1: /*
2: * Copyright (c) 2007, Cameron Rich
3: *
4: * All rights reserved.
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions are met:
8: *
9: * * Redistributions of source code must retain the above copyright notice,
10: * this list of conditions and the following disclaimer.
11: * * Redistributions in binary form must reproduce the above copyright notice,
12: * this list of conditions and the following disclaimer in the documentation
13: * and/or other materials provided with the distribution.
14: * * Neither the name of the axTLS project nor the names of its contributors
15: * may be used to endorse or promote products derived from this software
16: * without specific prior written permission.
17: *
18: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21: * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25: * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26: * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27: * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29: */
30:
31: /**
32: * Common ssl/tlsv1 code to both the client and server implementations.
33: */
34:
35: #include <string.h>
36: #include <stdlib.h>
37: #include <stdio.h>
38: #include <stdarg.h>
39: #include "os_port.h"
40: #include "ssl.h"
41:
42: /* The session expiry time */
43: #define SSL_EXPIRY_TIME (CONFIG_SSL_EXPIRY_TIME*3600)
44:
45: static const uint8_t g_hello_request[] = { HS_HELLO_REQUEST, 0, 0, 0 };
46: static const uint8_t g_chg_cipher_spec_pkt[] = { 1 };
47: static const char * server_finished = "server finished";
48: static const char * client_finished = "client finished";
49:
50: static int do_handshake(SSL *ssl, uint8_t *buf, int read_len);
51: static int set_key_block(SSL *ssl, int is_write);
52: static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
53: static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt);
54: static int send_raw_packet(SSL *ssl, uint8_t protocol);
55:
56: /**
57: * The server will pick the cipher based on the order that the order that the
58: * ciphers are listed. This order is defined at compile time.
59: */
60: #ifdef CONFIG_SSL_SKELETON_MODE
61: const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] =
62: { SSL_RC4_128_SHA };
63: #else
64: static void session_free(SSL_SESSION *ssl_sessions[], int sess_index);
65:
66: const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] =
67: #ifdef CONFIG_SSL_PROT_LOW /* low security, fast speed */
68: { SSL_RC4_128_SHA, SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_MD5 };
69: #elif CONFIG_SSL_PROT_MEDIUM /* medium security, medium speed */
70: { SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };
71: #else /* CONFIG_SSL_PROT_HIGH */ /* high security, low speed */
72: { SSL_AES256_SHA, SSL_AES128_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };
73: #endif
74: #endif /* CONFIG_SSL_SKELETON_MODE */
75:
76: /**
77: * The cipher map containing all the essentials for each cipher.
78: */
79: #ifdef CONFIG_SSL_SKELETON_MODE
80: static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
81: {
82: { /* RC4-SHA */
83: SSL_RC4_128_SHA, /* RC4-SHA */
84: 16, /* key size */
85: 0, /* iv size */
86: 2*(SHA1_SIZE+16), /* key block size */
87: 0, /* no padding */
88: SHA1_SIZE, /* digest size */
89: hmac_sha1, /* hmac algorithm */
90: (crypt_func)RC4_crypt, /* encrypt */
91: (crypt_func)RC4_crypt /* decrypt */
92: },
93: };
94: #else
95: static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
96: {
97: { /* AES128-SHA */
98: SSL_AES128_SHA, /* AES128-SHA */
99: 16, /* key size */
100: 16, /* iv size */
101: 2*(SHA1_SIZE+16+16), /* key block size */
102: 16, /* block padding size */
103: SHA1_SIZE, /* digest size */
104: hmac_sha1, /* hmac algorithm */
105: (crypt_func)AES_cbc_encrypt, /* encrypt */
106: (crypt_func)AES_cbc_decrypt /* decrypt */
107: },
108: { /* AES256-SHA */
109: SSL_AES256_SHA, /* AES256-SHA */
110: 32, /* key size */
111: 16, /* iv size */
112: 2*(SHA1_SIZE+32+16), /* key block size */
113: 16, /* block padding size */
114: SHA1_SIZE, /* digest size */
115: hmac_sha1, /* hmac algorithm */
116: (crypt_func)AES_cbc_encrypt, /* encrypt */
117: (crypt_func)AES_cbc_decrypt /* decrypt */
118: },
119: { /* RC4-SHA */
120: SSL_RC4_128_SHA, /* RC4-SHA */
121: 16, /* key size */
122: 0, /* iv size */
123: 2*(SHA1_SIZE+16), /* key block size */
124: 0, /* no padding */
125: SHA1_SIZE, /* digest size */
126: hmac_sha1, /* hmac algorithm */
127: (crypt_func)RC4_crypt, /* encrypt */
128: (crypt_func)RC4_crypt /* decrypt */
129: },
130: /*
131: * This protocol is from SSLv2 days and is unlikely to be used - but was
132: * useful for testing different possible digest algorithms.
133: */
134: { /* RC4-MD5 */
135: SSL_RC4_128_MD5, /* RC4-MD5 */
136: 16, /* key size */
137: 0, /* iv size */
138: 2*(MD5_SIZE+16), /* key block size */
139: 0, /* no padding */
140: MD5_SIZE, /* digest size */
141: hmac_md5, /* hmac algorithm */
142: (crypt_func)RC4_crypt, /* encrypt */
143: (crypt_func)RC4_crypt /* decrypt */
144: },
145: };
146: #endif
147:
148: static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
149: uint8_t *out, int olen);
150: static const cipher_info_t *get_cipher_info(uint8_t cipher);
151: static void increment_read_sequence(SSL *ssl);
152: static void increment_write_sequence(SSL *ssl);
153: static void add_hmac_digest(SSL *ssl, int snd, uint8_t *hmac_header,
154: const uint8_t *buf, int buf_len, uint8_t *hmac_buf);
155:
156: /* win32 VC6.0 doesn't have variadic macros */
157: #if defined(WIN32) && !defined(CONFIG_SSL_FULL_MODE)
158: void DISPLAY_BYTES(SSL *ssl, const char *format,
159: const uint8_t *data, int size, ...) {}
160: #endif
161:
162: /**
163: * Establish a new client/server context.
164: */
165: EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
166: {
167: SSL_CTX *ssl_ctx = (SSL_CTX *)calloc(1, sizeof (SSL_CTX));
168: ssl_ctx->options = options;
169: RNG_initialize();
170:
171: if (load_key_certs(ssl_ctx) < 0)
172: {
173: free(ssl_ctx); /* can't load our key/certificate pair, so die */
174: return NULL;
175: }
176:
177: #ifndef CONFIG_SSL_SKELETON_MODE
178: ssl_ctx->num_sessions = num_sessions;
179: #endif
180:
181: SSL_CTX_MUTEX_INIT(ssl_ctx->mutex);
182:
183: #ifndef CONFIG_SSL_SKELETON_MODE
184: if (num_sessions)
185: {
186: ssl_ctx->ssl_sessions = (SSL_SESSION **)
187: calloc(1, num_sessions*sizeof(SSL_SESSION *));
188: }
189: #endif
190:
191: return ssl_ctx;
192: }
193:
194: /*
195: * Remove a client/server context.
196: */
197: EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx)
198: {
199: SSL *ssl;
200: int i;
201:
202: if (ssl_ctx == NULL)
203: return;
204:
205: ssl = ssl_ctx->head;
206:
207: /* clear out all the ssl entries */
208: while (ssl)
209: {
210: SSL *next = ssl->next;
211: ssl_free(ssl);
212: ssl = next;
213: }
214:
215: #ifndef CONFIG_SSL_SKELETON_MODE
216: /* clear out all the sessions */
217: for (i = 0; i < ssl_ctx->num_sessions; i++)
218: session_free(ssl_ctx->ssl_sessions, i);
219:
220: free(ssl_ctx->ssl_sessions);
221: #endif
222:
223: i = 0;
224: while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf)
225: {
226: free(ssl_ctx->certs[i].buf);
227: ssl_ctx->certs[i++].buf = NULL;
228: }
229:
230: #ifdef CONFIG_SSL_CERT_VERIFICATION
231: remove_ca_certs(ssl_ctx->ca_cert_ctx);
232: #endif
233: ssl_ctx->chain_length = 0;
234: SSL_CTX_MUTEX_DESTROY(ssl_ctx->mutex);
235: RSA_free(ssl_ctx->rsa_ctx);
236: RNG_terminate();
237: free(ssl_ctx);
238: }
239:
240: /*
241: * Free any used resources used by this connection.
242: */
243: EXP_FUNC void STDCALL ssl_free(SSL *ssl)
244: {
245: SSL_CTX *ssl_ctx;
246:
247: if (ssl == NULL) /* just ignore null pointers */
248: return;
249:
250: /* only notify if we weren't notified first */
251: /* spec says we must notify when we are dying */
252: if (!IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
253: send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
254:
255: ssl_ctx = ssl->ssl_ctx;
256:
257: SSL_CTX_LOCK(ssl_ctx->mutex);
258:
259: /* adjust the server SSL list */
260: if (ssl->prev)
261: ssl->prev->next = ssl->next;
262: else
263: ssl_ctx->head = ssl->next;
264:
265: if (ssl->next)
266: ssl->next->prev = ssl->prev;
267: else
268: ssl_ctx->tail = ssl->prev;
269:
270: SSL_CTX_UNLOCK(ssl_ctx->mutex);
271:
272: /* may already be free - but be sure */
273: free(ssl->encrypt_ctx);
274: free(ssl->decrypt_ctx);
275: disposable_free(ssl);
276: #ifdef CONFIG_SSL_CERT_VERIFICATION
277: x509_free(ssl->x509_ctx);
278: #endif
279:
280: free(ssl);
281: }
282:
283: /*
284: * Read the SSL connection and send any alerts for various errors.
285: */
286: EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
287: {
288: int ret = basic_read(ssl, in_data);
289:
290: /* check for return code so we can send an alert */
291: if (ret < SSL_OK && ret != SSL_CLOSE_NOTIFY)
292: {
293: if (ret != SSL_ERROR_CONN_LOST)
294: {
295: send_alert(ssl, ret);
296: #ifndef CONFIG_SSL_SKELETON_MODE
297: /* something nasty happened, so get rid of this session */
298: kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
299: #endif
300: }
301: }
302:
303: return ret;
304: }
305:
306: /*
307: * Write application data to the client
308: */
309: EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
310: {
311: int n = out_len, nw, i, tot = 0;
312:
313: /* maximum size of a TLS packet is around 16kB, so fragment */
314: do
315: {
316: nw = n;
317:
318: if (nw > RT_MAX_PLAIN_LENGTH) /* fragment if necessary */
319: nw = RT_MAX_PLAIN_LENGTH;
320:
321: if ((i = send_packet(ssl, PT_APP_PROTOCOL_DATA,
322: &out_data[tot], nw)) <= 0)
323: {
324: out_len = i; /* an error */
325: break;
326: }
327:
328: tot += i;
329: n -= i;
330: } while (n > 0);
331:
332: return out_len;
333: }
334:
335: /**
336: * Add a certificate to the certificate chain.
337: */
338: int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
339: {
340: int ret = SSL_ERROR_NO_CERT_DEFINED, i = 0;
341: SSL_CERT *ssl_cert;
342: X509_CTX *cert = NULL;
343: int offset;
344:
345: while (ssl_ctx->certs[i].buf && i < CONFIG_SSL_MAX_CERTS)
346: i++;
347:
348: if (i == CONFIG_SSL_MAX_CERTS) /* too many certs */
349: {
350: #ifdef CONFIG_SSL_FULL_MODE
351: printf("Error: maximum number of certs added (%d) - change of "
352: "compile-time configuration required\n",
353: CONFIG_SSL_MAX_CERTS);
354: #endif
355: goto error;
356: }
357:
358: if ((ret = x509_new(buf, &offset, &cert)))
359: goto error;
360:
361: #if defined (CONFIG_SSL_FULL_MODE)
362: if (ssl_ctx->options & SSL_DISPLAY_CERTS)
363: x509_print(cert, NULL);
364: #endif
365:
366: ssl_cert = &ssl_ctx->certs[i];
367: ssl_cert->size = len;
368: ssl_cert->buf = (uint8_t *)malloc(len);
369: memcpy(ssl_cert->buf, buf, len);
370: ssl_ctx->chain_length++;
371: len -= offset;
372: ret = SSL_OK; /* ok so far */
373:
374: /* recurse? */
375: if (len > 0)
376: {
377: ret = add_cert(ssl_ctx, &buf[offset], len);
378: }
379:
380: error:
381: x509_free(cert); /* don't need anymore */
382: return ret;
383: }
384:
385: #ifdef CONFIG_SSL_CERT_VERIFICATION
386: /**
387: * Add a certificate authority.
388: */
389: int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
390: {
391: int ret = SSL_OK; /* ignore errors for now */
392: int i = 0;
393: CA_CERT_CTX *ca_cert_ctx;
394:
395: if (ssl_ctx->ca_cert_ctx == NULL)
396: ssl_ctx->ca_cert_ctx = (CA_CERT_CTX *)calloc(1, sizeof(CA_CERT_CTX));
397:
398: ca_cert_ctx = ssl_ctx->ca_cert_ctx;
399:
400: while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
401: i++;
402:
403: while (len > 0)
404: {
405: int offset;
406: if (i >= CONFIG_X509_MAX_CA_CERTS)
407: {
408: #ifdef CONFIG_SSL_FULL_MODE
409: printf("Error: maximum number of CA certs added (%d) - change of "
410: "compile-time configuration required\n",
411: CONFIG_X509_MAX_CA_CERTS);
412: #endif
413: break;
414: }
415:
416:
417: /* ignore the return code */
418: if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
419: {
420: #if defined (CONFIG_SSL_FULL_MODE)
421: if (ssl_ctx->options & SSL_DISPLAY_CERTS)
422: x509_print(ca_cert_ctx->cert[i], NULL);
423: #endif
424: }
425:
426: i++;
427: len -= offset;
428: }
429:
430: return ret;
431: }
432:
433: /*
434: * Retrieve an X.509 distinguished name component
435: */
436: EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
437: {
438: if (ssl->x509_ctx == NULL)
439: return NULL;
440:
441: switch (component)
442: {
443: case SSL_X509_CERT_COMMON_NAME:
444: return ssl->x509_ctx->cert_dn[X509_COMMON_NAME];
445:
446: case SSL_X509_CERT_ORGANIZATION:
447: return ssl->x509_ctx->cert_dn[X509_ORGANIZATION];
448:
449: case SSL_X509_CERT_ORGANIZATIONAL_NAME:
450: return ssl->x509_ctx->cert_dn[X509_ORGANIZATIONAL_UNIT];
451:
452: case SSL_X509_CA_CERT_COMMON_NAME:
453: return ssl->x509_ctx->ca_cert_dn[X509_COMMON_NAME];
454:
455: case SSL_X509_CA_CERT_ORGANIZATION:
456: return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATION];
457:
458: case SSL_X509_CA_CERT_ORGANIZATIONAL_NAME:
459: return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATIONAL_UNIT];
460:
461: default:
462: return NULL;
463: }
464: }
465:
466: /*
467: * Retrieve a "Subject Alternative Name" from a v3 certificate
468: */
469: EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl,
470: int dnsindex)
471: {
472: int i;
473:
474: if (ssl->x509_ctx == NULL || ssl->x509_ctx->subject_alt_dnsnames == NULL)
475: return NULL;
476:
477: for (i = 0; i < dnsindex; ++i)
478: {
479: if (ssl->x509_ctx->subject_alt_dnsnames[i] == NULL)
480: return NULL;
481: }
482:
483: return ssl->x509_ctx->subject_alt_dnsnames[dnsindex];
484: }
485:
486: #endif /* CONFIG_SSL_CERT_VERIFICATION */
487:
488: /*
489: * Find an ssl object based on the client's file descriptor.
490: */
491: EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd)
492: {
493: SSL *ssl;
494:
495: SSL_CTX_LOCK(ssl_ctx->mutex);
496: ssl = ssl_ctx->head;
497:
498: /* search through all the ssl entries */
499: while (ssl)
500: {
501: if (ssl->client_fd == client_fd)
502: {
503: SSL_CTX_UNLOCK(ssl_ctx->mutex);
504: return ssl;
505: }
506:
507: ssl = ssl->next;
508: }
509:
510: SSL_CTX_UNLOCK(ssl_ctx->mutex);
511: return NULL;
512: }
513:
514: /*
515: * Force the client to perform its handshake again.
516: */
517: EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl)
518: {
519: int ret = SSL_OK;
520:
521: disposable_new(ssl);
522: #ifdef CONFIG_SSL_ENABLE_CLIENT
523: if (IS_SET_SSL_FLAG(SSL_IS_CLIENT))
524: {
525: ret = do_client_connect(ssl);
526: }
527: else
528: #endif
529: {
530: send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
531: g_hello_request, sizeof(g_hello_request));
532: SET_SSL_FLAG(SSL_NEED_RECORD);
533: }
534:
535: return ret;
536: }
537:
538: /**
539: * @brief Get what we need for key info.
540: * @param cipher [in] The cipher information we are after
541: * @param key_size [out] The key size for the cipher
542: * @param iv_size [out] The iv size for the cipher
543: * @return The amount of key information we need.
544: */
545: static const cipher_info_t *get_cipher_info(uint8_t cipher)
546: {
547: int i;
548:
549: for (i = 0; i < NUM_PROTOCOLS; i++)
550: {
551: if (cipher_info[i].cipher == cipher)
552: {
553: return &cipher_info[i];
554: }
555: }
556:
557: return NULL; /* error */
558: }
559:
560: /*
561: * Get a new ssl context for a new connection.
562: */
563: SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
564: {
565: SSL *ssl = (SSL *)calloc(1, sizeof(SSL));
566: ssl->ssl_ctx = ssl_ctx;
567: ssl->need_bytes = SSL_RECORD_SIZE; /* need a record */
568: ssl->client_fd = client_fd;
569: ssl->flag = SSL_NEED_RECORD;
570: ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */
571: ssl->hs_status = SSL_NOT_OK; /* not connected */
572: #ifdef CONFIG_ENABLE_VERIFICATION
573: ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
574: #endif
575: disposable_new(ssl);
576:
577: /* a bit hacky but saves a few bytes of memory */
578: ssl->flag |= ssl_ctx->options;
579: SSL_CTX_LOCK(ssl_ctx->mutex);
580:
581: if (ssl_ctx->head == NULL)
582: {
583: ssl_ctx->head = ssl;
584: ssl_ctx->tail = ssl;
585: }
586: else
587: {
588: ssl->prev = ssl_ctx->tail;
589: ssl_ctx->tail->next = ssl;
590: ssl_ctx->tail = ssl;
591: }
592:
593: SSL_CTX_UNLOCK(ssl_ctx->mutex);
594: return ssl;
595: }
596:
597: /*
598: * Add a private key to a context.
599: */
600: int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj)
601: {
602: int ret = SSL_OK;
603:
604: /* get the private key details */
605: if (asn1_get_private_key(ssl_obj->buf, ssl_obj->len, &ssl_ctx->rsa_ctx))
606: {
607: ret = SSL_ERROR_INVALID_KEY;
608: goto error;
609: }
610:
611: error:
612: return ret;
613: }
614:
615: /**
616: * Increment the read sequence number (as a 64 bit endian indepenent #)
617: */
618: static void increment_read_sequence(SSL *ssl)
619: {
620: int i;
621:
622: for (i = 7; i >= 0; i--)
623: {
624: if (++ssl->read_sequence[i])
625: break;
626: }
627: }
628:
629: /**
630: * Increment the read sequence number (as a 64 bit endian indepenent #)
631: */
632: static void increment_write_sequence(SSL *ssl)
633: {
634: int i;
635:
636: for (i = 7; i >= 0; i--)
637: {
638: if (++ssl->write_sequence[i])
639: break;
640: }
641: }
642:
643: /**
644: * Work out the HMAC digest in a packet.
645: */
646: static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
647: const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
648: {
649: int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
650: uint8_t *t_buf = (uint8_t *)alloca(hmac_len+10);
651:
652: memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ?
653: ssl->write_sequence : ssl->read_sequence, 8);
654: memcpy(&t_buf[8], hmac_header, SSL_RECORD_SIZE);
655: memcpy(&t_buf[8+SSL_RECORD_SIZE], buf, buf_len);
656:
657: ssl->cipher_info->hmac(t_buf, hmac_len,
658: (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ?
659: ssl->server_mac : ssl->client_mac,
660: ssl->cipher_info->digest_size, hmac_buf);
661:
662: #if 0
663: print_blob("record", ssl->hmac_tx, SSL_RECORD_SIZE);
664: print_blob("buf", buf, buf_len);
665: if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE)
666: {
667: print_blob("write seq", ssl->write_sequence, 8);
668: }
669: else
670: {
671: print_blob("read seq", ssl->read_sequence, 8);
672: }
673:
674: if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ)
675: {
676: print_blob("server mac",
677: ssl->server_mac, ssl->cipher_info->digest_size);
678: }
679: else
680: {
681: print_blob("client mac",
682: ssl->client_mac, ssl->cipher_info->digest_size);
683: }
684: print_blob("hmac", hmac_buf, SHA1_SIZE);
685: #endif
686: }
687:
688: /**
689: * Verify that the digest of a packet is correct.
690: */
691: static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
692: {
693: uint8_t hmac_buf[SHA1_SIZE];
694: int hmac_offset;
695:
696: if (ssl->cipher_info->padding_size)
697: {
698: int last_blk_size = buf[read_len-1], i;
699: hmac_offset = read_len-last_blk_size-ssl->cipher_info->digest_size-1;
700:
701: /* guard against a timing attack - make sure we do the digest */
702: if (hmac_offset < 0)
703: {
704: hmac_offset = 0;
705: }
706: else
707: {
708: /* already looked at last byte */
709: for (i = 1; i < last_blk_size; i++)
710: {
711: if (buf[read_len-i] != last_blk_size)
712: {
713: hmac_offset = 0;
714: break;
715: }
716: }
717: }
718: }
719: else /* stream cipher */
720: {
721: hmac_offset = read_len - ssl->cipher_info->digest_size;
722:
723: if (hmac_offset < 0)
724: {
725: hmac_offset = 0;
726: }
727: }
728:
729: /* sanity check the offset */
730: ssl->hmac_header[3] = hmac_offset >> 8; /* insert size */
731: ssl->hmac_header[4] = hmac_offset & 0xff;
732: add_hmac_digest(ssl, mode, ssl->hmac_header, buf, hmac_offset, hmac_buf);
733:
734: if (memcmp(hmac_buf, &buf[hmac_offset], ssl->cipher_info->digest_size))
735: {
736: return SSL_ERROR_INVALID_HMAC;
737: }
738:
739: return hmac_offset;
740: }
741:
742: /**
743: * Add a packet to the end of our sent and received packets, so that we may use
744: * it to calculate the hash at the end.
745: */
746: void add_packet(SSL *ssl, const uint8_t *pkt, int len)
747: {
748: MD5_Update(&ssl->dc->md5_ctx, pkt, len);
749: SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
750: }
751:
752: /**
753: * Work out the MD5 PRF.
754: */
755: static void p_hash_md5(const uint8_t *sec, int sec_len,
756: uint8_t *seed, int seed_len, uint8_t *out, int olen)
757: {
758: uint8_t a1[128];
759:
760: /* A(1) */
761: hmac_md5(seed, seed_len, sec, sec_len, a1);
762: memcpy(&a1[MD5_SIZE], seed, seed_len);
763: hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
764:
765: while (olen > MD5_SIZE)
766: {
767: uint8_t a2[MD5_SIZE];
768: out += MD5_SIZE;
769: olen -= MD5_SIZE;
770:
771: /* A(N) */
772: hmac_md5(a1, MD5_SIZE, sec, sec_len, a2);
773: memcpy(a1, a2, MD5_SIZE);
774:
775: /* work out the actual hash */
776: hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
777: }
778: }
779:
780: /**
781: * Work out the SHA1 PRF.
782: */
783: static void p_hash_sha1(const uint8_t *sec, int sec_len,
784: uint8_t *seed, int seed_len, uint8_t *out, int olen)
785: {
786: uint8_t a1[128];
787:
788: /* A(1) */
789: hmac_sha1(seed, seed_len, sec, sec_len, a1);
790: memcpy(&a1[SHA1_SIZE], seed, seed_len);
791: hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
792:
793: while (olen > SHA1_SIZE)
794: {
795: uint8_t a2[SHA1_SIZE];
796: out += SHA1_SIZE;
797: olen -= SHA1_SIZE;
798:
799: /* A(N) */
800: hmac_sha1(a1, SHA1_SIZE, sec, sec_len, a2);
801: memcpy(a1, a2, SHA1_SIZE);
802:
803: /* work out the actual hash */
804: hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
805: }
806: }
807:
808: /**
809: * Work out the PRF.
810: */
811: static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
812: uint8_t *out, int olen)
813: {
814: int len, i;
815: const uint8_t *S1, *S2;
816: uint8_t xbuf[256]; /* needs to be > the amount of key data */
817: uint8_t ybuf[256]; /* needs to be > the amount of key data */
818:
819: len = sec_len/2;
820: S1 = sec;
821: S2 = &sec[len];
822: len += (sec_len & 1); /* add for odd, make longer */
823:
824: p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
825: p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
826:
827: for (i = 0; i < olen; i++)
828: out[i] = xbuf[i] ^ ybuf[i];
829: }
830:
831: /**
832: * Generate a master secret based on the client/server random data and the
833: * premaster secret.
834: */
835: void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
836: {
837: uint8_t buf[128]; /* needs to be > 13+32+32 in size */
838: strcpy((char *)buf, "master secret");
839: memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
840: memcpy(&buf[45], ssl->dc->server_random, SSL_RANDOM_SIZE);
841: prf(premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->dc->master_secret,
842: SSL_SECRET_SIZE);
843: }
844:
845: /**
846: * Generate a 'random' blob of data used for the generation of keys.
847: */
848: static void generate_key_block(uint8_t *client_random, uint8_t *server_random,
849: uint8_t *master_secret, uint8_t *key_block, int key_block_size)
850: {
851: uint8_t buf[128];
852: strcpy((char *)buf, "key expansion");
853: memcpy(&buf[13], server_random, SSL_RANDOM_SIZE);
854: memcpy(&buf[45], client_random, SSL_RANDOM_SIZE);
855: prf(master_secret, SSL_SECRET_SIZE, buf, 77, key_block, key_block_size);
856: }
857:
858: /**
859: * Calculate the digest used in the finished message. This function also
860: * doubles up as a certificate verify function.
861: */
862: void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
863: {
864: uint8_t mac_buf[128];
865: uint8_t *q = mac_buf;
866: MD5_CTX md5_ctx = ssl->dc->md5_ctx;
867: SHA1_CTX sha1_ctx = ssl->dc->sha1_ctx;
868:
869: if (label)
870: {
871: strcpy((char *)q, label);
872: q += strlen(label);
873: }
874:
875: MD5_Final(q, &md5_ctx);
876: q += MD5_SIZE;
877:
878: SHA1_Final(q, &sha1_ctx);
879: q += SHA1_SIZE;
880:
881: if (label)
882: {
883: prf(ssl->dc->master_secret, SSL_SECRET_SIZE, mac_buf, (int)(q-mac_buf),
884: digest, SSL_FINISHED_HASH_SIZE);
885: }
886: else /* for use in a certificate verify */
887: {
888: memcpy(digest, mac_buf, MD5_SIZE + SHA1_SIZE);
889: }
890:
891: #if 0
892: printf("label: %s\n", label);
893: print_blob("master secret", ssl->dc->master_secret, 48);
894: print_blob("mac_buf", mac_buf, q-mac_buf);
895: print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
896: #endif
897: }
898:
899: /**
900: * Retrieve (and initialise) the context of a cipher.
901: */
902: static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
903: {
904: switch (ssl->cipher)
905: {
906: #ifndef CONFIG_SSL_SKELETON_MODE
907: case SSL_AES128_SHA:
908: {
909: AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
910: AES_set_key(aes_ctx, key, iv, AES_MODE_128);
911:
912: if (is_decrypt)
913: {
914: AES_convert_key(aes_ctx);
915: }
916:
917: return (void *)aes_ctx;
918: }
919:
920: case SSL_AES256_SHA:
921: {
922: AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
923: AES_set_key(aes_ctx, key, iv, AES_MODE_256);
924:
925: if (is_decrypt)
926: {
927: AES_convert_key(aes_ctx);
928: }
929:
930: return (void *)aes_ctx;
931: }
932:
933: case SSL_RC4_128_MD5:
934: #endif
935: case SSL_RC4_128_SHA:
936: {
937: RC4_CTX *rc4_ctx = (RC4_CTX *)malloc(sizeof(RC4_CTX));
938: RC4_setup(rc4_ctx, key, 16);
939: return (void *)rc4_ctx;
940: }
941: }
942:
943: return NULL; /* its all gone wrong */
944: }
945:
946: /**
947: * Send a packet over the socket.
948: */
949: static int send_raw_packet(SSL *ssl, uint8_t protocol)
950: {
951: uint8_t *rec_buf = ssl->bm_all_data;
952: int pkt_size = SSL_RECORD_SIZE+ssl->bm_index;
953: int sent = 0;
954: int ret = SSL_OK;
955:
956: rec_buf[0] = protocol;
957: rec_buf[1] = 0x03; /* version = 3.1 or higher */
958: rec_buf[2] = ssl->version & 0x0f;
959: rec_buf[3] = ssl->bm_index >> 8;
960: rec_buf[4] = ssl->bm_index & 0xff;
961:
962: DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_all_data,
963: pkt_size, pkt_size);
964:
965: while (sent < pkt_size)
966: {
967: ret = SOCKET_WRITE(ssl->client_fd,
968: &ssl->bm_all_data[sent], pkt_size-sent);
969:
970: if (ret >= 0)
971: sent += ret;
972: else
973: {
974:
975: #ifdef WIN32
976: if (GetLastError() != WSAEWOULDBLOCK)
977: #else
978: if (errno != EAGAIN && errno != EWOULDBLOCK)
979: #endif
980: return SSL_ERROR_CONN_LOST;
981: }
982:
983: /* keep going until the write buffer has some space */
984: if (sent != pkt_size)
985: {
986: fd_set wfds;
987: FD_ZERO(&wfds);
988: FD_SET(ssl->client_fd, &wfds);
989:
990: /* block and wait for it */
991: if (select(ssl->client_fd + 1, NULL, &wfds, NULL, NULL) < 0)
992: return SSL_ERROR_CONN_LOST;
993: }
994: }
995:
996: SET_SSL_FLAG(SSL_NEED_RECORD); /* reset for next time */
997: ssl->bm_index = 0;
998:
999: if (protocol != PT_APP_PROTOCOL_DATA)
1000: {
1001: /* always return SSL_OK during handshake */
1002: ret = SSL_OK;
1003: }
1004:
1005: return ret;
1006: }
1007:
1008: /**
1009: * Send an encrypted packet with padding bytes if necessary.
1010: */
1011: int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
1012: {
1013: int ret, msg_length = 0;
1014:
1015: /* if our state is bad, don't bother */
1016: if (ssl->hs_status == SSL_ERROR_DEAD)
1017: return SSL_ERROR_CONN_LOST;
1018:
1019: if (in) /* has the buffer already been initialised? */
1020: {
1021: memcpy(ssl->bm_data, in, length);
1022: }
1023:
1024: msg_length += length;
1025:
1026: if (IS_SET_SSL_FLAG(SSL_TX_ENCRYPTED))
1027: {
1028: int mode = IS_SET_SSL_FLAG(SSL_IS_CLIENT) ?
1029: SSL_CLIENT_WRITE : SSL_SERVER_WRITE;
1030: uint8_t hmac_header[SSL_RECORD_SIZE] =
1031: {
1032: protocol,
1033: 0x03, /* version = 3.1 or higher */
1034: ssl->version & 0x0f,
1035: msg_length >> 8,
1036: msg_length & 0xff
1037: };
1038:
1039: if (protocol == PT_HANDSHAKE_PROTOCOL)
1040: {
1041: DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
1042:
1043: if (ssl->bm_data[0] != HS_HELLO_REQUEST)
1044: {
1045: add_packet(ssl, ssl->bm_data, msg_length);
1046: }
1047: }
1048:
1049: /* add the packet digest */
1050: add_hmac_digest(ssl, mode, hmac_header, ssl->bm_data, msg_length,
1051: &ssl->bm_data[msg_length]);
1052: msg_length += ssl->cipher_info->digest_size;
1053:
1054: /* add padding? */
1055: if (ssl->cipher_info->padding_size)
1056: {
1057: int last_blk_size = msg_length%ssl->cipher_info->padding_size;
1058: int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
1059:
1060: /* ensure we always have at least 1 padding byte */
1061: if (pad_bytes == 0)
1062: pad_bytes += ssl->cipher_info->padding_size;
1063:
1064: memset(&ssl->bm_data[msg_length], pad_bytes-1, pad_bytes);
1065: msg_length += pad_bytes;
1066: }
1067:
1068: DISPLAY_BYTES(ssl, "unencrypted write", ssl->bm_data, msg_length);
1069: increment_write_sequence(ssl);
1070:
1071: /* add the explicit IV for TLS1.1 */
1072: if (ssl->version >= SSL_PROTOCOL_VERSION1_1 &&
1073: ssl->cipher_info->iv_size)
1074:
1075: {
1076: uint8_t iv_size = ssl->cipher_info->iv_size;
1077: uint8_t *t_buf = alloca(msg_length + iv_size);
1078: memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
1079: get_random(iv_size, t_buf);
1080: msg_length += iv_size;
1081: memcpy(ssl->bm_data, t_buf, msg_length);
1082: }
1083:
1084: /* now encrypt the packet */
1085: ssl->cipher_info->encrypt(ssl->encrypt_ctx, ssl->bm_data,
1086: ssl->bm_data, msg_length);
1087: }
1088: else if (protocol == PT_HANDSHAKE_PROTOCOL)
1089: {
1090: DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
1091:
1092: if (ssl->bm_data[0] != HS_HELLO_REQUEST)
1093: {
1094: add_packet(ssl, ssl->bm_data, length);
1095: }
1096: }
1097:
1098: ssl->bm_index = msg_length;
1099: if ((ret = send_raw_packet(ssl, protocol)) <= 0)
1100: return ret;
1101:
1102: return length; /* just return what we wanted to send */
1103: }
1104:
1105: /**
1106: * Work out the cipher keys we are going to use for this session based on the
1107: * master secret.
1108: */
1109: static int set_key_block(SSL *ssl, int is_write)
1110: {
1111: const cipher_info_t *ciph_info = get_cipher_info(ssl->cipher);
1112: uint8_t *q;
1113: uint8_t client_key[32], server_key[32]; /* big enough for AES256 */
1114: uint8_t client_iv[16], server_iv[16]; /* big enough for AES128/256 */
1115: int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
1116:
1117: if (ciph_info == NULL)
1118: return -1;
1119:
1120: /* only do once in a handshake */
1121: if (ssl->dc->key_block == NULL)
1122: {
1123: ssl->dc->key_block = (uint8_t *)malloc(ciph_info->key_block_size);
1124:
1125: #if 0
1126: print_blob("client", ssl->dc->client_random, 32);
1127: print_blob("server", ssl->dc->server_random, 32);
1128: print_blob("master", ssl->dc->master_secret, SSL_SECRET_SIZE);
1129: #endif
1130: generate_key_block(ssl->dc->client_random, ssl->dc->server_random,
1131: ssl->dc->master_secret, ssl->dc->key_block,
1132: ciph_info->key_block_size);
1133: #if 0
1134: print_blob("keyblock", ssl->key_block, ciph_info->key_block_size);
1135: #endif
1136: }
1137:
1138: q = ssl->dc->key_block;
1139:
1140: if ((is_client && is_write) || (!is_client && !is_write))
1141: {
1142: memcpy(ssl->client_mac, q, ciph_info->digest_size);
1143: }
1144:
1145: q += ciph_info->digest_size;
1146:
1147: if ((!is_client && is_write) || (is_client && !is_write))
1148: {
1149: memcpy(ssl->server_mac, q, ciph_info->digest_size);
1150: }
1151:
1152: q += ciph_info->digest_size;
1153: memcpy(client_key, q, ciph_info->key_size);
1154: q += ciph_info->key_size;
1155: memcpy(server_key, q, ciph_info->key_size);
1156: q += ciph_info->key_size;
1157:
1158: #ifndef CONFIG_SSL_SKELETON_MODE
1159: if (ciph_info->iv_size) /* RC4 has no IV, AES does */
1160: {
1161: memcpy(client_iv, q, ciph_info->iv_size);
1162: q += ciph_info->iv_size;
1163: memcpy(server_iv, q, ciph_info->iv_size);
1164: q += ciph_info->iv_size;
1165: }
1166: #endif
1167:
1168: free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
1169:
1170: /* now initialise the ciphers */
1171: if (is_client)
1172: {
1173: finished_digest(ssl, server_finished, ssl->dc->final_finish_mac);
1174:
1175: if (is_write)
1176: ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0);
1177: else
1178: ssl->decrypt_ctx = crypt_new(ssl, server_key, server_iv, 1);
1179: }
1180: else
1181: {
1182: finished_digest(ssl, client_finished, ssl->dc->final_finish_mac);
1183:
1184: if (is_write)
1185: ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0);
1186: else
1187: ssl->decrypt_ctx = crypt_new(ssl, client_key, client_iv, 1);
1188: }
1189:
1190: ssl->cipher_info = ciph_info;
1191: return 0;
1192: }
1193:
1194: /**
1195: * Read the SSL connection.
1196: */
1197: int basic_read(SSL *ssl, uint8_t **in_data)
1198: {
1199: int ret = SSL_OK;
1200: int read_len, is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
1201: uint8_t *buf = ssl->bm_data;
1202:
1203: read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_read_index],
1204: ssl->need_bytes-ssl->got_bytes);
1205:
1206: if (read_len < 0)
1207: {
1208: #ifdef WIN32
1209: if (GetLastError() == WSAEWOULDBLOCK)
1210: #else
1211: if (errno == EAGAIN || errno == EWOULDBLOCK)
1212: #endif
1213: return 0;
1214: }
1215:
1216: /* connection has gone, so die */
1217: if (read_len <= 0)
1218: {
1219: ret = SSL_ERROR_CONN_LOST;
1220: ssl->hs_status = SSL_ERROR_DEAD; /* make sure it stays dead */
1221: goto error;
1222: }
1223:
1224: DISPLAY_BYTES(ssl, "received %d bytes",
1225: &ssl->bm_data[ssl->bm_read_index], read_len, read_len);
1226:
1227: ssl->got_bytes += read_len;
1228: ssl->bm_read_index += read_len;
1229:
1230: /* haven't quite got what we want, so try again later */
1231: if (ssl->got_bytes < ssl->need_bytes)
1232: return SSL_OK;
1233:
1234: read_len = ssl->got_bytes;
1235: ssl->got_bytes = 0;
1236:
1237: if (IS_SET_SSL_FLAG(SSL_NEED_RECORD))
1238: {
1239: /* check for sslv2 "client hello" */
1240: if (buf[0] & 0x80 && buf[2] == 1)
1241: {
1242: #ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE
1243: uint8_t version = (buf[3] << 4) + buf[4];
1244: DISPLAY_BYTES(ssl, "ssl2 record", buf, 5);
1245:
1246: /* should be v3.1 (TLSv1) or better */
1247: ssl->version = ssl->client_version = version;
1248:
1249: if (version > SSL_PROTOCOL_VERSION_MAX)
1250: {
1251: /* use client's version */
1252: ssl->version = SSL_PROTOCOL_VERSION_MAX;
1253: }
1254: else if (version < SSL_PROTOCOL_MIN_VERSION)
1255: {
1256: ret = SSL_ERROR_INVALID_VERSION;
1257: ssl_display_error(ret);
1258: return ret;
1259: }
1260:
1261: add_packet(ssl, &buf[2], 3);
1262: ret = process_sslv23_client_hello(ssl);
1263: #else
1264: printf("Error: no SSLv23 handshaking allowed\n"); TTY_FLUSH();
1265: ret = SSL_ERROR_NOT_SUPPORTED;
1266: #endif
1267: goto error; /* not an error - just get out of here */
1268: }
1269:
1270: ssl->need_bytes = (buf[3] << 8) + buf[4];
1271:
1272: /* do we violate the spec with the message size? */
1273: if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
1274: {
1275: ret = SSL_ERROR_INVALID_PROT_MSG;
1276: goto error;
1277: }
1278:
1279: CLR_SSL_FLAG(SSL_NEED_RECORD);
1280: memcpy(ssl->hmac_header, buf, 3); /* store for hmac */
1281: ssl->record_type = buf[0];
1282: goto error; /* no error, we're done */
1283: }
1284:
1285: /* for next time - just do it now in case of an error */
1286: SET_SSL_FLAG(SSL_NEED_RECORD);
1287: ssl->need_bytes = SSL_RECORD_SIZE;
1288:
1289: /* decrypt if we need to */
1290: if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
1291: {
1292: ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
1293:
1294: if (ssl->version >= SSL_PROTOCOL_VERSION1_1 &&
1295: ssl->cipher_info->iv_size)
1296: {
1297: buf += ssl->cipher_info->iv_size;
1298: read_len -= ssl->cipher_info->iv_size;
1299: }
1300:
1301: read_len = verify_digest(ssl,
1302: is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
1303:
1304: /* does the hmac work? */
1305: if (read_len < 0)
1306: {
1307: ret = read_len;
1308: goto error;
1309: }
1310:
1311: DISPLAY_BYTES(ssl, "decrypted", buf, read_len);
1312: increment_read_sequence(ssl);
1313: }
1314:
1315: /* The main part of the SSL packet */
1316: switch (ssl->record_type)
1317: {
1318: case PT_HANDSHAKE_PROTOCOL:
1319: if (ssl->dc != NULL)
1320: {
1321: ssl->dc->bm_proc_index = 0;
1322: ret = do_handshake(ssl, buf, read_len);
1323: }
1324: else /* no client renegotiation allowed */
1325: {
1326: ret = SSL_ERROR_NO_CLIENT_RENOG;
1327: goto error;
1328: }
1329: break;
1330:
1331: case PT_CHANGE_CIPHER_SPEC:
1332: if (ssl->next_state != HS_FINISHED)
1333: {
1334: ret = SSL_ERROR_INVALID_HANDSHAKE;
1335: goto error;
1336: }
1337:
1338: /* all encrypted from now on */
1339: SET_SSL_FLAG(SSL_RX_ENCRYPTED);
1340: if (set_key_block(ssl, 0) < 0)
1341: {
1342: ret = SSL_ERROR_INVALID_HANDSHAKE;
1343: goto error;
1344: }
1345:
1346: memset(ssl->read_sequence, 0, 8);
1347: break;
1348:
1349: case PT_APP_PROTOCOL_DATA:
1350: if (in_data)
1351: {
1352: *in_data = buf; /* point to the work buffer */
1353: (*in_data)[read_len] = 0; /* null terminate just in case */
1354: }
1355:
1356: ret = read_len;
1357: break;
1358:
1359: case PT_ALERT_PROTOCOL:
1360: /* return the alert # with alert bit set */
1361: if(buf[0] == SSL_ALERT_TYPE_WARNING &&
1362: buf[1] == SSL_ALERT_CLOSE_NOTIFY)
1363: {
1364: ret = SSL_CLOSE_NOTIFY;
1365: send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
1366: SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY);
1367: }
1368: else
1369: {
1370: ret = -buf[1];
1371: DISPLAY_ALERT(ssl, buf[1]);
1372: }
1373:
1374: break;
1375:
1376: default:
1377: ret = SSL_ERROR_INVALID_PROT_MSG;
1378: break;
1379: }
1380:
1381: error:
1382: ssl->bm_read_index = 0; /* reset to go again */
1383:
1384: if (ret < SSL_OK && in_data)/* if all wrong, then clear this buffer ptr */
1385: *in_data = NULL;
1386:
1387: return ret;
1388: }
1389:
1390: /**
1391: * Do some basic checking of data and then perform the appropriate handshaking.
1392: */
1393: static int do_handshake(SSL *ssl, uint8_t *buf, int read_len)
1394: {
1395: int hs_len = (buf[2]<<8) + buf[3];
1396: uint8_t handshake_type = buf[0];
1397: int ret = SSL_OK;
1398: int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
1399:
1400: /* some integrity checking on the handshake */
1401: PARANOIA_CHECK(read_len-SSL_HS_HDR_SIZE, hs_len);
1402:
1403: if (handshake_type != ssl->next_state)
1404: {
1405: /* handle a special case on the client */
1406: if (!is_client || handshake_type != HS_CERT_REQ ||
1407: ssl->next_state != HS_SERVER_HELLO_DONE)
1408: {
1409: ret = SSL_ERROR_INVALID_HANDSHAKE;
1410: goto error;
1411: }
1412: }
1413:
1414: hs_len += SSL_HS_HDR_SIZE; /* adjust for when adding packets */
1415: ssl->bm_index = hs_len; /* store the size and check later */
1416: DISPLAY_STATE(ssl, 0, handshake_type, 0);
1417:
1418: if (handshake_type != HS_CERT_VERIFY && handshake_type != HS_HELLO_REQUEST)
1419: add_packet(ssl, buf, hs_len);
1420:
1421: #if defined(CONFIG_SSL_ENABLE_CLIENT)
1422: ret = is_client ?
1423: do_clnt_handshake(ssl, handshake_type, buf, hs_len) :
1424: do_svr_handshake(ssl, handshake_type, buf, hs_len);
1425: #else
1426: ret = do_svr_handshake(ssl, handshake_type, buf, hs_len);
1427: #endif
1428:
1429: /* just use recursion to get the rest */
1430: if (hs_len < read_len && ret == SSL_OK)
1431: ret = do_handshake(ssl, &buf[hs_len], read_len-hs_len);
1432:
1433: error:
1434: return ret;
1435: }
1436:
1437: /**
1438: * Sends the change cipher spec message. We have just read a finished message
1439: * from the client.
1440: */
1441: int send_change_cipher_spec(SSL *ssl)
1442: {
1443: int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC,
1444: g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
1445: SET_SSL_FLAG(SSL_TX_ENCRYPTED);
1446:
1447: if (ret >= 0 && set_key_block(ssl, 1) < 0)
1448: ret = SSL_ERROR_INVALID_HANDSHAKE;
1449:
1450: memset(ssl->write_sequence, 0, 8);
1451: return ret;
1452: }
1453:
1454: /**
1455: * Send a "finished" message
1456: */
1457: int send_finished(SSL *ssl)
1458: {
1459: uint8_t buf[SSL_FINISHED_HASH_SIZE+4] = {
1460: HS_FINISHED, 0, 0, SSL_FINISHED_HASH_SIZE };
1461:
1462: /* now add the finished digest mac (12 bytes) */
1463: finished_digest(ssl,
1464: IS_SET_SSL_FLAG(SSL_IS_CLIENT) ?
1465: client_finished : server_finished, &buf[4]);
1466:
1467: #ifndef CONFIG_SSL_SKELETON_MODE
1468: /* store in the session cache */
1469: if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions)
1470: {
1471: memcpy(ssl->session->master_secret,
1472: ssl->dc->master_secret, SSL_SECRET_SIZE);
1473: }
1474: #endif
1475:
1476: return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
1477: buf, SSL_FINISHED_HASH_SIZE+4);
1478: }
1479:
1480: /**
1481: * Send an alert message.
1482: * Return 1 if the alert was an "error".
1483: */
1484: int send_alert(SSL *ssl, int error_code)
1485: {
1486: int alert_num = 0;
1487: int is_warning = 0;
1488: uint8_t buf[2];
1489:
1490: /* Don't bother we're already dead */
1491: if (ssl->hs_status == SSL_ERROR_DEAD)
1492: {
1493: return SSL_ERROR_CONN_LOST;
1494: }
1495:
1496: #ifdef CONFIG_SSL_FULL_MODE
1497: if (IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
1498: ssl_display_error(error_code);
1499: #endif
1500:
1501: switch (error_code)
1502: {
1503: case SSL_ALERT_CLOSE_NOTIFY:
1504: is_warning = 1;
1505: alert_num = SSL_ALERT_CLOSE_NOTIFY;
1506: break;
1507:
1508: case SSL_ERROR_CONN_LOST: /* don't send alert just yet */
1509: is_warning = 1;
1510: break;
1511:
1512: case SSL_ERROR_INVALID_HANDSHAKE:
1513: case SSL_ERROR_INVALID_PROT_MSG:
1514: alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
1515: break;
1516:
1517: case SSL_ERROR_INVALID_HMAC:
1518: case SSL_ERROR_FINISHED_INVALID:
1519: alert_num = SSL_ALERT_BAD_RECORD_MAC;
1520: break;
1521:
1522: case SSL_ERROR_INVALID_VERSION:
1523: alert_num = SSL_ALERT_INVALID_VERSION;
1524: break;
1525:
1526: case SSL_ERROR_INVALID_SESSION:
1527: case SSL_ERROR_NO_CIPHER:
1528: case SSL_ERROR_INVALID_KEY:
1529: alert_num = SSL_ALERT_ILLEGAL_PARAMETER;
1530: break;
1531:
1532: case SSL_ERROR_BAD_CERTIFICATE:
1533: alert_num = SSL_ALERT_BAD_CERTIFICATE;
1534: break;
1535:
1536: case SSL_ERROR_NO_CLIENT_RENOG:
1537: alert_num = SSL_ALERT_NO_RENEGOTIATION;
1538: break;
1539:
1540: default:
1541: /* a catch-all for any badly verified certificates */
1542: alert_num = (error_code <= SSL_X509_OFFSET) ?
1543: SSL_ALERT_BAD_CERTIFICATE : SSL_ALERT_UNEXPECTED_MESSAGE;
1544: break;
1545: }
1546:
1547: buf[0] = is_warning ? 1 : 2;
1548: buf[1] = alert_num;
1549: send_packet(ssl, PT_ALERT_PROTOCOL, buf, sizeof(buf));
1550: DISPLAY_ALERT(ssl, alert_num);
1551: return is_warning ? 0 : 1;
1552: }
1553:
1554: /**
1555: * Process a client finished message.
1556: */
1557: int process_finished(SSL *ssl, uint8_t *buf, int hs_len)
1558: {
1559: int ret = SSL_OK;
1560: int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
1561: int resume = IS_SET_SSL_FLAG(SSL_SESSION_RESUME);
1562:
1563: PARANOIA_CHECK(ssl->bm_index, SSL_FINISHED_HASH_SIZE+4);
1564:
1565: /* check that we all work before we continue */
1566: if (memcmp(ssl->dc->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
1567: return SSL_ERROR_FINISHED_INVALID;
1568:
1569: if ((!is_client && !resume) || (is_client && resume))
1570: {
1571: if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
1572: ret = send_finished(ssl);
1573: }
1574:
1575: /* if we ever renegotiate */
1576: ssl->next_state = is_client ? HS_HELLO_REQUEST : HS_CLIENT_HELLO;
1577: ssl->hs_status = ret; /* set the final handshake status */
1578:
1579: error:
1580: return ret;
1581: }
1582:
1583: /**
1584: * Send a certificate.
1585: */
1586: int send_certificate(SSL *ssl)
1587: {
1588: int i = 0;
1589: uint8_t *buf = ssl->bm_data;
1590: int offset = 7;
1591: int chain_length;
1592:
1593: buf[0] = HS_CERTIFICATE;
1594: buf[1] = 0;
1595: buf[4] = 0;
1596:
1597: while (i < ssl->ssl_ctx->chain_length)
1598: {
1599: SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
1600: buf[offset++] = 0;
1601: buf[offset++] = cert->size >> 8; /* cert 1 length */
1602: buf[offset++] = cert->size & 0xff;
1603: memcpy(&buf[offset], cert->buf, cert->size);
1604: offset += cert->size;
1605: i++;
1606: }
1607:
1608: chain_length = offset - 7;
1609: buf[5] = chain_length >> 8; /* cert chain length */
1610: buf[6] = chain_length & 0xff;
1611: chain_length += 3;
1612: buf[2] = chain_length >> 8; /* handshake length */
1613: buf[3] = chain_length & 0xff;
1614: ssl->bm_index = offset;
1615: return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
1616: }
1617:
1618: /**
1619: * Create a blob of memory that we'll get rid of once the handshake is
1620: * complete.
1621: */
1622: void disposable_new(SSL *ssl)
1623: {
1624: if (ssl->dc == NULL)
1625: {
1626: ssl->dc = (DISPOSABLE_CTX *)calloc(1, sizeof(DISPOSABLE_CTX));
1627: MD5_Init(&ssl->dc->md5_ctx);
1628: SHA1_Init(&ssl->dc->sha1_ctx);
1629: }
1630: }
1631:
1632: /**
1633: * Remove the temporary blob of memory.
1634: */
1635: void disposable_free(SSL *ssl)
1636: {
1637: if (ssl->dc)
1638: {
1639: free(ssl->dc->key_block);
1640: memset(ssl->dc, 0, sizeof(DISPOSABLE_CTX));
1641: free(ssl->dc);
1642: ssl->dc = NULL;
1643: }
1644:
1645: }
1646:
1647: #ifndef CONFIG_SSL_SKELETON_MODE /* no session resumption in this mode */
1648: /**
1649: * Find if an existing session has the same session id. If so, use the
1650: * master secret from this session for session resumption.
1651: */
1652: SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[],
1653: SSL *ssl, const uint8_t *session_id)
1654: {
1655: time_t tm = time(NULL);
1656: time_t oldest_sess_time = tm;
1657: SSL_SESSION *oldest_sess = NULL;
1658: int i;
1659:
1660: /* no sessions? Then bail */
1661: if (max_sessions == 0)
1662: return NULL;
1663:
1664: SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
1665: if (session_id)
1666: {
1667: for (i = 0; i < max_sessions; i++)
1668: {
1669: if (ssl_sessions[i])
1670: {
1671: /* kill off any expired sessions (including those in
1672: the future) */
1673: if ((tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME) ||
1674: (tm < ssl_sessions[i]->conn_time))
1675: {
1676: session_free(ssl_sessions, i);
1677: continue;
1678: }
1679:
1680: /* if the session id matches, it must still be less than
1681: the expiry time */
1682: if (memcmp(ssl_sessions[i]->session_id, session_id,
1683: SSL_SESSION_ID_SIZE) == 0)
1684: {
1685: ssl->session_index = i;
1686: memcpy(ssl->dc->master_secret,
1687: ssl_sessions[i]->master_secret, SSL_SECRET_SIZE);
1688: SET_SSL_FLAG(SSL_SESSION_RESUME);
1689: SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
1690: return ssl_sessions[i]; /* a session was found */
1691: }
1692: }
1693: }
1694: }
1695:
1696: /* If we've got here, no matching session was found - so create one */
1697: for (i = 0; i < max_sessions; i++)
1698: {
1699: if (ssl_sessions[i] == NULL)
1700: {
1701: /* perfect, this will do */
1702: ssl_sessions[i] = (SSL_SESSION *)calloc(1, sizeof(SSL_SESSION));
1703: ssl_sessions[i]->conn_time = tm;
1704: ssl->session_index = i;
1705: SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
1706: return ssl_sessions[i]; /* return the session object */
1707: }
1708: else if (ssl_sessions[i]->conn_time <= oldest_sess_time)
1709: {
1710: /* find the oldest session */
1711: oldest_sess_time = ssl_sessions[i]->conn_time;
1712: oldest_sess = ssl_sessions[i];
1713: ssl->session_index = i;
1714: }
1715: }
1716:
1717: /* ok, we've used up all of our sessions. So blow the oldest session away */
1718: oldest_sess->conn_time = tm;
1719: memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
1720: memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
1721: SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
1722: return oldest_sess;
1723: }
1724:
1725: /**
1726: * Free an existing session.
1727: */
1728: static void session_free(SSL_SESSION *ssl_sessions[], int sess_index)
1729: {
1730: if (ssl_sessions[sess_index])
1731: {
1732: free(ssl_sessions[sess_index]);
1733: ssl_sessions[sess_index] = NULL;
1734: }
1735: }
1736:
1737: /**
1738: * This ssl object doesn't want this session anymore.
1739: */
1740: void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl)
1741: {
1742: SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
1743:
1744: if (ssl->ssl_ctx->num_sessions)
1745: {
1746: session_free(ssl_sessions, ssl->session_index);
1747: ssl->session = NULL;
1748: }
1749:
1750: SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
1751: }
1752: #endif /* CONFIG_SSL_SKELETON_MODE */
1753:
1754: /*
1755: * Get the session id for a handshake. This will be a 32 byte sequence.
1756: */
1757: EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
1758: {
1759: return ssl->session_id;
1760: }
1761:
1762: /*
1763: * Get the session id size for a handshake.
1764: */
1765: EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl)
1766: {
1767: return ssl->sess_id_size;
1768: }
1769:
1770: /*
1771: * Return the cipher id (in the SSL form).
1772: */
1773: EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl)
1774: {
1775: return ssl->cipher;
1776: }
1777:
1778: /*
1779: * Return the status of the handshake.
1780: */
1781: EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl)
1782: {
1783: return ssl->hs_status;
1784: }
1785:
1786: /*
1787: * Retrieve various parameters about the SSL engine.
1788: */
1789: EXP_FUNC int STDCALL ssl_get_config(int offset)
1790: {
1791: switch (offset)
1792: {
1793: /* return the appropriate build mode */
1794: case SSL_BUILD_MODE:
1795: #if defined(CONFIG_SSL_FULL_MODE)
1796: return SSL_BUILD_FULL_MODE;
1797: #elif defined(CONFIG_SSL_ENABLE_CLIENT)
1798: return SSL_BUILD_ENABLE_CLIENT;
1799: #elif defined(CONFIG_ENABLE_VERIFICATION)
1800: return SSL_BUILD_ENABLE_VERIFICATION;
1801: #elif defined(CONFIG_SSL_SERVER_ONLY )
1802: return SSL_BUILD_SERVER_ONLY;
1803: #else
1804: return SSL_BUILD_SKELETON_MODE;
1805: #endif
1806:
1807: case SSL_MAX_CERT_CFG_OFFSET:
1808: return CONFIG_SSL_MAX_CERTS;
1809:
1810: #ifdef CONFIG_SSL_CERT_VERIFICATION
1811: case SSL_MAX_CA_CERT_CFG_OFFSET:
1812: return CONFIG_X509_MAX_CA_CERTS;
1813: #endif
1814: #ifdef CONFIG_SSL_HAS_PEM
1815: case SSL_HAS_PEM:
1816: return 1;
1817: #endif
1818: default:
1819: return 0;
1820: }
1821: }
1822:
1823: #ifdef CONFIG_SSL_CERT_VERIFICATION
1824: /**
1825: * Authenticate a received certificate.
1826: */
1827: EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
1828: {
1829: int ret;
1830: SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
1831: ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
1832: SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
1833:
1834: if (ret) /* modify into an SSL error type */
1835: {
1836: ret = SSL_X509_ERROR(ret);
1837: }
1838:
1839: return ret;
1840: }
1841:
1842: /**
1843: * Process a certificate message.
1844: */
1845: int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
1846: {
1847: int ret = SSL_OK;
1848: uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
1849: int pkt_size = ssl->bm_index;
1850: int cert_size, offset = 5;
1851: int total_cert_size = (buf[offset]<<8) + buf[offset+1];
1852: int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
1853: X509_CTX **chain = x509_ctx;
1854: offset += 2;
1855:
1856: PARANOIA_CHECK(total_cert_size, offset);
1857:
1858: while (offset < total_cert_size)
1859: {
1860: offset++; /* skip empty char */
1861: cert_size = (buf[offset]<<8) + buf[offset+1];
1862: offset += 2;
1863:
1864: if (x509_new(&buf[offset], NULL, chain))
1865: {
1866: ret = SSL_ERROR_BAD_CERTIFICATE;
1867: goto error;
1868: }
1869:
1870: chain = &((*chain)->next);
1871: offset += cert_size;
1872: }
1873:
1874: PARANOIA_CHECK(pkt_size, offset);
1875:
1876: /* if we are client we can do the verify now or later */
1877: if (is_client && !IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER))
1878: {
1879: ret = ssl_verify_cert(ssl);
1880: }
1881:
1882: ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
1883: ssl->dc->bm_proc_index += offset;
1884: error:
1885: return ret;
1886: }
1887:
1888: #endif /* CONFIG_SSL_CERT_VERIFICATION */
1889:
1890: /**
1891: * Debugging routine to display SSL handshaking stuff.
1892: */
1893: #ifdef CONFIG_SSL_FULL_MODE
1894: /**
1895: * Debugging routine to display SSL states.
1896: */
1897: void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
1898: {
1899: const char *str;
1900:
1901: if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
1902: return;
1903:
1904: printf(not_ok ? "Error - invalid State:\t" : "State:\t");
1905: printf(is_send ? "sending " : "receiving ");
1906:
1907: switch (state)
1908: {
1909: case HS_HELLO_REQUEST:
1910: str = "Hello Request (0)";
1911: break;
1912:
1913: case HS_CLIENT_HELLO:
1914: str = "Client Hello (1)";
1915: break;
1916:
1917: case HS_SERVER_HELLO:
1918: str = "Server Hello (2)";
1919: break;
1920:
1921: case HS_CERTIFICATE:
1922: str = "Certificate (11)";
1923: break;
1924:
1925: case HS_SERVER_KEY_XCHG:
1926: str = "Certificate Request (12)";
1927: break;
1928:
1929: case HS_CERT_REQ:
1930: str = "Certificate Request (13)";
1931: break;
1932:
1933: case HS_SERVER_HELLO_DONE:
1934: str = "Server Hello Done (14)";
1935: break;
1936:
1937: case HS_CERT_VERIFY:
1938: str = "Certificate Verify (15)";
1939: break;
1940:
1941: case HS_CLIENT_KEY_XCHG:
1942: str = "Client Key Exchange (16)";
1943: break;
1944:
1945: case HS_FINISHED:
1946: str = "Finished (16)";
1947: break;
1948:
1949: default:
1950: str = "Error (Unknown)";
1951:
1952: break;
1953: }
1954:
1955: printf("%s\n", str);
1956: TTY_FLUSH();
1957: }
1958:
1959: /**
1960: * Debugging routine to display RSA objects
1961: */
1962: void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx)
1963: {
1964: if (!IS_SET_SSL_FLAG(SSL_DISPLAY_RSA))
1965: return;
1966:
1967: RSA_print(rsa_ctx);
1968: TTY_FLUSH();
1969: }
1970:
1971: /**
1972: * Debugging routine to display SSL handshaking bytes.
1973: */
1974: void DISPLAY_BYTES(SSL *ssl, const char *format,
1975: const uint8_t *data, int size, ...)
1976: {
1977: va_list(ap);
1978:
1979: if (!IS_SET_SSL_FLAG(SSL_DISPLAY_BYTES))
1980: return;
1981:
1982: va_start(ap, size);
1983: print_blob(format, data, size, va_arg(ap, char *));
1984: va_end(ap);
1985: TTY_FLUSH();
1986: }
1987:
1988: /**
1989: * Debugging routine to display SSL handshaking errors.
1990: */
1991: EXP_FUNC void STDCALL ssl_display_error(int error_code)
1992: {
1993: if (error_code == SSL_OK)
1994: return;
1995:
1996: printf("Error: ");
1997:
1998: /* X509 error? */
1999: if (error_code < SSL_X509_OFFSET)
2000: {
2001: printf("%s\n", x509_display_error(error_code - SSL_X509_OFFSET));
2002: return;
2003: }
2004:
2005: /* SSL alert error code */
2006: if (error_code > SSL_ERROR_CONN_LOST)
2007: {
2008: printf("SSL error %d\n", -error_code);
2009: return;
2010: }
2011:
2012: switch (error_code)
2013: {
2014: case SSL_ERROR_DEAD:
2015: printf("connection dead");
2016: break;
2017:
2018: case SSL_ERROR_INVALID_HANDSHAKE:
2019: printf("invalid handshake");
2020: break;
2021:
2022: case SSL_ERROR_INVALID_PROT_MSG:
2023: printf("invalid protocol message");
2024: break;
2025:
2026: case SSL_ERROR_INVALID_HMAC:
2027: printf("invalid mac");
2028: break;
2029:
2030: case SSL_ERROR_INVALID_VERSION:
2031: printf("invalid version");
2032: break;
2033:
2034: case SSL_ERROR_INVALID_SESSION:
2035: printf("invalid session");
2036: break;
2037:
2038: case SSL_ERROR_NO_CIPHER:
2039: printf("no cipher");
2040: break;
2041:
2042: case SSL_ERROR_CONN_LOST:
2043: printf("connection lost");
2044: break;
2045:
2046: case SSL_ERROR_BAD_CERTIFICATE:
2047: printf("bad certificate");
2048: break;
2049:
2050: case SSL_ERROR_INVALID_KEY:
2051: printf("invalid key");
2052: break;
2053:
2054: case SSL_ERROR_FINISHED_INVALID:
2055: printf("finished invalid");
2056: break;
2057:
2058: case SSL_ERROR_NO_CERT_DEFINED:
2059: printf("no certificate defined");
2060: break;
2061:
2062: case SSL_ERROR_NO_CLIENT_RENOG:
2063: printf("client renegotiation not supported");
2064: break;
2065:
2066: case SSL_ERROR_NOT_SUPPORTED:
2067: printf("Option not supported");
2068: break;
2069:
2070: default:
2071: printf("undefined as yet - %d", error_code);
2072: break;
2073: }
2074:
2075: printf("\n");
2076: TTY_FLUSH();
2077: }
2078:
2079: /**
2080: * Debugging routine to display alerts.
2081: */
2082: void DISPLAY_ALERT(SSL *ssl, int alert)
2083: {
2084: if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
2085: return;
2086:
2087: printf("Alert: ");
2088:
2089: switch (alert)
2090: {
2091: case SSL_ALERT_CLOSE_NOTIFY:
2092: printf("close notify");
2093: break;
2094:
2095: case SSL_ALERT_INVALID_VERSION:
2096: printf("invalid version");
2097: break;
2098:
2099: case SSL_ALERT_BAD_CERTIFICATE:
2100: printf("bad certificate");
2101: break;
2102:
2103: case SSL_ALERT_UNEXPECTED_MESSAGE:
2104: printf("unexpected message");
2105: break;
2106:
2107: case SSL_ALERT_BAD_RECORD_MAC:
2108: printf("bad record mac");
2109: break;
2110:
2111: case SSL_ALERT_HANDSHAKE_FAILURE:
2112: printf("handshake failure");
2113: break;
2114:
2115: case SSL_ALERT_ILLEGAL_PARAMETER:
2116: printf("illegal parameter");
2117: break;
2118:
2119: case SSL_ALERT_DECODE_ERROR:
2120: printf("decode error");
2121: break;
2122:
2123: case SSL_ALERT_DECRYPT_ERROR:
2124: printf("decrypt error");
2125: break;
2126:
2127: case SSL_ALERT_NO_RENEGOTIATION:
2128: printf("no renegotiation");
2129: break;
2130:
2131: default:
2132: printf("alert - (unknown %d)", alert);
2133: break;
2134: }
2135:
2136: printf("\n");
2137: TTY_FLUSH();
2138: }
2139:
2140: #endif /* CONFIG_SSL_FULL_MODE */
2141:
2142: /**
2143: * Return the version of this library.
2144: */
2145: EXP_FUNC const char * STDCALL ssl_version()
2146: {
2147: static const char * axtls_version = AXTLS_VERSION;
2148: return axtls_version;
2149: }
2150:
2151: /**
2152: * Enable the various language bindings to work regardless of the
2153: * configuration - they just return an error statement and a bad return code.
2154: */
2155: #if !defined(CONFIG_SSL_FULL_MODE)
2156: EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
2157: #endif
2158:
2159: #ifdef CONFIG_BINDINGS
2160: #if !defined(CONFIG_SSL_ENABLE_CLIENT)
2161: EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
2162: uint8_t *session_id, uint8_t sess_id_size)
2163: {
2164: printf(unsupported_str);
2165: return NULL;
2166: }
2167: #endif
2168:
2169: #if !defined(CONFIG_SSL_CERT_VERIFICATION)
2170: EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
2171: {
2172: printf(unsupported_str);
2173: return -1;
2174: }
2175:
2176:
2177: EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
2178: {
2179: printf(unsupported_str);
2180: return NULL;
2181: }
2182:
2183: EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int index)
2184: {
2185: printf(unsupported_str);
2186: return NULL;
2187: }
2188:
2189: #endif /* CONFIG_SSL_CERT_VERIFICATION */
2190:
2191: #endif /* CONFIG_BINDINGS */
2192:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tls1.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / axTLS / ssl