34 #if !defined(POLARSSL_CONFIG_FILE)
37 #include POLARSSL_CONFIG_FILE
40 #if defined(POLARSSL_SSL_TLS_C)
45 #if defined(POLARSSL_X509_CRT_PARSE_C) && \
46 defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
50 #if defined(POLARSSL_PLATFORM_C)
53 #define polarssl_malloc malloc
54 #define polarssl_free free
59 #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
61 #define strcasecmp _stricmp
65 static void polarssl_zeroize(
void *v,
size_t n ) {
66 volatile unsigned char *p = v;
while( n-- ) *p++ = 0;
69 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
93 #if defined(POLARSSL_X509_CRT_PARSE_C)
114 #if defined(POLARSSL_SSL_SESSION_TICKETS)
128 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
130 const unsigned char *key_enc,
const unsigned char *key_dec,
132 const unsigned char *iv_enc,
const unsigned char *iv_dec,
134 const unsigned char *mac_enc,
const unsigned char *mac_dec,
135 size_t maclen ) = NULL;
136 int (*ssl_hw_record_activate)(
ssl_context *ssl,
int direction) = NULL;
137 int (*ssl_hw_record_reset)(
ssl_context *ssl ) = NULL;
138 int (*ssl_hw_record_write)(
ssl_context *ssl ) = NULL;
139 int (*ssl_hw_record_read)(
ssl_context *ssl ) = NULL;
140 int (*ssl_hw_record_finish)(
ssl_context *ssl ) = NULL;
146 #if defined(POLARSSL_SSL_PROTO_SSL3)
147 static int ssl3_prf(
const unsigned char *secret,
size_t slen,
149 const unsigned char *random,
size_t rlen,
150 unsigned char *dstbuf,
size_t dlen )
155 unsigned char padding[16];
156 unsigned char sha1sum[20];
170 for( i = 0; i < dlen / 16; i++ )
172 memset( padding, (
unsigned char) (
'A' + i), 1 + i );
189 polarssl_zeroize( padding,
sizeof( padding ) );
190 polarssl_zeroize( sha1sum,
sizeof( sha1sum ) );
196 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
197 static int tls1_prf(
const unsigned char *secret,
size_t slen,
199 const unsigned char *random,
size_t rlen,
200 unsigned char *dstbuf,
size_t dlen )
204 const unsigned char *S1, *S2;
205 unsigned char tmp[128];
206 unsigned char h_i[20];
208 if(
sizeof( tmp ) < 20 + strlen( label ) + rlen )
211 hs = ( slen + 1 ) / 2;
213 S2 = secret + slen - hs;
215 nb = strlen( label );
216 memcpy( tmp + 20, label, nb );
217 memcpy( tmp + 20 + nb, random, rlen );
223 md5_hmac( S1, hs, tmp + 20, nb, 4 + tmp );
225 for( i = 0; i < dlen; i += 16 )
227 md5_hmac( S1, hs, 4 + tmp, 16 + nb, h_i );
228 md5_hmac( S1, hs, 4 + tmp, 16, 4 + tmp );
230 k = ( i + 16 > dlen ) ? dlen % 16 : 16;
232 for( j = 0; j < k; j++ )
233 dstbuf[i + j] = h_i[j];
241 for( i = 0; i < dlen; i += 20 )
246 k = ( i + 20 > dlen ) ? dlen % 20 : 20;
248 for( j = 0; j < k; j++ )
249 dstbuf[i + j] = (
unsigned char)( dstbuf[i + j] ^ h_i[j] );
252 polarssl_zeroize( tmp,
sizeof( tmp ) );
253 polarssl_zeroize( h_i,
sizeof( h_i ) );
259 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
260 #if defined(POLARSSL_SHA256_C)
261 static int tls_prf_sha256(
const unsigned char *secret,
size_t slen,
263 const unsigned char *random,
size_t rlen,
264 unsigned char *dstbuf,
size_t dlen )
268 unsigned char tmp[128];
269 unsigned char h_i[32];
271 if(
sizeof( tmp ) < 32 + strlen( label ) + rlen )
274 nb = strlen( label );
275 memcpy( tmp + 32, label, nb );
276 memcpy( tmp + 32 + nb, random, rlen );
284 for( i = 0; i < dlen; i += 32 )
289 k = ( i + 32 > dlen ) ? dlen % 32 : 32;
291 for( j = 0; j < k; j++ )
292 dstbuf[i + j] = h_i[j];
295 polarssl_zeroize( tmp,
sizeof( tmp ) );
296 polarssl_zeroize( h_i,
sizeof( h_i ) );
302 #if defined(POLARSSL_SHA512_C)
303 static int tls_prf_sha384(
const unsigned char *secret,
size_t slen,
305 const unsigned char *random,
size_t rlen,
306 unsigned char *dstbuf,
size_t dlen )
310 unsigned char tmp[128];
311 unsigned char h_i[48];
313 if(
sizeof( tmp ) < 48 + strlen( label ) + rlen )
316 nb = strlen( label );
317 memcpy( tmp + 48, label, nb );
318 memcpy( tmp + 48 + nb, random, rlen );
326 for( i = 0; i < dlen; i += 48 )
331 k = ( i + 48 > dlen ) ? dlen % 48 : 48;
333 for( j = 0; j < k; j++ )
334 dstbuf[i + j] = h_i[j];
337 polarssl_zeroize( tmp,
sizeof( tmp ) );
338 polarssl_zeroize( h_i,
sizeof( h_i ) );
345 static void ssl_update_checksum_start(
ssl_context *,
const unsigned char *,
size_t );
347 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
348 defined(POLARSSL_SSL_PROTO_TLS1_1)
349 static void ssl_update_checksum_md5sha1(
ssl_context *,
const unsigned char *,
size_t );
352 #if defined(POLARSSL_SSL_PROTO_SSL3)
353 static void ssl_calc_verify_ssl(
ssl_context *,
unsigned char * );
354 static void ssl_calc_finished_ssl(
ssl_context *,
unsigned char *,
int );
357 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
358 static void ssl_calc_verify_tls(
ssl_context *,
unsigned char * );
359 static void ssl_calc_finished_tls(
ssl_context *,
unsigned char *,
int );
362 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
363 #if defined(POLARSSL_SHA256_C)
364 static void ssl_update_checksum_sha256(
ssl_context *,
const unsigned char *,
size_t );
365 static void ssl_calc_verify_tls_sha256(
ssl_context *,
unsigned char * );
366 static void ssl_calc_finished_tls_sha256(
ssl_context *,
unsigned char *,
int );
369 #if defined(POLARSSL_SHA512_C)
370 static void ssl_update_checksum_sha384(
ssl_context *,
const unsigned char *,
size_t );
371 static void ssl_calc_verify_tls_sha384(
ssl_context *,
unsigned char * );
372 static void ssl_calc_finished_tls_sha384(
ssl_context *,
unsigned char *,
int );
379 unsigned char tmp[64];
380 unsigned char keyblk[256];
383 unsigned char *mac_enc;
384 unsigned char *mac_dec;
396 if( cipher_info == NULL )
404 if( md_info == NULL )
414 #if defined(POLARSSL_SSL_PROTO_SSL3)
423 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
432 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
433 #if defined(POLARSSL_SHA512_C)
437 handshake->
tls_prf = tls_prf_sha384;
438 handshake->
calc_verify = ssl_calc_verify_tls_sha384;
443 #if defined(POLARSSL_SHA256_C)
446 handshake->
tls_prf = tls_prf_sha256;
447 handshake->
calc_verify = ssl_calc_verify_tls_sha256;
468 if( handshake->
resume == 0 )
486 memcpy( handshake->
randbytes, tmp + 32, 32 );
487 memcpy( handshake->
randbytes + 32, tmp, 32 );
488 polarssl_zeroize( tmp,
sizeof( tmp ) );
524 transform->
ivlen = 12;
547 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
574 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
580 #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
595 SSL_DEBUG_MSG( 3, (
"keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
604 key1 = keyblk + transform->
maclen * 2;
605 key2 = keyblk + transform->
maclen * 2 + transform->
keylen;
608 mac_dec = keyblk + transform->
maclen;
615 memcpy( transform->
iv_enc, key2 + transform->
keylen, iv_copy_len );
616 memcpy( transform->
iv_dec, key2 + transform->
keylen + iv_copy_len,
621 key1 = keyblk + transform->
maclen * 2 + transform->
keylen;
622 key2 = keyblk + transform->
maclen * 2;
624 mac_enc = keyblk + transform->
maclen;
632 memcpy( transform->
iv_dec, key1 + transform->
keylen, iv_copy_len );
633 memcpy( transform->
iv_enc, key1 + transform->
keylen + iv_copy_len,
637 #if defined(POLARSSL_SSL_PROTO_SSL3)
651 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
652 defined(POLARSSL_SSL_PROTO_TLS1_2)
665 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
666 if( ssl_hw_record_init != NULL )
672 if( ( ret = ssl_hw_record_init( ssl, key1, key2, transform->
keylen,
676 transform->
maclen ) ) != 0 )
685 cipher_info ) ) != 0 )
692 cipher_info ) ) != 0 )
714 #if defined(POLARSSL_CIPHER_MODE_CBC)
733 polarssl_zeroize( keyblk,
sizeof( keyblk ) );
735 #if defined(POLARSSL_ZLIB_SUPPORT)
740 if( ssl->compress_buf == NULL )
744 if( ssl->compress_buf == NULL )
754 memset( &transform->ctx_deflate, 0,
sizeof( transform->ctx_deflate ) );
755 memset( &transform->ctx_inflate, 0,
sizeof( transform->ctx_inflate ) );
757 if( deflateInit( &transform->ctx_deflate,
758 Z_DEFAULT_COMPRESSION ) != Z_OK ||
759 inflateInit( &transform->ctx_inflate ) != Z_OK )
772 #if defined(POLARSSL_SSL_PROTO_SSL3)
773 void ssl_calc_verify_ssl(
ssl_context *ssl,
unsigned char hash[36] )
777 unsigned char pad_1[48];
778 unsigned char pad_2[48];
785 memset( pad_1, 0x36, 48 );
786 memset( pad_2, 0x5C, 48 );
818 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
819 void ssl_calc_verify_tls(
ssl_context *ssl,
unsigned char hash[36] )
842 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
843 #if defined(POLARSSL_SHA256_C)
844 void ssl_calc_verify_tls_sha256(
ssl_context *ssl,
unsigned char hash[32] )
862 #if defined(POLARSSL_SHA512_C)
863 void ssl_calc_verify_tls_sha384(
ssl_context *ssl,
unsigned char hash[48] )
882 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
895 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
898 if( end - p < 2 + (
int) ssl->
psk_len )
901 *(p++) = (
unsigned char)( ssl->
psk_len >> 8 );
902 *(p++) = (
unsigned char)( ssl->
psk_len );
907 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
920 #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
924 size_t len = end - ( p + 2 );
934 *(p++) = (
unsigned char)( len >> 8 );
935 *(p++) = (
unsigned char)( len );
942 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
949 p + 2, end - ( p + 2 ),
956 *(p++) = (
unsigned char)( zlen >> 8 );
957 *(p++) = (
unsigned char)( zlen );
970 if( end - p < 2 + (
int) ssl->
psk_len )
973 *(p++) = (
unsigned char)( ssl->
psk_len >> 8 );
974 *(p++) = (
unsigned char)( ssl->
psk_len );
984 #if defined(POLARSSL_SSL_PROTO_SSL3)
988 static void ssl_mac(
md_context_t *md_ctx,
unsigned char *secret,
989 unsigned char *buf,
size_t len,
990 unsigned char *ctr,
int type )
992 unsigned char header[11];
993 unsigned char padding[48];
1007 memcpy( header, ctr, 8 );
1008 header[ 8] = (
unsigned char) type;
1009 header[ 9] = (
unsigned char)( len >> 8 );
1010 header[10] = (
unsigned char)( len );
1012 memset( padding, 0x36, padlen );
1020 memset( padding, 0x5C, padlen );
1024 md_update( md_ctx, buf + len, md_size );
1043 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
1044 ( defined(POLARSSL_CIPHER_MODE_CBC) && \
1045 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
1049 #if defined(POLARSSL_SSL_PROTO_SSL3)
1059 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
1060 defined(POLARSSL_SSL_PROTO_TLS1_2)
1088 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
1095 "including %d bytes of padding",
1105 ssl->
out_msg, &olen ) ) != 0 )
1119 #if defined(POLARSSL_GCM_C) || defined(POLARSSL_CCM_C)
1124 size_t enc_msglen, olen;
1125 unsigned char *enc_msg;
1126 unsigned char add_data[13];
1130 memcpy( add_data, ssl->
out_ctr, 8 );
1134 add_data[11] = ( ssl->
out_msglen >> 8 ) & 0xFF;
1165 "including %d bytes of padding",
1178 enc_msg, enc_msglen,
1180 enc_msg + enc_msglen, taglen ) ) != 0 )
1186 if( olen != enc_msglen )
1194 SSL_DEBUG_BUF( 4,
"after encrypt: tag", enc_msg + enc_msglen, taglen );
1198 #if defined(POLARSSL_CIPHER_MODE_CBC) && \
1199 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
1203 unsigned char *enc_msg;
1204 size_t enc_msglen, padlen, olen = 0;
1211 for( i = 0; i <= padlen; i++ )
1219 #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
1247 "including %d bytes of IV and %d bytes of padding",
1257 enc_msg, enc_msglen,
1258 enc_msg, &olen ) ) != 0 )
1264 if( enc_msglen != olen )
1270 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
1290 for( i = 8; i > 0; i-- )
1291 if( ++ssl->
out_ctr[i - 1] != 0 )
1297 SSL_DEBUG_MSG( 1, (
"outgoing message counter would wrap" ) );
1306 #define POLARSSL_SSL_MAX_MAC_SIZE 48
1313 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
1314 ( defined(POLARSSL_CIPHER_MODE_CBC) && \
1315 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
1316 size_t padlen = 0, correct = 1;
1328 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
1340 ssl->
in_msg, &olen ) ) != 0 )
1354 #if defined(POLARSSL_GCM_C) || defined(POLARSSL_CCM_C)
1359 size_t dec_msglen, olen;
1360 unsigned char *dec_msg;
1361 unsigned char *dec_msg_result;
1362 unsigned char add_data[13];
1368 if( ssl->
in_msglen < explicit_iv_len + taglen )
1372 explicit_iv_len, taglen ) );
1375 dec_msglen = ssl->
in_msglen - explicit_iv_len - taglen;
1378 dec_msg_result = ssl->
in_msg;
1381 memcpy( add_data, ssl->
in_ctr, 8 );
1385 add_data[11] = ( ssl->
in_msglen >> 8 ) & 0xFF;
1397 SSL_DEBUG_BUF( 4,
"TAG used", dec_msg + dec_msglen, taglen );
1406 dec_msg, dec_msglen,
1407 dec_msg_result, &olen,
1408 dec_msg + dec_msglen, taglen ) ) != 0 )
1418 if( olen != dec_msglen )
1426 #if defined(POLARSSL_CIPHER_MODE_CBC) && \
1427 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
1434 unsigned char *dec_msg;
1435 unsigned char *dec_msg_result;
1450 #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
1458 SSL_DEBUG_MSG( 1, (
"msglen (%d) < max( ivlen(%d), maclen (%d) "
1467 dec_msg_result = ssl->
in_msg;
1469 #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
1486 dec_msg, dec_msglen,
1487 dec_msg_result, &olen ) ) != 0 )
1493 if( dec_msglen != olen )
1499 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
1515 #if defined(POLARSSL_SSL_DEBUG_ALL)
1516 SSL_DEBUG_MSG( 1, (
"msglen (%d) < maclen (%d) + padlen (%d)",
1523 #if defined(POLARSSL_SSL_PROTO_SSL3)
1528 #if defined(POLARSSL_SSL_DEBUG_ALL)
1530 "should be no more than %d",
1538 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
1539 defined(POLARSSL_SSL_PROTO_TLS1_2)
1546 size_t pad_count = 0, real_count = 1;
1547 size_t padding_idx = ssl->
in_msglen - padlen - 1;
1559 correct &= ( ssl->
in_msglen >= padlen + 1 );
1563 padding_idx *= correct;
1565 for( i = 1; i <= 256; i++ )
1567 real_count &= ( i <= padlen );
1568 pad_count += real_count *
1569 ( ssl->
in_msg[padding_idx + i] == padlen - 1 );
1572 correct &= ( pad_count == padlen );
1574 #if defined(POLARSSL_SSL_DEBUG_ALL)
1575 if( padlen > 0 && correct == 0 )
1578 padlen &= correct * 0x1FF;
1602 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
1603 ( defined(POLARSSL_CIPHER_MODE_CBC) && \
1604 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
1608 unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE];
1617 #if defined(POLARSSL_SSL_PROTO_SSL3)
1627 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
1628 defined(POLARSSL_SSL_PROTO_TLS1_2)
1644 size_t j, extra_run = 0;
1645 extra_run = ( 13 + ssl->
in_msglen + padlen + 8 ) / 64 -
1648 extra_run &= correct * 0xFF;
1655 for( j = 0; j < extra_run; j++ )
1675 #if defined(POLARSSL_SSL_DEBUG_ALL)
1700 "messages, possible DoS attack" ) );
1707 for( i = 8; i > 0; i-- )
1708 if( ++ssl->
in_ctr[i - 1] != 0 )
1714 SSL_DEBUG_MSG( 1, (
"incoming message counter would wrap" ) );
1723 #if defined(POLARSSL_ZLIB_SUPPORT)
1730 unsigned char *msg_post = ssl->
out_msg;
1732 unsigned char *msg_pre = ssl->compress_buf;
1739 memcpy( msg_pre, ssl->
out_msg, len_pre );
1752 ret = deflate( &ssl->
transform_out->ctx_deflate, Z_SYNC_FLUSH );
1755 SSL_DEBUG_MSG( 1, (
"failed to perform compression (%d)", ret ) );
1776 unsigned char *msg_post = ssl->
in_msg;
1778 unsigned char *msg_pre = ssl->compress_buf;
1785 memcpy( msg_pre, ssl->
in_msg, len_pre );
1798 ret = inflate( &ssl->
transform_in->ctx_inflate, Z_SYNC_FLUSH );
1801 SSL_DEBUG_MSG( 1, (
"failed to perform decompression (%d)", ret ) );
1836 while( ssl->
in_left < nb_want )
1902 ssl->
out_msg[1] = (
unsigned char)( ( len - 4 ) >> 16 );
1903 ssl->
out_msg[2] = (
unsigned char)( ( len - 4 ) >> 8 );
1904 ssl->
out_msg[3] = (
unsigned char)( ( len - 4 ) );
1910 #if defined(POLARSSL_ZLIB_SUPPORT)
1914 if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
1924 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
1925 if( ssl_hw_record_write != NULL )
1929 ret = ssl_hw_record_write( ssl );
1945 ssl->
out_hdr[3] = (
unsigned char)( len >> 8 );
1946 ssl->
out_hdr[4] = (
unsigned char)( len );
1950 if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
1957 ssl->
out_hdr[3] = (
unsigned char)( len >> 8 );
1958 ssl->
out_hdr[4] = (
unsigned char)( len );
1964 "version = [%d:%d], msglen = %d",
2004 " %d, type = %d, hslen = %d",
2040 "version = [%d:%d], msglen = %d",
2083 #if defined(POLARSSL_SSL_PROTO_SSL3)
2092 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
2093 defined(POLARSSL_SSL_PROTO_TLS1_2)
2119 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
2120 if( ssl_hw_record_read != NULL )
2124 ret = ssl_hw_record_read( ssl );
2137 if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
2139 #if defined(POLARSSL_SSL_ALERT_MESSAGES)
2161 #if defined(POLARSSL_ZLIB_SUPPORT)
2165 if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
2199 " %d, type = %d, hslen = %d",
2270 unsigned char level,
2271 unsigned char message )
2296 #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
2297 !defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
2298 !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
2299 !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
2300 !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
2301 !defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
2302 !defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
2368 #if defined(POLARSSL_SSL_PROTO_SSL3)
2409 while( crt != NULL )
2419 ssl->
out_msg[i ] = (
unsigned char)( n >> 16 );
2420 ssl->
out_msg[i + 1] = (
unsigned char)( n >> 8 );
2421 ssl->
out_msg[i + 2] = (
unsigned char)( n );
2423 i += 3; memcpy( ssl->
out_msg + i, crt->
raw.
p, n );
2424 i += n; crt = crt->
next;
2427 ssl->
out_msg[4] = (
unsigned char)( ( i - 7 ) >> 16 );
2428 ssl->
out_msg[5] = (
unsigned char)( ( i - 7 ) >> 8 );
2429 ssl->
out_msg[6] = (
unsigned char)( ( i - 7 ) );
2435 #if defined(POLARSSL_SSL_PROTO_SSL3)
2487 #if defined(POLARSSL_SSL_PROTO_SSL3)
2510 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
2511 defined(POLARSSL_SSL_PROTO_TLS1_2)
2518 memcmp( ssl->
in_msg + 4,
"\0\0\0", 3 ) == 0 )
2574 while( i < ssl->in_hslen )
2576 if( ssl->
in_msg[i] != 0 )
2582 n = ( (
unsigned int) ssl->
in_msg[i + 1] << 8 )
2583 | (
unsigned int) ssl->
in_msg[i + 2];
2586 if( n < 128 || i + n > ssl->
in_hslen )
2614 SSL_DEBUG_MSG( 1, (
"new server cert during renegotiation" ) );
2624 SSL_DEBUG_MSG( 1, (
"server cert changed during renegotiation" ) );
2654 #if defined(POLARSSL_SSL_SET_CURVES)
2660 ! ssl_curve_is_acceptable( ssl,
pk_ec( *pk )->grp.id ) )
2673 SSL_DEBUG_MSG( 1, (
"bad certificate (usage extensions)" ) );
2751 ((void) ciphersuite_info);
2753 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
2754 defined(POLARSSL_SSL_PROTO_TLS1_1)
2759 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
2760 #if defined(POLARSSL_SHA512_C)
2765 #if defined(POLARSSL_SHA256_C)
2777 static void ssl_update_checksum_start(
ssl_context *ssl,
2778 const unsigned char *buf,
size_t len )
2780 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
2781 defined(POLARSSL_SSL_PROTO_TLS1_1)
2785 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
2786 #if defined(POLARSSL_SHA256_C)
2789 #if defined(POLARSSL_SHA512_C)
2795 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
2796 defined(POLARSSL_SSL_PROTO_TLS1_1)
2797 static void ssl_update_checksum_md5sha1(
ssl_context *ssl,
2798 const unsigned char *buf,
size_t len )
2805 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
2806 #if defined(POLARSSL_SHA256_C)
2807 static void ssl_update_checksum_sha256(
ssl_context *ssl,
2808 const unsigned char *buf,
size_t len )
2814 #if defined(POLARSSL_SHA512_C)
2815 static void ssl_update_checksum_sha384(
ssl_context *ssl,
2816 const unsigned char *buf,
size_t len )
2823 #if defined(POLARSSL_SSL_PROTO_SSL3)
2824 static void ssl_calc_finished_ssl(
2831 unsigned char padbuf[48];
2832 unsigned char md5sum[16];
2833 unsigned char sha1sum[20];
2853 #if !defined(POLARSSL_MD5_ALT)
2858 #if !defined(POLARSSL_SHA1_ALT)
2866 memset( padbuf, 0x36, 48 );
2868 md5_update( &md5, (
const unsigned char *) sender, 4 );
2873 sha1_update( &sha1, (
const unsigned char *) sender, 4 );
2878 memset( padbuf, 0x5C, 48 );
2897 polarssl_zeroize( padbuf,
sizeof( padbuf ) );
2898 polarssl_zeroize( md5sum,
sizeof( md5sum ) );
2899 polarssl_zeroize( sha1sum,
sizeof( sha1sum ) );
2905 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
2906 static void ssl_calc_finished_tls(
2913 unsigned char padbuf[36];
2930 #if !defined(POLARSSL_MD5_ALT)
2935 #if !defined(POLARSSL_SHA1_ALT)
2942 :
"server finished";
2948 padbuf, 36, buf, len );
2955 polarssl_zeroize( padbuf,
sizeof( padbuf ) );
2961 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
2962 #if defined(POLARSSL_SHA256_C)
2963 static void ssl_calc_finished_tls_sha256(
2969 unsigned char padbuf[32];
2985 #if !defined(POLARSSL_SHA256_ALT)
2992 :
"server finished";
2997 padbuf, 32, buf, len );
3003 polarssl_zeroize( padbuf,
sizeof( padbuf ) );
3009 #if defined(POLARSSL_SHA512_C)
3010 static void ssl_calc_finished_tls_sha384(
3016 unsigned char padbuf[48];
3032 #if !defined(POLARSSL_SHA512_ALT)
3033 SSL_DEBUG_BUF( 4,
"finished sha512 state", (
unsigned char *)
3039 :
"server finished";
3044 padbuf, 48, buf, len );
3050 polarssl_zeroize( padbuf,
sizeof( padbuf ) );
3158 SSL_DEBUG_MSG( 3, (
"switching to new transform spec for outbound data" ) );
3163 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
3164 if( ssl_hw_record_activate != NULL )
3166 if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_OUTBOUND ) ) != 0 )
3188 unsigned int hash_len;
3189 unsigned char buf[36];
3199 SSL_DEBUG_MSG( 3, (
"switching to new transform spec for inbound data" ) );
3202 memset( ssl->
in_ctr, 0, 8 );
3215 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
3216 if( ssl_hw_record_activate != NULL )
3218 if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_INBOUND ) ) != 0 )
3277 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
3278 defined(POLARSSL_SSL_PROTO_TLS1_1)
3284 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
3285 #if defined(POLARSSL_SHA256_C)
3289 #if defined(POLARSSL_SHA512_C)
3298 #if defined(POLARSSL_DHM_C)
3301 #if defined(POLARSSL_ECDH_C)
3359 SSL_DEBUG_MSG( 1, (
"malloc() of ssl sub-contexts failed" ) );
3375 ssl_handshake_params_init( ssl->
handshake );
3377 #if defined(POLARSSL_X509_CRT_PARSE_C)
3406 #if defined(POLARSSL_DHM_C)
3425 if( ssl->
in_ctr == NULL )
3447 #if defined(POLARSSL_SSL_SESSION_TICKETS)
3451 #if defined(POLARSSL_SSL_SET_CURVES)
3455 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
3501 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
3502 if( ssl_hw_record_reset != NULL )
3505 if( ( ret = ssl_hw_record_reset( ssl ) ) != 0 )
3527 #if defined(POLARSSL_SSL_ALPN)
3531 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
3537 #if defined(POLARSSL_SSL_SESSION_TICKETS)
3549 static int ssl_ticket_keys_init(
ssl_context *ssl )
3553 unsigned char buf[16];
3567 ssl_ticket_keys_free( tkeys );
3572 if( ( ret = ssl->
f_rng( ssl->
p_rng, buf, 16 ) ) != 0 ||
3576 ssl_ticket_keys_free( tkeys );
3583 ssl_ticket_keys_free( tkeys );
3601 #if defined(POLARSSL_SSL_SESSION_TICKETS)
3612 #if defined(POLARSSL_X509_CRT_PARSE_C)
3614 int (*f_vrfy)(
void *,
x509_crt *,
int,
int *),
3623 int (*f_rng)(
void *,
unsigned char *,
size_t),
3631 void (*f_dbg)(
void *,
int,
const char *),
3639 int (*f_recv)(
void *,
unsigned char *,
size_t),
void *p_recv,
3640 int (*f_send)(
void *,
const unsigned char *,
size_t),
void *p_send )
3649 int (*f_get_cache)(
void *,
ssl_session *),
void *p_get_cache,
3650 int (*f_set_cache)(
void *,
const ssl_session *),
void *p_set_cache )
3687 const int *ciphersuites,
3688 int major,
int minor )
3699 #if defined(POLARSSL_X509_CRT_PARSE_C)
3706 if( key_cert == NULL )
3721 while( last->
next != NULL )
3723 last->
next = key_cert;
3730 x509_crl *ca_crl,
const char *peer_cn )
3742 if( key_cert == NULL )
3745 key_cert->
cert = own_cert;
3746 key_cert->
key = pk_key;
3751 #if defined(POLARSSL_RSA_C)
3758 if( key_cert == NULL )
3762 if( key_cert->
key == NULL )
3774 key_cert->
cert = own_cert;
3790 if( key_cert == NULL )
3794 if( key_cert->
key == NULL )
3800 rsa_decrypt, rsa_sign, rsa_key_len ) ) != 0 )
3803 key_cert->
cert = own_cert;
3810 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
3812 const unsigned char *psk_identity,
size_t psk_identity_len )
3814 if( psk == NULL || psk_identity == NULL )
3820 if( ssl->
psk != NULL )
3843 int (*f_psk)(
void *,
ssl_context *,
const unsigned char *,
3852 #if defined(POLARSSL_DHM_C)
3892 #if defined(POLARSSL_SSL_SET_CURVES)
3898 ssl->curve_list = curve_list;
3902 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
3905 if( hostname == NULL )
3918 memcpy( ssl->
hostname, (
const unsigned char *) hostname,
3928 const unsigned char *,
size_t),
3936 #if defined(POLARSSL_SSL_ALPN)
3939 size_t cur_len, tot_len;
3947 for( p = protos; *p != NULL; p++ )
3949 cur_len = strlen( *p );
3952 if( cur_len == 0 || cur_len > 255 || tot_len > 65535 )
3987 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
4002 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
4029 #if defined(POLARSSL_SSL_SESSION_TICKETS)
4037 if( ssl->
f_rng == NULL )
4040 return( ssl_ticket_keys_init( ssl ) );
4064 if( ssl == NULL || ssl->
session == NULL )
4075 return(
"SSLv3.0" );
4078 return(
"TLSv1.0" );
4081 return(
"TLSv1.1" );
4084 return(
"TLSv1.2" );
4089 return(
"unknown" );
4092 #if defined(POLARSSL_X509_CRT_PARSE_C)
4095 if( ssl == NULL || ssl->
session == NULL )
4112 return( ssl_session_copy( dst, ssl->
session ) );
4122 #if defined(POLARSSL_SSL_CLI_C)
4127 #if defined(POLARSSL_SSL_SRV_C)
4157 #if defined(POLARSSL_SSL_SRV_C)
4161 static int ssl_write_hello_request(
ssl_context *ssl )
4194 static int ssl_start_renegotiation(
ssl_context *ssl )
4200 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
4225 #if defined(POLARSSL_SSL_SRV_C)
4232 return( ssl_write_hello_request( ssl ) );
4236 #if defined(POLARSSL_SSL_CLI_C)
4246 if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
4319 SSL_DEBUG_MSG( 1, (
"handshake received (not HelloRequest)" ) );
4328 SSL_DEBUG_MSG( 3, (
"ignoring renegotiation, sending alert" ) );
4330 #if defined(POLARSSL_SSL_PROTO_SSL3)
4341 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
4342 defined(POLARSSL_SSL_PROTO_TLS1_2)
4362 if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
4379 "but not honored by client" ) );
4395 memcpy( buf, ssl->
in_offt, n );
4430 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
4434 max_len = mfl_code_to_length[ssl->
mfl_code];
4446 n = ( len < max_len) ? len : max_len;
4460 memcpy( ssl->
out_msg, buf, n );
4506 if( transform == NULL )
4509 #if defined(POLARSSL_ZLIB_SUPPORT)
4510 deflateEnd( &transform->ctx_deflate );
4511 inflateEnd( &transform->ctx_inflate );
4523 #if defined(POLARSSL_X509_CRT_PARSE_C)
4524 static void ssl_key_cert_free(
ssl_key_cert *key_cert )
4528 while( cur != NULL )
4546 if( handshake == NULL )
4549 #if defined(POLARSSL_DHM_C)
4552 #if defined(POLARSSL_ECDH_C)
4556 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
4561 #if defined(POLARSSL_X509_CRT_PARSE_C) && \
4562 defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
4571 while( cur != NULL )
4585 if( session == NULL )
4588 #if defined(POLARSSL_X509_CRT_PARSE_C)
4596 #if defined(POLARSSL_SSL_SESSION_TICKETS)
4600 polarssl_zeroize( session,
sizeof(
ssl_session ) );
4619 if( ssl->
in_ctr != NULL )
4625 #if defined(POLARSSL_ZLIB_SUPPORT)
4626 if( ssl->compress_buf != NULL )
4633 #if defined(POLARSSL_DHM_C)
4661 #if defined(POLARSSL_SSL_SESSION_TICKETS)
4669 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
4678 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
4679 if( ssl->
psk != NULL )
4690 #if defined(POLARSSL_X509_CRT_PARSE_C)
4691 ssl_key_cert_free( ssl->
key_cert );
4694 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
4695 if( ssl_hw_record_finish != NULL )
4698 ssl_hw_record_finish( ssl );
4708 #if defined(POLARSSL_PK_C)
4714 #if defined(POLARSSL_RSA_C)
4718 #if defined(POLARSSL_ECDSA_C)
4729 #if defined(POLARSSL_RSA_C)
4733 #if defined(POLARSSL_ECDSA_C)
4750 #if defined(POLARSSL_MD5_C)
4754 #if defined(POLARSSL_SHA1_C)
4758 #if defined(POLARSSL_SHA256_C)
4764 #if defined(POLARSSL_SHA512_C)
4775 #if defined(POLARSSL_SSL_SET_CURVES)
4785 if( *gid == grp_id )
4792 #if defined(POLARSSL_X509_CRT_PARSE_C)
4797 #if defined(POLARSSL_X509_CHECK_KEY_USAGE)
4800 #if defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
4801 const char *ext_oid;
4805 #if !defined(POLARSSL_X509_CHECK_KEY_USAGE) && \
4806 !defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
4808 ((void) cert_endpoint);
4811 #if defined(POLARSSL_X509_CHECK_KEY_USAGE)
4850 ((void) ciphersuite);
4853 #if defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)