28 #if defined(POLARSSL_SSL_SRV_C)
37 static int ssl_parse_servername_ext(
ssl_context *ssl,
38 const unsigned char *buf,
42 size_t servername_list_size, hostname_len;
43 const unsigned char *p;
45 servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
46 if( servername_list_size + 2 != len )
53 while( servername_list_size > 0 )
55 hostname_len = ( ( p[1] << 8 ) | p[2] );
56 if( hostname_len + 3 > servername_list_size )
64 ret = ssl->
f_sni( ssl->
p_sni, ssl, p + 3, hostname_len );
74 servername_list_size -= hostname_len + 3;
75 p += hostname_len + 3;
78 if( servername_list_size != 0 )
87 static int ssl_parse_renegotiation_info(
ssl_context *ssl,
88 const unsigned char *buf,
95 if( len != 1 || buf[0] != 0x0 )
97 SSL_DEBUG_MSG( 1, (
"non-zero length renegotiated connection field" ) );
113 SSL_DEBUG_MSG( 1, (
"non-matching renegotiated connection field" ) );
125 static int ssl_parse_signature_algorithms_ext(
ssl_context *ssl,
126 const unsigned char *buf,
129 size_t sig_alg_list_size;
130 const unsigned char *p;
132 sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
133 if( sig_alg_list_size + 2 != len ||
134 sig_alg_list_size %2 != 0 )
141 while( sig_alg_list_size > 0 )
145 sig_alg_list_size -= 2;
149 #if defined(POLARSSL_SHA4_C)
161 #if defined(POLARSSL_SHA2_C)
184 sig_alg_list_size -= 2;
188 SSL_DEBUG_MSG( 3, (
"client hello v3, signature_algorithm ext: %d",
194 static int ssl_parse_client_hello(
ssl_context *ssl )
199 unsigned int ciph_len, sess_len;
200 unsigned int comp_len;
201 unsigned int ext_len = 0;
202 unsigned char *buf, *p, *ext;
203 int renegotiation_info_seen = 0;
204 int handshake_failure = 0;
222 ( buf[3] << 8 ) | buf[4] ) );
223 SSL_DEBUG_MSG( 3, (
"client hello v3, protocol ver: [%d:%d]",
241 n = ( buf[3] << 8 ) | buf[4];
243 if( n < 45 || n > 512 )
283 ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) );
284 SSL_DEBUG_MSG( 3, (
"client hello v3, max. version: [%d:%d]",
303 SSL_DEBUG_MSG( 1, (
"client only supports ssl smaller than minimum"
321 if( buf[1] != 0 || n != (
unsigned int) 4 + ( ( buf[2] << 8 ) | buf[3] ) )
347 ciph_len = ( buf[39 + sess_len] << 8 )
348 | ( buf[40 + sess_len] );
350 if( ciph_len < 2 || ciph_len > 256 || ( ciph_len % 2 ) != 0 )
359 comp_len = buf[41 + sess_len + ciph_len];
361 if( comp_len < 1 || comp_len > 16 )
370 if( n > 42 + sess_len + ciph_len + comp_len )
372 ext_len = ( buf[42 + sess_len + ciph_len + comp_len] << 8 )
373 | ( buf[43 + sess_len + ciph_len + comp_len] );
375 if( ( ext_len > 0 && ext_len < 4 ) ||
376 n != 44 + sess_len + ciph_len + comp_len + ext_len )
379 SSL_DEBUG_BUF( 3,
"Ext", buf + 44 + sess_len + ciph_len + comp_len, ext_len);
385 #if defined(POLARSSL_ZLIB_SUPPORT)
386 for( i = 0; i < comp_len; ++i )
399 buf + 38, sess_len );
401 buf + 41 + sess_len, ciph_len );
403 buf + 42 + sess_len + ciph_len, comp_len );
408 for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 )
412 SSL_DEBUG_MSG( 3, (
"received TLS_EMPTY_RENEGOTIATION_INFO " ) );
415 SSL_DEBUG_MSG( 1, (
"received RENEGOTIATION SCSV during renegotiation" ) );
432 for( j = 0, p = buf + 41 + sess_len; j < ciph_len;
436 goto have_ciphersuite;
448 ext = buf + 44 + sess_len + ciph_len + comp_len;
452 unsigned int ext_id = ( ( ext[0] << 8 )
454 unsigned int ext_size = ( ( ext[2] << 8 )
457 if( ext_size + 4 > ext_len )
466 if( ssl->
f_sni == NULL )
469 ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
476 renegotiation_info_seen = 1;
478 ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
484 SSL_DEBUG_MSG( 3, (
"found signature_algorithms extension" ) );
488 ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
494 SSL_DEBUG_MSG( 3, (
"unknown extension found: %d (ignoring)",
498 ext_len -= 4 + ext_size;
501 if( ext_len > 0 && ext_len < 4 )
514 SSL_DEBUG_MSG( 1, (
"legacy renegotiation, breaking off handshake" ) );
515 handshake_failure = 1;
519 renegotiation_info_seen == 0 )
521 SSL_DEBUG_MSG( 1, (
"renegotiation_info extension missing (secure)" ) );
522 handshake_failure = 1;
529 handshake_failure = 1;
533 renegotiation_info_seen == 1 )
535 SSL_DEBUG_MSG( 1, (
"renegotiation_info extension present (legacy)" ) );
536 handshake_failure = 1;
539 if( handshake_failure == 1 )
555 static int ssl_write_server_hello(
ssl_context *ssl )
560 unsigned char *buf, *p;
581 *p++ = (
unsigned char)( t >> 24 );
582 *p++ = (
unsigned char)( t >> 16 );
583 *p++ = (
unsigned char)( t >> 8 );
584 *p++ = (
unsigned char)( t );
586 SSL_DEBUG_MSG( 3, (
"server hello, current time: %lu", t ) );
588 if( ( ret = ssl->
f_rng( ssl->
p_rng, p, 28 ) ) != 0 )
595 SSL_DEBUG_BUF( 3,
"server hello, random bytes", buf + 6, 32 );
638 SSL_DEBUG_MSG( 3, (
"server hello, session id len.: %d", n ) );
652 SSL_DEBUG_MSG( 3, (
"server hello, prepping for secure renegotiation extension" ) );
655 SSL_DEBUG_MSG( 3, (
"server hello, total extension length: %d",
658 *p++ = (
unsigned char)( ( ext_len >> 8 ) & 0xFF );
659 *p++ = (
unsigned char)( ( ext_len ) & 0xFF );
664 SSL_DEBUG_MSG( 3, (
"client hello, secure renegotiation extension" ) );
689 static int ssl_write_certificate_request(
ssl_context *ssl )
692 size_t n = 0, dn_size, total_dn_size;
693 unsigned char *buf, *p;
763 *p++ = (
unsigned char)( dn_size >> 8 );
764 *p++ = (
unsigned char)( dn_size );
770 total_dn_size += 2 + dn_size;
777 ssl->
out_msg[6 + n] = (
unsigned char)( total_dn_size >> 8 );
778 ssl->
out_msg[7 + n] = (
unsigned char)( total_dn_size );
787 static int ssl_write_server_key_exchange(
ssl_context *ssl )
789 #if defined(POLARSSL_DHM_C)
791 size_t n, rsa_key_len = 0;
792 unsigned char hash[64];
794 unsigned int hashlen = 0;
817 #if !defined(POLARSSL_DHM_C)
898 #if defined(POLARSSL_SHA4_C)
925 #if defined(POLARSSL_SHA2_C)
991 ssl->
out_msg[4 + n] = (
unsigned char)( rsa_key_len >> 8 );
992 ssl->
out_msg[5 + n] = (
unsigned char)( rsa_key_len );
998 hash_id, hashlen, hash,
1028 static int ssl_write_server_hello_done(
ssl_context *ssl )
1051 static int ssl_parse_client_key_exchange(
ssl_context *ssl )
1089 #if !defined(POLARSSL_DHM_C)
1106 ssl->
in_msg + 6, n ) ) != 0 )
1146 if( ssl->
in_msg[4] != ( ( n >> 8 ) & 0xFF ) ||
1147 ssl->
in_msg[5] != ( ( n ) & 0xFF ) )
1202 static int ssl_parse_certificate_verify(
ssl_context *ssl )
1205 size_t n = 0, n1, n2;
1206 unsigned char hash[48];
1208 unsigned int hashlen;
1250 SSL_DEBUG_MSG( 1, (
"peer not adhering to requested sig_alg for verify message" ) );
1276 if( n + n1 + 6 != ssl->
in_hslen || n1 != n2 )
1283 hash_id, hashlen, hash, ssl->
in_msg + 6 + n );
1310 switch( ssl->
state )
1320 ret = ssl_parse_client_hello( ssl );
1331 ret = ssl_write_server_hello( ssl );
1339 ret = ssl_write_server_key_exchange( ssl );
1343 ret = ssl_write_certificate_request( ssl );
1347 ret = ssl_write_server_hello_done( ssl );
1362 ret = ssl_parse_client_key_exchange( ssl );
1366 ret = ssl_parse_certificate_verify( ssl );