36 #if defined(POLARSSL_SSL_TLS_C)
46 #if defined(POLARSSL_GCM_C)
53 #if defined _MSC_VER && !defined strcasecmp
54 #define strcasecmp _stricmp
58 static void polarssl_zeroize(
void *v,
size_t n ) {
59 volatile unsigned char *p = v;
while( n-- ) *p++ = 0;
62 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
64 const unsigned char *key_enc,
const unsigned char *key_dec,
65 const unsigned char *iv_enc,
const unsigned char *iv_dec,
66 const unsigned char *mac_enc,
const unsigned char *mac_dec) = NULL;
67 int (*ssl_hw_record_reset)(
ssl_context *ssl) = NULL;
68 int (*ssl_hw_record_write)(
ssl_context *ssl) = NULL;
70 int (*ssl_hw_record_finish)(
ssl_context *ssl) = NULL;
73 static int ssl_rsa_decrypt(
void *ctx,
74 int (*f_rng)(
void *,
unsigned char *,
size_t),
75 void *p_rng,
int mode,
size_t *olen,
76 const unsigned char *input,
unsigned char *output,
77 size_t output_max_len )
80 input, output, output_max_len );
83 static int ssl_rsa_sign(
void *ctx,
84 int (*f_rng)(
void *,
unsigned char *,
size_t),
void *p_rng,
85 int mode,
int hash_id,
unsigned int hashlen,
86 const unsigned char *hash,
unsigned char *sig )
92 static size_t ssl_rsa_key_len(
void *ctx )
100 static int ssl3_prf(
unsigned char *secret,
size_t slen,
char *label,
101 unsigned char *random,
size_t rlen,
102 unsigned char *dstbuf,
size_t dlen )
107 unsigned char padding[16];
108 unsigned char sha1sum[20];
119 for( i = 0; i < dlen / 16; i++ )
121 memset( padding,
'A' + i, 1 + i );
135 polarssl_zeroize( &md5,
sizeof( md5 ) );
136 polarssl_zeroize( &sha1,
sizeof( sha1 ) );
138 polarssl_zeroize( padding,
sizeof( padding ) );
139 polarssl_zeroize( sha1sum,
sizeof( sha1sum ) );
144 static int tls1_prf(
unsigned char *secret,
size_t slen,
char *label,
145 unsigned char *random,
size_t rlen,
146 unsigned char *dstbuf,
size_t dlen )
150 unsigned char *S1, *S2;
151 unsigned char tmp[128];
152 unsigned char h_i[20];
154 if(
sizeof( tmp ) < 20 + strlen( label ) + rlen )
157 hs = ( slen + 1 ) / 2;
159 S2 = secret + slen - hs;
161 nb = strlen( label );
162 memcpy( tmp + 20, label, nb );
163 memcpy( tmp + 20 + nb, random, rlen );
169 md5_hmac( S1, hs, tmp + 20, nb, 4 + tmp );
171 for( i = 0; i < dlen; i += 16 )
173 md5_hmac( S1, hs, 4 + tmp, 16 + nb, h_i );
174 md5_hmac( S1, hs, 4 + tmp, 16, 4 + tmp );
176 k = ( i + 16 > dlen ) ? dlen % 16 : 16;
178 for( j = 0; j < k; j++ )
179 dstbuf[i + j] = h_i[j];
187 for( i = 0; i < dlen; i += 20 )
192 k = ( i + 20 > dlen ) ? dlen % 20 : 20;
194 for( j = 0; j < k; j++ )
195 dstbuf[i + j] = (
unsigned char)( dstbuf[i + j] ^ h_i[j] );
198 polarssl_zeroize( tmp,
sizeof( tmp ) );
199 polarssl_zeroize( h_i,
sizeof( h_i ) );
204 static int tls_prf_sha256(
unsigned char *secret,
size_t slen,
char *label,
205 unsigned char *random,
size_t rlen,
206 unsigned char *dstbuf,
size_t dlen )
210 unsigned char tmp[128];
211 unsigned char h_i[32];
213 if(
sizeof( tmp ) < 32 + strlen( label ) + rlen )
216 nb = strlen( label );
217 memcpy( tmp + 32, label, nb );
218 memcpy( tmp + 32 + nb, random, rlen );
224 sha2_hmac( secret, slen, tmp + 32, nb, tmp, 0 );
226 for( i = 0; i < dlen; i += 32 )
228 sha2_hmac( secret, slen, tmp, 32 + nb, h_i, 0 );
229 sha2_hmac( secret, slen, tmp, 32, tmp, 0 );
231 k = ( i + 32 > dlen ) ? dlen % 32 : 32;
233 for( j = 0; j < k; j++ )
234 dstbuf[i + j] = h_i[j];
237 polarssl_zeroize( tmp,
sizeof( tmp ) );
238 polarssl_zeroize( h_i,
sizeof( h_i ) );
243 #if defined(POLARSSL_SHA4_C)
244 static int tls_prf_sha384(
unsigned char *secret,
size_t slen,
char *label,
245 unsigned char *random,
size_t rlen,
246 unsigned char *dstbuf,
size_t dlen )
250 unsigned char tmp[128];
251 unsigned char h_i[48];
253 if(
sizeof( tmp ) < 48 + strlen( label ) + rlen )
256 nb = strlen( label );
257 memcpy( tmp + 48, label, nb );
258 memcpy( tmp + 48 + nb, random, rlen );
264 sha4_hmac( secret, slen, tmp + 48, nb, tmp, 1 );
266 for( i = 0; i < dlen; i += 48 )
268 sha4_hmac( secret, slen, tmp, 48 + nb, h_i, 1 );
269 sha4_hmac( secret, slen, tmp, 48, tmp, 1 );
271 k = ( i + 48 > dlen ) ? dlen % 48 : 48;
273 for( j = 0; j < k; j++ )
274 dstbuf[i + j] = h_i[j];
277 polarssl_zeroize( tmp,
sizeof( tmp ) );
278 polarssl_zeroize( h_i,
sizeof( h_i ) );
284 static void ssl_update_checksum_start(
ssl_context *,
unsigned char *,
size_t);
285 static void ssl_update_checksum_md5sha1(
ssl_context *,
unsigned char *,
size_t);
286 static void ssl_update_checksum_sha256(
ssl_context *,
unsigned char *,
size_t);
288 static void ssl_calc_verify_ssl(
ssl_context *,
unsigned char *);
289 static void ssl_calc_verify_tls(
ssl_context *,
unsigned char *);
290 static void ssl_calc_verify_tls_sha256(
ssl_context *,
unsigned char *);
292 static void ssl_calc_finished_ssl(
ssl_context *,
unsigned char *,
int);
293 static void ssl_calc_finished_tls(
ssl_context *,
unsigned char *,
int);
294 static void ssl_calc_finished_tls_sha256(
ssl_context *,
unsigned char *,
int);
296 #if defined(POLARSSL_SHA4_C)
297 static void ssl_update_checksum_sha384(
ssl_context *,
unsigned char *,
size_t);
298 static void ssl_calc_verify_tls_sha384(
ssl_context *,
unsigned char *);
299 static void ssl_calc_finished_tls_sha384(
ssl_context *,
unsigned char *,
int);
304 unsigned char tmp[64];
305 unsigned char keyblk[256];
308 unsigned int iv_copy_len;
330 #if defined(POLARSSL_SHA4_C)
334 handshake->
tls_prf = tls_prf_sha384;
335 handshake->
calc_verify = ssl_calc_verify_tls_sha384;
341 handshake->
tls_prf = tls_prf_sha256;
342 handshake->
calc_verify = ssl_calc_verify_tls_sha256;
356 if( handshake->
resume == 0 )
362 (
char *)
"master secret",
374 memcpy( handshake->
randbytes, tmp + 32, 32 );
375 memcpy( handshake->
randbytes + 32, tmp, 32 );
376 polarssl_zeroize( tmp,
sizeof( tmp ) );
390 handshake->
tls_prf( session->
master, 48, (
char *)
"key expansion",
406 #if defined(POLARSSL_ARC4_C)
418 #if defined(POLARSSL_DES_C)
426 #if defined(POLARSSL_AES_C)
439 #if defined(POLARSSL_SHA2_C)
452 #if defined(POLARSSL_GCM_C)
469 #if defined(POLARSSL_CAMELLIA_C)
482 #if defined(POLARSSL_SHA2_C)
497 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
498 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
515 #if defined(POLARSSL_DES_C)
530 SSL_DEBUG_MSG( 3, (
"keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
545 key1 = keyblk + transform->
maclen * 2;
546 key2 = keyblk + transform->
maclen * 2 + transform->
keylen;
557 memcpy( transform->
iv_enc, key2 + transform->
keylen, iv_copy_len );
558 memcpy( transform->
iv_dec, key2 + transform->
keylen + iv_copy_len,
563 key1 = keyblk + transform->
maclen * 2 + transform->
keylen;
564 key2 = keyblk + transform->
maclen * 2;
575 memcpy( transform->
iv_dec, key1 + transform->
keylen, iv_copy_len );
576 memcpy( transform->
iv_enc, key1 + transform->
keylen + iv_copy_len,
580 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
581 if( ssl_hw_record_init != NULL)
587 if( ( ret = ssl_hw_record_init( ssl, key1, key2, transform->
iv_enc,
599 #if defined(POLARSSL_ARC4_C)
609 #if defined(POLARSSL_DES_C)
617 #if defined(POLARSSL_AES_C)
634 #if defined(POLARSSL_GCM_C)
649 #if defined(POLARSSL_CAMELLIA_C)
667 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
668 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
675 #if defined(POLARSSL_DES_C)
688 polarssl_zeroize( keyblk,
sizeof( keyblk ) );
690 #if defined(POLARSSL_ZLIB_SUPPORT)
697 memset( &transform->ctx_deflate, 0,
sizeof( transform->ctx_deflate ) );
698 memset( &transform->ctx_inflate, 0,
sizeof( transform->ctx_inflate ) );
700 if( deflateInit( &transform->ctx_deflate, Z_DEFAULT_COMPRESSION ) != Z_OK ||
701 inflateInit( &transform->ctx_inflate ) != Z_OK )
714 void ssl_calc_verify_ssl(
ssl_context *ssl,
unsigned char hash[36] )
718 unsigned char pad_1[48];
719 unsigned char pad_2[48];
726 memset( pad_1, 0x36, 48 );
727 memset( pad_2, 0x5C, 48 );
755 void ssl_calc_verify_tls(
ssl_context *ssl,
unsigned char hash[36] )
774 void ssl_calc_verify_tls_sha256(
ssl_context *ssl,
unsigned char hash[32] )
789 #if defined(POLARSSL_SHA4_C)
790 void ssl_calc_verify_tls_sha384(
ssl_context *ssl,
unsigned char hash[48] )
809 static void ssl_mac_md5(
unsigned char *secret,
810 unsigned char *buf,
size_t len,
811 unsigned char *ctr,
int type )
813 unsigned char header[11];
814 unsigned char padding[48];
817 memcpy( header, ctr, 8 );
818 header[ 8] = (
unsigned char) type;
819 header[ 9] = (
unsigned char)( len >> 8 );
820 header[10] = (
unsigned char)( len );
822 memset( padding, 0x36, 48 );
830 memset( padding, 0x5C, 48 );
838 static void ssl_mac_sha1(
unsigned char *secret,
839 unsigned char *buf,
size_t len,
840 unsigned char *ctr,
int type )
842 unsigned char header[11];
843 unsigned char padding[40];
846 memcpy( header, ctr, 8 );
847 header[ 8] = (
unsigned char) type;
848 header[ 9] = (
unsigned char)( len >> 8 );
849 header[10] = (
unsigned char)( len );
851 memset( padding, 0x36, 40 );
859 memset( padding, 0x5C, 40 );
867 static void ssl_mac_sha2(
unsigned char *secret,
868 unsigned char *buf,
size_t len,
869 unsigned char *ctr,
int type )
871 unsigned char header[11];
872 unsigned char padding[32];
875 memcpy( header, ctr, 8 );
876 header[ 8] = (
unsigned char) type;
877 header[ 9] = (
unsigned char)( len >> 8 );
878 header[10] = (
unsigned char)( len );
880 memset( padding, 0x36, 32 );
888 memset( padding, 0x5C, 32 );
976 "including %d bytes of padding",
982 #if defined(POLARSSL_ARC4_C)
991 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
1003 unsigned char *enc_msg;
1004 unsigned char add_data[13];
1009 memcpy( add_data, ssl->
out_ctr, 8 );
1013 add_data[11] = ( ssl->
out_msglen >> 8 ) & 0xFF;
1019 #if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
1055 "including %d bytes of padding",
1071 16, enc_msg + enc_msglen );
1074 enc_msg + enc_msglen, 16 );
1082 unsigned char *enc_msg;
1090 for( i = 0; i <= padlen; i++ )
1129 "including %d bytes of IV and %d bytes of padding",
1137 #if defined(POLARSSL_DES_C)
1139 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
1156 #if defined(POLARSSL_AES_C)
1173 #if defined(POLARSSL_CAMELLIA_C)
1195 for( i = 8; i > 0; i-- )
1196 if( ++ssl->
out_ctr[i - 1] != 0 )
1202 SSL_DEBUG_MSG( 1, (
"outgoing message counter would wrap" ) );
1214 #define POLARSSL_SSL_MAX_MAC_SIZE 32
1218 size_t i, padlen = 0, correct = 1;
1219 unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE];
1232 #if defined(POLARSSL_ARC4_C)
1241 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
1252 unsigned char *dec_msg;
1253 unsigned char *dec_msg_result;
1255 unsigned char add_data[13];
1257 unsigned char taglen = 16;
1261 #if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
1267 if( ssl->
in_msglen < explicit_iv_len + taglen )
1271 explicit_iv_len, taglen ) );
1274 dec_msglen = ssl->
in_msglen - explicit_iv_len - taglen;
1276 dec_msg = ssl->
in_msg + explicit_iv_len;
1277 dec_msg_result = ssl->
in_msg;
1280 memcpy( add_data, ssl->
in_ctr, 8 );
1284 add_data[11] = ( ssl->
in_msglen >> 8 ) & 0xFF;
1307 dec_msg + dec_msglen, 16,
1308 dec_msg, dec_msg_result );
1312 SSL_DEBUG_MSG( 1, (
"AEAD decrypt failed on validation (ret = -0x%02x)",
1326 unsigned char *dec_msg;
1327 unsigned char *dec_msg_result;
1347 SSL_DEBUG_MSG( 1, (
"msglen (%d) < max( ivlen(%d), maclen (%d) + 1 ) ( + expl IV )",
1354 dec_msg_result = ssl->
in_msg;
1371 #if defined(POLARSSL_DES_C)
1373 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
1390 #if defined(POLARSSL_AES_C)
1407 #if defined(POLARSSL_CAMELLIA_C)
1432 #if defined(POLARSSL_SSL_DEBUG_ALL)
1433 SSL_DEBUG_MSG( 1, (
"msglen (%d) < maclen (%d) + padlen (%d)",
1444 #if defined(POLARSSL_SSL_DEBUG_ALL)
1446 "should be no more than %d",
1458 size_t pad_count = 0, real_count = 1;
1459 size_t padding_idx = ssl->
in_msglen - padlen - 1;
1471 correct &= ( ssl->
in_msglen >= padlen + 1 );
1475 padding_idx *= correct;
1477 for( i = 1; i <= 256; i++ )
1479 real_count &= ( i <= padlen );
1480 pad_count += real_count *
1481 ( ssl->
in_msg[padding_idx + i] == padlen - 1 );
1484 correct &= ( pad_count == padlen );
1486 #if defined(POLARSSL_SSL_DEBUG_ALL)
1487 if( padlen > 0 && correct == 0)
1490 padlen &= correct * 0x1FF;
1543 int j, extra_run = 0;
1544 extra_run = ( 13 + ssl->
in_msglen + padlen + 8 ) / 64 -
1547 extra_run &= correct * 0xFF;
1556 for( j = 0; j < extra_run; j++ )
1566 for( j = 0; j < extra_run; j++ )
1576 for( j = 0; j < extra_run; j++ )
1594 #if defined(POLARSSL_SSL_DEBUG_ALL)
1617 "messages, possible DoS attack" ) );
1624 for( i = 8; i > 0; i-- )
1625 if( ++ssl->
in_ctr[i - 1] != 0 )
1631 SSL_DEBUG_MSG( 1, (
"incoming message counter would wrap" ) );
1640 #if defined(POLARSSL_ZLIB_SUPPORT)
1647 unsigned char *msg_post = ssl->
out_msg;
1649 unsigned char *msg_pre;
1653 msg_pre = (
unsigned char*) malloc( len_pre );
1654 if( msg_pre == NULL )
1660 memcpy( msg_pre, ssl->
out_msg, len_pre );
1673 ret = deflate( &ssl->
transform_out->ctx_deflate, Z_SYNC_FLUSH );
1676 SSL_DEBUG_MSG( 1, (
"failed to perform compression (%d)", ret ) );
1698 unsigned char *msg_post = ssl->
in_msg;
1700 unsigned char *msg_pre;
1704 msg_pre = (
unsigned char*) malloc( len_pre );
1705 if( msg_pre == NULL )
1711 memcpy( msg_pre, ssl->
in_msg, len_pre );
1724 ret = inflate( &ssl->
transform_in->ctx_inflate, Z_SYNC_FLUSH );
1727 SSL_DEBUG_MSG( 1, (
"failed to perform decompression (%d)", ret ) );
1763 while( ssl->
in_left < nb_want )
1805 buf = ssl->
out_hdr + 5 - header_left;
1844 ssl->
out_msg[1] = (
unsigned char)( ( len - 4 ) >> 16 );
1845 ssl->
out_msg[2] = (
unsigned char)( ( len - 4 ) >> 8 );
1846 ssl->
out_msg[3] = (
unsigned char)( ( len - 4 ) );
1851 #if defined(POLARSSL_ZLIB_SUPPORT)
1855 if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
1865 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
1866 if( ssl_hw_record_write != NULL)
1870 ret = ssl_hw_record_write( ssl );
1884 ssl->
out_hdr[3] = (
unsigned char)( len >> 8 );
1885 ssl->
out_hdr[4] = (
unsigned char)( len );
1889 if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
1896 ssl->
out_hdr[3] = (
unsigned char)( len >> 8 );
1897 ssl->
out_hdr[4] = (
unsigned char)( len );
1903 "version = [%d:%d], msglen = %d",
1945 " %d, type = %d, hslen = %d",
1981 "version = [%d:%d], msglen = %d",
2054 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
2055 if( ssl_hw_record_read != NULL)
2059 ret = ssl_hw_record_read( ssl );
2070 if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
2072 #if defined(POLARSSL_SSL_ALERT_MESSAGES)
2094 #if defined(POLARSSL_ZLIB_SUPPORT)
2098 if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
2132 " %d, type = %d, hslen = %d",
2203 unsigned char level,
2204 unsigned char message )
2285 while( crt != NULL )
2295 ssl->
out_msg[i ] = (
unsigned char)( n >> 16 );
2296 ssl->
out_msg[i + 1] = (
unsigned char)( n >> 8 );
2297 ssl->
out_msg[i + 2] = (
unsigned char)( n );
2299 i += 3; memcpy( ssl->
out_msg + i, crt->
raw.
p, n );
2300 i += n; crt = crt->
next;
2303 ssl->
out_msg[4] = (
unsigned char)( ( i - 7 ) >> 16 );
2304 ssl->
out_msg[5] = (
unsigned char)( ( i - 7 ) >> 8 );
2305 ssl->
out_msg[6] = (
unsigned char)( ( i - 7 ) );
2377 memcmp( ssl->
in_msg + 4,
"\0\0\0", 3 ) == 0 )
2431 while( i < ssl->in_hslen )
2433 if( ssl->
in_msg[i] != 0 )
2439 n = ( (
unsigned int) ssl->
in_msg[i + 1] << 8 )
2440 | (
unsigned int) ssl->
in_msg[i + 2];
2443 if( n < 128 || i + n > ssl->
in_hslen )
2471 SSL_DEBUG_MSG( 1, (
"new server cert during renegotiation" ) );
2481 SSL_DEBUG_MSG( 1, (
"server cert changed during renegotiation" ) );
2567 #if !defined(POLARSSL_SHA4_C)
2568 ((void) ciphersuite);
2573 #if defined(POLARSSL_SHA4_C)
2584 static void ssl_update_checksum_start(
ssl_context *ssl,
unsigned char *buf,
2590 #if defined(POLARSSL_SHA4_C)
2595 static void ssl_update_checksum_md5sha1(
ssl_context *ssl,
unsigned char *buf,
2602 static void ssl_update_checksum_sha256(
ssl_context *ssl,
unsigned char *buf,
2608 #if defined(POLARSSL_SHA4_C)
2609 static void ssl_update_checksum_sha384(
ssl_context *ssl,
unsigned char *buf,
2616 static void ssl_calc_finished_ssl(
2623 unsigned char padbuf[48];
2624 unsigned char md5sum[16];
2625 unsigned char sha1sum[20];
2645 #if !defined(POLARSSL_MD5_ALT)
2650 #if !defined(POLARSSL_SHA1_ALT)
2658 memset( padbuf, 0x36, 48 );
2660 md5_update( &md5, (
const unsigned char *) sender, 4 );
2665 sha1_update( &sha1, (
const unsigned char *) sender, 4 );
2670 memset( padbuf, 0x5C, 48 );
2689 polarssl_zeroize( padbuf,
sizeof( padbuf ) );
2690 polarssl_zeroize( md5sum,
sizeof( md5sum ) );
2691 polarssl_zeroize( sha1sum,
sizeof( sha1sum ) );
2696 static void ssl_calc_finished_tls(
2703 unsigned char padbuf[36];
2720 #if !defined(POLARSSL_MD5_ALT)
2725 #if !defined(POLARSSL_SHA1_ALT)
2732 :
"server finished";
2738 padbuf, 36, buf, len );
2745 polarssl_zeroize( padbuf,
sizeof( padbuf ) );
2750 static void ssl_calc_finished_tls_sha256(
2756 unsigned char padbuf[32];
2772 #if !defined(POLARSSL_SHA2_ALT)
2779 :
"server finished";
2784 padbuf, 32, buf, len );
2789 polarssl_zeroize( padbuf,
sizeof( padbuf ) );
2794 #if defined(POLARSSL_SHA4_C)
2795 static void ssl_calc_finished_tls_sha384(
2801 unsigned char padbuf[48];
2817 #if !defined(POLARSSL_SHA4_ALT)
2824 :
"server finished";
2829 padbuf, 48, buf, len );
2834 polarssl_zeroize( padbuf,
sizeof( padbuf ) );
2917 SSL_DEBUG_MSG( 3, (
"switching to new transform spec for outbound data" ) );
2936 unsigned int hash_len;
2937 unsigned char buf[36];
2946 SSL_DEBUG_MSG( 3, (
"switching to new transform spec for inbound data" ) );
2949 memset( ssl->
in_ctr, 0, 8 );
3031 SSL_DEBUG_MSG( 1, (
"malloc() of ssl sub-contexts failed" ) );
3038 #if defined(POLARSSL_SHA4_C)
3071 #if defined(POLARSSL_DHM_C)
3085 ssl->
in_ctr = (
unsigned char *) malloc( len );
3089 if( ssl->
in_ctr == NULL )
3095 ssl->
out_ctr = (
unsigned char *) malloc( len );
3102 free( ssl-> in_ctr );
3113 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
3154 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
3155 if( ssl_hw_record_reset != NULL)
3158 if( ssl_hw_record_reset( ssl ) != 0 )
3180 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
3200 int (*f_vrfy)(
void *,
x509_cert *,
int,
int *),
3208 int (*f_rng)(
void *,
unsigned char *,
size_t),
3216 void (*f_dbg)(
void *,
int,
const char *),
3224 int (*f_recv)(
void *,
unsigned char *,
size_t),
void *p_recv,
3225 int (*f_send)(
void *,
const unsigned char *,
size_t),
void *p_send )
3234 int (*f_get_cache)(
void *,
ssl_session *),
void *p_get_cache,
3235 int (*f_set_cache)(
void *,
const ssl_session *),
void *p_set_cache )
3258 int major,
int minor )
3270 x509_crl *ca_crl,
const char *peer_cn )
3298 #if defined(POLARSSL_DHM_C)
3340 if( hostname == NULL )
3353 memcpy( ssl->
hostname, (
const unsigned char *) hostname,
3363 const unsigned char *,
size_t),
3407 switch( ciphersuite_id )
3409 #if defined(POLARSSL_ARC4_C)
3411 return(
"TLS-RSA-WITH-RC4-128-MD5" );
3414 return(
"TLS-RSA-WITH-RC4-128-SHA" );
3417 #if defined(POLARSSL_DES_C)
3419 return(
"TLS-RSA-WITH-3DES-EDE-CBC-SHA" );
3422 return(
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA" );
3425 #if defined(POLARSSL_AES_C)
3427 return(
"TLS-RSA-WITH-AES-128-CBC-SHA" );
3430 return(
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA" );
3433 return(
"TLS-RSA-WITH-AES-256-CBC-SHA" );
3436 return(
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA" );
3438 #if defined(POLARSSL_SHA2_C)
3440 return(
"TLS-RSA-WITH-AES-128-CBC-SHA256" );
3443 return(
"TLS-RSA-WITH-AES-256-CBC-SHA256" );
3446 return(
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256" );
3449 return(
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" );
3452 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
3454 return(
"TLS-RSA-WITH-AES-128-GCM-SHA256" );
3457 return(
"TLS-RSA-WITH-AES-256-GCM-SHA384" );
3460 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
3462 return(
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256" );
3465 return(
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" );
3469 #if defined(POLARSSL_CAMELLIA_C)
3471 return(
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" );
3474 return(
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA" );
3477 return(
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA" );
3480 return(
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA" );
3482 #if defined(POLARSSL_SHA2_C)
3484 return(
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256" );
3487 return(
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256" );
3490 return(
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256" );
3493 return(
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256" );
3497 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
3498 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
3500 return(
"TLS-RSA-WITH-NULL-MD5" );
3502 return(
"TLS-RSA-WITH-NULL-SHA" );
3504 return(
"TLS-RSA-WITH-NULL-SHA256" );
3507 #if defined(POLARSSL_DES_C)
3509 return(
"TLS-RSA-WITH-DES-CBC-SHA" );
3511 return(
"TLS-DHE-RSA-WITH-DES-CBC-SHA" );
3519 return(
"unknown" );
3524 #if defined(POLARSSL_ARC4_C)
3525 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-RC4-128-MD5"))
3527 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-RC4-128-SHA"))
3531 #if defined(POLARSSL_DES_C)
3532 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-3DES-EDE-CBC-SHA"))
3534 if (0 == strcasecmp(ciphersuite_name,
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"))
3538 #if defined(POLARSSL_AES_C)
3539 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-AES-128-CBC-SHA"))
3541 if (0 == strcasecmp(ciphersuite_name,
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA"))
3543 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-AES-256-CBC-SHA"))
3545 if (0 == strcasecmp(ciphersuite_name,
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA"))
3548 #if defined(POLARSSL_SHA2_C)
3549 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-AES-128-CBC-SHA256"))
3551 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-AES-256-CBC-SHA256"))
3553 if (0 == strcasecmp(ciphersuite_name,
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256"))
3555 if (0 == strcasecmp(ciphersuite_name,
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"))
3559 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
3560 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-AES-128-GCM-SHA256"))
3562 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-AES-256-GCM-SHA384"))
3566 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
3567 if (0 == strcasecmp(ciphersuite_name,
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256"))
3569 if (0 == strcasecmp(ciphersuite_name,
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384"))
3574 #if defined(POLARSSL_CAMELLIA_C)
3575 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"))
3577 if (0 == strcasecmp(ciphersuite_name,
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA"))
3579 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA"))
3581 if (0 == strcasecmp(ciphersuite_name,
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA"))
3584 #if defined(POLARSSL_SHA2_C)
3585 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256"))
3587 if (0 == strcasecmp(ciphersuite_name,
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"))
3589 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256"))
3591 if (0 == strcasecmp(ciphersuite_name,
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256"))
3596 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
3597 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
3598 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-NULL-MD5"))
3600 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-NULL-SHA"))
3602 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-NULL-SHA256"))
3606 #if defined(POLARSSL_DES_C)
3607 if (0 == strcasecmp(ciphersuite_name,
"TLS-RSA-WITH-DES-CBC-SHA"))
3609 if (0 == strcasecmp(ciphersuite_name,
"TLS-DHE-RSA-WITH-DES-CBC-SHA"))
3619 switch( ciphersuite_id )
3663 if( ssl == NULL || ssl->
session == NULL )
3674 return(
"SSLv3.0" );
3677 return(
"TLSv1.0" );
3680 return(
"TLSv1.1" );
3683 return(
"TLSv1.2" );
3688 return(
"unknown" );
3693 if( ssl == NULL || ssl->
session == NULL )
3701 #if defined(POLARSSL_DHM_C)
3702 #if defined(POLARSSL_AES_C)
3703 #if defined(POLARSSL_SHA2_C)
3706 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
3710 #if defined(POLARSSL_SHA2_C)
3713 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
3718 #if defined(POLARSSL_CAMELLIA_C)
3719 #if defined(POLARSSL_SHA2_C)
3723 #if defined(POLARSSL_SHA2_C)
3728 #if defined(POLARSSL_DES_C)
3733 #if defined(POLARSSL_AES_C)
3734 #if defined(POLARSSL_SHA2_C)
3737 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
3742 #if defined(POLARSSL_CAMELLIA_C)
3743 #if defined(POLARSSL_SHA2_C)
3748 #if defined(POLARSSL_AES_C)
3749 #if defined(POLARSSL_SHA2_C)
3752 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
3757 #if defined(POLARSSL_CAMELLIA_C)
3758 #if defined(POLARSSL_SHA2_C)
3763 #if defined(POLARSSL_DES_C)
3766 #if defined(POLARSSL_ARC4_C)
3780 #if defined(POLARSSL_SSL_CLI_C)
3785 #if defined(POLARSSL_SSL_SRV_C)
3830 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
3898 SSL_DEBUG_MSG( 1, (
"handshake received (not HelloRequest)" ) );
3906 SSL_DEBUG_MSG( 3, (
"ignoring renegotiation, sending alert" ) );
3942 SSL_DEBUG_MSG( 2, (
"ignoring non-fatal non-closure alert" ) );
3958 memcpy( buf, ssl->
in_offt, n );
4007 memcpy( ssl->
out_msg, buf, n );
4050 #if defined(POLARSSL_ZLIB_SUPPORT)
4051 deflateEnd( &transform->ctx_deflate );
4052 inflateEnd( &transform->ctx_inflate );
4060 #if defined(POLARSSL_DHM_C)
4074 polarssl_zeroize( session,
sizeof(
ssl_session ) );
4092 if( ssl->
in_ctr != NULL )
4098 #if defined(POLARSSL_DHM_C)
4133 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
4134 if( ssl_hw_record_finish != NULL )
4137 ssl_hw_record_finish( ssl );
#define SSL_ALERT_LEVEL_FATAL
#define SSL_ALERT_MSG_BAD_RECORD_MAC
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS 1.2.
void sha1_hmac_finish(sha1_context *ctx, unsigned char output[20])
SHA-1 HMAC final digest.
#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC
Processing of the ChangeCipherSpec handshake message failed.
int x509parse_crt_der(x509_cert *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
int ssl_send_alert_message(ssl_context *ssl, unsigned char level, unsigned char message)
Send an alert message.
void(* f_dbg)(void *, int, const char *)
int(* f_rng)(void *, unsigned char *, size_t)
void sha2_hmac_update(sha2_context *ctx, const unsigned char *input, size_t ilen)
SHA-256 HMAC process buffer.
SHA-256 context structure.
#define POLARSSL_DHM_RFC5114_MODP_1024_P
int gcm_auth_decrypt(gcm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *tag, size_t tag_len, const unsigned char *input, unsigned char *output)
GCM buffer authenticated decryption using AES.
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
void(* update_checksum)(ssl_context *, unsigned char *, size_t)
#define SSL_DEBUG_RET(level, text, ret)
#define TLS_RSA_WITH_AES_128_CBC_SHA
int(* tls_prf)(unsigned char *, size_t, char *, unsigned char *, size_t, unsigned char *, size_t)
int arc4_crypt(arc4_context *ctx, size_t length, const unsigned char *input, unsigned char *output)
ARC4 cipher function.
void arc4_setup(arc4_context *ctx, const unsigned char *key, unsigned int keylen)
ARC4 key schedule.
const int ** ciphersuites
#define TLS_RSA_WITH_RC4_128_SHA
char peer_verify_data[36]
int camellia_crypt_cbc(camellia_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CBC buffer encryption/decryption Length should be a multiple of the block size (16 bytes) ...
void ssl_set_own_cert(ssl_context *ssl, x509_cert *own_cert, rsa_context *rsa_key)
Set own certificate chain and private key.
ssl_transform * transform_out
int ssl_get_ciphersuite_min_version(const int ciphersuite_id)
#define POLARSSL_ERR_SSL_CONN_EOF
The connection indicated an EOF.
int(* f_sni)(void *, ssl_context *, const unsigned char *, size_t)
void sha1(const unsigned char *input, size_t ilen, unsigned char output[20])
Output = SHA-1( input buffer )
void(* calc_verify)(ssl_context *, unsigned char *)
#define TLS_RSA_WITH_AES_256_CBC_SHA256
TLS 1.2.
void sha1_finish(sha1_context *ctx, unsigned char output[20])
SHA-1 final digest.
void ssl_set_verify(ssl_context *ssl, int(*f_vrfy)(void *, x509_cert *, int, int *), void *p_vrfy)
Set the verification callback (Optional).
ssl_session * session_negotiate
void ssl_legacy_renegotiation(ssl_context *ssl, int allow_legacy)
Prevent or allow legacy renegotiation.
int ssl_parse_certificate(ssl_context *ssl)
void ssl_set_dbg(ssl_context *ssl, void(*f_dbg)(void *, int, const char *), void *p_dbg)
Set the debug callback.
#define POLARSSL_ERR_SSL_INVALID_RECORD
An invalid SSL record was received.
void ssl_set_own_cert_alt(ssl_context *ssl, x509_cert *own_cert, void *rsa_key, rsa_decrypt_func rsa_decrypt, rsa_sign_func rsa_sign, rsa_key_len_func rsa_key_len)
Set own certificate and alternate non-PolarSSL private key and handling callbacks, such as the PKCS#11 wrappers or any other external private key handler.
#define BADCERT_SKIP_VERIFY
Certificate verification was skipped.
void sha2_hmac_starts(sha2_context *ctx, const unsigned char *key, size_t keylen, int is224)
SHA-256 HMAC context setup.
ssl_transform * transform_in
int ssl_parse_finished(ssl_context *ssl)
x509_buf raw
The raw certificate data (DER).
int rsa_pkcs1_sign(rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, int hash_id, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
Generic wrapper to perform a PKCS#1 signature using the mode from the context.
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
TLS 1.2.
#define SSL_RENEGOTIATION
void ssl_session_free(ssl_session *session)
Free referenced items in an SSL session including the peer certificate and clear memory.
void sha1_hmac(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[20])
Output = HMAC-SHA-1( hmac key, input buffer )
void x509_free(x509_cert *crt)
Unallocate all certificate data.
int ssl_write_finished(ssl_context *ssl)
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
TLS 1.2.
Configuration options (set of defines)
ssl_transform * transform
#define SSL_DEBUG_MSG(level, args)
int aes_setkey_dec(aes_context *ctx, const unsigned char *key, unsigned int keysize)
AES key schedule (decryption)
#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY
The peer notified us that the connection is going to be closed.
void ssl_handshake_wrapup(ssl_context *ssl)
int camellia_setkey_enc(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (encryption)
#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
void md5_finish(md5_context *ctx, unsigned char output[16])
MD5 final digest.
int(* f_send)(void *, const unsigned char *, size_t)
int rsa_pkcs1_decrypt(rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
Generic wrapper to perform a PKCS#1 decryption using the mode from the context.
#define SSL_VERIFY_OPTIONAL
int ssl_set_dh_param_ctx(ssl_context *ssl, dhm_context *dhm_ctx)
Set the Diffie-Hellman public P and G values, read from existing context (server-side only) ...
#define TLS_RSA_WITH_3DES_EDE_CBC_SHA
int(* rsa_decrypt_func)(void *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
Container for an X.509 certificate.
#define SSL_VERIFY_REQUIRED
#define SSL_ALERT_MSG_NO_RENEGOTIATION
void md5_hmac(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[16])
Output = HMAC-MD5( hmac key, input buffer )
int ssl_handshake_server_step(ssl_context *ssl)
#define SSL_LEGACY_NO_RENEGOTIATION
#define SSL_MAJOR_VERSION_3
#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED
Hardware acceleration function returned with error.
void ssl_set_max_version(ssl_context *ssl, int major, int minor)
Set the maximum supported version sent from the client side.
#define POLARSSL_ERR_SSL_INVALID_MAC
Verification of the message MAC failed.
#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE
No client certification received from the client, but required by the authentication mode...
const int ssl_default_ciphersuites[]
void ssl_set_ciphersuites_for_version(ssl_context *ssl, const int *ciphersuites, int major, int minor)
Set the list of allowed ciphersuites for a specific version of the protocol.
int des3_set3key_enc(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *3])
Triple-DES key schedule (168-bit, encryption)
int ssl_init(ssl_context *ssl)
Initialize an SSL context.
int ssl_get_ciphersuite_id(const char *ciphersuite_name)
Return the ID of the ciphersuite associated with the given name.
#define SSL_MINOR_VERSION_1
void sha2_hmac_finish(sha2_context *ctx, unsigned char output[32])
SHA-256 HMAC final digest.
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH
Hardware acceleration function skipped / left alone data.
int des3_set3key_dec(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *3])
Triple-DES key schedule (168-bit, decryption)
unsigned char premaster[POLARSSL_MPI_MAX_SIZE]
#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED
The own certificate is not set, but needed by the server.
void sha4_starts(sha4_context *ctx, int is384)
SHA-512 context setup.
#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE
#define TLS_RSA_WITH_AES_256_GCM_SHA384
ssl_handshake_params * handshake
#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE
Our own certificate(s) is/are too large to send in an SSL message.
#define SSL_MSG_HANDSHAKE
#define SSL_MINOR_VERSION_2
void sha4_hmac(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[64], int is384)
Output = HMAC-SHA-512( hmac key, input buffer )
int ssl_write_certificate(ssl_context *ssl)
int gcm_crypt_and_tag(gcm_context *ctx, int mode, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, size_t tag_len, unsigned char *tag)
GCM buffer encryption/decryption using AES.
size_t(* rsa_key_len_func)(void *ctx)
#define POLARSSL_DHM_RFC5114_MODP_1024_G
rsa_key_len_func rsa_key_len
#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE
A fatal alert message was received from our peer.
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
Triple-DES context structure.
void md5_hmac_starts(md5_context *ctx, const unsigned char *key, size_t keylen)
MD5 HMAC context setup.
const char * ssl_get_ciphersuite(const ssl_context *ssl)
Return the name of the current ciphersuite.
const char * ssl_get_version(const ssl_context *ssl)
Return the current SSL version (SSLv3/TLSv1/etc)
void ssl_set_renegotiation(ssl_context *ssl, int renegotiation)
Enable / Disable renegotiation support for connection when initiated by peer (Default: SSL_RENEGOTIAT...
int aes_crypt_cbc(aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
AES-CBC buffer encryption/decryption Length should be a multiple of the block size (16 bytes) ...
SHA-224 and SHA-256 cryptographic hash function.
#define SSL_MINOR_VERSION_0
#define SSL_MSG_CHANGE_CIPHER_SPEC
#define TLS_DHE_RSA_WITH_DES_CBC_SHA
Weak! Not in TLS 1.2.
int ssl_handshake_client_step(ssl_context *ssl)
void sha4_update(sha4_context *ctx, const unsigned char *input, size_t ilen)
SHA-512 process buffer.
#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE
An unexpected message was received from our peer.
unsigned char * p
ASN1 data, e.g.
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
#define POLARSSL_ERR_SSL_COMPRESSION_FAILED
Processing of the compression / decompression failed.
int(* f_vrfy)(void *, x509_cert *, int, int *)
void ssl_set_endpoint(ssl_context *ssl, int endpoint)
Set the current endpoint type.
void mpi_free(mpi *X)
Unallocate one MPI.
void ssl_set_ciphersuites(ssl_context *ssl, const int *ciphersuites)
Set the list of allowed ciphersuites (Default: ssl_default_ciphersuites) (Overrides all version speci...
void md5_process(md5_context *ctx, const unsigned char data[64])
#define TLS_RSA_WITH_NULL_SHA256
Weak!
#define SSL_ALERT_LEVEL_WARNING
void ssl_set_rng(ssl_context *ssl, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Set the random number generator callback.
#define TLS_RSA_WITH_RC4_128_MD5
void ssl_set_bio(ssl_context *ssl, int(*f_recv)(void *, unsigned char *, size_t), void *p_recv, int(*f_send)(void *, const unsigned char *, size_t), void *p_send)
Set the underlying BIO read and write callbacks.
void ssl_free(ssl_context *ssl)
Free referenced items in an SSL context and clear memory.
void md5_starts(md5_context *ctx)
MD5 context setup.
#define SSL_RENEGOTIATION_DISABLED
int(* rsa_sign_func)(void *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, int hash_id, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED
No CA Chain is set, but required to operate.
CAMELLIA context structure.
void ssl_handshake_free(ssl_handshake_params *handshake)
Free referenced items in an SSL handshake context and clear memory.
int ssl_flush_output(ssl_context *ssl)
int ssl_handshake(ssl_context *ssl)
Perform the SSL handshake.
rsa_decrypt_func rsa_decrypt
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA
void ssl_set_min_version(ssl_context *ssl, int major, int minor)
Set the minimum accepted SSL/TLS protocol version (Default: SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0)...
#define SSL_COMPRESS_DEFLATE
void sha1_hmac_starts(sha1_context *ctx, const unsigned char *key, size_t keylen)
SHA-1 HMAC context setup.
void ssl_set_session(ssl_context *ssl, const ssl_session *session)
Request resumption of session (client-side only) Session data is copied from presented session struct...
int ssl_set_hostname(ssl_context *ssl, const char *hostname)
Set hostname for ServerName TLS extension (client-side only)
void md5_hmac_finish(md5_context *ctx, unsigned char output[16])
MD5 HMAC final digest.
int ssl_handshake_step(ssl_context *ssl)
Perform a single step of the SSL handshake.
#define SSL_MINOR_VERSION_3
int gcm_init(gcm_context *ctx, const unsigned char *key, unsigned int keysize)
GCM initialization (encryption)
#define POLARSSL_ERR_NET_WANT_READ
Connection requires a read call.
#define SSL_HS_CERTIFICATE
int ssl_parse_change_cipher_spec(ssl_context *ssl)
#define SSL_DEBUG_CRT(level, text, crt)
void sha1_starts(sha1_context *ctx)
SHA-1 context setup.
int des_crypt_cbc(des_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
DES-CBC buffer encryption/decryption.
struct _x509_cert * next
Next certificate in the CA-chain.
#define SSL_ALERT_MSG_HANDSHAKE_FAILURE
int ssl_close_notify(ssl_context *ssl)
Notify the peer that the connection is being closed.
void ssl_set_session_cache(ssl_context *ssl, int(*f_get_cache)(void *, ssl_session *), void *p_get_cache, int(*f_set_cache)(void *, const ssl_session *), void *p_set_cache)
Set the session cache callbacks (server-side only) If not set, no session resuming is done...
size_t ssl_get_bytes_avail(const ssl_context *ssl)
Return the number of data bytes available to read.
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS 1.2.
#define SSL_DEBUG_BUF(level, text, buf, len)
int mpi_read_string(mpi *X, int radix, const char *s)
Import from an ASCII string.
#define SSL_INITIAL_HANDSHAKE
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
void sha2_update(sha2_context *ctx, const unsigned char *input, size_t ilen)
SHA-256 process buffer.
int allow_legacy_renegotiation
void sha2_process(sha2_context *ctx, const unsigned char data[64])
ssl_session * session_out
int camellia_setkey_dec(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (decryption)
void(* calc_finished)(ssl_context *, unsigned char *, int)
int ssl_read_record(ssl_context *ssl)
size_t len
ASN1 length, e.g.
int des_setkey_enc(des_context *ctx, const unsigned char key[DES_KEY_SIZE])
DES key schedule (56-bit, encryption)
#define TLS_RSA_WITH_AES_256_CBC_SHA
int ssl_set_dh_param(ssl_context *ssl, const char *dhm_P, const char *dhm_G)
Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only) (Default...
#define TLS_RSA_WITH_AES_128_CBC_SHA256
TLS 1.2.
void sha4(const unsigned char *input, size_t ilen, unsigned char output[64], int is384)
Output = SHA-512( input buffer )
int des_setkey_dec(des_context *ctx, const unsigned char key[DES_KEY_SIZE])
DES key schedule (56-bit, decryption)
#define BADCERT_MISSING
Certificate was missing.
#define POLARSSL_ERR_SSL_BAD_HS_FINISHED
Processing of the Finished handshake message failed.
int mpi_copy(mpi *X, const mpi *Y)
Copy the contents of Y into X.
void sha2_hmac(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
Output = HMAC-SHA-256( hmac key, input buffer )
int ssl_get_verify_result(const ssl_context *ssl)
Return the result of the certificate verification.
#define SSL_ALERT_MSG_NO_CERT
Galois/Counter mode for AES.
int ssl_session_reset(ssl_context *ssl)
Reset an already initialized SSL context for re-use while retaining application-set variables...
Certificate revocation list structure.
ssl_transform * transform_negotiate
SHA-512 context structure.
#define SSL_LEGACY_RENEGOTIATION
#define POLARSSL_ERR_SSL_MALLOC_FAILED
Memory allocation failed.
int disable_renegotiation
#define SSL_ALERT_MSG_CLOSE_NOTIFY
void sha1_update(sha1_context *ctx, const unsigned char *input, size_t ilen)
SHA-1 process buffer.
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA
void dhm_free(dhm_context *ctx)
Free the components of a DHM key.
#define TLS_RSA_WITH_DES_CBC_SHA
Weak! Not in TLS 1.2.
void md5_update(md5_context *ctx, const unsigned char *input, size_t ilen)
MD5 process buffer.
int ssl_write_change_cipher_spec(ssl_context *ssl)
int(* f_get_cache)(void *, ssl_session *)
void sha2(const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
Output = SHA-256( input buffer )
int ssl_derive_keys(ssl_context *ssl)
void ssl_set_authmode(ssl_context *ssl, int authmode)
Set the certificate verification mode.
void sha4_finish(sha4_context *ctx, unsigned char output[64])
SHA-512 final digest.
void sha1_process(sha1_context *ctx, const unsigned char data[64])
#define TLS_RSA_WITH_NULL_SHA
Weak!
int(* f_set_cache)(void *, const ssl_session *)
void ssl_set_ca_chain(ssl_context *ssl, x509_cert *ca_chain, x509_crl *ca_crl, const char *peer_cn)
Set the data required to verify peer certificate.
void sha1_hmac_update(sha1_context *ctx, const unsigned char *input, size_t ilen)
SHA-1 HMAC process buffer.
static int safer_memcmp(const void *a, const void *b, size_t n)
void ssl_optimize_checksum(ssl_context *ssl, int ciphersuite)
int x509parse_verify(x509_cert *crt, x509_cert *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_cert *, int, int *), void *p_vrfy)
Verify the certificate signature.
void md5_hmac_update(md5_context *ctx, const unsigned char *input, size_t ilen)
MD5 HMAC process buffer.
int ssl_send_fatal_handshake_failure(ssl_context *ssl)
#define TLS_RSA_WITH_AES_128_GCM_SHA256
void sha2_starts(sha2_context *ctx, int is224)
SHA-256 context setup.
int ssl_read(ssl_context *ssl, unsigned char *buf, size_t len)
Read at most 'len' application data bytes.
void ssl_transform_free(ssl_transform *transform)
Free referenced items in an SSL transform context and clear memory.
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
TLS 1.2.
#define SSL_MAX_CONTENT_LEN
Size of the input / output buffer.
#define SSL_MSG_APPLICATION_DATA
const char * ssl_get_ciphersuite_name(const int ciphersuite_id)
Return the name of the ciphersuite associated with the given ID.
int ssl_renegotiate(ssl_context *ssl)
Perform an SSL renegotiation on the running connection.
#define TLS_RSA_WITH_NULL_MD5
Weak!
int(* f_recv)(void *, unsigned char *, size_t)
int ssl_write(ssl_context *ssl, const unsigned char *buf, size_t len)
Write exactly 'len' application data bytes.
void md5(const unsigned char *input, size_t ilen, unsigned char output[16])
Output = MD5( input buffer )
#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE
The requested feature is not available.
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE
Processing of the Certificate handshake message failed.
The ARCFOUR stream cipher.
int aes_setkey_enc(aes_context *ctx, const unsigned char *key, unsigned int keysize)
AES key schedule (encryption)
#define POLARSSL_ERR_SSL_BAD_INPUT_DATA
Bad input parameters to function.
void ssl_set_sni(ssl_context *ssl, int(*f_sni)(void *, ssl_context *, const unsigned char *, size_t), void *p_sni)
Set server side ServerName TLS extension callback (optional, server-side only).
int ssl_fetch_input(ssl_context *ssl, size_t nb_want)
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
TLS 1.2.
int ssl_write_record(ssl_context *ssl)
const x509_cert * ssl_get_peer_cert(const ssl_context *ssl)
Return the peer certificate from the current connection.
unsigned char randbytes[64]
void sha2_finish(sha2_context *ctx, unsigned char output[32])
SHA-256 final digest.
#define POLARSSL_ERR_SSL_COUNTER_WRAPPING
A counter would wrap (eg, too many messages exchanged).
int des3_crypt_cbc(des3_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
3DES-CBC buffer encryption/decryption
#define SSL_HS_HELLO_REQUEST