631 key_cert->key = (pk_context *) polarssl_malloc( sizeof(pk_context) );
03632 if( key_cert->key == NULL )
03633 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03634
03635 pk_init( key_cert->key );
03636
03637 ret = pk_init_ctx( key_cert->key, pk_info_from_type( POLARSSL_PK_RSA ) );
03638 if( ret != 0 )
03639 return( ret );
03640
03641 if( ( ret = rsa_copy( pk_rsa( *key_cert->key ), rsa_key ) ) != 0 )
03642 return( ret );
03643
03644 key_cert->cert = own_cert;
03645 key_cert->key_own_alloc = 1;
03646
03647 return( 0 );
03648 }
03649 #endif
03650
03651 int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
03652 void *rsa_key,
03653 rsa_decrypt_func rsa_decrypt,
03654 rsa_sign_func rsa_sign,
03655 rsa_key_len_func rsa_key_len )
03656 {
03657 int ret;
03658 ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
03659
03660 if( key_cert == NULL )
03661 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03662
03663 key_cert->key = (pk_context *) polarssl_malloc( sizeof(pk_context) );
03664 if( key_cert->key == NULL )
03665 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03666
03667 pk_init( key_cert->key );
03668
03669 if( ( ret = pk_init_ctx_rsa_alt( key_cert->key, rsa_key,
03670 rsa_decrypt, rsa_sign, rsa_key_len ) ) != 0 )
03671 return( ret );
03672
03673 key_cert->cert = own_cert;
03674 key_cert->key_own_alloc = 1;
03675
03676 return( 0 );
03677 }
03678 #endif
03679
03680 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
03681 int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
03682 const unsigned char *psk_identity, size_t psk_identity_len )
03683 {
03684 if( psk == NULL || psk_identity == NULL )
03685 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03686
03687 if( ssl->psk != NULL )
03688 {
03689 polarssl_free( ssl->psk );
03690 polarssl_free( ssl->psk_identity );
03691 }
03692
03693 ssl->psk_len = psk_len;
03694 ssl->psk_identity_len = psk_identity_len;
03695
03696 ssl->psk = (unsigned char *) polarssl_malloc( ssl->psk_len );
03697 ssl->psk_identity = (unsigned char *) polarssl_malloc( ssl->psk_identity_len );
03698
03699 if( ssl->psk == NULL || ssl->psk_identity == NULL )
03700 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03701
03702 memcpy( ssl->psk, psk, ssl->psk_len );
03703 memcpy( ssl->psk_identity, psk_identity, ssl->psk_identity_len );
03704
03705 return( 0 );
03706 }
03707
03708 void ssl_set_psk_cb( ssl_context *ssl,
03709 int (*f_psk)(void *, ssl_context *, const unsigned char *,
03710 size_t),
03711 void *p_psk )
03712 {
03713 ssl->f_psk = f_psk;
03714 ssl->p_psk = p_psk;
03715 }
03716 #endif
03717
03718 #if defined(POLARSSL_DHM_C)
03719 int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G )
03720 {
03721 int ret;
03722
03723 if( ( ret = mpi_read_string( &ssl->dhm_P, 16, dhm_P ) ) != 0 )
03724 {
03725 SSL_DEBUG_RET( 1, "mpi_read_string", ret );
03726 return( ret );
03727 }
03728
03729 if( ( ret = mpi_read_string( &ssl->dhm_G, 16, dhm_G ) ) != 0 )
03730 {
03731 SSL_DEBUG_RET( 1, "mpi_read_string", ret );
03732 return( ret );
03733 }
03734
03735 return( 0 );
03736 }
03737
03738 int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx )
03739 {
03740 int ret;
03741
03742 if( ( ret = mpi_copy(&ssl->dhm_P, &dhm_ctx->P) ) != 0 )
03743 {
03744 SSL_DEBUG_RET( 1, "mpi_copy", ret );
03745 return( ret );
03746 }
03747
03748 if( ( ret = mpi_copy(&ssl->dhm_G, &dhm_ctx->G) ) != 0 )
03749 {
03750 SSL_DEBUG_RET( 1, "mpi_copy", ret );
03751 return( ret );
03752 }
03753
03754 return( 0 );
03755 }
03756 #endif
03757
03758 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
03759 int ssl_set_hostname( ssl_context *ssl, const char *hostname )
03760 {
03761 if( hostname == NULL )
03762 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03763
03764 ssl->hostname_len = strlen( hostname );
03765
03766 if( ssl->hostname_len + 1 == 0 )
03767 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03768
03769 ssl->hostname = (unsigned char *) polarssl_malloc( ssl->hostname_len + 1 );
03770
03771 if( ssl->hostname == NULL )
03772 return( POLARSSL_ERR_SSL_MALLOC_FAILED );
03773
03774 memcpy( ssl->hostname, (const unsigned char *) hostname,
03775 ssl->hostname_len );
03776
03777 ssl->hostname[ssl->hostname_len] = '\0';
03778
03779 return( 0 );
03780 }
03781
03782 void ssl_set_sni( ssl_context *ssl,
03783 int (*f_sni)(void *, ssl_context *,
03784 const unsigned char *, size_t),
03785 void *p_sni )
03786 {
03787 ssl->f_sni = f_sni;
03788 ssl->p_sni = p_sni;
03789 }
03790 #endif
03791
03792 void ssl_set_max_version( ssl_context *ssl, int major, int minor )
03793 {
03794 if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION &&
03795 minor >= SSL_MIN_MINOR_VERSION && minor <= SSL_MAX_MINOR_VERSION )
03796 {
03797 ssl->max_major_ver = major;
03798 ssl->max_minor_ver = minor;
03799 }
03800 }
03801
03802 void ssl_set_min_version( ssl_context *ssl, int major, int minor )
03803 {
03804 if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION &&
03805 minor >= SSL_MIN_MINOR_VERSION && minor <= SSL_MAX_MINOR_VERSION )
03806 {
03807 ssl->min_major_ver = major;
03808 ssl->min_minor_ver = minor;
03809 }
03810 }
03811
03812 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
03813 int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
03814 {
03815 if( mfl_code >= sizeof( mfl_code_to_length ) ||
03816 mfl_code_to_length[mfl_code] > SSL_MAX_CONTENT_LEN )
03817 {
03818 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03819 }
03820
03821 ssl->mfl_code = mfl_code;
03822
03823 return( 0 );
03824 }
03825 #endif
03826
03827 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
03828 int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
03829 {
03830 if( ssl->endpoint != SSL_IS_CLIENT )
03831 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03832
03833 ssl->trunc_hmac = truncate;
03834
03835 return( 0 );
03836 }
03837 #endif
03838
03839 void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
03840 {
03841 ssl->disable_renegotiation = renegotiation;
03842 }
03843
03844 void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy )
03845 {
03846 ssl->allow_legacy_renegotiation = allow_legacy;
03847 }
03848
03849 #if defined(POLARSSL_SSL_SESSION_TICKETS)
03850 int ssl_set_session_tickets( ssl_context *ssl, int use_tickets )
03851 {
03852 ssl->session_tickets = use_tickets;
03853
03854 if( ssl->endpoint == SSL_IS_CLIENT )
03855 return( 0 );
03856
03857 if( ssl->f_rng == NULL )
03858 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03859
03860 return( ssl_ticket_keys_init( ssl ) );
03861 }
03862
03863 void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime )
03864 {
03865 ssl->ticket_lifetime = lifetime;
03866 }
03867 #endif
03868
03869
03870
03871
03872 size_t ssl_get_bytes_avail( const ssl_context *ssl )
03873 {
03874 return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
03875 }
03876
03877 int ssl_get_verify_result( const ssl_context *ssl )
03878 {
03879 return( ssl->session->verify_result );
03880 }
03881
03882 const char *ssl_get_ciphersuite( const ssl_context *ssl )
03883 {
03884 if( ssl == NULL || ssl->session == NULL )
03885 return NULL;
03886
03887 return ssl_get_ciphersuite_name( ssl->session->ciphersuite );
03888 }
03889
03890 const char *ssl_get_version( const ssl_context *ssl )
03891 {
03892 switch( ssl->minor_ver )
03893 {
03894 case SSL_MINOR_VERSION_0:
03895 return( "SSLv3.0" );
03896
03897 case SSL_MINOR_VERSION_1:
03898 return( "TLSv1.0" );
03899
03900 case SSL_MINOR_VERSION_2:
03901 return( "TLSv1.1" );
03902
03903 case SSL_MINOR_VERSION_3:
03904 return( "TLSv1.2" );
03905
03906 default:
03907 break;
03908 }
03909 return( "unknown" );
03910 }
03911
03912 #if defined(POLARSSL_X509_CRT_PARSE_C)
03913 const x509_crt *ssl_get_peer_cert( const ssl_context *ssl )
03914 {
03915 if( ssl == NULL || ssl->session == NULL )
03916 return NULL;
03917
03918 return ssl->session->peer_cert;
03919 }
03920 #endif
03921
03922 int ssl_get_session( const ssl_context *ssl, ssl_session *dst )
03923 {
03924 if( ssl == NULL ||
03925 dst == NULL ||
03926 ssl->session == NULL ||
03927 ssl->endpoint != SSL_IS_CLIENT )
03928 {
03929 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
03930 }
03931
03932 return( ssl_session_copy( dst, ssl->session ) );
03933 }
03934
03935
03936
03937
03938 int ssl_handshake_step( ssl_context *ssl )
03939 {
03940 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
03941
03942 #if defined(POLARSSL_SSL_CLI_C)
03943 if( ssl->endpoint == SSL_IS_CLIENT )
03944 ret = ssl_handshake_client_step( ssl );
03945 #endif
03946
03947 #if defined(POLARSSL_SSL_SRV_C)
03948 if( ssl->endpoint == SSL_IS_SERVER )
03949 ret = ssl_handshake_server_step( ssl );
03950 #endif
03951
03952 return( ret );
03953 }
03954
03955
03956
03957
03958 int ssl_handshake( ssl_context *ssl )
03959 {
03960 int ret = 0;
03961
03962 SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
03963
03964 while( ssl->state != SSL_HANDSHAKE_OVER )
03965 {
03966 ret = ssl_handshake_step( ssl );
03967
03968 if( ret != 0 )
03969 break;
03970 }
03971
03972 SSL_DEBUG_MSG( 2, ( "<= handshake" ) );
03973
03974 return( ret );
03975 }
03976
03977 #if defined(POLARSSL_SSL_SRV_C)
03978
03979
03980
03981 static int ssl_write_hello_request( ssl_context *ssl )
03982 {
03983 int ret;
03984
03985 SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
03986
03987 ssl->out_msglen = 4;
03988 ssl->out_msgtype = SSL_MSG_HANDSHAKE;
03989 ssl->out_msg[0] = SSL_HS_HELLO_REQUEST;
03990
03991 if( ( ret = ssl_write_record( ssl ) ) != 0 )
03992 {
03993 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
03994 return( ret );
03995 }
03996
03997 ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
03998
03999 SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
04000
04001 return( 0 );
04002 }
04003 #endif
04004
04005
04006
04007
04008
04009
04010
04011
04012
04013
04014 static int ssl_start_renegotiation( ssl_context *ssl )
04015 {
04016 int ret;
04017
04018 SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
04019
04020 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
04021 return( ret );
04022
04023 ssl->state = SSL_HELLO_REQUEST;
04024 ssl->renegotiation = SSL_RENEGOTIATION;
04025
04026 if( ( ret = ssl_handshake( ssl ) ) != 0 )
04027 {
04028 SSL_DEBUG_RET( 1, "ssl_handshake", ret );
04029 return( ret );
04030 }
04031
04032 SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) );
04033
04034 return( 0 );
04035 }
04036
04037
04038
04039
04040
04041 int ssl_renegotiate( ssl_context *ssl )
04042 {
04043 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
04044
04045 #if defined(POLARSSL_SSL_SRV_C)
04046
04047 if( ssl->endpoint == SSL_IS_SERVER )
04048 {
04049 if( ssl->state != SSL_HANDSHAKE_OVER )
04050 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
04051
04052 return( ssl_write_hello_request( ssl ) );
04053 }
04054 #endif
04055
04056 #if defined(POLARSSL_SSL_CLI_C)
04057
04058
04059
04060
04061 if( ssl->renegotiation != SSL_RENEGOTIATION )
04062 {
04063 if( ssl->state != SSL_HANDSHAKE_OVER )
04064 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
04065
04066 if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
04067 {
04068 SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
04069 return( ret );
04070 }
04071 }
04072 else
04073 {
04074 if( ( ret = ssl_handshake( ssl ) ) != 0 )
04075 {
04076 SSL_DEBUG_RET( 1, "ssl_handshake", ret );
04077 return( ret );
04078 }
04079 }
04080 #endif
04081
04082 return( ret );
04083 }
04084
04085
04086
04087
04088 int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
04089 {
04090 int ret;
04091 size_t n;
04092
04093 SSL_DEBUG_MSG( 2, ( "=> read" ) );
04094
04095 if( ssl->state != SSL_HANDSHAKE_OVER )
04096 {
04097 if( ( ret = ssl_handshake( ssl ) ) != 0 )
04098 {
04099 SSL_DEBUG_RET( 1, "ssl_handshake", ret );
04100 return( ret );
04101 }
04102 }
04103
04104 if( ssl->in_offt == NULL )
04105 {
04106 if( ( ret = ssl_read_record( ssl ) ) != 0 )
04107 {
04108 if( ret == POLARSSL_ERR_SSL_CONN_EOF )
04109 return( 0 );
04110
04111 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
04112 return( ret );
04113 }
04114
04115 if( ssl->in_msglen == 0 &&
04116 ssl->in_msgtype == SSL_MSG_APPLICATION_DATA )
04117 {
04118
04119
04120
04121 if( ( ret = ssl_read_record( ssl ) ) != 0 )
04122 {
04123 if( ret == POLARSSL_ERR_SSL_CONN_EOF )
04124 return( 0 );
04125
04126 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
04127 return( ret );
04128 }
04129 }
04130
04131 if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
04132 {
04133 SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
04134
04135 if( ssl->endpoint == SSL_IS_CLIENT &&
04136 ( ssl->in_msg[0] != SSL_HS_HELLO_REQUEST ||
04137 ssl->in_hslen != 4 ) )
04138 {
04139 SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
04140 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
04141 }
04142
04143 if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED ||
04144 ( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
04145 ssl->allow_legacy_renegotiation == SSL_LEGACY_NO_RENEGOTIATION ) )
04146 {
04147 SSL_DEBUG_MSG( 3, ( "ignoring renegotiation, sending alert" ) );
04148
04149 #if defined(POLARSSL_SSL_PROTO_SSL3)
04150 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
04151 {
04152
04153
04154
04155 if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
04156 return( ret );
04157 }
04158 else
04159 #endif
04160 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
04161 defined(POLARSSL_SSL_PROTO_TLS1_2)
04162 if( ssl->minor_ver >= SSL_MINOR_VERSION_1 )
04163 {
04164 if( ( ret = ssl_send_alert_message( ssl,
04165 SSL_ALERT_LEVEL_WARNING,
04166 SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
04167 {
04168 return( ret );
04169 }
04170 }
04171 else
04172 #endif
04173 {
04174 SSL_DEBUG_MSG( 1, ( "should never happen" ) );
04175 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
04176 }
04177 }
04178 else
04179 {
04180 if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
04181 {
04182 SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
04183 return( ret );
04184 }
04185
04186 return( POLARSSL_ERR_NET_WANT_READ );
04187 }
04188 }
04189 else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
04190 {
04191 SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
04192 "but not honored by client" ) );
04193 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
04194 }
04195 else if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
04196 {
04197 SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
04198 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
04199 }
04200
04201 ssl->in_offt = ssl->in_msg;
04202 }
04203
04204 n = ( len < ssl->in_msglen )
04205 ? len : ssl->in_msglen;
04206
04207 memcpy( buf, ssl->in_offt, n );
04208 ssl->in_msglen -= n;
04209
04210 if( ssl->in_msglen == 0 )
04211
04212 ssl->in_offt = NULL;
04213 else
04214
04215 ssl->in_offt += n;
04216
04217 SSL_DEBUG_MSG( 2, ( "<= read" ) );
04218
04219 return( (int) n );
04220 }
04221
04222
04223
04224
04225 int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
04226 {
04227 int ret;
04228 size_t n;
04229 unsigned int max_len = SSL_MAX_CONTENT_LEN;
04230
04231 SSL_DEBUG_MSG( 2, ( "=> write" ) );
04232
04233 if( ssl->state != SSL_HANDSHAKE_OVER )
04234 {
04235 if( ( ret = ssl_handshake( ssl ) ) != 0 )
04236 {
04237 SSL_DEBUG_RET( 1, "ssl_handshake", ret );
04238 return( ret );
04239 }
04240 }
04241
04242 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
04243
04244
04245
04246 max_len = mfl_code_to_length[ssl->mfl_code];
04247
04248
04249
04250
04251 if( ssl->session_out != NULL &&
04252 mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
04253 {
04254 max_len = mfl_code_to_length[ssl->session_out->mfl_code];
04255 }
04256 #endif
04257
04258 n = ( len < max_len) ? len : max_len;
04259
04260 if( ssl->out_left != 0 )
04261 {
04262 if( ( ret = ssl_flush_output( ssl ) ) != 0 )
04263 {
04264 SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
04265 return( ret );
04266 }
04267 }
04268 else
04269 {
04270 ssl->out_msglen = n;
04271 ssl->out_msgtype = SSL_MSG_APPLICATION_DATA;
04272 memcpy( ssl->out_msg, buf, n );
04273
04274 if( ( ret = ssl_write_record( ssl ) ) != 0 )
04275 {
04276 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
04277 return( ret );
04278 }
04279 }
04280
04281 SSL_DEBUG_MSG( 2, ( "<= write" ) );
04282
04283 return( (int) n );
04284 }
04285
04286
04287
04288
04289 int ssl_close_notify( ssl_context *ssl )
04290 {
04291 int ret;
04292
04293 SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
04294
04295 if( ( ret = ssl_flush_output( ssl ) ) != 0 )
04296 {
04297 SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
04298 return( ret );
04299 }
04300
04301 if( ssl->state == SSL_HANDSHAKE_OVER )
04302 {
04303 if( ( ret = ssl_send_alert_message( ssl,
04304 SSL_ALERT_LEVEL_WARNING,
04305 SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 )
04306 {
04307 return( ret );
04308 }
04309 }
04310
04311 SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
04312
04313 return( ret );
04314 }
04315
04316 void ssl_transform_free( ssl_transform *transform )
04317 {
04318 #if defined(POLARSSL_ZLIB_SUPPORT)
04319 deflateEnd( &transform->ctx_deflate );
04320 inflateEnd( &transform->ctx_inflate );
04321 #endif
04322
04323 cipher_free_ctx( &transform->cipher_ctx_enc );
04324 cipher_free_ctx( &transform->cipher_ctx_dec );
04325
04326 md_free_ctx( &transform->md_ctx_enc );
04327 md_free_ctx( &transform->md_ctx_dec );
04328
04329 memset( transform, 0, sizeof( ssl_transform ) );
04330 }
04331
04332 #if defined(POLARSSL_X509_CRT_PARSE_C)
04333 static void ssl_key_cert_free( ssl_key_cert *key_cert )
04334 {
04335 ssl_key_cert *cur = key_cert, *next;
04336
04337 while( cur != NULL )
04338 {
04339 next = cur->next;
04340
04341 if( cur->key_own_alloc )
04342 {
04343 pk_free( cur->key );
04344 polarssl_free( cur->key );
04345 }
04346 polarssl_free( cur );
04347
04348 cur = next;
04349 }
04350 }
04351 #endif
04352
04353 void ssl_handshake_free( ssl_handshake_params *handshake )
04354 {
04355 #if defined(POLARSSL_DHM_C)
04356 dhm_free( &handshake->dhm_ctx );
04357 #endif
04358 #if defined(POLARSSL_ECDH_C)
04359 ecdh_free( &handshake->ecdh_ctx );
04360 #endif
04361
04362 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
04363
04364 polarssl_free( (void *) handshake->curves );
04365 #endif
04366
04367 #if defined(POLARSSL_X509_CRT_PARSE_C) && \
04368 defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
04369
04370
04371
04372
04373 if( handshake->sni_key_cert != NULL )
04374 {
04375 ssl_key_cert *cur = handshake->sni_key_cert, *next;
04376
04377 while( cur != NULL )
04378 {
04379 next = cur->next;
04380 polarssl_free( cur );
04381 cur = next;
04382 }
04383 }
04384 #endif
04385
04386 memset( handshake, 0, sizeof( ssl_handshake_params ) );
04387 }
04388
04389 void ssl_session_free( ssl_session *session )
04390 {
04391 #if defined(POLARSSL_X509_CRT_PARSE_C)
04392 if( session->peer_cert != NULL )
04393 {
04394 x509_crt_free( session->peer_cert );
04395 polarssl_free( session->peer_cert );
04396 }
04397 #endif
04398
04399 #if defined(POLARSSL_SSL_SESSION_TICKETS)
04400 polarssl_free( session->ticket );
04401 #endif
04402
04403 memset( session, 0, sizeof( ssl_session ) );
04404 }
04405
04406
04407
04408
04409 void ssl_free( ssl_context *ssl )
04410 {
04411 SSL_DEBUG_MSG( 2, ( "=> free" ) );
04412
04413 if( ssl->out_ctr != NULL )
04414 {
04415 memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
04416 polarssl_free( ssl->out_ctr );
04417 }
04418
04419 if( ssl->in_ctr != NULL )
04420 {
04421 memset( ssl->in_ctr, 0, SSL_BUFFER_LEN );
04422 polarssl_free( ssl->in_ctr );
04423 }
04424
04425 #if defined(POLARSSL_ZLIB_SUPPORT)
04426 if( ssl->compress_buf != NULL )
04427 {
04428 memset( ssl->compress_buf, 0, SSL_BUFFER_LEN );
04429 polarssl_free( ssl->compress_buf );
04430 }
04431 #endif
04432
04433 #if defined(POLARSSL_DHM_C)
04434 mpi_free( &ssl->dhm_P );
04435 mpi_free( &ssl->dhm_G );
04436 #endif
04437
04438 if( ssl->transform )
04439 {
04440 ssl_transform_free( ssl->transform );
04441 polarssl_free( ssl->transform );
04442 }
04443
04444 if( ssl->handshake )
04445 {
04446 ssl_handshake_free( ssl->handshake );
04447 ssl_transform_free( ssl->transform_negotiate );
04448 ssl_session_free( ssl->session_negotiate );
04449
04450 polarssl_free( ssl->handshake );
04451 polarssl_free( ssl->transform_negotiate );
04452 polarssl_free( ssl->session_negotiate );
04453 }
04454
04455 if( ssl->session )
04456 {
04457 ssl_session_free( ssl->session );
04458 polarssl_free( ssl->session );
04459 }
04460
04461 #if defined(POLARSSL_SSL_SESSION_TICKETS)
04462 polarssl_free( ssl->ticket_keys );
04463 #endif
04464
04465 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
04466 if ( ssl->hostname != NULL )
04467 {
04468 memset( ssl->hostname, 0, ssl->hostname_len );
04469 polarssl_free( ssl->hostname );
04470 ssl->hostname_len = 0;
04471 }
04472 #endif
04473
04474 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
04475 if( ssl->psk != NULL )
04476 {
04477 memset( ssl->psk, 0, ssl->psk_len );
04478 memset( ssl->psk_identity, 0, ssl->psk_identity_len );
04479 polarssl_free( ssl->psk );
04480 polarssl_free( ssl->psk_identity );
04481 ssl->psk_len = 0;
04482 ssl->psk_identity_len = 0;
04483 }
04484 #endif
04485
04486 #if defined(POLARSSL_X509_CRT_PARSE_C)
04487 ssl_key_cert_free( ssl->key_cert );
04488 #endif
04489
04490 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
04491 if( ssl_hw_record_finish != NULL )
04492 {
04493 SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_finish()" ) );
04494 ssl_hw_record_finish( ssl );
04495 }
04496 #endif
04497
04498 SSL_DEBUG_MSG( 2, ( "<= free" ) );
04499
04500
04501 memset( ssl, 0, sizeof( ssl_context ) );
04502 }
04503
04504 #if defined(POLARSSL_PK_C)
04505
04506
04507
04508 unsigned char ssl_sig_from_pk( pk_context *pk )
04509 {
04510 #if defined(POLARSSL_RSA_C)
04511 if( pk_can_do( pk, POLARSSL_PK_RSA ) )
04512 return( SSL_SIG_RSA );
04513 #endif
04514 #if defined(POLARSSL_ECDSA_C)
04515 if( pk_can_do( pk, POLARSSL_PK_ECDSA ) )
04516 return( SSL_SIG_ECDSA );
04517 #endif
04518 return( SSL_SIG_ANON );
04519 }
04520
04521 pk_type_t ssl_pk_alg_from_sig( unsigned char sig )
04522 {
04523 switch( sig )
04524 {
04525 #if defined(POLARSSL_RSA_C)
04526 case SSL_SIG_RSA:
04527 return( POLARSSL_PK_RSA );
04528 #endif
04529 #if defined(POLARSSL_ECDSA_C)
04530 case SSL_SIG_ECDSA:
04531 return( POLARSSL_PK_ECDSA );
04532 #endif
04533 default:
04534 return( POLARSSL_PK_NONE );
04535 }
04536 }
04537 #endif
04538
04539
04540
04541
04542 md_type_t ssl_md_alg_from_hash( unsigned char hash )
04543 {
04544 switch( hash )
04545 {
04546 #if defined(POLARSSL_MD5_C)
04547 case SSL_HASH_MD5:
04548 return( POLARSSL_MD_MD5 );
04549 #endif
04550 #if defined(POLARSSL_SHA1_C)
04551 case SSL_HASH_SHA1:
04552 return( POLARSSL_MD_SHA1 );
04553 #endif
04554 #if defined(POLARSSL_SHA256_C)
04555 case SSL_HASH_SHA224:
04556 return( POLARSSL_MD_SHA224 );
04557 case SSL_HASH_SHA256:
04558 return( POLARSSL_MD_SHA256 );
04559 #endif
04560 #if defined(POLARSSL_SHA512_C)
04561 case SSL_HASH_SHA384:
04562 return( POLARSSL_MD_SHA384 );
04563 case SSL_HASH_SHA512:
04564 return( POLARSSL_MD_SHA512 );
04565 #endif
04566 default:
04567 return( POLARSSL_MD_NONE );
04568 }
04569 }
04570
04571 #endif