28 #if defined(POLARSSL_SSL_SRV_C)
33 #if defined(POLARSSL_PKCS11_C)
41 static int ssl_parse_client_hello(
ssl_context *ssl )
46 unsigned int ciph_len, sess_len;
47 unsigned int chal_len, comp_len;
48 unsigned char *buf, *p;
60 if( ( buf[0] & 0x80 ) != 0 )
67 ( ( buf[0] & 0x7F ) << 8 ) | buf[1] ) );
88 n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF;
90 if( n < 17 || n > 512 )
125 ciph_len = ( buf[0] << 8 ) | buf[1];
126 sess_len = ( buf[2] << 8 ) | buf[3];
127 chal_len = ( buf[4] << 8 ) | buf[5];
129 SSL_DEBUG_MSG( 3, (
"ciph_len: %d, sess_len: %d, chal_len: %d",
130 ciph_len, sess_len, chal_len ) );
135 if( ciph_len < 3 || ( ciph_len % 3 ) != 0 )
147 if( chal_len < 8 || chal_len > 32 )
153 if( n != 6 + ciph_len + sess_len + chal_len )
162 buf + 6 + ciph_len, sess_len );
164 buf + 6 + ciph_len + sess_len, chal_len );
166 p = buf + 6 + ciph_len;
173 memcpy( ssl->
randbytes + 32 - chal_len, p, chal_len );
177 for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
182 goto have_ciphersuite;
193 ( buf[3] << 8 ) | buf[4] ) );
194 SSL_DEBUG_MSG( 3, (
"client hello v3, protocol ver: [%d:%d]",
212 n = ( buf[3] << 8 ) | buf[4];
214 if( n < 45 || n > 512 )
251 ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) );
252 SSL_DEBUG_MSG( 3, (
"client hello v3, max. version: [%d:%d]",
277 if( buf[1] != 0 || n != (
unsigned int) 4 + ( ( buf[2] << 8 ) | buf[3] ) )
301 ciph_len = ( buf[39 + sess_len] << 8 )
302 | ( buf[40 + sess_len] );
304 if( ciph_len < 2 || ciph_len > 256 || ( ciph_len % 2 ) != 0 )
313 comp_len = buf[41 + sess_len + ciph_len];
315 if( comp_len < 1 || comp_len > 16 )
324 buf + 38, sess_len );
326 buf + 41 + sess_len, ciph_len );
328 buf + 42 + sess_len + ciph_len, comp_len );
335 for( j = 0, p = buf + 41 + sess_len; j < ciph_len;
339 goto have_ciphersuite;
359 static int ssl_write_server_hello(
ssl_context *ssl )
363 unsigned char *buf, *p;
384 *p++ = (
unsigned char)( t >> 24 );
385 *p++ = (
unsigned char)( t >> 16 );
386 *p++ = (
unsigned char)( t >> 8 );
387 *p++ = (
unsigned char)( t );
389 SSL_DEBUG_MSG( 3, (
"server hello, current time: %lu", t ) );
391 if( ( ret = ssl->
f_rng( ssl->
p_rng, p, 28 ) ) != 0 )
396 memcpy( ssl->
randbytes + 32, buf + 6, 32 );
398 SSL_DEBUG_BUF( 3,
"server hello, random bytes", buf + 6, 32 );
409 if( ssl->
s_get == NULL ||
410 ssl->
s_get( ssl ) != 0 )
445 SSL_DEBUG_MSG( 3, (
"server hello, session id len.: %d", n ) );
448 ssl->
resume ?
"a" :
"no" ) );
456 SSL_DEBUG_MSG( 3, (
"server hello, compress alg.: %d", 0 ) );
469 static int ssl_write_certificate_request(
ssl_context *ssl )
473 unsigned char *buf, *p;
514 *p++ = (
unsigned char)( n >> 8 );
515 *p++ = (
unsigned char)( n );
519 p += n; crt = crt->
next;
525 ssl->
out_msg[6] = (
unsigned char)( ( n - 8 ) >> 8 );
526 ssl->
out_msg[7] = (
unsigned char)( ( n - 8 ) );
535 static int ssl_write_server_key_exchange(
ssl_context *ssl )
537 #if defined(POLARSSL_DHM_C)
539 size_t n, rsa_key_len = 0;
540 unsigned char hash[36];
558 #if !defined(POLARSSL_DHM_C)
565 #if defined(POLARSSL_PKCS11_C)
566 if( ssl->pkcs11_key == NULL )
571 #if defined(POLARSSL_PKCS11_C)
624 #if defined(POLARSSL_PKCS11_C)
626 rsa_key_len = ssl->pkcs11_key->len;
629 ssl->
out_msg[4 + n] = (
unsigned char)( rsa_key_len >> 8 );
630 ssl->
out_msg[5 + n] = (
unsigned char)( rsa_key_len );
638 #if defined(POLARSSL_PKCS11_C)
671 static int ssl_write_server_hello_done(
ssl_context *ssl )
694 static int ssl_parse_client_key_exchange(
ssl_context *ssl )
725 #if !defined(POLARSSL_DHM_C)
742 ssl->
in_msg + 6, n ) ) != 0 )
766 #if defined(POLARSSL_PKCS11_C)
767 if( ssl->pkcs11_key == NULL )
772 #if defined(POLARSSL_PKCS11_C)
783 #if defined(POLARSSL_PKCS11_C)
785 n = ssl->pkcs11_key->len;
792 if( ssl->
in_msg[4] != ( ( n >> 8 ) & 0xFF ) ||
793 ssl->
in_msg[5] != ( ( n ) & 0xFF ) )
811 #if defined(POLARSSL_PKCS11_C)
819 if( ret != 0 || ssl->
pmslen != 48 ||
845 if( ssl->
s_set != NULL )
855 static int ssl_parse_certificate_verify(
ssl_context *ssl )
859 unsigned char hash[36];
895 if( n1 + 6 != ssl->
in_hslen || n1 != n2 )
940 ret = ssl_parse_client_hello( ssl );
951 ret = ssl_write_server_hello( ssl );
959 ret = ssl_write_server_key_exchange( ssl );
963 ret = ssl_write_certificate_request( ssl );
967 ret = ssl_write_server_hello_done( ssl );
982 ret = ssl_parse_client_key_exchange( ssl );
986 ret = ssl_parse_certificate_verify( ssl );