34 #if !defined(POLARSSL_CONFIG_FILE)
37 #include POLARSSL_CONFIG_FILE
40 #if defined(POLARSSL_SSL_TLS_C)
45 #if defined(POLARSSL_X509_CRT_PARSE_C) && \
46 defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
50 #if defined(POLARSSL_PLATFORM_C)
53 #define polarssl_malloc malloc
54 #define polarssl_free free
59 #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
61 #define strcasecmp _stricmp
64 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
88 #if defined(POLARSSL_X509_CRT_PARSE_C)
109 #if defined(POLARSSL_SSL_SESSION_TICKETS)
123 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
125 const unsigned char *key_enc,
const unsigned char *key_dec,
127 const unsigned char *iv_enc,
const unsigned char *iv_dec,
129 const unsigned char *mac_enc,
const unsigned char *mac_dec,
130 size_t maclen) = NULL;
131 int (*ssl_hw_record_activate)(
ssl_context *ssl,
int direction) = NULL;
132 int (*ssl_hw_record_reset)(
ssl_context *ssl) = NULL;
133 int (*ssl_hw_record_write)(
ssl_context *ssl) = NULL;
134 int (*ssl_hw_record_read)(
ssl_context *ssl) = NULL;
135 int (*ssl_hw_record_finish)(
ssl_context *ssl) = NULL;
141 #if defined(POLARSSL_SSL_PROTO_SSL3)
142 static int ssl3_prf(
const unsigned char *secret,
size_t slen,
144 const unsigned char *random,
size_t rlen,
145 unsigned char *dstbuf,
size_t dlen )
150 unsigned char padding[16];
151 unsigned char sha1sum[20];
162 for( i = 0; i < dlen / 16; i++ )
164 memset( padding, (
unsigned char) (
'A' + i), 1 + i );
178 memset( &md5, 0,
sizeof( md5 ) );
179 memset( &sha1, 0,
sizeof( sha1 ) );
181 memset( padding, 0,
sizeof( padding ) );
182 memset( sha1sum, 0,
sizeof( sha1sum ) );
188 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
189 static int tls1_prf(
const unsigned char *secret,
size_t slen,
191 const unsigned char *random,
size_t rlen,
192 unsigned char *dstbuf,
size_t dlen )
196 const unsigned char *S1, *S2;
197 unsigned char tmp[128];
198 unsigned char h_i[20];
200 if(
sizeof( tmp ) < 20 + strlen( label ) + rlen )
203 hs = ( slen + 1 ) / 2;
205 S2 = secret + slen - hs;
207 nb = strlen( label );
208 memcpy( tmp + 20, label, nb );
209 memcpy( tmp + 20 + nb, random, rlen );
215 md5_hmac( S1, hs, tmp + 20, nb, 4 + tmp );
217 for( i = 0; i < dlen; i += 16 )
219 md5_hmac( S1, hs, 4 + tmp, 16 + nb, h_i );
220 md5_hmac( S1, hs, 4 + tmp, 16, 4 + tmp );
222 k = ( i + 16 > dlen ) ? dlen % 16 : 16;
224 for( j = 0; j < k; j++ )
225 dstbuf[i + j] = h_i[j];
233 for( i = 0; i < dlen; i += 20 )
238 k = ( i + 20 > dlen ) ? dlen % 20 : 20;
240 for( j = 0; j < k; j++ )
241 dstbuf[i + j] = (
unsigned char)( dstbuf[i + j] ^ h_i[j] );
244 memset( tmp, 0,
sizeof( tmp ) );
245 memset( h_i, 0,
sizeof( h_i ) );
251 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
252 #if defined(POLARSSL_SHA256_C)
253 static int tls_prf_sha256(
const unsigned char *secret,
size_t slen,
255 const unsigned char *random,
size_t rlen,
256 unsigned char *dstbuf,
size_t dlen )
260 unsigned char tmp[128];
261 unsigned char h_i[32];
263 if(
sizeof( tmp ) < 32 + strlen( label ) + rlen )
266 nb = strlen( label );
267 memcpy( tmp + 32, label, nb );
268 memcpy( tmp + 32 + nb, random, rlen );
276 for( i = 0; i < dlen; i += 32 )
281 k = ( i + 32 > dlen ) ? dlen % 32 : 32;
283 for( j = 0; j < k; j++ )
284 dstbuf[i + j] = h_i[j];
287 memset( tmp, 0,
sizeof( tmp ) );
288 memset( h_i, 0,
sizeof( h_i ) );
294 #if defined(POLARSSL_SHA512_C)
295 static int tls_prf_sha384(
const unsigned char *secret,
size_t slen,
297 const unsigned char *random,
size_t rlen,
298 unsigned char *dstbuf,
size_t dlen )
302 unsigned char tmp[128];
303 unsigned char h_i[48];
305 if(
sizeof( tmp ) < 48 + strlen( label ) + rlen )
308 nb = strlen( label );
309 memcpy( tmp + 48, label, nb );
310 memcpy( tmp + 48 + nb, random, rlen );
318 for( i = 0; i < dlen; i += 48 )
323 k = ( i + 48 > dlen ) ? dlen % 48 : 48;
325 for( j = 0; j < k; j++ )
326 dstbuf[i + j] = h_i[j];
329 memset( tmp, 0,
sizeof( tmp ) );
330 memset( h_i, 0,
sizeof( h_i ) );
337 static void ssl_update_checksum_start(
ssl_context *,
const unsigned char *,
size_t);
339 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
340 defined(POLARSSL_SSL_PROTO_TLS1_1)
341 static void ssl_update_checksum_md5sha1(
ssl_context *,
const unsigned char *,
size_t);
344 #if defined(POLARSSL_SSL_PROTO_SSL3)
345 static void ssl_calc_verify_ssl(
ssl_context *,
unsigned char *);
346 static void ssl_calc_finished_ssl(
ssl_context *,
unsigned char *,
int);
349 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
350 static void ssl_calc_verify_tls(
ssl_context *,
unsigned char *);
351 static void ssl_calc_finished_tls(
ssl_context *,
unsigned char *,
int);
354 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
355 #if defined(POLARSSL_SHA256_C)
356 static void ssl_update_checksum_sha256(
ssl_context *,
const unsigned char *,
size_t);
357 static void ssl_calc_verify_tls_sha256(
ssl_context *,
unsigned char *);
358 static void ssl_calc_finished_tls_sha256(
ssl_context *,
unsigned char *,
int);
361 #if defined(POLARSSL_SHA512_C)
362 static void ssl_update_checksum_sha384(
ssl_context *,
const unsigned char *,
size_t);
363 static void ssl_calc_verify_tls_sha384(
ssl_context *,
unsigned char *);
364 static void ssl_calc_finished_tls_sha384(
ssl_context *,
unsigned char *,
int);
371 unsigned char tmp[64];
372 unsigned char keyblk[256];
375 unsigned char *mac_enc;
376 unsigned char *mac_dec;
388 if( cipher_info == NULL )
396 if( md_info == NULL )
406 #if defined(POLARSSL_SSL_PROTO_SSL3)
415 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
424 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
425 #if defined(POLARSSL_SHA512_C)
429 handshake->
tls_prf = tls_prf_sha384;
430 handshake->
calc_verify = ssl_calc_verify_tls_sha384;
435 #if defined(POLARSSL_SHA256_C)
438 handshake->
tls_prf = tls_prf_sha256;
439 handshake->
calc_verify = ssl_calc_verify_tls_sha256;
460 if( handshake->
resume == 0 )
478 memcpy( handshake->
randbytes, tmp + 32, 32 );
479 memcpy( handshake->
randbytes + 32, tmp, 32 );
480 memset( tmp, 0,
sizeof( tmp ) );
514 transform->
ivlen = 12;
538 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
563 SSL_DEBUG_MSG( 3, (
"keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
572 key1 = keyblk + transform->
maclen * 2;
573 key2 = keyblk + transform->
maclen * 2 + transform->
keylen;
576 mac_dec = keyblk + transform->
maclen;
583 memcpy( transform->
iv_enc, key2 + transform->
keylen, iv_copy_len );
584 memcpy( transform->
iv_dec, key2 + transform->
keylen + iv_copy_len,
589 key1 = keyblk + transform->
maclen * 2 + transform->
keylen;
590 key2 = keyblk + transform->
maclen * 2;
592 mac_enc = keyblk + transform->
maclen;
600 memcpy( transform->
iv_dec, key1 + transform->
keylen, iv_copy_len );
601 memcpy( transform->
iv_enc, key1 + transform->
keylen + iv_copy_len,
605 #if defined(POLARSSL_SSL_PROTO_SSL3)
619 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
620 defined(POLARSSL_SSL_PROTO_TLS1_2)
633 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
634 if( ssl_hw_record_init != NULL)
640 if( ( ret = ssl_hw_record_init( ssl, key1, key2, transform->
keylen,
644 transform->
maclen ) ) != 0 )
653 cipher_info ) ) != 0 )
660 cipher_info ) ) != 0 )
682 #if defined(POLARSSL_CIPHER_MODE_CBC)
701 memset( keyblk, 0,
sizeof( keyblk ) );
703 #if defined(POLARSSL_ZLIB_SUPPORT)
708 if( ssl->compress_buf == NULL )
712 if( ssl->compress_buf == NULL )
722 memset( &transform->ctx_deflate, 0,
sizeof( transform->ctx_deflate ) );
723 memset( &transform->ctx_inflate, 0,
sizeof( transform->ctx_inflate ) );
725 if( deflateInit( &transform->ctx_deflate,
726 Z_DEFAULT_COMPRESSION ) != Z_OK ||
727 inflateInit( &transform->ctx_inflate ) != Z_OK )
740 #if defined(POLARSSL_SSL_PROTO_SSL3)
741 void ssl_calc_verify_ssl(
ssl_context *ssl,
unsigned char hash[36] )
745 unsigned char pad_1[48];
746 unsigned char pad_2[48];
753 memset( pad_1, 0x36, 48 );
754 memset( pad_2, 0x5C, 48 );
783 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
784 void ssl_calc_verify_tls(
ssl_context *ssl,
unsigned char hash[36] )
804 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
805 #if defined(POLARSSL_SHA256_C)
806 void ssl_calc_verify_tls_sha256(
ssl_context *ssl,
unsigned char hash[32] )
822 #if defined(POLARSSL_SHA512_C)
823 void ssl_calc_verify_tls_sha384(
ssl_context *ssl,
unsigned char hash[48] )
840 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
853 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
856 if( end - p < 2 + (
int) ssl->
psk_len )
859 *(p++) = (
unsigned char)( ssl->
psk_len >> 8 );
860 *(p++) = (
unsigned char)( ssl->
psk_len );
865 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
878 #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
884 if( end - p < 2 + (
int) len )
887 *(p++) = (
unsigned char)( len >> 8 );
888 *(p++) = (
unsigned char)( len );
901 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
908 p + 2, end - (p + 2),
915 *(p++) = (
unsigned char)( zlen >> 8 );
916 *(p++) = (
unsigned char)( zlen );
929 if( end - p < 2 + (
int) ssl->
psk_len )
932 *(p++) = (
unsigned char)( ssl->
psk_len >> 8 );
933 *(p++) = (
unsigned char)( ssl->
psk_len );
943 #if defined(POLARSSL_SSL_PROTO_SSL3)
947 static void ssl_mac(
md_context_t *md_ctx,
unsigned char *secret,
948 unsigned char *buf,
size_t len,
949 unsigned char *ctr,
int type )
951 unsigned char header[11];
952 unsigned char padding[48];
966 memcpy( header, ctr, 8 );
967 header[ 8] = (
unsigned char) type;
968 header[ 9] = (
unsigned char)( len >> 8 );
969 header[10] = (
unsigned char)( len );
971 memset( padding, 0x36, padlen );
979 memset( padding, 0x5C, padlen );
1000 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
1001 ( defined(POLARSSL_CIPHER_MODE_CBC) && \
1002 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
1006 #if defined(POLARSSL_SSL_PROTO_SSL3)
1016 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
1017 defined(POLARSSL_SSL_PROTO_TLS1_2)
1045 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
1053 "including %d bytes of padding",
1083 SSL_DEBUG_MSG( 1, (
"total encrypted length incorrect %d %d",
1089 ssl->
out_msg + olen, &olen ) ) != 0 )
1097 SSL_DEBUG_MSG( 1, (
"total encrypted length incorrect %d %d",
1104 #if defined(POLARSSL_GCM_C)
1108 size_t enc_msglen, olen, totlen;
1109 unsigned char *enc_msg;
1110 unsigned char add_data[13];
1113 memcpy( add_data, ssl->
out_ctr, 8 );
1117 add_data[11] = ( ssl->
out_msglen >> 8 ) & 0xFF;
1148 "including %d bytes of padding",
1166 add_data, 13 ) ) != 0 )
1172 enc_msg, enc_msglen,
1173 enc_msg, &olen ) ) != 0 )
1180 enc_msg + olen, &olen ) ) != 0 )
1186 if( totlen != enc_msglen )
1198 enc_msg + enc_msglen, 16 ) ) != 0 )
1203 SSL_DEBUG_BUF( 4,
"after encrypt: tag", enc_msg + enc_msglen, 16 );
1207 #if defined(POLARSSL_CIPHER_MODE_CBC) && \
1208 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
1213 unsigned char *enc_msg;
1214 size_t enc_msglen, padlen, olen = 0;
1221 for( i = 0; i <= padlen; i++ )
1229 #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
1257 "including %d bytes of IV and %d bytes of padding",
1279 enc_msg, enc_msglen, enc_msg,
1289 enc_msg + olen, &olen ) ) != 0 )
1295 if( enc_msglen != olen )
1297 SSL_DEBUG_MSG( 1, (
"total encrypted length incorrect %d %d",
1298 enc_msglen, olen ) );
1302 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
1322 for( i = 8; i > 0; i-- )
1323 if( ++ssl->
out_ctr[i - 1] != 0 )
1329 SSL_DEBUG_MSG( 1, (
"outgoing message counter would wrap" ) );
1338 #define POLARSSL_SSL_MAX_MAC_SIZE 48
1343 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
1344 ( defined(POLARSSL_CIPHER_MODE_CBC) && \
1345 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
1346 size_t padlen = 0, correct = 1;
1358 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
1396 ssl->
in_msg + olen, &olen ) ) != 0 )
1410 #if defined(POLARSSL_GCM_C)
1414 unsigned char *dec_msg;
1415 unsigned char *dec_msg_result;
1416 size_t dec_msglen, olen, totlen;
1417 unsigned char add_data[13];
1424 dec_msg_result = ssl->
in_msg;
1427 memcpy( add_data, ssl->
in_ctr, 8 );
1431 add_data[11] = ( ssl->
in_msglen >> 8 ) & 0xFF;
1457 add_data, 13 ) ) != 0 )
1463 dec_msg, dec_msglen,
1464 dec_msg_result, &olen ) ) != 0 )
1471 dec_msg_result + olen, &olen ) ) != 0 )
1477 if( totlen != dec_msglen )
1487 dec_msg + dec_msglen, 16 ) ) != 0 )
1496 #if defined(POLARSSL_CIPHER_MODE_CBC) && \
1497 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
1505 unsigned char *dec_msg;
1506 unsigned char *dec_msg_result;
1521 #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
1529 SSL_DEBUG_MSG( 1, (
"msglen (%d) < max( ivlen(%d), maclen (%d) "
1538 dec_msg_result = ssl->
in_msg;
1540 #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
1569 dec_msg, dec_msglen, dec_msg_result,
1578 dec_msg_result + olen, &olen ) ) != 0 )
1584 if( dec_msglen != olen )
1590 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
1606 #if defined(POLARSSL_SSL_DEBUG_ALL)
1607 SSL_DEBUG_MSG( 1, (
"msglen (%d) < maclen (%d) + padlen (%d)",
1614 #if defined(POLARSSL_SSL_PROTO_SSL3)
1619 #if defined(POLARSSL_SSL_DEBUG_ALL)
1621 "should be no more than %d",
1629 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
1630 defined(POLARSSL_SSL_PROTO_TLS1_2)
1637 size_t pad_count = 0, real_count = 1;
1638 size_t padding_idx = ssl->
in_msglen - padlen - 1;
1650 correct &= ( ssl->
in_msglen >= padlen + 1 );
1654 padding_idx *= correct;
1656 for( i = 1; i <= 256; i++ )
1658 real_count &= ( i <= padlen );
1659 pad_count += real_count *
1660 ( ssl->
in_msg[padding_idx + i] == padlen - 1 );
1663 correct &= ( pad_count == padlen );
1665 #if defined(POLARSSL_SSL_DEBUG_ALL)
1666 if( padlen > 0 && correct == 0)
1669 padlen &= correct * 0x1FF;
1693 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
1694 ( defined(POLARSSL_CIPHER_MODE_CBC) && \
1695 ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
1699 unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE];
1708 #if defined(POLARSSL_SSL_PROTO_SSL3)
1718 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
1719 defined(POLARSSL_SSL_PROTO_TLS1_2)
1735 size_t j, extra_run = 0;
1736 extra_run = ( 13 + ssl->
in_msglen + padlen + 8 ) / 64 -
1739 extra_run &= correct * 0xFF;
1746 for( j = 0; j < extra_run; j++ )
1766 #if defined(POLARSSL_SSL_DEBUG_ALL)
1791 "messages, possible DoS attack" ) );
1798 for( i = 8; i > 0; i-- )
1799 if( ++ssl->
in_ctr[i - 1] != 0 )
1805 SSL_DEBUG_MSG( 1, (
"incoming message counter would wrap" ) );
1814 #if defined(POLARSSL_ZLIB_SUPPORT)
1821 unsigned char *msg_post = ssl->
out_msg;
1823 unsigned char *msg_pre = ssl->compress_buf;
1830 memcpy( msg_pre, ssl->
out_msg, len_pre );
1843 ret = deflate( &ssl->
transform_out->ctx_deflate, Z_SYNC_FLUSH );
1846 SSL_DEBUG_MSG( 1, (
"failed to perform compression (%d)", ret ) );
1867 unsigned char *msg_post = ssl->
in_msg;
1869 unsigned char *msg_pre = ssl->compress_buf;
1876 memcpy( msg_pre, ssl->
in_msg, len_pre );
1889 ret = inflate( &ssl->
transform_in->ctx_inflate, Z_SYNC_FLUSH );
1892 SSL_DEBUG_MSG( 1, (
"failed to perform decompression (%d)", ret ) );
1927 while( ssl->
in_left < nb_want )
1993 ssl->
out_msg[1] = (
unsigned char)( ( len - 4 ) >> 16 );
1994 ssl->
out_msg[2] = (
unsigned char)( ( len - 4 ) >> 8 );
1995 ssl->
out_msg[3] = (
unsigned char)( ( len - 4 ) );
2001 #if defined(POLARSSL_ZLIB_SUPPORT)
2005 if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
2015 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
2016 if( ssl_hw_record_write != NULL)
2020 ret = ssl_hw_record_write( ssl );
2036 ssl->
out_hdr[3] = (
unsigned char)( len >> 8 );
2037 ssl->
out_hdr[4] = (
unsigned char)( len );
2041 if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
2048 ssl->
out_hdr[3] = (
unsigned char)( len >> 8 );
2049 ssl->
out_hdr[4] = (
unsigned char)( len );
2055 "version = [%d:%d], msglen = %d",
2098 " %d, type = %d, hslen = %d",
2134 "version = [%d:%d], msglen = %d",
2177 #if defined(POLARSSL_SSL_PROTO_SSL3)
2186 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
2187 defined(POLARSSL_SSL_PROTO_TLS1_2)
2213 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
2214 if( ssl_hw_record_read != NULL)
2218 ret = ssl_hw_record_read( ssl );
2231 if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
2233 #if defined(POLARSSL_SSL_ALERT_MESSAGES)
2255 #if defined(POLARSSL_ZLIB_SUPPORT)
2259 if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
2293 " %d, type = %d, hslen = %d",
2364 unsigned char level,
2365 unsigned char message )
2390 #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
2391 !defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
2392 !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
2393 !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
2394 !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
2395 !defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
2396 !defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
2464 #if defined(POLARSSL_SSL_PROTO_SSL3)
2505 while( crt != NULL )
2515 ssl->
out_msg[i ] = (
unsigned char)( n >> 16 );
2516 ssl->
out_msg[i + 1] = (
unsigned char)( n >> 8 );
2517 ssl->
out_msg[i + 2] = (
unsigned char)( n );
2519 i += 3; memcpy( ssl->
out_msg + i, crt->
raw.
p, n );
2520 i += n; crt = crt->
next;
2523 ssl->
out_msg[4] = (
unsigned char)( ( i - 7 ) >> 16 );
2524 ssl->
out_msg[5] = (
unsigned char)( ( i - 7 ) >> 8 );
2525 ssl->
out_msg[6] = (
unsigned char)( ( i - 7 ) );
2531 #if defined(POLARSSL_SSL_PROTO_SSL3)
2583 #if defined(POLARSSL_SSL_PROTO_SSL3)
2606 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
2607 defined(POLARSSL_SSL_PROTO_TLS1_2)
2614 memcmp( ssl->
in_msg + 4,
"\0\0\0", 3 ) == 0 )
2670 while( i < ssl->in_hslen )
2672 if( ssl->
in_msg[i] != 0 )
2678 n = ( (
unsigned int) ssl->
in_msg[i + 1] << 8 )
2679 | (
unsigned int) ssl->
in_msg[i + 2];
2682 if( n < 128 || i + n > ssl->
in_hslen )
2710 SSL_DEBUG_MSG( 1, (
"new server cert during renegotiation" ) );
2720 SSL_DEBUG_MSG( 1, (
"server cert changed during renegotiation" ) );
2750 #if defined(POLARSSL_SSL_SET_CURVES)
2756 ! ssl_curve_is_acceptable( ssl,
pk_ec( *pk )->grp.id ) )
2769 SSL_DEBUG_MSG( 1, (
"bad certificate (usage extensions)" ) );
2847 ((void) ciphersuite_info);
2849 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
2850 defined(POLARSSL_SSL_PROTO_TLS1_1)
2855 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
2856 #if defined(POLARSSL_SHA512_C)
2861 #if defined(POLARSSL_SHA256_C)
2871 static void ssl_update_checksum_start(
ssl_context *ssl,
2872 const unsigned char *buf,
size_t len )
2874 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
2875 defined(POLARSSL_SSL_PROTO_TLS1_1)
2879 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
2880 #if defined(POLARSSL_SHA256_C)
2883 #if defined(POLARSSL_SHA512_C)
2889 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
2890 defined(POLARSSL_SSL_PROTO_TLS1_1)
2891 static void ssl_update_checksum_md5sha1(
ssl_context *ssl,
2892 const unsigned char *buf,
size_t len )
2899 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
2900 #if defined(POLARSSL_SHA256_C)
2901 static void ssl_update_checksum_sha256(
ssl_context *ssl,
2902 const unsigned char *buf,
size_t len )
2908 #if defined(POLARSSL_SHA512_C)
2909 static void ssl_update_checksum_sha384(
ssl_context *ssl,
2910 const unsigned char *buf,
size_t len )
2917 #if defined(POLARSSL_SSL_PROTO_SSL3)
2918 static void ssl_calc_finished_ssl(
2925 unsigned char padbuf[48];
2926 unsigned char md5sum[16];
2927 unsigned char sha1sum[20];
2947 #if !defined(POLARSSL_MD5_ALT)
2952 #if !defined(POLARSSL_SHA1_ALT)
2960 memset( padbuf, 0x36, 48 );
2962 md5_update( &md5, (
const unsigned char *) sender, 4 );
2967 sha1_update( &sha1, (
const unsigned char *) sender, 4 );
2972 memset( padbuf, 0x5C, 48 );
2991 memset( padbuf, 0,
sizeof( padbuf ) );
2992 memset( md5sum, 0,
sizeof( md5sum ) );
2993 memset( sha1sum, 0,
sizeof( sha1sum ) );
2999 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1)
3000 static void ssl_calc_finished_tls(
3007 unsigned char padbuf[36];
3024 #if !defined(POLARSSL_MD5_ALT)
3029 #if !defined(POLARSSL_SHA1_ALT)
3036 :
"server finished";
3042 padbuf, 36, buf, len );
3049 memset( padbuf, 0,
sizeof( padbuf ) );
3055 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
3056 #if defined(POLARSSL_SHA256_C)
3057 static void ssl_calc_finished_tls_sha256(
3063 unsigned char padbuf[32];
3079 #if !defined(POLARSSL_SHA256_ALT)
3086 :
"server finished";
3091 padbuf, 32, buf, len );
3097 memset( padbuf, 0,
sizeof( padbuf ) );
3103 #if defined(POLARSSL_SHA512_C)
3104 static void ssl_calc_finished_tls_sha384(
3110 unsigned char padbuf[48];
3126 #if !defined(POLARSSL_SHA512_ALT)
3127 SSL_DEBUG_BUF( 4,
"finished sha512 state", (
unsigned char *)
3133 :
"server finished";
3138 padbuf, 48, buf, len );
3144 memset( padbuf, 0,
sizeof( padbuf ) );
3249 SSL_DEBUG_MSG( 3, (
"switching to new transform spec for outbound data" ) );
3254 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
3255 if( ssl_hw_record_activate != NULL)
3257 if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_OUTBOUND ) ) != 0 )
3279 unsigned int hash_len;
3280 unsigned char buf[36];
3290 SSL_DEBUG_MSG( 3, (
"switching to new transform spec for inbound data" ) );
3293 memset( ssl->
in_ctr, 0, 8 );
3306 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
3307 if( ssl_hw_record_activate != NULL)
3309 if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_INBOUND ) ) != 0 )
3403 SSL_DEBUG_MSG( 1, (
"malloc() of ssl sub-contexts failed" ) );
3407 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
3408 defined(POLARSSL_SSL_PROTO_TLS1_1)
3412 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
3413 #if defined(POLARSSL_SHA256_C)
3416 #if defined(POLARSSL_SHA512_C)
3424 #if defined(POLARSSL_ECDH_C)
3428 #if defined(POLARSSL_X509_CRT_PARSE_C)
3455 #if defined(POLARSSL_DHM_C)
3474 if( ssl->
in_ctr == NULL )
3496 #if defined(POLARSSL_SSL_SESSION_TICKETS)
3500 #if defined(POLARSSL_SSL_SET_CURVES)
3504 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
3548 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
3549 if( ssl_hw_record_reset != NULL)
3552 if( ( ret = ssl_hw_record_reset( ssl ) ) != 0 )
3574 #if defined(POLARSSL_SSL_ALPN)
3578 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
3584 #if defined(POLARSSL_SSL_SESSION_TICKETS)
3588 static int ssl_ticket_keys_init(
ssl_context *ssl )
3592 unsigned char buf[16];
3607 if( ( ret = ssl->
f_rng( ssl->
p_rng, buf, 16 ) ) != 0 ||
3634 #if defined(POLARSSL_SSL_SESSION_TICKETS)
3645 #if defined(POLARSSL_X509_CRT_PARSE_C)
3647 int (*f_vrfy)(
void *,
x509_crt *,
int,
int *),
3656 int (*f_rng)(
void *,
unsigned char *,
size_t),
3664 void (*f_dbg)(
void *,
int,
const char *),
3672 int (*f_recv)(
void *,
unsigned char *,
size_t),
void *p_recv,
3673 int (*f_send)(
void *,
const unsigned char *,
size_t),
void *p_send )
3682 int (*f_get_cache)(
void *,
ssl_session *),
void *p_get_cache,
3683 int (*f_set_cache)(
void *,
const ssl_session *),
void *p_set_cache )
3720 const int *ciphersuites,
3721 int major,
int minor )
3732 #if defined(POLARSSL_X509_CRT_PARSE_C)
3739 if( key_cert == NULL )
3754 while( last->
next != NULL )
3756 last->
next = key_cert;
3763 x509_crl *ca_crl,
const char *peer_cn )
3775 if( key_cert == NULL )
3778 key_cert->
cert = own_cert;
3779 key_cert->
key = pk_key;
3784 #if defined(POLARSSL_RSA_C)
3791 if( key_cert == NULL )
3795 if( key_cert->
key == NULL )
3807 key_cert->
cert = own_cert;
3823 if( key_cert == NULL )
3827 if( key_cert->
key == NULL )
3833 rsa_decrypt, rsa_sign, rsa_key_len ) ) != 0 )
3836 key_cert->
cert = own_cert;
3843 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
3845 const unsigned char *psk_identity,
size_t psk_identity_len )
3847 if( psk == NULL || psk_identity == NULL )
3858 if( ssl->
psk != NULL )
3881 int (*f_psk)(
void *,
ssl_context *,
const unsigned char *,
3890 #if defined(POLARSSL_DHM_C)
3930 #if defined(POLARSSL_SSL_SET_CURVES)
3936 ssl->curve_list = curve_list;
3940 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
3943 if( hostname == NULL )
3956 memcpy( ssl->
hostname, (
const unsigned char *) hostname,
3966 const unsigned char *,
size_t),
3974 #if defined(POLARSSL_SSL_ALPN)
3977 size_t cur_len, tot_len;
3985 for( p = protos; *p != NULL; p++ )
3987 cur_len = strlen( *p );
3990 if( cur_len == 0 || cur_len > 255 || tot_len > 65535 )
4025 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
4040 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
4062 #if defined(POLARSSL_SSL_SESSION_TICKETS)
4070 if( ssl->
f_rng == NULL )
4073 return( ssl_ticket_keys_init( ssl ) );
4097 if( ssl == NULL || ssl->
session == NULL )
4108 return(
"SSLv3.0" );
4111 return(
"TLSv1.0" );
4114 return(
"TLSv1.1" );
4117 return(
"TLSv1.2" );
4122 return(
"unknown" );
4125 #if defined(POLARSSL_X509_CRT_PARSE_C)
4128 if( ssl == NULL || ssl->
session == NULL )
4145 return( ssl_session_copy( dst, ssl->
session ) );
4155 #if defined(POLARSSL_SSL_CLI_C)
4160 #if defined(POLARSSL_SSL_SRV_C)
4190 #if defined(POLARSSL_SSL_SRV_C)
4194 static int ssl_write_hello_request(
ssl_context *ssl )
4227 static int ssl_start_renegotiation(
ssl_context *ssl )
4233 if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
4258 #if defined(POLARSSL_SSL_SRV_C)
4265 return( ssl_write_hello_request( ssl ) );
4269 #if defined(POLARSSL_SSL_CLI_C)
4279 if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
4352 SSL_DEBUG_MSG( 1, (
"handshake received (not HelloRequest)" ) );
4361 SSL_DEBUG_MSG( 3, (
"ignoring renegotiation, sending alert" ) );
4363 #if defined(POLARSSL_SSL_PROTO_SSL3)
4374 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
4375 defined(POLARSSL_SSL_PROTO_TLS1_2)
4395 if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
4407 "but not honored by client" ) );
4422 memcpy( buf, ssl->
in_offt, n );
4457 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
4461 max_len = mfl_code_to_length[ssl->
mfl_code];
4473 n = ( len < max_len) ? len : max_len;
4487 memcpy( ssl->
out_msg, buf, n );
4533 #if defined(POLARSSL_ZLIB_SUPPORT)
4534 deflateEnd( &transform->ctx_deflate );
4535 inflateEnd( &transform->ctx_inflate );
4547 #if defined(POLARSSL_X509_CRT_PARSE_C)
4548 static void ssl_key_cert_free(
ssl_key_cert *key_cert )
4552 while( cur != NULL )
4570 #if defined(POLARSSL_DHM_C)
4573 #if defined(POLARSSL_ECDH_C)
4577 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
4582 #if defined(POLARSSL_X509_CRT_PARSE_C) && \
4583 defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
4592 while( cur != NULL )
4606 #if defined(POLARSSL_X509_CRT_PARSE_C)
4614 #if defined(POLARSSL_SSL_SESSION_TICKETS)
4634 if( ssl->
in_ctr != NULL )
4640 #if defined(POLARSSL_ZLIB_SUPPORT)
4641 if( ssl->compress_buf != NULL )
4648 #if defined(POLARSSL_DHM_C)
4676 #if defined(POLARSSL_SSL_SESSION_TICKETS)
4680 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
4689 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
4690 if( ssl->
psk != NULL )
4701 #if defined(POLARSSL_X509_CRT_PARSE_C)
4702 ssl_key_cert_free( ssl->
key_cert );
4705 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
4706 if( ssl_hw_record_finish != NULL )
4709 ssl_hw_record_finish( ssl );
4719 #if defined(POLARSSL_PK_C)
4725 #if defined(POLARSSL_RSA_C)
4729 #if defined(POLARSSL_ECDSA_C)
4740 #if defined(POLARSSL_RSA_C)
4744 #if defined(POLARSSL_ECDSA_C)
4761 #if defined(POLARSSL_MD5_C)
4765 #if defined(POLARSSL_SHA1_C)
4769 #if defined(POLARSSL_SHA256_C)
4775 #if defined(POLARSSL_SHA512_C)
4786 #if defined(POLARSSL_SSL_SET_CURVES)
4796 if( *gid == grp_id )
4803 #if defined(POLARSSL_X509_CRT_PARSE_C)
4808 #if defined(POLARSSL_X509_CHECK_KEY_USAGE)
4811 #if defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
4812 const char *ext_oid;
4816 #if !defined(POLARSSL_X509_CHECK_KEY_USAGE) && \
4817 !defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
4819 ((void) cert_endpoint);
4822 #if defined(POLARSSL_X509_CHECK_KEY_USAGE)
4861 ((void) ciphersuite);
4864 #if defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
const ecp_curve_info ** curves
#define SSL_ALERT_LEVEL_FATAL
#define SSL_ALERT_MSG_BAD_RECORD_MAC
#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC
Processing of the ChangeCipherSpec handshake message failed.
int ssl_send_alert_message(ssl_context *ssl, unsigned char level, unsigned char message)
Send an alert message.
void(* f_dbg)(void *, int, const char *)
int(* f_rng)(void *, unsigned char *, size_t)
const pk_info_t * pk_info_from_type(pk_type_t pk_type)
Return information associated with the given PK type.
#define POLARSSL_DHM_RFC5114_MODP_1024_P
sha256_context fin_sha256
int cipher_finish(cipher_context_t *ctx, unsigned char *output, size_t *olen)
Generic cipher finalisation function.
#define SSL_DEBUG_RET(level, text, ret)
int rsa_copy(rsa_context *dst, const rsa_context *src)
Copy the components of an RSA context.
#define POLARSSL_PREMASTER_SIZE
pk_type_t ssl_pk_alg_from_sig(unsigned char sig)
void sha256_update(sha256_context *ctx, const unsigned char *input, size_t ilen)
SHA-256 process buffer.
int ecdh_calc_secret(ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Derive and export the shared secret.
void sha256(const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
Output = SHA-256( input buffer )
char peer_verify_data[36]
int ssl_set_truncated_hmac(ssl_context *ssl, int truncate)
Activate negotiation of truncated HMAC (Client only) (Default: SSL_TRUNC_HMAC_ENABLED) ...
ssl_transform * transform_out
x509_buf raw
The raw certificate data (DER).
#define POLARSSL_ERR_SSL_CONN_EOF
The connection indicated an EOF.
int(* f_sni)(void *, ssl_context *, const unsigned char *, size_t)
void sha1(const unsigned char *input, size_t ilen, unsigned char output[20])
Output = SHA-1( input buffer )
void(* calc_verify)(ssl_context *, unsigned char *)
void sha1_finish(sha1_context *ctx, unsigned char output[20])
SHA-1 final digest.
int md_starts(md_context_t *ctx)
Set-up the given context for a new message digest.
int cipher_write_tag(cipher_context_t *ctx, unsigned char *tag, size_t tag_len)
Write tag for AEAD ciphers.
ssl_session * session_negotiate
const cipher_info_t * cipher_info_from_type(const cipher_type_t cipher_type)
Returns the cipher information structure associated with the given cipher type.
void ssl_legacy_renegotiation(ssl_context *ssl, int allow_legacy)
Prevent or allow legacy renegotiation.
int ssl_parse_certificate(ssl_context *ssl)
void ssl_set_dbg(ssl_context *ssl, void(*f_dbg)(void *, int, const char *), void *p_dbg)
Set the debug callback.
#define POLARSSL_ERR_SSL_INVALID_RECORD
An invalid SSL record was received.
#define BADCERT_SKIP_VERIFY
Certificate verification was skipped.
ssl_key_cert * sni_key_cert
int ssl_set_session_tickets(ssl_context *ssl, int use_tickets)
Enable / Disable session tickets (Default: SSL_SESSION_TICKETS_ENABLED on client, SSL_SESSION_TICKETS...
void ssl_set_verify(ssl_context *ssl, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
Set the verification callback (Optional).
ssl_transform * transform_in
const int * ciphersuite_list[4]
int ssl_parse_finished(ssl_context *ssl)
void sha256_hmac(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
Output = HMAC-SHA-256( hmac key, input buffer )
int md_init_ctx(md_context_t *ctx, const md_info_t *md_info)
Initialises and fills the message digest context structure with the appropriate values.
#define SSL_RENEGOTIATION
unsigned char premaster[POLARSSL_PREMASTER_SIZE]
void ssl_session_free(ssl_session *session)
Free referenced items in an SSL session including the peer certificate and clear memory.
void sha1_hmac(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[20])
Output = HMAC-SHA-1( hmac key, input buffer )
int md_process(md_context_t *ctx, const unsigned char *data)
int x509_crt_parse(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
int ssl_write_finished(ssl_context *ssl)
void x509_crt_free(x509_crt *crt)
Unallocate all certificate data.
Configuration options (set of defines)
ssl_transform * transform
#define SSL_DEBUG_MSG(level, args)
int aes_setkey_dec(aes_context *ctx, const unsigned char *key, unsigned int keysize)
AES key schedule (decryption)
#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY
The peer notified us that the connection is going to be closed.
#define SSL_TRUNC_HMAC_ENABLED
void ssl_handshake_wrapup(ssl_context *ssl)
static unsigned char md_get_size(const md_info_t *md_info)
Returns the size of the message digest output.
int x509_crt_parse_der(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
void md5_finish(md5_context *ctx, unsigned char output[16])
MD5 final digest.
int(* f_send)(void *, const unsigned char *, size_t)
#define SSL_MAX_MAJOR_VERSION
#define SSL_MIN_MINOR_VERSION
#define SSL_VERIFY_OPTIONAL
int ssl_set_dh_param_ctx(ssl_context *ssl, dhm_context *dhm_ctx)
Set the Diffie-Hellman public P and G values, read from existing context (server-side only) ...
#define pk_ec(pk)
Quick access to an EC context inside a PK context.
sha512_context fin_sha512
#define SSL_VERIFY_REQUIRED
#define SSL_ALERT_MSG_NO_RENEGOTIATION
void md5_hmac(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[16])
Output = HMAC-MD5( hmac key, input buffer )
int ssl_handshake_server_step(ssl_context *ssl)
#define SSL_LEGACY_NO_RENEGOTIATION
static md_type_t md_get_type(const md_info_t *md_info)
Returns the type of the message digest output.
int(* tls_prf)(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t)
unsigned char mac_key[16]
#define SSL_MAJOR_VERSION_3
#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED
Hardware acceleration function returned with error.
void ssl_set_max_version(ssl_context *ssl, int major, int minor)
Set the maximum supported version sent from the client side and/or accepted at the server side (Defau...
#define SSL_RENEGOTIATION_DONE
#define POLARSSL_ERR_SSL_INVALID_MAC
Verification of the message MAC failed.
#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE
No client certification received from the client, but required by the authentication mode...
Object Identifier (OID) database.
int pk_init_ctx_rsa_alt(pk_context *ctx, void *key, pk_rsa_alt_decrypt_func decrypt_func, pk_rsa_alt_sign_func sign_func, pk_rsa_alt_key_len_func key_len_func)
Initialize an RSA-alt context.
void ssl_set_ciphersuites_for_version(ssl_context *ssl, const int *ciphersuites, int major, int minor)
Set the list of allowed ciphersuites and the preference order for a specific version of the protocol...
int ssl_init(ssl_context *ssl)
Initialize an SSL context (An individual SSL context is not thread-safe)
#define OID_SIZE(x)
Returns the size of the binary string, without the trailing \0.
const md_info_t * md_info
Information about the associated message digest.
struct _x509_crt * next
Next certificate in the CA-chain.
#define SSL_MINOR_VERSION_1
int ssl_set_psk(ssl_context *ssl, const unsigned char *psk, size_t psk_len, const unsigned char *psk_identity, size_t psk_identity_len)
Set the Pre Shared Key (PSK) and the identity name connected to it.
int x509_crt_check_key_usage(const x509_crt *crt, int usage)
Check usage of certificate against keyUsage extension.
void ssl_set_psk_cb(ssl_context *ssl, int(*f_psk)(void *, ssl_context *, const unsigned char *, size_t), void *p_psk)
Set the PSK callback (server-side only) (Optional).
#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH
Hardware acceleration function skipped / left alone data.
#define OID_SERVER_AUTH
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
int ssl_get_session(const ssl_context *ssl, ssl_session *session)
Save session in order to resume it later (client-side only) Session data is copied to presented sessi...
const char * ssl_get_alpn_protocol(const ssl_context *ssl)
Get the name of the negotiated Application Layer Protocol.
unsigned char iv[POLARSSL_MAX_IV_LENGTH]
Current IV or NONCE_COUNTER for CTR-mode.
const cipher_info_t * cipher_info
Information about the associated cipher.
#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED
The own certificate is not set, but needed by the server.
#define SSL_RENEGOTIATION_PENDING
const md_info_t * md_info_from_type(md_type_t md_type)
Returns the message digest information associated with the given digest type.
#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE
ssl_handshake_params * handshake
#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE
Our own certificate(s) is/are too large to send in an SSL message.
#define SSL_MSG_HANDSHAKE
void(* update_checksum)(ssl_context *, const unsigned char *, size_t)
#define SSL_MINOR_VERSION_2
int ssl_write_certificate(ssl_context *ssl)
size_t(* rsa_key_len_func)(void *ctx)
#define POLARSSL_DHM_RFC5114_MODP_1024_G
Container for an X.509 certificate.
#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE
A fatal alert message was received from our peer.
#define SSL_MIN_MAJOR_VERSION
#define SSL_DEFAULT_TICKET_LIFETIME
Lifetime of session tickets (if enabled)
const char * ssl_get_ciphersuite(const ssl_context *ssl)
Return the name of the current ciphersuite.
int cipher_free_ctx(cipher_context_t *ctx)
Free the cipher-specific context of ctx.
int cipher_update_ad(cipher_context_t *ctx, const unsigned char *ad, size_t ad_len)
Add additional data (for AEAD ciphers).
const char * ssl_get_version(const ssl_context *ssl)
Return the current SSL version (SSLv3/TLSv1/etc)
void ssl_set_renegotiation(ssl_context *ssl, int renegotiation)
Enable / Disable renegotiation support for connection when initiated by peer (Default: SSL_RENEGOTIAT...
unsigned int key_length
Cipher key length, in bits (default length for variable sized ciphers) (Includes parity bits for ciph...
int cipher_set_iv(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len)
Set the initialization vector (IV) or nonce.
#define SSL_MINOR_VERSION_0
#define SSL_MSG_CHANGE_CIPHER_SPEC
void sha256_starts(sha256_context *ctx, int is224)
SHA-256 context setup.
int cipher_update(cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic cipher update function.
ssl_key_cert * key_cert
Current key/cert or key/cert list.
void x509_crt_init(x509_crt *crt)
Initialize a certificate (chain)
static x509_crt * ssl_own_cert(ssl_context *ssl)
int ssl_set_max_frag_len(ssl_context *ssl, unsigned char mfl_code)
Set the maximum fragment length to emit and/or negotiate (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes) (Server: set maximum fragment length to emit, usually negotiated by the client during handshake (Client: set maximum fragment length to emit and negotiate with the server during handshake)
SHA-512 context structure.
int ssl_handshake_client_step(ssl_context *ssl)
#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE
An unexpected message was received from our peer.
unsigned char * p
ASN1 data, e.g.
key_exchange_type_t key_exchange
#define POLARSSL_ERR_SSL_COMPRESSION_FAILED
Processing of the compression / decompression failed.
int ssl_set_own_cert(ssl_context *ssl, x509_crt *own_cert, pk_context *pk_key)
Set own certificate chain and private key.
void ssl_set_endpoint(ssl_context *ssl, int endpoint)
Set the current endpoint type.
void mpi_free(mpi *X)
Unallocate one MPI.
void ssl_set_ciphersuites(ssl_context *ssl, const int *ciphersuites)
Set the list of allowed ciphersuites and the preference order.
void sha512_starts(sha512_context *ctx, int is384)
SHA-512 context setup.
int x509_crt_verify(x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
Verify the certificate signature.
#define SSL_ALERT_LEVEL_WARNING
void ssl_set_rng(ssl_context *ssl, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Set the random number generator callback.
int pk_can_do(pk_context *ctx, pk_type_t type)
Tell if a context can do the operation given by type.
void ssl_set_bio(ssl_context *ssl, int(*f_recv)(void *, unsigned char *, size_t), void *p_recv, int(*f_send)(void *, const unsigned char *, size_t), void *p_send)
Set the underlying BIO read and write callbacks.
void ssl_free(ssl_context *ssl)
Free referenced items in an SSL context and clear memory.
void sha512(const unsigned char *input, size_t ilen, unsigned char output[64], int is384)
Output = SHA-512( input buffer )
void md5_starts(md5_context *ctx)
MD5 context setup.
#define SSL_RENEGOTIATION_DISABLED
unsigned char ssl_sig_from_pk(pk_context *pk)
#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED
No CA Chain is set, but required to operate.
void ssl_handshake_free(ssl_handshake_params *handshake)
Free referenced items in an SSL handshake context and clear memory.
int ssl_flush_output(ssl_context *ssl)
int ssl_handshake(ssl_context *ssl)
Perform the SSL handshake.
void ssl_set_min_version(ssl_context *ssl, int major, int minor)
Set the minimum accepted SSL/TLS protocol version (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION)
#define SSL_COMPRESS_DEFLATE
int(* rsa_sign_func)(void *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
int ssl_set_hostname(ssl_context *ssl, const char *hostname)
Set hostname for ServerName TLS extension (client-side only)
int ssl_handshake_step(ssl_context *ssl)
Perform a single step of the SSL handshake.
#define SSL_MINOR_VERSION_3
int ssl_check_cert_usage(const x509_crt *cert, const ssl_ciphersuite_t *ciphersuite, int cert_endpoint)
pk_type_t
Public key types.
#define POLARSSL_ERR_NET_WANT_READ
Connection requires a read call.
#define SSL_HS_CERTIFICATE
int ssl_parse_change_cipher_spec(ssl_context *ssl)
#define SSL_DEBUG_CRT(level, text, crt)
int cipher_reset(cipher_context_t *ctx)
Finish preparation of the given context.
void sha1_starts(sha1_context *ctx)
SHA-1 context setup.
int pk_init_ctx(pk_context *ctx, const pk_info_t *info)
Initialize a PK context with the information given and allocates the type-specific PK subcontext...
void sha512_hmac(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[64], int is384)
Output = HMAC-SHA-512( hmac key, input buffer )
#define SSL_ALERT_MSG_HANDSHAKE_FAILURE
This structure is used for storing ciphersuite information.
int ssl_close_notify(ssl_context *ssl)
Notify the peer that the connection is being closed.
const x509_crt * ssl_get_peer_cert(const ssl_context *ssl)
Return the peer certificate from the current connection.
void ssl_set_session_cache(ssl_context *ssl, int(*f_get_cache)(void *, ssl_session *), void *p_get_cache, int(*f_set_cache)(void *, const ssl_session *), void *p_set_cache)
Set the session cache callbacks (server-side only) If not set, no session resuming is done...
size_t ssl_get_bytes_avail(const ssl_context *ssl)
Return the number of data bytes available to read.
int md_hmac_starts(md_context_t *ctx, const unsigned char *key, size_t keylen)
Generic HMAC context setup.
int ssl_set_session(ssl_context *ssl, const ssl_session *session)
Request resumption of session (client-side only) Session data is copied from presented session struct...
int cipher_set_padding_mode(cipher_context_t *ctx, cipher_padding_t mode)
Set padding mode, for cipher modes that use padding.
#define SSL_DEBUG_BUF(level, text, buf, len)
cipher_mode_t mode
Cipher mode (e.g.
int mpi_read_string(mpi *X, int radix, const char *s)
Import from an ASCII string.
#define SSL_INITIAL_HANDSHAKE
#define SSL_MAX_MINOR_VERSION
void sha512_finish(sha512_context *ctx, unsigned char output[64])
SHA-512 final digest.
int cipher_init_ctx(cipher_context_t *ctx, const cipher_info_t *cipher_info)
Initialises and fills the cipher context structure with the appropriate values.
int allow_legacy_renegotiation
int cipher_setkey(cipher_context_t *ctx, const unsigned char *key, int key_length, const operation_t operation)
Set the key to use with the given context.
#define POLARSSL_ERR_SSL_INTERNAL_ERROR
Internal error (eg, unexpected failure in lower-level module)
ssl_session * session_out
#define SSL_TRUNCATED_HMAC_LEN
void(* calc_finished)(ssl_context *, unsigned char *, int)
int ssl_read_record(ssl_context *ssl)
int ssl_set_own_cert_rsa(ssl_context *ssl, x509_crt *own_cert, rsa_context *rsa_key)
Set own certificate chain and private RSA key.
size_t len
ASN1 length, e.g.
int md_hmac_reset(md_context_t *ctx)
Generic HMAC context reset.
ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
#define pk_rsa(pk)
Quick access to an RSA context inside a PK context.
int ssl_set_dh_param(ssl_context *ssl, const char *dhm_P, const char *dhm_G)
Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only) (Default...
int(* f_vrfy)(void *, x509_crt *, int, int *)
void ssl_set_session_ticket_lifetime(ssl_context *ssl, int lifetime)
Set session ticket lifetime (server only) (Default: SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day))...
#define SSL_MAX_FRAG_LEN_INVALID
int md_hmac_update(md_context_t *ctx, const unsigned char *input, size_t ilen)
Generic HMAC process buffer.
#define BADCERT_MISSING
Certificate was missing.
void pk_free(pk_context *ctx)
Free a pk_context.
#define POLARSSL_ERR_SSL_BAD_HS_FINISHED
Processing of the Finished handshake message failed.
#define SSL_DEBUG_MPI(level, text, X)
int mpi_copy(mpi *X, const mpi *Y)
Copy the contents of Y into X.
int ssl_get_verify_result(const ssl_context *ssl)
Return the result of the certificate verification.
#define SSL_ALERT_MSG_NO_CERT
never pad (full blocks only)
int ssl_session_reset(ssl_context *ssl)
Reset an already initialized SSL context for re-use while retaining application-set variables...
void pk_init(pk_context *ctx)
Initialize a pk_context (as NONE)
#define KU_DIGITAL_SIGNATURE
Certificate revocation list structure.
const int * ssl_list_ciphersuites(void)
Returns the list of ciphersuites supported by the SSL/TLS module.
pk_context pk
Container for the public key context.
ssl_transform * transform_negotiate
int ssl_set_alpn_protocols(ssl_context *ssl, const char **protos)
Set the supported Application Layer Protocols.
#define SSL_LEGACY_RENEGOTIATION
#define POLARSSL_ERR_SSL_MALLOC_FAILED
Memory allocation failed.
int disable_renegotiation
#define SSL_ALERT_MSG_CLOSE_NOTIFY
void sha256_finish(sha256_context *ctx, unsigned char output[32])
SHA-256 final digest.
void sha1_update(sha1_context *ctx, const unsigned char *input, size_t ilen)
SHA-1 process buffer.
void dhm_free(dhm_context *ctx)
Free the components of a DHM key.
void ecdh_init(ecdh_context *ctx)
Initialize context.
void md5_update(md5_context *ctx, const unsigned char *input, size_t ilen)
MD5 process buffer.
#define OID_CLIENT_AUTH
id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
int ssl_write_change_cipher_spec(ssl_context *ssl)
int(* f_get_cache)(void *, ssl_session *)
int ssl_derive_keys(ssl_context *ssl)
void ssl_set_authmode(ssl_context *ssl, int authmode)
Set the certificate verification mode.
md_type_t type
Digest identifier.
int(* f_set_cache)(void *, const ssl_session *)
SHA-256 context structure.
int md_finish(md_context_t *ctx, unsigned char *output)
Generic message digest final digest.
int ssl_psk_derive_premaster(ssl_context *ssl, key_exchange_type_t key_ex)
static int safer_memcmp(const void *a, const void *b, size_t n)
int md_free_ctx(md_context_t *ctx)
Free the message-specific context of ctx.
int ssl_send_fatal_handshake_failure(ssl_context *ssl)
ssl_ticket_keys * ticket_keys
int ssl_read(ssl_context *ssl, unsigned char *buf, size_t len)
Read at most 'len' application data bytes.
void ssl_transform_free(ssl_transform *transform)
Free referenced items in an SSL transform context and clear memory.
#define SSL_MAX_CONTENT_LEN
Size of the input / output buffer.
unsigned char * psk_identity
#define SSL_SESSION_TICKETS_ENABLED
#define SSL_MSG_APPLICATION_DATA
const char * ssl_get_ciphersuite_name(const int ciphersuite_id)
Return the name of the ciphersuite associated with the given ID.
int ssl_renegotiate(ssl_context *ssl)
Initiate an SSL renegotiation on the running connection.
int(* f_recv)(void *, unsigned char *, size_t)
unsigned char key_name[16]
int ssl_write(ssl_context *ssl, const unsigned char *buf, size_t len)
Write exactly 'len' application data bytes.
void md5(const unsigned char *input, size_t ilen, unsigned char output[16])
Output = MD5( input buffer )
void sha512_update(sha512_context *ctx, const unsigned char *input, size_t ilen)
SHA-512 process buffer.
#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE
The requested feature is not available.
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE
Processing of the Certificate handshake message failed.
int x509_crt_check_extended_key_usage(const x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extentedJeyUsage.
void ssl_set_ca_chain(ssl_context *ssl, x509_crt *ca_chain, x509_crl *ca_crl, const char *peer_cn)
Set the data required to verify peer certificate.
int aes_setkey_enc(aes_context *ctx, const unsigned char *key, unsigned int keysize)
AES key schedule (encryption)
Message digest information.
int cipher_check_tag(cipher_context_t *ctx, const unsigned char *tag, size_t tag_len)
Check tag for AEAD ciphers.
int md_update(md_context_t *ctx, const unsigned char *input, size_t ilen)
Generic message digest process buffer.
#define POLARSSL_ERR_SSL_BAD_INPUT_DATA
Bad input parameters to function.
int ssl_set_own_cert_alt(ssl_context *ssl, x509_crt *own_cert, void *rsa_key, rsa_decrypt_func rsa_decrypt, rsa_sign_func rsa_sign, rsa_key_len_func rsa_key_len)
Set own certificate and alternate non-PolarSSL RSA private key and handling callbacks, such as the PKCS#11 wrappers or any other external private key handler.
void ssl_set_sni(ssl_context *ssl, int(*f_sni)(void *, ssl_context *, const unsigned char *, size_t), void *p_sni)
Set server side ServerName TLS extension callback (optional, server-side only).
unsigned int iv_size
IV/NONCE size, in bytes.
#define KU_KEY_ENCIPHERMENT
int ssl_fetch_input(ssl_context *ssl, size_t nb_want)
int(* f_psk)(void *, ssl_context *, const unsigned char *, size_t)
int ssl_write_record(ssl_context *ssl)
void ecdh_free(ecdh_context *ctx)
Free context.
unsigned char randbytes[64]
const ecp_group_id * ecp_grp_id_list(void)
Get the list of supported curves in order of preferrence (grp_id only)
int md_hmac_finish(md_context_t *ctx, unsigned char *output)
Generic HMAC final digest.
#define POLARSSL_ERR_SSL_COUNTER_WRAPPING
A counter would wrap (eg, too many messages exchanged).
int(* rsa_decrypt_func)(void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
Generic message digest context.
void ssl_optimize_checksum(ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info)
md_type_t ssl_md_alg_from_hash(unsigned char hash)
int dhm_calc_secret(dhm_context *ctx, unsigned char *output, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Derive and export the shared secret (G^Y)^X mod P.
#define SSL_HS_HELLO_REQUEST