- Added Secure Renegotiation (RFC 5746)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 905f7cf..d47ec9f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -272,6 +272,9 @@
unsigned char *key1;
unsigned char *key2;
unsigned int iv_copy_len;
+ ssl_session *session = ssl->session_negotiate;
+ ssl_transform *transform = ssl->transform_negotiate;
+ ssl_handshake_params *handshake = ssl->handshake;
SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
@@ -280,28 +283,28 @@
*/
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
{
- ssl->tls_prf = ssl3_prf;
- ssl->calc_verify = ssl_calc_verify_ssl;
- ssl->calc_finished = ssl_calc_finished_ssl;
+ handshake->tls_prf = ssl3_prf;
+ handshake->calc_verify = ssl_calc_verify_ssl;
+ handshake->calc_finished = ssl_calc_finished_ssl;
}
else if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
{
- ssl->tls_prf = tls1_prf;
- ssl->calc_verify = ssl_calc_verify_tls;
- ssl->calc_finished = ssl_calc_finished_tls;
+ handshake->tls_prf = tls1_prf;
+ handshake->calc_verify = ssl_calc_verify_tls;
+ handshake->calc_finished = ssl_calc_finished_tls;
}
- else if( ssl->session->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
+ else if( session->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
+ session->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
{
- ssl->tls_prf = tls_prf_sha384;
- ssl->calc_verify = ssl_calc_verify_tls_sha384;
- ssl->calc_finished = ssl_calc_finished_tls_sha384;
+ handshake->tls_prf = tls_prf_sha384;
+ handshake->calc_verify = ssl_calc_verify_tls_sha384;
+ handshake->calc_finished = ssl_calc_finished_tls_sha384;
}
else
{
- ssl->tls_prf = tls_prf_sha256;
- ssl->calc_verify = ssl_calc_verify_tls_sha256;
- ssl->calc_finished = ssl_calc_finished_tls_sha256;
+ handshake->tls_prf = tls_prf_sha256;
+ handshake->calc_verify = ssl_calc_verify_tls_sha256;
+ handshake->calc_finished = ssl_calc_finished_tls_sha256;
}
/*
@@ -316,12 +319,14 @@
*/
if( ssl->resume == 0 )
{
- SSL_DEBUG_BUF( 3, "premaster secret", ssl->premaster, ssl->pmslen );
+ SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
+ handshake->pmslen );
- ssl->tls_prf( ssl->premaster, ssl->pmslen, "master secret",
- ssl->randbytes, 64, ssl->session->master, 48 );
+ handshake->tls_prf( handshake->premaster, handshake->pmslen,
+ "master secret",
+ handshake->randbytes, 64, session->master, 48 );
- memset( ssl->premaster, 0, sizeof( ssl->premaster ) );
+ memset( handshake->premaster, 0, sizeof( handshake->premaster ) );
}
else
SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
@@ -329,9 +334,9 @@
/*
* Swap the client and server random values.
*/
- memcpy( tmp, ssl->randbytes, 64 );
- memcpy( ssl->randbytes, tmp + 32, 32 );
- memcpy( ssl->randbytes + 32, tmp, 32 );
+ memcpy( tmp, handshake->randbytes, 64 );
+ memcpy( handshake->randbytes, tmp + 32, 32 );
+ memcpy( handshake->randbytes + 32, tmp, 32 );
memset( tmp, 0, sizeof( tmp ) );
/*
@@ -346,80 +351,81 @@
* TLSv1:
* key block = PRF( master, "key expansion", randbytes )
*/
- ssl->tls_prf( ssl->session->master, 48, "key expansion",
- ssl->randbytes, 64, keyblk, 256 );
+ handshake->tls_prf( session->master, 48, "key expansion",
+ handshake->randbytes, 64, keyblk, 256 );
- SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", ssl_get_ciphersuite( ssl ) ) );
- SSL_DEBUG_BUF( 3, "master secret", ssl->session->master, 48 );
- SSL_DEBUG_BUF( 4, "random bytes", ssl->randbytes, 64 );
+ SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
+ ssl_get_ciphersuite_name( session->ciphersuite ) ) );
+ SSL_DEBUG_BUF( 3, "master secret", session->master, 48 );
+ SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
- memset( ssl->randbytes, 0, sizeof( ssl->randbytes ) );
+ memset( handshake->randbytes, 0, sizeof( handshake->randbytes ) );
/*
* Determine the appropriate key, IV and MAC length.
*/
- switch( ssl->session->ciphersuite )
+ switch( session->ciphersuite )
{
#if defined(POLARSSL_ARC4_C)
case SSL_RSA_RC4_128_MD5:
- ssl->keylen = 16; ssl->minlen = 16;
- ssl->ivlen = 0; ssl->maclen = 16;
+ transform->keylen = 16; transform->minlen = 16;
+ transform->ivlen = 0; transform->maclen = 16;
break;
case SSL_RSA_RC4_128_SHA:
- ssl->keylen = 16; ssl->minlen = 20;
- ssl->ivlen = 0; ssl->maclen = 20;
+ transform->keylen = 16; transform->minlen = 20;
+ transform->ivlen = 0; transform->maclen = 20;
break;
#endif
#if defined(POLARSSL_DES_C)
case SSL_RSA_DES_168_SHA:
case SSL_EDH_RSA_DES_168_SHA:
- ssl->keylen = 24; ssl->minlen = 24;
- ssl->ivlen = 8; ssl->maclen = 20;
+ transform->keylen = 24; transform->minlen = 24;
+ transform->ivlen = 8; transform->maclen = 20;
break;
#endif
#if defined(POLARSSL_AES_C)
case SSL_RSA_AES_128_SHA:
case SSL_EDH_RSA_AES_128_SHA:
- ssl->keylen = 16; ssl->minlen = 32;
- ssl->ivlen = 16; ssl->maclen = 20;
+ transform->keylen = 16; transform->minlen = 32;
+ transform->ivlen = 16; transform->maclen = 20;
break;
case SSL_RSA_AES_256_SHA:
case SSL_EDH_RSA_AES_256_SHA:
- ssl->keylen = 32; ssl->minlen = 32;
- ssl->ivlen = 16; ssl->maclen = 20;
+ transform->keylen = 32; transform->minlen = 32;
+ transform->ivlen = 16; transform->maclen = 20;
break;
#if defined(POLARSSL_SHA2_C)
case SSL_RSA_AES_128_SHA256:
case SSL_EDH_RSA_AES_128_SHA256:
- ssl->keylen = 16; ssl->minlen = 32;
- ssl->ivlen = 16; ssl->maclen = 32;
+ transform->keylen = 16; transform->minlen = 32;
+ transform->ivlen = 16; transform->maclen = 32;
break;
case SSL_RSA_AES_256_SHA256:
case SSL_EDH_RSA_AES_256_SHA256:
- ssl->keylen = 32; ssl->minlen = 32;
- ssl->ivlen = 16; ssl->maclen = 32;
+ transform->keylen = 32; transform->minlen = 32;
+ transform->ivlen = 16; transform->maclen = 32;
break;
#endif
#if defined(POLARSSL_GCM_C)
case SSL_RSA_AES_128_GCM_SHA256:
case SSL_EDH_RSA_AES_128_GCM_SHA256:
- ssl->keylen = 16; ssl->minlen = 1;
- ssl->ivlen = 12; ssl->maclen = 0;
- ssl->fixed_ivlen = 4;
+ transform->keylen = 16; transform->minlen = 1;
+ transform->ivlen = 12; transform->maclen = 0;
+ transform->fixed_ivlen = 4;
break;
case SSL_RSA_AES_256_GCM_SHA384:
case SSL_EDH_RSA_AES_256_GCM_SHA384:
- ssl->keylen = 32; ssl->minlen = 1;
- ssl->ivlen = 12; ssl->maclen = 0;
- ssl->fixed_ivlen = 4;
+ transform->keylen = 32; transform->minlen = 1;
+ transform->ivlen = 12; transform->maclen = 0;
+ transform->fixed_ivlen = 4;
break;
#endif
#endif
@@ -427,27 +433,27 @@
#if defined(POLARSSL_CAMELLIA_C)
case SSL_RSA_CAMELLIA_128_SHA:
case SSL_EDH_RSA_CAMELLIA_128_SHA:
- ssl->keylen = 16; ssl->minlen = 32;
- ssl->ivlen = 16; ssl->maclen = 20;
+ transform->keylen = 16; transform->minlen = 32;
+ transform->ivlen = 16; transform->maclen = 20;
break;
case SSL_RSA_CAMELLIA_256_SHA:
case SSL_EDH_RSA_CAMELLIA_256_SHA:
- ssl->keylen = 32; ssl->minlen = 32;
- ssl->ivlen = 16; ssl->maclen = 20;
+ transform->keylen = 32; transform->minlen = 32;
+ transform->ivlen = 16; transform->maclen = 20;
break;
#if defined(POLARSSL_SHA2_C)
case SSL_RSA_CAMELLIA_128_SHA256:
case SSL_EDH_RSA_CAMELLIA_128_SHA256:
- ssl->keylen = 16; ssl->minlen = 32;
- ssl->ivlen = 16; ssl->maclen = 32;
+ transform->keylen = 16; transform->minlen = 32;
+ transform->ivlen = 16; transform->maclen = 32;
break;
case SSL_RSA_CAMELLIA_256_SHA256:
case SSL_EDH_RSA_CAMELLIA_256_SHA256:
- ssl->keylen = 32; ssl->minlen = 32;
- ssl->ivlen = 16; ssl->maclen = 32;
+ transform->keylen = 32; transform->minlen = 32;
+ transform->ivlen = 16; transform->maclen = 32;
break;
#endif
#endif
@@ -455,72 +461,77 @@
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
case SSL_RSA_NULL_MD5:
- ssl->keylen = 0; ssl->minlen = 0;
- ssl->ivlen = 0; ssl->maclen = 16;
+ transform->keylen = 0; transform->minlen = 0;
+ transform->ivlen = 0; transform->maclen = 16;
break;
case SSL_RSA_NULL_SHA:
- ssl->keylen = 0; ssl->minlen = 0;
- ssl->ivlen = 0; ssl->maclen = 20;
+ transform->keylen = 0; transform->minlen = 0;
+ transform->ivlen = 0; transform->maclen = 20;
break;
case SSL_RSA_NULL_SHA256:
- ssl->keylen = 0; ssl->minlen = 0;
- ssl->ivlen = 0; ssl->maclen = 32;
+ transform->keylen = 0; transform->minlen = 0;
+ transform->ivlen = 0; transform->maclen = 32;
break;
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
#if defined(POLARSSL_DES_C)
case SSL_RSA_DES_SHA:
case SSL_EDH_RSA_DES_SHA:
- ssl->keylen = 8; ssl->minlen = 8;
- ssl->ivlen = 8; ssl->maclen = 20;
+ transform->keylen = 8; transform->minlen = 8;
+ transform->ivlen = 8; transform->maclen = 20;
break;
#endif
#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
default:
SSL_DEBUG_MSG( 1, ( "ciphersuite %s is not available",
- ssl_get_ciphersuite( ssl ) ) );
+ ssl_get_ciphersuite_name( session->ciphersuite ) ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
- ssl->keylen, ssl->minlen, ssl->ivlen, ssl->maclen ) );
+ transform->keylen, transform->minlen, transform->ivlen,
+ transform->maclen ) );
/*
* Finally setup the cipher contexts, IVs and MAC secrets.
*/
if( ssl->endpoint == SSL_IS_CLIENT )
{
- key1 = keyblk + ssl->maclen * 2;
- key2 = keyblk + ssl->maclen * 2 + ssl->keylen;
+ key1 = keyblk + transform->maclen * 2;
+ key2 = keyblk + transform->maclen * 2 + transform->keylen;
- memcpy( ssl->mac_enc, keyblk, ssl->maclen );
- memcpy( ssl->mac_dec, keyblk + ssl->maclen, ssl->maclen );
+ memcpy( transform->mac_enc, keyblk, transform->maclen );
+ memcpy( transform->mac_dec, keyblk + transform->maclen,
+ transform->maclen );
/*
* This is not used in TLS v1.1.
*/
- iv_copy_len = ( ssl->fixed_ivlen ) ? ssl->fixed_ivlen : ssl->ivlen;
- memcpy( ssl->iv_enc, key2 + ssl->keylen, iv_copy_len );
- memcpy( ssl->iv_dec, key2 + ssl->keylen + iv_copy_len,
+ iv_copy_len = ( transform->fixed_ivlen ) ?
+ transform->fixed_ivlen : transform->ivlen;
+ memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len );
+ memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
iv_copy_len );
}
else
{
- key1 = keyblk + ssl->maclen * 2 + ssl->keylen;
- key2 = keyblk + ssl->maclen * 2;
+ key1 = keyblk + transform->maclen * 2 + transform->keylen;
+ key2 = keyblk + transform->maclen * 2;
- memcpy( ssl->mac_dec, keyblk, ssl->maclen );
- memcpy( ssl->mac_enc, keyblk + ssl->maclen, ssl->maclen );
+ memcpy( transform->mac_dec, keyblk, transform->maclen );
+ memcpy( transform->mac_enc, keyblk + transform->maclen,
+ transform->maclen );
/*
* This is not used in TLS v1.1.
*/
- iv_copy_len = ( ssl->fixed_ivlen ) ? ssl->fixed_ivlen : ssl->ivlen;
- memcpy( ssl->iv_dec, key1 + ssl->keylen, iv_copy_len );
- memcpy( ssl->iv_enc, key1 + ssl->keylen + iv_copy_len,
+ iv_copy_len = ( transform->fixed_ivlen ) ?
+ transform->fixed_ivlen : transform->ivlen;
+ memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len );
+ memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
iv_copy_len );
}
@@ -531,9 +542,9 @@
SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_init()" ) );
- if( ( ret = ssl_hw_record_init( ssl, key1, key2, ssl->iv_enc,
- ssl->iv_dec, ssl->mac_enc,
- ssl->mac_dec ) ) != 0 )
+ if( ( ret = ssl_hw_record_init( ssl, key1, key2, transform->iv_enc,
+ transform->iv_dec, transform->mac_enc,
+ transform->mac_dec ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_hw_record_init", ret );
return POLARSSL_ERR_SSL_HW_ACCEL_FAILED;
@@ -541,21 +552,23 @@
}
#endif
- switch( ssl->session->ciphersuite )
+ switch( session->ciphersuite )
{
#if defined(POLARSSL_ARC4_C)
case SSL_RSA_RC4_128_MD5:
case SSL_RSA_RC4_128_SHA:
- arc4_setup( (arc4_context *) ssl->ctx_enc, key1, ssl->keylen );
- arc4_setup( (arc4_context *) ssl->ctx_dec, key2, ssl->keylen );
+ arc4_setup( (arc4_context *) transform->ctx_enc, key1,
+ transform->keylen );
+ arc4_setup( (arc4_context *) transform->ctx_dec, key2,
+ transform->keylen );
break;
#endif
#if defined(POLARSSL_DES_C)
case SSL_RSA_DES_168_SHA:
case SSL_EDH_RSA_DES_168_SHA:
- des3_set3key_enc( (des3_context *) ssl->ctx_enc, key1 );
- des3_set3key_dec( (des3_context *) ssl->ctx_dec, key2 );
+ des3_set3key_enc( (des3_context *) transform->ctx_enc, key1 );
+ des3_set3key_dec( (des3_context *) transform->ctx_dec, key2 );
break;
#endif
@@ -564,29 +577,29 @@
case SSL_EDH_RSA_AES_128_SHA:
case SSL_RSA_AES_128_SHA256:
case SSL_EDH_RSA_AES_128_SHA256:
- aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 128 );
- aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 128 );
+ aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 128 );
+ aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 128 );
break;
case SSL_RSA_AES_256_SHA:
case SSL_EDH_RSA_AES_256_SHA:
case SSL_RSA_AES_256_SHA256:
case SSL_EDH_RSA_AES_256_SHA256:
- aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 256 );
- aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 256 );
+ aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 256 );
+ aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 256 );
break;
#if defined(POLARSSL_GCM_C)
case SSL_RSA_AES_128_GCM_SHA256:
case SSL_EDH_RSA_AES_128_GCM_SHA256:
- gcm_init( (gcm_context *) ssl->ctx_enc, key1, 128 );
- gcm_init( (gcm_context *) ssl->ctx_dec, key2, 128 );
+ gcm_init( (gcm_context *) transform->ctx_enc, key1, 128 );
+ gcm_init( (gcm_context *) transform->ctx_dec, key2, 128 );
break;
case SSL_RSA_AES_256_GCM_SHA384:
case SSL_EDH_RSA_AES_256_GCM_SHA384:
- gcm_init( (gcm_context *) ssl->ctx_enc, key1, 256 );
- gcm_init( (gcm_context *) ssl->ctx_dec, key2, 256 );
+ gcm_init( (gcm_context *) transform->ctx_enc, key1, 256 );
+ gcm_init( (gcm_context *) transform->ctx_dec, key2, 256 );
break;
#endif
#endif
@@ -596,16 +609,16 @@
case SSL_EDH_RSA_CAMELLIA_128_SHA:
case SSL_RSA_CAMELLIA_128_SHA256:
case SSL_EDH_RSA_CAMELLIA_128_SHA256:
- camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 128 );
- camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 128 );
+ camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 128 );
+ camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 128 );
break;
case SSL_RSA_CAMELLIA_256_SHA:
case SSL_EDH_RSA_CAMELLIA_256_SHA:
case SSL_RSA_CAMELLIA_256_SHA256:
case SSL_EDH_RSA_CAMELLIA_256_SHA256:
- camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 256 );
- camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 256 );
+ camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 256 );
+ camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 256 );
break;
#endif
@@ -620,8 +633,8 @@
#if defined(POLARSSL_DES_C)
case SSL_RSA_DES_SHA:
case SSL_EDH_RSA_DES_SHA:
- des_setkey_enc( (des_context *) ssl->ctx_enc, key1 );
- des_setkey_dec( (des_context *) ssl->ctx_dec, key2 );
+ des_setkey_enc( (des_context *) transform->ctx_enc, key1 );
+ des_setkey_dec( (des_context *) transform->ctx_dec, key2 );
break;
#endif
#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
@@ -635,15 +648,15 @@
#if defined(POLARSSL_ZLIB_SUPPORT)
// Initialize compression
//
- if( ssl->session->compression == SSL_COMPRESS_DEFLATE )
+ if( session->compression == SSL_COMPRESS_DEFLATE )
{
SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) );
- memset( &ssl->ctx_deflate, 0, sizeof( ssl->ctx_deflate ) );
- memset( &ssl->ctx_inflate, 0, sizeof( ssl->ctx_inflate ) );
+ memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) );
+ memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) );
- if( deflateInit( &ssl->ctx_deflate, Z_DEFAULT_COMPRESSION ) != Z_OK ||
- inflateInit( &ssl->ctx_inflate ) != Z_OK )
+ if( deflateInit( &transform->ctx_deflate, Z_DEFAULT_COMPRESSION ) != Z_OK ||
+ inflateInit( &transform->ctx_inflate ) != Z_OK )
{
SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) );
return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
@@ -665,29 +678,28 @@
SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) );
- memcpy( &md5 , (md5_context *) ssl->ctx_checksum, sizeof(md5_context) );
- memcpy( &sha1, (sha1_context *) ( ssl->ctx_checksum + sizeof(md5_context) ),
- sizeof( sha1_context ) );
+ memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
+ memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
memset( pad_1, 0x36, 48 );
memset( pad_2, 0x5C, 48 );
- md5_update( &md5, ssl->session->master, 48 );
+ md5_update( &md5, ssl->session_negotiate->master, 48 );
md5_update( &md5, pad_1, 48 );
md5_finish( &md5, hash );
md5_starts( &md5 );
- md5_update( &md5, ssl->session->master, 48 );
+ md5_update( &md5, ssl->session_negotiate->master, 48 );
md5_update( &md5, pad_2, 48 );
md5_update( &md5, hash, 16 );
md5_finish( &md5, hash );
- sha1_update( &sha1, ssl->session->master, 48 );
+ sha1_update( &sha1, ssl->session_negotiate->master, 48 );
sha1_update( &sha1, pad_1, 40 );
sha1_finish( &sha1, hash + 16 );
sha1_starts( &sha1 );
- sha1_update( &sha1, ssl->session->master, 48 );
+ sha1_update( &sha1, ssl->session_negotiate->master, 48 );
sha1_update( &sha1, pad_2, 40 );
sha1_update( &sha1, hash + 16, 20 );
sha1_finish( &sha1, hash + 16 );
@@ -705,11 +717,10 @@
SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) );
- memcpy( &md5 , (md5_context *) ssl->ctx_checksum, sizeof(md5_context) );
- memcpy( &sha1, (sha1_context *) ( ssl->ctx_checksum + sizeof(md5_context) ),
- sizeof( sha1_context ) );
+ memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
+ memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
- md5_finish( &md5, hash );
+ md5_finish( &md5, hash );
sha1_finish( &sha1, hash + 16 );
SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
@@ -724,7 +735,7 @@
SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
- memcpy( &sha2 , (sha2_context *) ssl->ctx_checksum, sizeof(sha2_context) );
+ memcpy( &sha2, &ssl->handshake->fin_sha2, sizeof(sha2_context) );
sha2_finish( &sha2, hash );
SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 );
@@ -739,7 +750,7 @@
SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
- memcpy( &sha4 , (sha4_context *) ssl->ctx_checksum, sizeof(sha4_context) );
+ memcpy( &sha4, &ssl->handshake->fin_sha4, sizeof(sha4_context) );
sha4_finish( &sha4, hash );
SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 );
@@ -852,66 +863,68 @@
*/
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
{
- if( ssl->maclen == 16 )
- ssl_mac_md5( ssl->mac_enc,
+ if( ssl->transform_out->maclen == 16 )
+ ssl_mac_md5( ssl->transform_out->mac_enc,
ssl->out_msg, ssl->out_msglen,
ssl->out_ctr, ssl->out_msgtype );
- else if( ssl->maclen == 20 )
- ssl_mac_sha1( ssl->mac_enc,
+ else if( ssl->transform_out->maclen == 20 )
+ ssl_mac_sha1( ssl->transform_out->mac_enc,
ssl->out_msg, ssl->out_msglen,
ssl->out_ctr, ssl->out_msgtype );
- else if( ssl->maclen == 32 )
- ssl_mac_sha2( ssl->mac_enc,
+ else if( ssl->transform_out->maclen == 32 )
+ ssl_mac_sha2( ssl->transform_out->mac_enc,
ssl->out_msg, ssl->out_msglen,
ssl->out_ctr, ssl->out_msgtype );
- else if( ssl->maclen != 0 )
+ else if( ssl->transform_out->maclen != 0 )
{
- SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d", ssl->maclen ) );
+ SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d",
+ ssl->transform_out->maclen ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
}
else
{
- if( ssl->maclen == 16 )
+ if( ssl->transform_out->maclen == 16 )
{
md5_context ctx;
- md5_hmac_starts( &ctx, ssl->mac_enc, 16 );
+ md5_hmac_starts( &ctx, ssl->transform_out->mac_enc, 16 );
md5_hmac_update( &ctx, ssl->out_ctr, 13 );
md5_hmac_update( &ctx, ssl->out_msg, ssl->out_msglen );
md5_hmac_finish( &ctx, ssl->out_msg + ssl->out_msglen );
memset( &ctx, 0, sizeof(md5_context));
}
- else if( ssl->maclen == 20 )
+ else if( ssl->transform_out->maclen == 20 )
{
sha1_context ctx;
- sha1_hmac_starts( &ctx, ssl->mac_enc, 20 );
+ sha1_hmac_starts( &ctx, ssl->transform_out->mac_enc, 20 );
sha1_hmac_update( &ctx, ssl->out_ctr, 13 );
sha1_hmac_update( &ctx, ssl->out_msg, ssl->out_msglen );
sha1_hmac_finish( &ctx, ssl->out_msg + ssl->out_msglen );
memset( &ctx, 0, sizeof(sha1_context));
}
- else if( ssl->maclen == 32 )
+ else if( ssl->transform_out->maclen == 32 )
{
sha2_context ctx;
- sha2_hmac_starts( &ctx, ssl->mac_enc, 32, 0 );
+ sha2_hmac_starts( &ctx, ssl->transform_out->mac_enc, 32, 0 );
sha2_hmac_update( &ctx, ssl->out_ctr, 13 );
sha2_hmac_update( &ctx, ssl->out_msg, ssl->out_msglen );
sha2_hmac_finish( &ctx, ssl->out_msg + ssl->out_msglen );
memset( &ctx, 0, sizeof(sha2_context));
}
- else if( ssl->maclen != 0 )
+ else if( ssl->transform_out->maclen != 0 )
{
- SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d", ssl->maclen ) );
+ SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d",
+ ssl->transform_out->maclen ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
}
SSL_DEBUG_BUF( 4, "computed mac",
- ssl->out_msg + ssl->out_msglen, ssl->maclen );
+ ssl->out_msg + ssl->out_msglen, ssl->transform_out->maclen );
- ssl->out_msglen += ssl->maclen;
+ ssl->out_msglen += ssl->transform_out->maclen;
- if( ssl->ivlen == 0 )
+ if( ssl->transform_out->ivlen == 0 )
{
padlen = 0;
@@ -923,24 +936,24 @@
ssl->out_msg, ssl->out_msglen );
#if defined(POLARSSL_ARC4_C)
- if( ssl->session->ciphersuite == SSL_RSA_RC4_128_MD5 ||
- ssl->session->ciphersuite == SSL_RSA_RC4_128_SHA )
+ if( ssl->session_out->ciphersuite == SSL_RSA_RC4_128_MD5 ||
+ ssl->session_out->ciphersuite == SSL_RSA_RC4_128_SHA )
{
- arc4_crypt( (arc4_context *) ssl->ctx_enc,
+ arc4_crypt( (arc4_context *) ssl->transform_out->ctx_enc,
ssl->out_msglen, ssl->out_msg,
ssl->out_msg );
} else
#endif
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
- if( ssl->session->ciphersuite == SSL_RSA_NULL_MD5 ||
- ssl->session->ciphersuite == SSL_RSA_NULL_SHA ||
- ssl->session->ciphersuite == SSL_RSA_NULL_SHA256 )
+ if( ssl->session_out->ciphersuite == SSL_RSA_NULL_MD5 ||
+ ssl->session_out->ciphersuite == SSL_RSA_NULL_SHA ||
+ ssl->session_out->ciphersuite == SSL_RSA_NULL_SHA256 )
{
} else
#endif
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
- else if( ssl->ivlen == 12 )
+ else if( ssl->transform_out->ivlen == 12 )
{
size_t enc_msglen;
unsigned char *enc_msg;
@@ -962,33 +975,38 @@
#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
- if( ssl->session->ciphersuite == SSL_RSA_AES_128_GCM_SHA256 ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 ||
- ssl->session->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
+ if( ssl->session_out->ciphersuite == SSL_RSA_AES_128_GCM_SHA256 ||
+ ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 ||
+ ssl->session_out->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
+ ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
{
/*
* Generate IV
*/
- ret = ssl->f_rng( ssl->p_rng, ssl->iv_enc + ssl->fixed_ivlen,
- ssl->ivlen - ssl->fixed_ivlen );
+ ret = ssl->f_rng( ssl->p_rng,
+ ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
+ ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
if( ret != 0 )
return( ret );
/*
* Shift message for ivlen bytes and prepend IV
*/
- memmove( ssl->out_msg + ssl->ivlen - ssl->fixed_ivlen,
+ memmove( ssl->out_msg + ssl->transform_out->ivlen -
+ ssl->transform_out->fixed_ivlen,
ssl->out_msg, ssl->out_msglen );
- memcpy( ssl->out_msg, ssl->iv_enc + ssl->fixed_ivlen,
- ssl->ivlen - ssl->fixed_ivlen );
+ memcpy( ssl->out_msg,
+ ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
+ ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
/*
* Fix pointer positions and message length with added IV
*/
- enc_msg = ssl->out_msg + ssl->ivlen - ssl->fixed_ivlen;
+ enc_msg = ssl->out_msg + ssl->transform_out->ivlen -
+ ssl->transform_out->fixed_ivlen;
enc_msglen = ssl->out_msglen;
- ssl->out_msglen += ssl->ivlen - ssl->fixed_ivlen;
+ ssl->out_msglen += ssl->transform_out->ivlen -
+ ssl->transform_out->fixed_ivlen;
SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
"including %d bytes of padding",
@@ -1002,9 +1020,9 @@
*/
ssl->out_msglen += 16;
- gcm_crypt_and_tag( (gcm_context *) ssl->ctx_enc,
+ gcm_crypt_and_tag( (gcm_context *) ssl->transform_out->ctx_enc,
GCM_ENCRYPT, enc_msglen,
- ssl->iv_enc, ssl->ivlen,
+ ssl->transform_out->iv_enc, ssl->transform_out->ivlen,
add_data, 13,
enc_msg, enc_msg,
16, enc_msg + enc_msglen );
@@ -1021,8 +1039,9 @@
unsigned char *enc_msg;
size_t enc_msglen;
- padlen = ssl->ivlen - ( ssl->out_msglen + 1 ) % ssl->ivlen;
- if( padlen == ssl->ivlen )
+ padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) %
+ ssl->transform_out->ivlen;
+ if( padlen == ssl->transform_out->ivlen )
padlen = 0;
for( i = 0; i <= padlen; i++ )
@@ -1042,82 +1061,85 @@
/*
* Generate IV
*/
- int ret = ssl->f_rng( ssl->p_rng, ssl->iv_enc, ssl->ivlen );
+ int ret = ssl->f_rng( ssl->p_rng, ssl->transform_out->iv_enc,
+ ssl->transform_out->ivlen );
if( ret != 0 )
return( ret );
/*
* Shift message for ivlen bytes and prepend IV
*/
- memmove( ssl->out_msg + ssl->ivlen, ssl->out_msg, ssl->out_msglen );
- memcpy( ssl->out_msg, ssl->iv_enc, ssl->ivlen );
+ memmove( ssl->out_msg + ssl->transform_out->ivlen, ssl->out_msg,
+ ssl->out_msglen );
+ memcpy( ssl->out_msg, ssl->transform_out->iv_enc,
+ ssl->transform_out->ivlen );
/*
* Fix pointer positions and message length with added IV
*/
- enc_msg = ssl->out_msg + ssl->ivlen;
+ enc_msg = ssl->out_msg + ssl->transform_out->ivlen;
enc_msglen = ssl->out_msglen;
- ssl->out_msglen += ssl->ivlen;
+ ssl->out_msglen += ssl->transform_out->ivlen;
}
SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
"including %d bytes of IV and %d bytes of padding",
- ssl->out_msglen, ssl->ivlen, padlen + 1 ) );
+ ssl->out_msglen, ssl->transform_out->ivlen, padlen + 1 ) );
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
ssl->out_msg, ssl->out_msglen );
- switch( ssl->ivlen )
+ switch( ssl->transform_out->ivlen )
{
#if defined(POLARSSL_DES_C)
case 8:
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
- if( ssl->session->ciphersuite == SSL_RSA_DES_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_DES_SHA )
+ if( ssl->session_out->ciphersuite == SSL_RSA_DES_SHA ||
+ ssl->session_out->ciphersuite == SSL_EDH_RSA_DES_SHA )
{
- des_crypt_cbc( (des_context *) ssl->ctx_enc,
+ des_crypt_cbc( (des_context *) ssl->transform_out->ctx_enc,
DES_ENCRYPT, enc_msglen,
- ssl->iv_enc, enc_msg, enc_msg );
+ ssl->transform_out->iv_enc, enc_msg, enc_msg );
}
else
#endif
- des3_crypt_cbc( (des3_context *) ssl->ctx_enc,
- DES_ENCRYPT, enc_msglen,
- ssl->iv_enc, enc_msg, enc_msg );
+ des3_crypt_cbc( (des3_context *) ssl->transform_out->ctx_enc,
+ DES_ENCRYPT, enc_msglen,
+ ssl->transform_out->iv_enc, enc_msg, enc_msg );
break;
#endif
case 16:
#if defined(POLARSSL_AES_C)
- if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
- ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
- ssl->session->ciphersuite == SSL_RSA_AES_128_SHA256 ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
- ssl->session->ciphersuite == SSL_RSA_AES_256_SHA256 ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 )
+ if ( ssl->session_out->ciphersuite == SSL_RSA_AES_128_SHA ||
+ ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
+ ssl->session_out->ciphersuite == SSL_RSA_AES_256_SHA ||
+ ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
+ ssl->session_out->ciphersuite == SSL_RSA_AES_128_SHA256 ||
+ ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
+ ssl->session_out->ciphersuite == SSL_RSA_AES_256_SHA256 ||
+ ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 )
{
- aes_crypt_cbc( (aes_context *) ssl->ctx_enc,
+ aes_crypt_cbc( (aes_context *) ssl->transform_out->ctx_enc,
AES_ENCRYPT, enc_msglen,
- ssl->iv_enc, enc_msg, enc_msg);
+ ssl->transform_out->iv_enc, enc_msg, enc_msg);
break;
}
#endif
#if defined(POLARSSL_CAMELLIA_C)
- if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
- ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
- ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA256 ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
- ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA256 ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 )
+ if ( ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
+ ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
+ ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
+ ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
+ ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_128_SHA256 ||
+ ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
+ ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_256_SHA256 ||
+ ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 )
{
- camellia_crypt_cbc( (camellia_context *) ssl->ctx_enc,
+ camellia_crypt_cbc( (camellia_context *) ssl->transform_out->ctx_enc,
CAMELLIA_ENCRYPT, enc_msglen,
- ssl->iv_enc, enc_msg, enc_msg );
+ ssl->transform_out->iv_enc, enc_msg, enc_msg );
break;
}
#endif
@@ -1148,35 +1170,35 @@
SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
- if( ssl->in_msglen < ssl->minlen )
+ if( ssl->in_msglen < ssl->transform_in->minlen )
{
SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
- ssl->in_msglen, ssl->minlen ) );
+ ssl->in_msglen, ssl->transform_in->minlen ) );
return( POLARSSL_ERR_SSL_INVALID_MAC );
}
- if( ssl->ivlen == 0 )
+ if( ssl->transform_in->ivlen == 0 )
{
#if defined(POLARSSL_ARC4_C)
padlen = 0;
- if( ssl->session->ciphersuite == SSL_RSA_RC4_128_MD5 ||
- ssl->session->ciphersuite == SSL_RSA_RC4_128_SHA )
+ if( ssl->session_in->ciphersuite == SSL_RSA_RC4_128_MD5 ||
+ ssl->session_in->ciphersuite == SSL_RSA_RC4_128_SHA )
{
- arc4_crypt( (arc4_context *) ssl->ctx_dec,
+ arc4_crypt( (arc4_context *) ssl->transform_in->ctx_dec,
ssl->in_msglen, ssl->in_msg,
ssl->in_msg );
} else
#endif
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
- if( ssl->session->ciphersuite == SSL_RSA_NULL_MD5 ||
- ssl->session->ciphersuite == SSL_RSA_NULL_SHA ||
- ssl->session->ciphersuite == SSL_RSA_NULL_SHA256 )
+ if( ssl->session_in->ciphersuite == SSL_RSA_NULL_MD5 ||
+ ssl->session_in->ciphersuite == SSL_RSA_NULL_SHA ||
+ ssl->session_in->ciphersuite == SSL_RSA_NULL_SHA256 )
{
} else
#endif
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
- else if( ssl->ivlen == 12 )
+ else if( ssl->transform_in->ivlen == 12 )
{
unsigned char *dec_msg;
unsigned char *dec_msg_result;
@@ -1187,14 +1209,16 @@
padlen = 0;
#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
- if( ssl->session->ciphersuite == SSL_RSA_AES_128_GCM_SHA256 ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 ||
- ssl->session->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
+ if( ssl->session_in->ciphersuite == SSL_RSA_AES_128_GCM_SHA256 ||
+ ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 ||
+ ssl->session_in->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
+ ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
{
- dec_msglen = ssl->in_msglen - ( ssl->ivlen - ssl->fixed_ivlen );
+ dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
+ ssl->transform_in->fixed_ivlen );
dec_msglen -= 16;
- dec_msg = ssl->in_msg + ( ssl->ivlen - ssl->fixed_ivlen );
+ dec_msg = ssl->in_msg + ( ssl->transform_in->ivlen -
+ ssl->transform_in->fixed_ivlen );
dec_msg_result = ssl->in_msg;
ssl->in_msglen = dec_msglen;
@@ -1208,18 +1232,22 @@
SSL_DEBUG_BUF( 4, "additional data used for AEAD",
add_data, 13 );
- memcpy( ssl->iv_dec + ssl->fixed_ivlen, ssl->in_msg,
- ssl->ivlen - ssl->fixed_ivlen );
+ memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
+ ssl->in_msg,
+ ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen );
- SSL_DEBUG_BUF( 4, "IV used", ssl->iv_dec, ssl->ivlen );
+ SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec,
+ ssl->transform_in->ivlen );
SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 );
- memcpy( ssl->iv_dec + ssl->fixed_ivlen, ssl->in_msg,
- ssl->ivlen - ssl->fixed_ivlen );
+ memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
+ ssl->in_msg,
+ ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen );
- ret = gcm_auth_decrypt( (gcm_context *) ssl->ctx_dec,
+ ret = gcm_auth_decrypt( (gcm_context *) ssl->transform_in->ctx_dec,
dec_msglen,
- ssl->iv_dec, ssl->ivlen,
+ ssl->transform_in->iv_dec,
+ ssl->transform_in->ivlen,
add_data, 13,
dec_msg + dec_msglen, 16,
dec_msg, dec_msg_result );
@@ -1244,10 +1272,10 @@
/*
* Decrypt and check the padding
*/
- if( ssl->in_msglen % ssl->ivlen != 0 )
+ if( ssl->in_msglen % ssl->transform_in->ivlen != 0 )
{
SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
- ssl->in_msglen, ssl->ivlen ) );
+ ssl->in_msglen, ssl->transform_in->ivlen ) );
return( POLARSSL_ERR_SSL_INVALID_MAC );
}
@@ -1260,65 +1288,65 @@
*/
if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
{
- dec_msg += ssl->ivlen;
- dec_msglen -= ssl->ivlen;
- ssl->in_msglen -= ssl->ivlen;
+ dec_msg += ssl->transform_in->ivlen;
+ dec_msglen -= ssl->transform_in->ivlen;
+ ssl->in_msglen -= ssl->transform_in->ivlen;
- for( i = 0; i < ssl->ivlen; i++ )
- ssl->iv_dec[i] = ssl->in_msg[i];
+ for( i = 0; i < ssl->transform_in->ivlen; i++ )
+ ssl->transform_in->iv_dec[i] = ssl->in_msg[i];
}
- switch( ssl->ivlen )
+ switch( ssl->transform_in->ivlen )
{
#if defined(POLARSSL_DES_C)
case 8:
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
- if( ssl->session->ciphersuite == SSL_RSA_DES_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_DES_SHA )
+ if( ssl->session_in->ciphersuite == SSL_RSA_DES_SHA ||
+ ssl->session_in->ciphersuite == SSL_EDH_RSA_DES_SHA )
{
- des_crypt_cbc( (des_context *) ssl->ctx_dec,
+ des_crypt_cbc( (des_context *) ssl->transform_in->ctx_dec,
DES_DECRYPT, dec_msglen,
- ssl->iv_dec, dec_msg, dec_msg_result );
+ ssl->transform_in->iv_dec, dec_msg, dec_msg_result );
}
else
#endif
- des3_crypt_cbc( (des3_context *) ssl->ctx_dec,
+ des3_crypt_cbc( (des3_context *) ssl->transform_in->ctx_dec,
DES_DECRYPT, dec_msglen,
- ssl->iv_dec, dec_msg, dec_msg_result );
+ ssl->transform_in->iv_dec, dec_msg, dec_msg_result );
break;
#endif
case 16:
#if defined(POLARSSL_AES_C)
- if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
- ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
- ssl->session->ciphersuite == SSL_RSA_AES_128_SHA256 ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
- ssl->session->ciphersuite == SSL_RSA_AES_256_SHA256 ||
- ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 )
+ if ( ssl->session_in->ciphersuite == SSL_RSA_AES_128_SHA ||
+ ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
+ ssl->session_in->ciphersuite == SSL_RSA_AES_256_SHA ||
+ ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
+ ssl->session_in->ciphersuite == SSL_RSA_AES_128_SHA256 ||
+ ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
+ ssl->session_in->ciphersuite == SSL_RSA_AES_256_SHA256 ||
+ ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 )
{
- aes_crypt_cbc( (aes_context *) ssl->ctx_dec,
+ aes_crypt_cbc( (aes_context *) ssl->transform_in->ctx_dec,
AES_DECRYPT, dec_msglen,
- ssl->iv_dec, dec_msg, dec_msg_result );
+ ssl->transform_in->iv_dec, dec_msg, dec_msg_result );
break;
}
#endif
#if defined(POLARSSL_CAMELLIA_C)
- if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
- ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
- ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA256 ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
- ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA256 ||
- ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 )
+ if ( ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
+ ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
+ ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
+ ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
+ ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_128_SHA256 ||
+ ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
+ ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_256_SHA256 ||
+ ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 )
{
- camellia_crypt_cbc( (camellia_context *) ssl->ctx_dec,
+ camellia_crypt_cbc( (camellia_context *) ssl->transform_in->ctx_dec,
CAMELLIA_DECRYPT, dec_msglen,
- ssl->iv_dec, dec_msg, dec_msg_result );
+ ssl->transform_in->iv_dec, dec_msg, dec_msg_result );
break;
}
#endif
@@ -1331,11 +1359,11 @@
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
{
- if( padlen > ssl->ivlen )
+ if( padlen > ssl->transform_in->ivlen )
{
SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
"should be no more than %d",
- padlen, ssl->ivlen ) );
+ padlen, ssl->transform_in->ivlen ) );
padlen = 0;
}
}
@@ -1363,14 +1391,14 @@
/*
* Always compute the MAC (RFC4346, CBCTIME).
*/
- if( ssl->in_msglen < ssl->maclen + padlen )
+ if( ssl->in_msglen < ssl->transform_in->maclen + padlen )
{
SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
- ssl->in_msglen, ssl->maclen, padlen ) );
+ ssl->in_msglen, ssl->transform_in->maclen, padlen ) );
return( POLARSSL_ERR_SSL_INVALID_MAC );
}
- ssl->in_msglen -= ( ssl->maclen + padlen );
+ ssl->in_msglen -= ( ssl->transform_in->maclen + padlen );
ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
@@ -1379,37 +1407,53 @@
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
{
- if( ssl->maclen == 16 )
- ssl_mac_md5( ssl->mac_dec,
+ if( ssl->transform_in->maclen == 16 )
+ ssl_mac_md5( ssl->transform_in->mac_dec,
ssl->in_msg, ssl->in_msglen,
ssl->in_ctr, ssl->in_msgtype );
- else if( ssl->maclen == 20 )
- ssl_mac_sha1( ssl->mac_dec,
+ else if( ssl->transform_in->maclen == 20 )
+ ssl_mac_sha1( ssl->transform_in->mac_dec,
ssl->in_msg, ssl->in_msglen,
ssl->in_ctr, ssl->in_msgtype );
+ else if( ssl->transform_in->maclen == 32 )
+ ssl_mac_sha2( ssl->transform_in->mac_dec,
+ ssl->in_msg, ssl->in_msglen,
+ ssl->in_ctr, ssl->in_msgtype );
+ else if( ssl->transform_in->maclen != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d",
+ ssl->transform_in->maclen ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
}
else
{
- if( ssl->maclen == 16 )
- md5_hmac( ssl->mac_dec, 16,
+ if( ssl->transform_in->maclen == 16 )
+ md5_hmac( ssl->transform_in->mac_dec, 16,
ssl->in_ctr, ssl->in_msglen + 13,
ssl->in_msg + ssl->in_msglen );
- else if( ssl->maclen == 20 )
- sha1_hmac( ssl->mac_dec, 20,
+ else if( ssl->transform_in->maclen == 20 )
+ sha1_hmac( ssl->transform_in->mac_dec, 20,
ssl->in_ctr, ssl->in_msglen + 13,
ssl->in_msg + ssl->in_msglen );
- else if( ssl->maclen == 32 )
- sha2_hmac( ssl->mac_dec, 32,
+ else if( ssl->transform_in->maclen == 32 )
+ sha2_hmac( ssl->transform_in->mac_dec, 32,
ssl->in_ctr, ssl->in_msglen + 13,
ssl->in_msg + ssl->in_msglen, 0 );
+ else if( ssl->transform_in->maclen != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d",
+ ssl->transform_in->maclen ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
}
- SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->maclen );
+ SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen );
SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
- ssl->maclen );
+ ssl->transform_in->maclen );
if( memcmp( tmp, ssl->in_msg + ssl->in_msglen,
- ssl->maclen ) != 0 )
+ ssl->transform_in->maclen ) != 0 )
{
SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
return( POLARSSL_ERR_SSL_INVALID_MAC );
@@ -1419,7 +1463,8 @@
* Finally check the padding length; bad padding
* will produce the same error as an invalid MAC.
*/
- if( ssl->ivlen != 0 && ssl->ivlen != 12 && padlen == 0 )
+ if( ssl->transform_in->ivlen != 0 && ssl->transform_in->ivlen != 12 &&
+ padlen == 0 )
return( POLARSSL_ERR_SSL_INVALID_MAC );
if( ssl->in_msglen == 0 )
@@ -1477,19 +1522,19 @@
SSL_DEBUG_BUF( 4, "before compression: output payload",
ssl->out_msg, ssl->out_msglen );
- ssl->ctx_deflate.next_in = msg_pre;
- ssl->ctx_deflate.avail_in = len_pre;
- ssl->ctx_deflate.next_out = msg_post;
- ssl->ctx_deflate.avail_out = SSL_BUFFER_LEN;
+ ssl->transform_out->ctx_deflate.next_in = msg_pre;
+ ssl->transform_out->ctx_deflate.avail_in = len_pre;
+ ssl->transform_out->ctx_deflate.next_out = msg_post;
+ ssl->transform_out->ctx_deflate.avail_out = SSL_BUFFER_LEN;
- ret = deflate( &ssl->ctx_deflate, Z_SYNC_FLUSH );
+ ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
if( ret != Z_OK )
{
SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) );
return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
}
- ssl->out_msglen = SSL_BUFFER_LEN - ssl->ctx_deflate.avail_out;
+ ssl->out_msglen = SSL_BUFFER_LEN - ssl->transform_out->ctx_deflate.avail_out;
free( msg_pre );
@@ -1528,19 +1573,19 @@
SSL_DEBUG_BUF( 4, "before decompression: input payload",
ssl->in_msg, ssl->in_msglen );
- ssl->ctx_inflate.next_in = msg_pre;
- ssl->ctx_inflate.avail_in = len_pre;
- ssl->ctx_inflate.next_out = msg_post;
- ssl->ctx_inflate.avail_out = SSL_MAX_CONTENT_LEN;
+ ssl->transform_in->ctx_inflate.next_in = msg_pre;
+ ssl->transform_in->ctx_inflate.avail_in = len_pre;
+ ssl->transform_in->ctx_inflate.next_out = msg_post;
+ ssl->transform_in->ctx_inflate.avail_out = SSL_MAX_CONTENT_LEN;
- ret = inflate( &ssl->ctx_inflate, Z_SYNC_FLUSH );
+ ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
if( ret != Z_OK )
{
SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) );
return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
}
- ssl->in_msglen = SSL_MAX_CONTENT_LEN - ssl->ctx_inflate.avail_out;
+ ssl->in_msglen = SSL_MAX_CONTENT_LEN - ssl->transform_in->ctx_inflate.avail_out;
free( msg_pre );
@@ -1651,12 +1696,12 @@
ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 );
ssl->out_msg[3] = (unsigned char)( ( len - 4 ) );
- ssl->update_checksum( ssl, ssl->out_msg, len );
+ ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
}
#if defined(POLARSSL_ZLIB_SUPPORT)
- if( ssl->do_crypt != 0 &&
- ssl->session->compression == SSL_COMPRESS_DEFLATE )
+ if( ssl->transform_out != NULL &&
+ ssl->session_out->compression == SSL_COMPRESS_DEFLATE )
{
if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
{
@@ -1690,7 +1735,7 @@
ssl->out_hdr[3] = (unsigned char)( len >> 8 );
ssl->out_hdr[4] = (unsigned char)( len );
- if( ssl->do_crypt != 0 )
+ if( ssl->transform_out != NULL )
{
if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
{
@@ -1742,7 +1787,7 @@
ssl->in_msglen -= ssl->in_hslen;
memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
- ssl->in_msglen );
+ ssl->in_msglen );
ssl->in_hslen = 4;
ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];
@@ -1763,7 +1808,7 @@
return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
- ssl->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
+ ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
return( 0 );
}
@@ -1802,7 +1847,7 @@
/*
* Make sure the message length is acceptable
*/
- if( ssl->do_crypt == 0 )
+ if( ssl->transform_in == NULL )
{
if( ssl->in_msglen < 1 ||
ssl->in_msglen > SSL_MAX_CONTENT_LEN )
@@ -1813,14 +1858,14 @@
}
else
{
- if( ssl->in_msglen < ssl->minlen )
+ if( ssl->in_msglen < ssl->transform_in->minlen )
{
SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
if( ssl->minor_ver == SSL_MINOR_VERSION_0 &&
- ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN )
+ ssl->in_msglen > ssl->transform_in->minlen + SSL_MAX_CONTENT_LEN )
{
SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( POLARSSL_ERR_SSL_INVALID_RECORD );
@@ -1830,7 +1875,7 @@
* TLS encrypted messages can have up to 256 bytes of padding
*/
if( ssl->minor_ver >= SSL_MINOR_VERSION_1 &&
- ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN + 256 )
+ ssl->in_msglen > ssl->transform_in->minlen + SSL_MAX_CONTENT_LEN + 256 )
{
SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( POLARSSL_ERR_SSL_INVALID_RECORD );
@@ -1863,7 +1908,7 @@
done = 1;
}
#endif
- if( !done && ssl->do_crypt != 0 )
+ if( !done && ssl->transform_in != NULL )
{
if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
{
@@ -1882,8 +1927,8 @@
}
#if defined(POLARSSL_ZLIB_SUPPORT)
- if( ssl->do_crypt != 0 &&
- ssl->session->compression == SSL_COMPRESS_DEFLATE )
+ if( ssl->transform_in != NULL &&
+ ssl->session_in->compression == SSL_COMPRESS_DEFLATE )
{
if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
{
@@ -1903,8 +1948,9 @@
{
SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
- if( ( ret = ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
- SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
+ if( ( ret = ssl_send_alert_message( ssl,
+ SSL_ALERT_LEVEL_FATAL,
+ SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
{
return( ret );
}
@@ -1936,7 +1982,8 @@
return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
- ssl->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
+ if( ssl->state != SSL_HANDSHAKE_OVER )
+ ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
}
if( ssl->in_msgtype == SSL_MSG_ALERT )
@@ -2183,7 +2230,7 @@
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
}
- if( ( ssl->peer_cert = (x509_cert *) malloc(
+ if( ( ssl->session_negotiate->peer_cert = (x509_cert *) malloc(
sizeof( x509_cert ) ) ) == NULL )
{
SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
@@ -2191,7 +2238,7 @@
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
}
- memset( ssl->peer_cert, 0, sizeof( x509_cert ) );
+ memset( ssl->session_negotiate->peer_cert, 0, sizeof( x509_cert ) );
i = 7;
@@ -2213,7 +2260,8 @@
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
}
- ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n );
+ ret = x509parse_crt( ssl->session_negotiate->peer_cert, ssl->in_msg + i,
+ n );
if( ret != 0 )
{
SSL_DEBUG_RET( 1, " x509parse_crt", ret );
@@ -2223,7 +2271,7 @@
i += n;
}
- SSL_DEBUG_CRT( 3, "peer certificate", ssl->peer_cert );
+ SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
if( ssl->authmode != SSL_VERIFY_NONE )
{
@@ -2233,7 +2281,8 @@
return( POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED );
}
- ret = x509parse_verify( ssl->peer_cert, ssl->ca_chain, ssl->ca_crl,
+ ret = x509parse_verify( ssl->session_negotiate->peer_cert,
+ ssl->ca_chain, ssl->ca_crl,
ssl->peer_cn, &ssl->verify_result,
ssl->f_vrfy, ssl->p_vrfy );
@@ -2259,7 +2308,6 @@
ssl->out_msglen = 1;
ssl->out_msg[0] = 1;
- ssl->do_crypt = 0;
ssl->state++;
if( ( ret = ssl_write_record( ssl ) ) != 0 )
@@ -2279,8 +2327,6 @@
SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
- ssl->do_crypt = 0;
-
if( ( ret = ssl_read_record( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_read_record", ret );
@@ -2306,60 +2352,45 @@
return( 0 );
}
-void ssl_kickstart_checksum( ssl_context *ssl, int ciphersuite,
- unsigned char *input_buf, size_t len )
+void ssl_optimize_checksum( ssl_context *ssl, int ciphersuite )
{
if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
- {
- md5_starts( (md5_context *) ssl->ctx_checksum );
- sha1_starts( (sha1_context *) ( ssl->ctx_checksum +
- sizeof(md5_context) ) );
-
- ssl->update_checksum = ssl_update_checksum_md5sha1;
- }
+ ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
else if ( ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
{
- sha4_starts( (sha4_context *) ssl->ctx_checksum, 1 );
- ssl->update_checksum = ssl_update_checksum_sha384;
+ ssl->handshake->update_checksum = ssl_update_checksum_sha384;
}
else
- {
- sha2_starts( (sha2_context *) ssl->ctx_checksum, 0 );
- ssl->update_checksum = ssl_update_checksum_sha256;
- }
-
- if( ssl->endpoint == SSL_IS_CLIENT )
- ssl->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
- ssl->update_checksum( ssl, input_buf, len );
+ ssl->handshake->update_checksum = ssl_update_checksum_sha256;
}
static void ssl_update_checksum_start( ssl_context *ssl, unsigned char *buf,
size_t len )
{
- ((void) ssl);
- ((void) buf);
- ((void) len);
+ md5_update( &ssl->handshake->fin_md5 , buf, len );
+ sha1_update( &ssl->handshake->fin_sha1, buf, len );
+ sha2_update( &ssl->handshake->fin_sha2, buf, len );
+ sha4_update( &ssl->handshake->fin_sha4, buf, len );
}
static void ssl_update_checksum_md5sha1( ssl_context *ssl, unsigned char *buf,
size_t len )
{
- md5_update( (md5_context *) ssl->ctx_checksum, buf, len );
- sha1_update( (sha1_context *) ( ssl->ctx_checksum + sizeof(md5_context) ),
- buf, len );
+ md5_update( &ssl->handshake->fin_md5 , buf, len );
+ sha1_update( &ssl->handshake->fin_sha1, buf, len );
}
static void ssl_update_checksum_sha256( ssl_context *ssl, unsigned char *buf,
size_t len )
{
- sha2_update( (sha2_context *) ssl->ctx_checksum, buf, len );
+ sha2_update( &ssl->handshake->fin_sha2, buf, len );
}
static void ssl_update_checksum_sha384( ssl_context *ssl, unsigned char *buf,
size_t len )
{
- sha4_update( (sha4_context *) ssl->ctx_checksum, buf, len );
+ sha4_update( &ssl->handshake->fin_sha4, buf, len );
}
static void ssl_calc_finished_ssl(
@@ -2373,11 +2404,14 @@
unsigned char md5sum[16];
unsigned char sha1sum[20];
+ ssl_session *session = ssl->session_negotiate;
+ if( !session )
+ session = ssl->session;
+
SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) );
- memcpy( &md5 , (md5_context *) ssl->ctx_checksum, sizeof(md5_context) );
- memcpy( &sha1, (sha1_context *) ( ssl->ctx_checksum + sizeof(md5_context) ),
- sizeof( sha1_context ) );
+ memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
+ memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
/*
* SSLv3:
@@ -2400,25 +2434,25 @@
memset( padbuf, 0x36, 48 );
md5_update( &md5, (unsigned char *) sender, 4 );
- md5_update( &md5, ssl->session->master, 48 );
+ md5_update( &md5, session->master, 48 );
md5_update( &md5, padbuf, 48 );
md5_finish( &md5, md5sum );
sha1_update( &sha1, (unsigned char *) sender, 4 );
- sha1_update( &sha1, ssl->session->master, 48 );
+ sha1_update( &sha1, session->master, 48 );
sha1_update( &sha1, padbuf, 40 );
sha1_finish( &sha1, sha1sum );
memset( padbuf, 0x5C, 48 );
md5_starts( &md5 );
- md5_update( &md5, ssl->session->master, 48 );
+ md5_update( &md5, session->master, 48 );
md5_update( &md5, padbuf, 48 );
md5_update( &md5, md5sum, 16 );
md5_finish( &md5, buf );
sha1_starts( &sha1 );
- sha1_update( &sha1, ssl->session->master, 48 );
+ sha1_update( &sha1, session->master, 48 );
sha1_update( &sha1, padbuf , 40 );
sha1_update( &sha1, sha1sum, 20 );
sha1_finish( &sha1, buf + 16 );
@@ -2444,11 +2478,14 @@
sha1_context sha1;
unsigned char padbuf[36];
+ ssl_session *session = ssl->session_negotiate;
+ if( !session )
+ session = ssl->session;
+
SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) );
- memcpy( &md5 , (md5_context *) ssl->ctx_checksum, sizeof(md5_context) );
- memcpy( &sha1, (sha1_context *) ( ssl->ctx_checksum + sizeof(md5_context) ),
- sizeof( sha1_context ) );
+ memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
+ memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
/*
* TLSv1:
@@ -2469,8 +2506,8 @@
md5_finish( &md5, padbuf );
sha1_finish( &sha1, padbuf + 16 );
- ssl->tls_prf( ssl->session->master, 48, sender,
- padbuf, 36, buf, len );
+ ssl->handshake->tls_prf( session->master, 48, sender,
+ padbuf, 36, buf, len );
SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
@@ -2490,9 +2527,13 @@
sha2_context sha2;
unsigned char padbuf[32];
+ ssl_session *session = ssl->session_negotiate;
+ if( !session )
+ session = ssl->session;
+
SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) );
- memcpy( &sha2 , (sha2_context *) ssl->ctx_checksum, sizeof(sha2_context) );
+ memcpy( &sha2, &ssl->handshake->fin_sha2, sizeof(sha2_context) );
/*
* TLSv1.2:
@@ -2509,8 +2550,8 @@
sha2_finish( &sha2, padbuf );
- ssl->tls_prf( ssl->session->master, 48, sender,
- padbuf, 32, buf, len );
+ ssl->handshake->tls_prf( session->master, 48, sender,
+ padbuf, 32, buf, len );
SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
@@ -2529,9 +2570,13 @@
sha4_context sha4;
unsigned char padbuf[48];
+ ssl_session *session = ssl->session_negotiate;
+ if( !session )
+ session = ssl->session;
+
SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) );
- memcpy( &sha4 , (sha4_context *) ssl->ctx_checksum, sizeof(sha4_context) );
+ memcpy( &sha4, &ssl->handshake->fin_sha4, sizeof(sha4_context) );
/*
* TLSv1.2:
@@ -2548,8 +2593,8 @@
sha4_finish( &sha4, padbuf );
- ssl->tls_prf( ssl->session->master, 48, sender,
- padbuf, 48, buf, len );
+ ssl->handshake->tls_prf( session->master, 48, sender,
+ padbuf, 48, buf, len );
SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
@@ -2560,17 +2605,66 @@
SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
}
+void ssl_handshake_wrapup( ssl_context *ssl )
+{
+ SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
+
+ /*
+ * Free our handshake params
+ */
+ ssl_handshake_free( ssl->handshake );
+ free( ssl->handshake );
+ ssl->handshake = NULL;
+
+ /*
+ * Switch in our now active transform context
+ */
+ if( ssl->transform )
+ {
+ ssl_transform_free( ssl->transform );
+ free( ssl->transform );
+ }
+ ssl->transform = ssl->transform_negotiate;
+ ssl->transform_negotiate = NULL;
+
+ /*
+ * Migrate data to existing session structure (in chain)
+ * Step 1. Clear existing data (but not the rest of the chain)
+ * Step 2. Migrate data to existing object in chain
+ * Step 3. Remove negotiation session object without removing items pointed
+ * to
+ */
+ ssl->session_negotiate->next = ssl->session->next;
+ ssl->session->next = NULL;
+ ssl_session_free( ssl->session );
+
+ memcpy( ssl->session, ssl->session_negotiate, sizeof(ssl_session) );
+ ssl->session_in = ssl->session;
+ ssl->session_out = ssl->session;
+
+ memset( ssl->session_negotiate, 0, sizeof(ssl_session) );
+ free( ssl->session_negotiate );
+ ssl->session_negotiate = NULL;
+
+ ssl->state++;
+
+ SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
+}
+
int ssl_write_finished( ssl_context *ssl )
{
int ret, hash_len;
SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
- ssl->calc_finished( ssl, ssl->out_msg + 4, ssl->endpoint );
+ ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->endpoint );
// TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12;
+ ssl->verify_data_len = hash_len;
+ memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
+
ssl->out_msglen = 4 + hash_len;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = SSL_HS_FINISHED;
@@ -2582,14 +2676,20 @@
if( ssl->resume != 0 )
{
if( ssl->endpoint == SSL_IS_CLIENT )
- ssl->state = SSL_HANDSHAKE_OVER;
+ ssl->state = SSL_HANDSHAKE_WRAPUP;
else
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
}
else
ssl->state++;
- ssl->do_crypt = 1;
+ /*
+ * Switch to our negotiated transform and session parameters for outbound data.
+ */
+ SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
+ ssl->transform_out = ssl->transform_negotiate;
+ ssl->session_out = ssl->session_negotiate;
+ memset( ssl->out_ctr, 0, 8 );
if( ( ret = ssl_write_record( ssl ) ) != 0 )
{
@@ -2610,9 +2710,15 @@
SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
- ssl->calc_finished( ssl, buf, ssl->endpoint ^ 1 );
+ ssl->handshake->calc_finished( ssl, buf, ssl->endpoint ^ 1 );
- ssl->do_crypt = 1;
+ /*
+ * Switch to our negotiated transform and session parameters for inbound data.
+ */
+ SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
+ ssl->transform_in = ssl->transform_negotiate;
+ ssl->session_in = ssl->session_negotiate;
+ memset( ssl->in_ctr, 0, 8 );
if( ( ret = ssl_read_record( ssl ) ) != 0 )
{
@@ -2642,13 +2748,16 @@
return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
}
+ ssl->verify_data_len = hash_len;
+ memcpy( ssl->peer_verify_data, buf, hash_len );
+
if( ssl->resume != 0 )
{
if( ssl->endpoint == SSL_IS_CLIENT )
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
if( ssl->endpoint == SSL_IS_SERVER )
- ssl->state = SSL_HANDSHAKE_OVER;
+ ssl->state = SSL_HANDSHAKE_WRAPUP;
}
else
ssl->state++;
@@ -2658,11 +2767,51 @@
return( 0 );
}
+int ssl_handshake_init( ssl_context *ssl )
+{
+ if( ssl->transform_negotiate )
+ ssl_transform_free( ssl->transform_negotiate );
+ else
+ ssl->transform_negotiate = malloc( sizeof(ssl_transform) );
+
+ if( ssl->session_negotiate )
+ ssl_session_free( ssl->session_negotiate );
+ else
+ ssl->session_negotiate = malloc( sizeof(ssl_session) );
+
+ if( ssl->handshake )
+ ssl_handshake_free( ssl->handshake );
+ else
+ ssl->handshake = malloc( sizeof(ssl_handshake_params) );
+
+ if( ssl->handshake == NULL ||
+ ssl->transform_negotiate == NULL ||
+ ssl->session_negotiate == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "malloc() of ssl sub-contexts failed" ) );
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+ }
+
+ memset( ssl->handshake, 0, sizeof(ssl_handshake_params) );
+ memset( ssl->transform_negotiate, 0, sizeof(ssl_transform) );
+ memset( ssl->session_negotiate, 0, sizeof(ssl_session) );
+
+ md5_starts( &ssl->handshake->fin_md5 );
+ sha1_starts( &ssl->handshake->fin_sha1 );
+ sha2_starts( &ssl->handshake->fin_sha2, 0 );
+ sha4_starts( &ssl->handshake->fin_sha4, 1 );
+
+ ssl->handshake->update_checksum = ssl_update_checksum_start;
+
+ return( 0 );
+}
+
/*
* Initialize an SSL context
*/
int ssl_init( ssl_context *ssl )
{
+ int ret;
int len = SSL_BUFFER_LEN;
memset( ssl, 0, sizeof( ssl_context ) );
@@ -2694,7 +2843,8 @@
ssl->hostname = NULL;
ssl->hostname_len = 0;
- ssl->update_checksum = ssl_update_checksum_start;
+ if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+ return( ret );
return( 0 );
}
@@ -2705,8 +2855,16 @@
*/
int ssl_session_reset( ssl_context *ssl )
{
+ int ret;
+
ssl->state = SSL_HELLO_REQUEST;
-
+ ssl->renegotiation = SSL_INITIAL_HANDSHAKE;
+ ssl->secure_renegotiation = SSL_LEGACY_RENEGOTIATION;
+
+ ssl->verify_data_len = 0;
+ memset( ssl->own_verify_data, 0, 36 );
+ memset( ssl->peer_verify_data, 0, 36 );
+
ssl->in_offt = NULL;
ssl->in_msgtype = 0;
@@ -2720,25 +2878,11 @@
ssl->out_msglen = 0;
ssl->out_left = 0;
- ssl->do_crypt = 0;
- ssl->pmslen = 0;
- ssl->keylen = 0;
- ssl->minlen = 0;
- ssl->ivlen = 0;
- ssl->maclen = 0;
+ ssl->transform_in = NULL;
+ ssl->transform_out = NULL;
memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
memset( ssl->in_ctr, 0, SSL_BUFFER_LEN );
- memset( ssl->randbytes, 0, 64 );
- memset( ssl->premaster, 0, 256 );
- memset( ssl->iv_enc, 0, 16 );
- memset( ssl->iv_dec, 0, 16 );
- memset( ssl->mac_enc, 0, 32 );
- memset( ssl->mac_dec, 0, 32 );
- memset( ssl->ctx_enc, 0, 128 );
- memset( ssl->ctx_dec, 0, 128 );
-
- ssl->update_checksum = ssl_update_checksum_start;
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
if( ssl_hw_record_reset != NULL)
@@ -2752,29 +2896,15 @@
}
#endif
-#if defined(POLARSSL_ZLIB_SUPPORT)
- // Reset compression state
- //
- if( ssl->session->compression == SSL_COMPRESS_DEFLATE )
+ if( ssl->transform )
{
- ssl->ctx_deflate.next_in = Z_NULL;
- ssl->ctx_deflate.next_out = Z_NULL;
- ssl->ctx_deflate.avail_in = 0;
- ssl->ctx_deflate.avail_out = 0;
-
- ssl->ctx_inflate.next_in = Z_NULL;
- ssl->ctx_inflate.next_out = Z_NULL;
- ssl->ctx_inflate.avail_in = 0;
- ssl->ctx_inflate.avail_out = 0;
-
- if( deflateReset( &ssl->ctx_deflate ) != Z_OK ||
- inflateReset( &ssl->ctx_inflate ) != Z_OK )
- {
- SSL_DEBUG_MSG( 1, ( "Failed to reset compression" ) );
- return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
- }
+ ssl_transform_free( ssl->transform );
+ free( ssl->transform );
+ ssl->transform = NULL;
}
-#endif /* POLARSSL_ZLIB_SUPPORT */
+
+ if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+ return( ret );
return( 0 );
}
@@ -2871,17 +3001,18 @@
}
#endif
+#if defined(POLARSSL_DHM_C)
int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G )
{
int ret;
- if( ( ret = mpi_read_string( &ssl->dhm_ctx.P, 16, dhm_P ) ) != 0 )
+ if( ( ret = mpi_read_string( &ssl->dhm_P, 16, dhm_P ) ) != 0 )
{
SSL_DEBUG_RET( 1, "mpi_read_string", ret );
return( ret );
}
- if( ( ret = mpi_read_string( &ssl->dhm_ctx.G, 16, dhm_G ) ) != 0 )
+ if( ( ret = mpi_read_string( &ssl->dhm_G, 16, dhm_G ) ) != 0 )
{
SSL_DEBUG_RET( 1, "mpi_read_string", ret );
return( ret );
@@ -2894,13 +3025,13 @@
{
int ret;
- if( ( ret = mpi_copy(&ssl->dhm_ctx.P, &dhm_ctx->P) ) != 0 )
+ if( ( ret = mpi_copy(&ssl->dhm_P, &dhm_ctx->P) ) != 0 )
{
SSL_DEBUG_RET( 1, "mpi_copy", ret );
return( ret );
}
- if( ( ret = mpi_copy(&ssl->dhm_ctx.G, &dhm_ctx->G) ) != 0 )
+ if( ( ret = mpi_copy(&ssl->dhm_G, &dhm_ctx->G) ) != 0 )
{
SSL_DEBUG_RET( 1, "mpi_copy", ret );
return( ret );
@@ -2908,6 +3039,7 @@
return( 0 );
}
+#endif /* POLARSSL_DHM_C */
int ssl_set_hostname( ssl_context *ssl, const char *hostname )
{
@@ -2934,6 +3066,16 @@
ssl->max_minor_ver = minor;
}
+void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
+{
+ ssl->disable_renegotiation = renegotiation;
+}
+
+void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy )
+{
+ ssl->allow_legacy_renegotiation = allow_legacy;
+}
+
/*
* SSL get accessors
*/
@@ -3285,6 +3427,35 @@
}
/*
+ * Renegotiate current connection
+ */
+int ssl_renegotiate( ssl_context *ssl )
+{
+ int ret;
+
+ SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
+
+ if( ssl->state != SSL_HANDSHAKE_OVER )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl->state = SSL_HELLO_REQUEST;
+ ssl->renegotiation = SSL_RENEGOTIATION;
+
+ if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+ return( ret );
+
+ if( ( ret = ssl_handshake( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_handshake", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) );
+
+ return( 0 );
+}
+
+/*
* Receive application data decrypted from the SSL layer
*/
int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
@@ -3330,7 +3501,41 @@
}
}
- if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
+ if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
+ {
+ SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
+
+ if( ssl->endpoint == SSL_IS_CLIENT &&
+ ( ssl->in_msg[0] != SSL_HS_HELLO_REQUEST ||
+ ssl->in_hslen != 4 ) )
+ {
+ SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+
+ if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED )
+ {
+ SSL_DEBUG_MSG( 3, ( "ignoring renegotiation, sending alert" ) );
+
+ if( ( ret = ssl_send_alert_message( ssl,
+ SSL_ALERT_LEVEL_WARNING,
+ SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
+ {
+ return( ret );
+ }
+ }
+ else
+ {
+ if( ( ret = ssl_renegotiate( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_renegotiate", ret );
+ return( ret );
+ }
+
+ return( POLARSSL_ERR_NET_WANT_READ );
+ }
+ }
+ else if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
{
SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
@@ -3422,14 +3627,10 @@
if( ssl->state == SSL_HANDSHAKE_OVER )
{
- ssl->out_msgtype = SSL_MSG_ALERT;
- ssl->out_msglen = 2;
- ssl->out_msg[0] = SSL_ALERT_LEVEL_WARNING;
- ssl->out_msg[1] = SSL_ALERT_MSG_CLOSE_NOTIFY;
-
- if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = ssl_send_alert_message( ssl,
+ SSL_ALERT_LEVEL_WARNING,
+ SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 )
{
- SSL_DEBUG_RET( 1, "ssl_write_record", ret );
return( ret );
}
}
@@ -3439,6 +3640,45 @@
return( ret );
}
+void ssl_transform_free( ssl_transform *transform )
+{
+#if defined(POLARSSL_ZLIB_SUPPORT)
+ deflateEnd( &transform->ctx_deflate );
+ inflateEnd( &transform->ctx_inflate );
+#endif
+
+ memset( transform, 0, sizeof( ssl_transform ) );
+}
+
+void ssl_handshake_free( ssl_handshake_params *handshake )
+{
+#if defined(POLARSSL_DHM_C)
+ dhm_free( &handshake->dhm_ctx );
+#endif
+ memset( handshake, 0, sizeof( ssl_handshake_params ) );
+}
+
+void ssl_session_free( ssl_session *session )
+{
+ ssl_session *cur = session, *prv;
+
+ while( cur != NULL )
+ {
+ prv = cur;
+ cur = cur->next;
+
+ if( prv->peer_cert != NULL )
+ {
+ x509_free( prv->peer_cert );
+ free( prv->peer_cert );
+ }
+
+ memset( prv, 0, sizeof( ssl_session ) );
+ if( prv != session )
+ free( prv );
+ }
+}
+
/*
* Free an SSL context
*/
@@ -3446,13 +3686,6 @@
{
SSL_DEBUG_MSG( 2, ( "=> free" ) );
- if( ssl->peer_cert != NULL )
- {
- x509_free( ssl->peer_cert );
- memset( ssl->peer_cert, 0, sizeof( x509_cert ) );
- free( ssl->peer_cert );
- }
-
if( ssl->out_ctr != NULL )
{
memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
@@ -3466,9 +3699,27 @@
}
#if defined(POLARSSL_DHM_C)
- dhm_free( &ssl->dhm_ctx );
+ mpi_free( &ssl->dhm_P );
+ mpi_free( &ssl->dhm_G );
#endif
+ if( ssl->transform )
+ {
+ ssl_transform_free( ssl->transform );
+ free( ssl->transform );
+ }
+
+ if( ssl->handshake )
+ {
+ ssl_handshake_free( ssl->handshake );
+ ssl_transform_free( ssl->transform_negotiate );
+ ssl_session_free( ssl->session_negotiate );
+
+ free( ssl->handshake );
+ free( ssl->transform_negotiate );
+ free( ssl->session_negotiate );
+ }
+
if ( ssl->hostname != NULL)
{
memset( ssl->hostname, 0, ssl->hostname_len );
@@ -3484,11 +3735,6 @@
}
#endif
-#if defined(POLARSSL_ZLIB_SUPPORT)
- deflateEnd( &ssl->ctx_deflate );
- inflateEnd( &ssl->ctx_inflate );
-#endif
-
SSL_DEBUG_MSG( 2, ( "<= free" ) );
/* Actually free after last debug message */