28 #if defined(POLARSSL_SSL_SRV_C)
37 static int ssl_parse_servername_ext(
ssl_context *ssl,
38 const unsigned char *buf,
42 size_t servername_list_size, hostname_len;
43 const unsigned char *p;
45 servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
46 if( servername_list_size + 2 != len )
53 while( servername_list_size > 0 )
55 hostname_len = ( ( p[1] << 8 ) | p[2] );
56 if( hostname_len + 3 > servername_list_size )
64 ret = ssl->
f_sni( ssl->
p_sni, ssl, p + 3, hostname_len );
74 servername_list_size -= hostname_len + 3;
75 p += hostname_len + 3;
78 if( servername_list_size != 0 )
87 static int ssl_parse_renegotiation_info(
ssl_context *ssl,
88 const unsigned char *buf,
95 if( len != 1 || buf[0] != 0x0 )
97 SSL_DEBUG_MSG( 1, (
"non-zero length renegotiated connection field" ) );
115 SSL_DEBUG_MSG( 1, (
"non-matching renegotiated connection field" ) );
127 static int ssl_parse_signature_algorithms_ext(
ssl_context *ssl,
128 const unsigned char *buf,
131 size_t sig_alg_list_size;
132 const unsigned char *p;
134 sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
135 if( sig_alg_list_size + 2 != len ||
136 sig_alg_list_size %2 != 0 )
143 while( sig_alg_list_size > 0 )
147 sig_alg_list_size -= 2;
151 #if defined(POLARSSL_SHA4_C)
163 #if defined(POLARSSL_SHA2_C)
186 sig_alg_list_size -= 2;
190 SSL_DEBUG_MSG( 3, (
"client hello v3, signature_algorithm ext: %d",
196 #if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
197 static int ssl_parse_client_hello_v2(
ssl_context *ssl )
202 unsigned int ciph_len, sess_len, chal_len;
203 unsigned char *buf, *p;
209 SSL_DEBUG_MSG( 1, (
"client hello v2 illegal for renegotiation" ) );
224 ( ( buf[0] & 0x7F ) << 8 ) | buf[1] ) );
225 SSL_DEBUG_MSG( 3, (
"client hello v2, max. version: [%d:%d]",
245 n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF;
247 if( n < 17 || n > 512 )
259 SSL_DEBUG_MSG( 1, (
"client only supports ssl smaller than minimum"
292 ciph_len = ( buf[0] << 8 ) | buf[1];
293 sess_len = ( buf[2] << 8 ) | buf[3];
294 chal_len = ( buf[4] << 8 ) | buf[5];
296 SSL_DEBUG_MSG( 3, (
"ciph_len: %d, sess_len: %d, chal_len: %d",
297 ciph_len, sess_len, chal_len ) );
302 if( ciph_len < 3 || ( ciph_len % 3 ) != 0 )
314 if( chal_len < 8 || chal_len > 32 )
320 if( n != 6 + ciph_len + sess_len + chal_len )
329 buf + 6 + ciph_len, sess_len );
331 buf + 6 + ciph_len + sess_len, chal_len );
333 p = buf + 6 + ciph_len;
345 for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 )
349 SSL_DEBUG_MSG( 3, (
"received TLS_EMPTY_RENEGOTIATION_INFO " ) );
352 SSL_DEBUG_MSG( 1, (
"received RENEGOTIATION SCSV during renegotiation" ) );
366 for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
371 goto have_ciphersuite_v2;
389 SSL_DEBUG_MSG( 1, (
"legacy renegotiation, breaking off handshake" ) );
406 static int ssl_parse_client_hello(
ssl_context *ssl )
411 unsigned int ciph_len, sess_len;
412 unsigned int comp_len;
413 unsigned int ext_len = 0;
414 unsigned char *buf, *p, *ext;
415 int renegotiation_info_seen = 0;
416 int handshake_failure = 0;
429 #if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
430 if( ( buf[0] & 0x80 ) != 0 )
431 return ssl_parse_client_hello_v2( ssl );
439 ( buf[3] << 8 ) | buf[4] ) );
440 SSL_DEBUG_MSG( 3, (
"client hello v3, protocol ver: [%d:%d]",
463 n = ( buf[3] << 8 ) | buf[4];
465 if( n < 45 || n > 512 )
506 ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) );
507 SSL_DEBUG_MSG( 3, (
"client hello v3, max. version: [%d:%d]",
528 SSL_DEBUG_MSG( 1, (
"client only supports ssl smaller than minimum"
529 " [%d:%d] < [%d:%d]",
552 if( buf[1] != 0 || n != (
unsigned int) 4 + ( ( buf[2] << 8 ) | buf[3] ) )
563 if( sess_len > 32 || sess_len > n - 42 )
578 ciph_len = ( buf[39 + sess_len] << 8 )
579 | ( buf[40 + sess_len] );
581 if( ciph_len < 2 || ( ciph_len % 2 ) != 0 || ciph_len > n - 42 - sess_len )
590 comp_len = buf[41 + sess_len + ciph_len];
592 if( comp_len < 1 || comp_len > 16 ||
593 comp_len > n - 42 - sess_len - ciph_len )
602 if( n > 42 + sess_len + ciph_len + comp_len )
604 ext_len = ( buf[42 + sess_len + ciph_len + comp_len] << 8 )
605 | ( buf[43 + sess_len + ciph_len + comp_len] );
607 if( ( ext_len > 0 && ext_len < 4 ) ||
608 n != 44 + sess_len + ciph_len + comp_len + ext_len )
611 SSL_DEBUG_BUF( 3,
"Ext", buf + 44 + sess_len + ciph_len + comp_len, ext_len);
617 #if defined(POLARSSL_ZLIB_SUPPORT)
618 for( i = 0; i < comp_len; ++i )
631 buf + 38, sess_len );
633 buf + 41 + sess_len, ciph_len );
635 buf + 42 + sess_len + ciph_len, comp_len );
640 for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 )
644 SSL_DEBUG_MSG( 3, (
"received TLS_EMPTY_RENEGOTIATION_INFO " ) );
647 SSL_DEBUG_MSG( 1, (
"received RENEGOTIATION SCSV during renegotiation" ) );
664 for( j = 0, p = buf + 41 + sess_len; j < ciph_len;
669 goto have_ciphersuite;
681 ext = buf + 44 + sess_len + ciph_len + comp_len;
685 unsigned int ext_id = ( ( ext[0] << 8 )
687 unsigned int ext_size = ( ( ext[2] << 8 )
690 if( ext_size + 4 > ext_len )
699 if( ssl->
f_sni == NULL )
702 ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
709 renegotiation_info_seen = 1;
711 ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
717 SSL_DEBUG_MSG( 3, (
"found signature_algorithms extension" ) );
721 ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
727 SSL_DEBUG_MSG( 3, (
"unknown extension found: %d (ignoring)",
731 ext_len -= 4 + ext_size;
734 if( ext_len > 0 && ext_len < 4 )
747 SSL_DEBUG_MSG( 1, (
"legacy renegotiation, breaking off handshake" ) );
748 handshake_failure = 1;
752 renegotiation_info_seen == 0 )
754 SSL_DEBUG_MSG( 1, (
"renegotiation_info extension missing (secure)" ) );
755 handshake_failure = 1;
762 handshake_failure = 1;
766 renegotiation_info_seen == 1 )
768 SSL_DEBUG_MSG( 1, (
"renegotiation_info extension present (legacy)" ) );
769 handshake_failure = 1;
772 if( handshake_failure == 1 )
788 static int ssl_write_server_hello(
ssl_context *ssl )
793 unsigned char *buf, *p;
797 if( ssl->
f_rng == NULL )
820 *p++ = (
unsigned char)( t >> 24 );
821 *p++ = (
unsigned char)( t >> 16 );
822 *p++ = (
unsigned char)( t >> 8 );
823 *p++ = (
unsigned char)( t );
825 SSL_DEBUG_MSG( 3, (
"server hello, current time: %lu", t ) );
827 if( ( ret = ssl->
f_rng( ssl->
p_rng, p, 28 ) ) != 0 )
834 SSL_DEBUG_BUF( 3,
"server hello, random bytes", buf + 6, 32 );
877 SSL_DEBUG_MSG( 3, (
"server hello, session id len.: %d", n ) );
893 SSL_DEBUG_MSG( 3, (
"server hello, prepping for secure renegotiation extension" ) );
896 SSL_DEBUG_MSG( 3, (
"server hello, total extension length: %d",
899 *p++ = (
unsigned char)( ( ext_len >> 8 ) & 0xFF );
900 *p++ = (
unsigned char)( ( ext_len ) & 0xFF );
905 SSL_DEBUG_MSG( 3, (
"client hello, secure renegotiation extension" ) );
931 static int ssl_write_certificate_request(
ssl_context *ssl )
934 size_t n = 0, dn_size, total_dn_size;
935 unsigned char *buf, *p;
999 while( crt != NULL && crt->
version != 0)
1001 if( p - buf > 4096 )
1005 *p++ = (
unsigned char)( dn_size >> 8 );
1006 *p++ = (
unsigned char)( dn_size );
1012 total_dn_size += 2 + dn_size;
1019 ssl->
out_msg[6 + n] = (
unsigned char)( total_dn_size >> 8 );
1020 ssl->
out_msg[7 + n] = (
unsigned char)( total_dn_size );
1029 static int ssl_write_server_key_exchange(
ssl_context *ssl )
1031 #if defined(POLARSSL_DHM_C)
1033 size_t n, rsa_key_len = 0;
1034 unsigned char hash[64];
1036 unsigned int hashlen = 0;
1054 SSL_DEBUG_MSG( 2, (
"<= skip write server key exchange" ) );
1059 #if !defined(POLARSSL_DHM_C)
1140 #if defined(POLARSSL_SHA4_C)
1167 #if defined(POLARSSL_SHA2_C)
1233 ssl->
out_msg[4 + n] = (
unsigned char)( rsa_key_len >> 8 );
1234 ssl->
out_msg[5 + n] = (
unsigned char)( rsa_key_len );
1240 hash_id, hashlen, hash,
1270 static int ssl_write_server_hello_done(
ssl_context *ssl )
1293 static int ssl_parse_client_key_exchange(
ssl_context *ssl )
1331 #if !defined(POLARSSL_DHM_C)
1348 ssl->
in_msg + 6, n ) ) != 0 )
1388 if( ssl->
in_msg[4] != ( ( n >> 8 ) & 0xFF ) ||
1389 ssl->
in_msg[5] != ( ( n ) & 0xFF ) )
1445 static int ssl_parse_certificate_verify(
ssl_context *ssl )
1448 size_t n = 0, n1, n2;
1449 unsigned char hash[48];
1451 unsigned int hashlen;
1493 SSL_DEBUG_MSG( 1, (
"peer not adhering to requested sig_alg for verify message" ) );
1519 if( n + n1 + 6 != ssl->
in_hslen || n1 != n2 )
1527 hash_id, hashlen, hash, ssl->
in_msg + 6 + n );
1554 switch( ssl->
state )
1564 ret = ssl_parse_client_hello( ssl );
1575 ret = ssl_write_server_hello( ssl );
1583 ret = ssl_write_server_key_exchange( ssl );
1587 ret = ssl_write_certificate_request( ssl );
1591 ret = ssl_write_server_hello_done( ssl );
1606 ret = ssl_parse_client_key_exchange( ssl );
1610 ret = ssl_parse_certificate_verify( ssl );