28 #if defined(POLARSSL_SSL_SRV_C)
37 static int ssl_parse_servername_ext(
ssl_context *ssl,
38 const unsigned char *buf,
42 size_t servername_list_size, hostname_len;
43 const unsigned char *p;
45 servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
46 if( servername_list_size + 2 != len )
53 while( servername_list_size > 0 )
55 hostname_len = ( ( p[1] << 8 ) | p[2] );
56 if( hostname_len + 3 > servername_list_size )
64 ret = ssl->
f_sni( ssl->
p_sni, ssl, p + 3, hostname_len );
74 servername_list_size -= hostname_len + 3;
75 p += hostname_len + 3;
78 if( servername_list_size != 0 )
87 static int ssl_parse_renegotiation_info(
ssl_context *ssl,
88 const unsigned char *buf,
95 if( len != 1 || buf[0] != 0x0 )
97 SSL_DEBUG_MSG( 1, (
"non-zero length renegotiated connection field" ) );
113 SSL_DEBUG_MSG( 1, (
"non-matching renegotiated connection field" ) );
125 static int ssl_parse_signature_algorithms_ext(
ssl_context *ssl,
126 const unsigned char *buf,
129 size_t sig_alg_list_size;
130 const unsigned char *p;
132 sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
133 if( sig_alg_list_size + 2 != len ||
134 sig_alg_list_size %2 != 0 )
141 while( sig_alg_list_size > 0 )
145 sig_alg_list_size -= 2;
149 #if defined(POLARSSL_SHA4_C)
161 #if defined(POLARSSL_SHA2_C)
184 sig_alg_list_size -= 2;
188 SSL_DEBUG_MSG( 3, (
"client hello v3, signature_algorithm ext: %d",
194 #if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
195 static int ssl_parse_client_hello_v2(
ssl_context *ssl )
200 unsigned int ciph_len, sess_len, chal_len;
201 unsigned char *buf, *p;
207 SSL_DEBUG_MSG( 1, (
"client hello v2 illegal for renegotiation" ) );
222 ( ( buf[0] & 0x7F ) << 8 ) | buf[1] ) );
223 SSL_DEBUG_MSG( 3, (
"client hello v2, max. version: [%d:%d]",
243 n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF;
245 if( n < 17 || n > 512 )
257 SSL_DEBUG_MSG( 1, (
"client only supports ssl smaller than minimum"
290 ciph_len = ( buf[0] << 8 ) | buf[1];
291 sess_len = ( buf[2] << 8 ) | buf[3];
292 chal_len = ( buf[4] << 8 ) | buf[5];
294 SSL_DEBUG_MSG( 3, (
"ciph_len: %d, sess_len: %d, chal_len: %d",
295 ciph_len, sess_len, chal_len ) );
300 if( ciph_len < 3 || ( ciph_len % 3 ) != 0 )
312 if( chal_len < 8 || chal_len > 32 )
318 if( n != 6 + ciph_len + sess_len + chal_len )
327 buf + 6 + ciph_len, sess_len );
329 buf + 6 + ciph_len + sess_len, chal_len );
331 p = buf + 6 + ciph_len;
343 for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 )
347 SSL_DEBUG_MSG( 3, (
"received TLS_EMPTY_RENEGOTIATION_INFO " ) );
350 SSL_DEBUG_MSG( 1, (
"received RENEGOTIATION SCSV during renegotiation" ) );
364 for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
369 goto have_ciphersuite_v2;
387 SSL_DEBUG_MSG( 1, (
"legacy renegotiation, breaking off handshake" ) );
404 static int ssl_parse_client_hello(
ssl_context *ssl )
409 unsigned int ciph_len, sess_len;
410 unsigned int comp_len;
411 unsigned int ext_len = 0;
412 unsigned char *buf, *p, *ext;
413 int renegotiation_info_seen = 0;
414 int handshake_failure = 0;
427 #if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
428 if( ( buf[0] & 0x80 ) != 0 )
429 return ssl_parse_client_hello_v2( ssl );
437 ( buf[3] << 8 ) | buf[4] ) );
438 SSL_DEBUG_MSG( 3, (
"client hello v3, protocol ver: [%d:%d]",
456 n = ( buf[3] << 8 ) | buf[4];
458 if( n < 45 || n > 512 )
498 ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) );
499 SSL_DEBUG_MSG( 3, (
"client hello v3, max. version: [%d:%d]",
518 SSL_DEBUG_MSG( 1, (
"client only supports ssl smaller than minimum"
536 if( buf[1] != 0 || n != (
unsigned int) 4 + ( ( buf[2] << 8 ) | buf[3] ) )
562 ciph_len = ( buf[39 + sess_len] << 8 )
563 | ( buf[40 + sess_len] );
565 if( ciph_len < 2 || ciph_len > 256 || ( ciph_len % 2 ) != 0 )
574 comp_len = buf[41 + sess_len + ciph_len];
576 if( comp_len < 1 || comp_len > 16 )
585 if( n > 42 + sess_len + ciph_len + comp_len )
587 ext_len = ( buf[42 + sess_len + ciph_len + comp_len] << 8 )
588 | ( buf[43 + sess_len + ciph_len + comp_len] );
590 if( ( ext_len > 0 && ext_len < 4 ) ||
591 n != 44 + sess_len + ciph_len + comp_len + ext_len )
594 SSL_DEBUG_BUF( 3,
"Ext", buf + 44 + sess_len + ciph_len + comp_len, ext_len);
600 #if defined(POLARSSL_ZLIB_SUPPORT)
601 for( i = 0; i < comp_len; ++i )
614 buf + 38, sess_len );
616 buf + 41 + sess_len, ciph_len );
618 buf + 42 + sess_len + ciph_len, comp_len );
623 for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 )
627 SSL_DEBUG_MSG( 3, (
"received TLS_EMPTY_RENEGOTIATION_INFO " ) );
630 SSL_DEBUG_MSG( 1, (
"received RENEGOTIATION SCSV during renegotiation" ) );
647 for( j = 0, p = buf + 41 + sess_len; j < ciph_len;
652 goto have_ciphersuite;
664 ext = buf + 44 + sess_len + ciph_len + comp_len;
668 unsigned int ext_id = ( ( ext[0] << 8 )
670 unsigned int ext_size = ( ( ext[2] << 8 )
673 if( ext_size + 4 > ext_len )
682 if( ssl->
f_sni == NULL )
685 ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
692 renegotiation_info_seen = 1;
694 ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
700 SSL_DEBUG_MSG( 3, (
"found signature_algorithms extension" ) );
704 ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
710 SSL_DEBUG_MSG( 3, (
"unknown extension found: %d (ignoring)",
714 ext_len -= 4 + ext_size;
717 if( ext_len > 0 && ext_len < 4 )
730 SSL_DEBUG_MSG( 1, (
"legacy renegotiation, breaking off handshake" ) );
731 handshake_failure = 1;
735 renegotiation_info_seen == 0 )
737 SSL_DEBUG_MSG( 1, (
"renegotiation_info extension missing (secure)" ) );
738 handshake_failure = 1;
745 handshake_failure = 1;
749 renegotiation_info_seen == 1 )
751 SSL_DEBUG_MSG( 1, (
"renegotiation_info extension present (legacy)" ) );
752 handshake_failure = 1;
755 if( handshake_failure == 1 )
771 static int ssl_write_server_hello(
ssl_context *ssl )
776 unsigned char *buf, *p;
797 *p++ = (
unsigned char)( t >> 24 );
798 *p++ = (
unsigned char)( t >> 16 );
799 *p++ = (
unsigned char)( t >> 8 );
800 *p++ = (
unsigned char)( t );
802 SSL_DEBUG_MSG( 3, (
"server hello, current time: %lu", t ) );
804 if( ( ret = ssl->
f_rng( ssl->
p_rng, p, 28 ) ) != 0 )
811 SSL_DEBUG_BUF( 3,
"server hello, random bytes", buf + 6, 32 );
854 SSL_DEBUG_MSG( 3, (
"server hello, session id len.: %d", n ) );
870 SSL_DEBUG_MSG( 3, (
"server hello, prepping for secure renegotiation extension" ) );
873 SSL_DEBUG_MSG( 3, (
"server hello, total extension length: %d",
876 *p++ = (
unsigned char)( ( ext_len >> 8 ) & 0xFF );
877 *p++ = (
unsigned char)( ( ext_len ) & 0xFF );
882 SSL_DEBUG_MSG( 3, (
"client hello, secure renegotiation extension" ) );
908 static int ssl_write_certificate_request(
ssl_context *ssl )
911 size_t n = 0, dn_size, total_dn_size;
912 unsigned char *buf, *p;
976 while( crt != NULL && crt->
version != 0)
982 *p++ = (
unsigned char)( dn_size >> 8 );
983 *p++ = (
unsigned char)( dn_size );
989 total_dn_size += 2 + dn_size;
996 ssl->
out_msg[6 + n] = (
unsigned char)( total_dn_size >> 8 );
997 ssl->
out_msg[7 + n] = (
unsigned char)( total_dn_size );
1006 static int ssl_write_server_key_exchange(
ssl_context *ssl )
1008 #if defined(POLARSSL_DHM_C)
1010 size_t n, rsa_key_len = 0;
1011 unsigned char hash[64];
1013 unsigned int hashlen = 0;
1031 SSL_DEBUG_MSG( 2, (
"<= skip write server key exchange" ) );
1036 #if !defined(POLARSSL_DHM_C)
1117 #if defined(POLARSSL_SHA4_C)
1144 #if defined(POLARSSL_SHA2_C)
1210 ssl->
out_msg[4 + n] = (
unsigned char)( rsa_key_len >> 8 );
1211 ssl->
out_msg[5 + n] = (
unsigned char)( rsa_key_len );
1217 hash_id, hashlen, hash,
1247 static int ssl_write_server_hello_done(
ssl_context *ssl )
1270 static int ssl_parse_client_key_exchange(
ssl_context *ssl )
1308 #if !defined(POLARSSL_DHM_C)
1325 ssl->
in_msg + 6, n ) ) != 0 )
1365 if( ssl->
in_msg[4] != ( ( n >> 8 ) & 0xFF ) ||
1366 ssl->
in_msg[5] != ( ( n ) & 0xFF ) )
1422 static int ssl_parse_certificate_verify(
ssl_context *ssl )
1425 size_t n = 0, n1, n2;
1426 unsigned char hash[48];
1428 unsigned int hashlen;
1470 SSL_DEBUG_MSG( 1, (
"peer not adhering to requested sig_alg for verify message" ) );
1496 if( n + n1 + 6 != ssl->
in_hslen || n1 != n2 )
1504 hash_id, hashlen, hash, ssl->
in_msg + 6 + n );
1531 switch( ssl->
state )
1541 ret = ssl_parse_client_hello( ssl );
1552 ret = ssl_write_server_hello( ssl );
1560 ret = ssl_write_server_key_exchange( ssl );
1564 ret = ssl_write_certificate_request( ssl );
1568 ret = ssl_write_server_hello_done( ssl );
1583 ret = ssl_parse_client_key_exchange( ssl );
1587 ret = ssl_parse_certificate_verify( ssl );