00001 /* 00002 * SSLv3/TLSv1 shared functions 00003 * 00004 * Copyright (C) 2006-2007 Christophe Devine 00005 * 00006 * This program is free software; you can redistribute it and/or modify 00007 * it under the terms of the GNU General Public License as published by 00008 * the Free Software Foundation; either version 2 of the License, or 00009 * (at your option) any later version. 00010 * 00011 * This program is distributed in the hope that it will be useful, 00012 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00013 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00014 * GNU General Public License for more details. 00015 * 00016 * You should have received a copy of the GNU General Public License along 00017 * with this program; if not, write to the Free Software Foundation, Inc., 00018 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00019 */ 00020 /* 00021 * The SSL 3.0 specification was drafted by Netscape in 1996, 00022 * and became an IETF standard in 1999. 00023 * 00024 * http://wp.netscape.com/eng/ssl3/ 00025 * http://www.ietf.org/rfc/rfc2246.txt 00026 * http://www.ietf.org/rfc/rfc4346.txt 00027 */ 00028 00029 #include "xyssl/config.h" 00030 00031 #if defined(XYSSL_SSL_TLS_C) 00032 00033 #include "xyssl/aes.h" 00034 #include "xyssl/arc4.h" 00035 #include "xyssl/des.h" 00036 #include "xyssl/debug.h" 00037 #include "xyssl/ssl.h" 00038 00039 #include <string.h> 00040 #include <stdlib.h> 00041 #include <time.h> 00042 00043 /* 00044 * Key material generation 00045 */ 00046 static int tls1_prf( unsigned char *secret, int slen, char *label, 00047 unsigned char *random, int rlen, 00048 unsigned char *dstbuf, int dlen ) 00049 { 00050 int nb, hs; 00051 int i, j, k; 00052 unsigned char *S1, *S2; 00053 unsigned char tmp[128]; 00054 unsigned char h_i[20]; 00055 00056 if( sizeof( tmp ) < 20 + strlen( label ) + rlen ) 00057 return( XYSSL_ERR_SSL_BAD_INPUT_DATA ); 00058 00059 hs = ( slen + 1 ) / 2; 00060 S1 = secret; 00061 S2 = secret + slen - hs; 00062 00063 nb = strlen( label ); 00064 memcpy( tmp + 20, label, nb ); 00065 memcpy( tmp + 20 + nb, random, rlen ); 00066 nb += rlen; 00067 00068 /* 00069 * First compute P_md5(secret,label+random)[0..dlen] 00070 */ 00071 md5_hmac( S1, hs, tmp + 20, nb, 4 + tmp ); 00072 00073 for( i = 0; i < dlen; i += 16 ) 00074 { 00075 md5_hmac( S1, hs, 4 + tmp, 16 + nb, h_i ); 00076 md5_hmac( S1, hs, 4 + tmp, 16, 4 + tmp ); 00077 00078 k = ( i + 16 > dlen ) ? dlen % 16 : 16; 00079 00080 for( j = 0; j < k; j++ ) 00081 dstbuf[i + j] = h_i[j]; 00082 } 00083 00084 /* 00085 * XOR out with P_sha1(secret,label+random)[0..dlen] 00086 */ 00087 sha1_hmac( S2, hs, tmp + 20, nb, tmp ); 00088 00089 for( i = 0; i < dlen; i += 20 ) 00090 { 00091 sha1_hmac( S2, hs, tmp, 20 + nb, h_i ); 00092 sha1_hmac( S2, hs, tmp, 20, tmp ); 00093 00094 k = ( i + 20 > dlen ) ? dlen % 20 : 20; 00095 00096 for( j = 0; j < k; j++ ) 00097 dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] ); 00098 } 00099 00100 memset( tmp, 0, sizeof( tmp ) ); 00101 memset( h_i, 0, sizeof( h_i ) ); 00102 00103 return( 0 ); 00104 } 00105 00106 int ssl_derive_keys( ssl_context *ssl ) 00107 { 00108 int i; 00109 md5_context md5; 00110 sha1_context sha1; 00111 unsigned char tmp[64]; 00112 unsigned char padding[16]; 00113 unsigned char sha1sum[20]; 00114 unsigned char keyblk[256]; 00115 unsigned char *key1; 00116 unsigned char *key2; 00117 00118 SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); 00119 00120 /* 00121 * SSLv3: 00122 * master = 00123 * MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) + 00124 * MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) + 00125 * MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) ) 00126 * 00127 * TLSv1: 00128 * master = PRF( premaster, "master secret", randbytes )[0..47] 00129 */ 00130 if( ssl->resume == 0 ) 00131 { 00132 int len = ssl->pmslen; 00133 00134 SSL_DEBUG_BUF( 3, "premaster secret", ssl->premaster, len ); 00135 00136 if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) 00137 { 00138 for( i = 0; i < 3; i++ ) 00139 { 00140 memset( padding, 'A' + i, 1 + i ); 00141 00142 sha1_starts( &sha1 ); 00143 sha1_update( &sha1, padding, 1 + i ); 00144 sha1_update( &sha1, ssl->premaster, len ); 00145 sha1_update( &sha1, ssl->randbytes, 64 ); 00146 sha1_finish( &sha1, sha1sum ); 00147 00148 md5_starts( &md5 ); 00149 md5_update( &md5, ssl->premaster, len ); 00150 md5_update( &md5, sha1sum, 20 ); 00151 md5_finish( &md5, ssl->session->master + i * 16 ); 00152 } 00153 } 00154 else 00155 tls1_prf( ssl->premaster, len, "master secret", 00156 ssl->randbytes, 64, ssl->session->master, 48 ); 00157 00158 memset( ssl->premaster, 0, sizeof( ssl->premaster ) ); 00159 } 00160 else 00161 SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); 00162 00163 /* 00164 * Swap the client and server random values. 00165 */ 00166 memcpy( tmp, ssl->randbytes, 64 ); 00167 memcpy( ssl->randbytes, tmp + 32, 32 ); 00168 memcpy( ssl->randbytes + 32, tmp, 32 ); 00169 memset( tmp, 0, sizeof( tmp ) ); 00170 00171 /* 00172 * SSLv3: 00173 * key block = 00174 * MD5( master + SHA1( 'A' + master + randbytes ) ) + 00175 * MD5( master + SHA1( 'BB' + master + randbytes ) ) + 00176 * MD5( master + SHA1( 'CCC' + master + randbytes ) ) + 00177 * MD5( master + SHA1( 'DDDD' + master + randbytes ) ) + 00178 * ... 00179 * 00180 * TLSv1: 00181 * key block = PRF( master, "key expansion", randbytes ) 00182 */ 00183 if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) 00184 { 00185 for( i = 0; i < 16; i++ ) 00186 { 00187 memset( padding, 'A' + i, 1 + i ); 00188 00189 sha1_starts( &sha1 ); 00190 sha1_update( &sha1, padding, 1 + i ); 00191 sha1_update( &sha1, ssl->session->master, 48 ); 00192 sha1_update( &sha1, ssl->randbytes, 64 ); 00193 sha1_finish( &sha1, sha1sum ); 00194 00195 md5_starts( &md5 ); 00196 md5_update( &md5, ssl->session->master, 48 ); 00197 md5_update( &md5, sha1sum, 20 ); 00198 md5_finish( &md5, keyblk + i * 16 ); 00199 } 00200 00201 memset( &md5, 0, sizeof( md5 ) ); 00202 memset( &sha1, 0, sizeof( sha1 ) ); 00203 00204 memset( padding, 0, sizeof( padding ) ); 00205 memset( sha1sum, 0, sizeof( sha1sum ) ); 00206 } 00207 else 00208 tls1_prf( ssl->session->master, 48, "key expansion", 00209 ssl->randbytes, 64, keyblk, 256 ); 00210 00211 SSL_DEBUG_MSG( 3, ( "cipher = %s", ssl_get_cipher( ssl ) ) ); 00212 SSL_DEBUG_BUF( 3, "master secret", ssl->session->master, 48 ); 00213 SSL_DEBUG_BUF( 4, "random bytes", ssl->randbytes, 64 ); 00214 SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); 00215 00216 memset( ssl->randbytes, 0, sizeof( ssl->randbytes ) ); 00217 00218 /* 00219 * Determine the appropriate key, IV and MAC length. 00220 */ 00221 switch( ssl->session->cipher ) 00222 { 00223 #if defined(XYSSL_ARC4_C) 00224 case SSL_RSA_RC4_128_MD5: 00225 ssl->keylen = 16; ssl->minlen = 16; 00226 ssl->ivlen = 0; ssl->maclen = 16; 00227 break; 00228 00229 case SSL_RSA_RC4_128_SHA: 00230 ssl->keylen = 16; ssl->minlen = 20; 00231 ssl->ivlen = 0; ssl->maclen = 20; 00232 break; 00233 #endif 00234 00235 #if defined(XYSSL_DES_C) 00236 case SSL_RSA_DES_168_SHA: 00237 case SSL_EDH_RSA_DES_168_SHA: 00238 ssl->keylen = 24; ssl->minlen = 24; 00239 ssl->ivlen = 8; ssl->maclen = 20; 00240 break; 00241 #endif 00242 00243 #if defined(XYSSL_AES_C) 00244 case SSL_RSA_AES_128_SHA: 00245 ssl->keylen = 16; ssl->minlen = 32; 00246 ssl->ivlen = 16; ssl->maclen = 20; 00247 break; 00248 00249 case SSL_RSA_AES_256_SHA: 00250 case SSL_EDH_RSA_AES_256_SHA: 00251 ssl->keylen = 32; ssl->minlen = 32; 00252 ssl->ivlen = 16; ssl->maclen = 20; 00253 break; 00254 #endif 00255 00256 default: 00257 SSL_DEBUG_MSG( 1, ( "cipher %s is not available", 00258 ssl_get_cipher( ssl ) ) ); 00259 return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); 00260 } 00261 00262 SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d", 00263 ssl->keylen, ssl->minlen, ssl->ivlen, ssl->maclen ) ); 00264 00265 /* 00266 * Finally setup the cipher contexts, IVs and MAC secrets. 00267 */ 00268 if( ssl->endpoint == SSL_IS_CLIENT ) 00269 { 00270 key1 = keyblk + ssl->maclen * 2; 00271 key2 = keyblk + ssl->maclen * 2 + ssl->keylen; 00272 00273 memcpy( ssl->mac_enc, keyblk, ssl->maclen ); 00274 memcpy( ssl->mac_dec, keyblk + ssl->maclen, ssl->maclen ); 00275 00276 memcpy( ssl->iv_enc, key2 + ssl->keylen, ssl->ivlen ); 00277 memcpy( ssl->iv_dec, key2 + ssl->keylen + ssl->ivlen, 00278 ssl->ivlen ); 00279 } 00280 else 00281 { 00282 key1 = keyblk + ssl->maclen * 2 + ssl->keylen; 00283 key2 = keyblk + ssl->maclen * 2; 00284 00285 memcpy( ssl->mac_dec, keyblk, ssl->maclen ); 00286 memcpy( ssl->mac_enc, keyblk + ssl->maclen, ssl->maclen ); 00287 00288 memcpy( ssl->iv_dec, key1 + ssl->keylen, ssl->ivlen ); 00289 memcpy( ssl->iv_enc, key1 + ssl->keylen + ssl->ivlen, 00290 ssl->ivlen ); 00291 } 00292 00293 switch( ssl->session->cipher ) 00294 { 00295 #if defined(XYSSL_ARC4_C) 00296 case SSL_RSA_RC4_128_MD5: 00297 case SSL_RSA_RC4_128_SHA: 00298 arc4_setup( (arc4_context *) ssl->ctx_enc, key1, ssl->keylen ); 00299 arc4_setup( (arc4_context *) ssl->ctx_dec, key2, ssl->keylen ); 00300 break; 00301 #endif 00302 00303 #if defined(XYSSL_DES_C) 00304 case SSL_RSA_DES_168_SHA: 00305 case SSL_EDH_RSA_DES_168_SHA: 00306 des3_set3key_enc( (des3_context *) ssl->ctx_enc, key1 ); 00307 des3_set3key_dec( (des3_context *) ssl->ctx_dec, key2 ); 00308 break; 00309 #endif 00310 00311 #if defined(XYSSL_AES_C) 00312 case SSL_RSA_AES_128_SHA: 00313 aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 128 ); 00314 aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 128 ); 00315 break; 00316 00317 case SSL_RSA_AES_256_SHA: 00318 case SSL_EDH_RSA_AES_256_SHA: 00319 aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 256 ); 00320 aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 256 ); 00321 break; 00322 #endif 00323 00324 default: 00325 return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); 00326 } 00327 00328 memset( keyblk, 0, sizeof( keyblk ) ); 00329 00330 SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); 00331 00332 return( 0 ); 00333 } 00334 00335 void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] ) 00336 { 00337 md5_context md5; 00338 sha1_context sha1; 00339 unsigned char pad_1[48]; 00340 unsigned char pad_2[48]; 00341 00342 SSL_DEBUG_MSG( 2, ( "=> calc verify" ) ); 00343 00344 memcpy( &md5 , &ssl->fin_md5 , sizeof( md5_context ) ); 00345 memcpy( &sha1, &ssl->fin_sha1, sizeof( sha1_context ) ); 00346 00347 if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) 00348 { 00349 memset( pad_1, 0x36, 48 ); 00350 memset( pad_2, 0x5C, 48 ); 00351 00352 md5_update( &md5, ssl->session->master, 48 ); 00353 md5_update( &md5, pad_1, 48 ); 00354 md5_finish( &md5, hash ); 00355 00356 md5_starts( &md5 ); 00357 md5_update( &md5, ssl->session->master, 48 ); 00358 md5_update( &md5, pad_2, 48 ); 00359 md5_update( &md5, hash, 16 ); 00360 md5_finish( &md5, hash ); 00361 00362 sha1_update( &sha1, ssl->session->master, 48 ); 00363 sha1_update( &sha1, pad_1, 40 ); 00364 sha1_finish( &sha1, hash + 16 ); 00365 00366 sha1_starts( &sha1 ); 00367 sha1_update( &sha1, ssl->session->master, 48 ); 00368 sha1_update( &sha1, pad_2, 40 ); 00369 sha1_update( &sha1, hash + 16, 20 ); 00370 sha1_finish( &sha1, hash + 16 ); 00371 } 00372 else /* TLSv1 */ 00373 { 00374 md5_finish( &md5, hash ); 00375 sha1_finish( &sha1, hash + 16 ); 00376 } 00377 00378 SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); 00379 SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); 00380 00381 return; 00382 } 00383 00384 /* 00385 * SSLv3.0 MAC functions 00386 */ 00387 static void ssl_mac_md5( unsigned char *secret, 00388 unsigned char *buf, int len, 00389 unsigned char *ctr, int type ) 00390 { 00391 unsigned char header[11]; 00392 unsigned char padding[48]; 00393 md5_context md5; 00394 00395 memcpy( header, ctr, 8 ); 00396 header[ 8] = (unsigned char) type; 00397 header[ 9] = (unsigned char)( len >> 8 ); 00398 header[10] = (unsigned char)( len ); 00399 00400 memset( padding, 0x36, 48 ); 00401 md5_starts( &md5 ); 00402 md5_update( &md5, secret, 16 ); 00403 md5_update( &md5, padding, 48 ); 00404 md5_update( &md5, header, 11 ); 00405 md5_update( &md5, buf, len ); 00406 md5_finish( &md5, buf + len ); 00407 00408 memset( padding, 0x5C, 48 ); 00409 md5_starts( &md5 ); 00410 md5_update( &md5, secret, 16 ); 00411 md5_update( &md5, padding, 48 ); 00412 md5_update( &md5, buf + len, 16 ); 00413 md5_finish( &md5, buf + len ); 00414 } 00415 00416 static void ssl_mac_sha1( unsigned char *secret, 00417 unsigned char *buf, int len, 00418 unsigned char *ctr, int type ) 00419 { 00420 unsigned char header[11]; 00421 unsigned char padding[40]; 00422 sha1_context sha1; 00423 00424 memcpy( header, ctr, 8 ); 00425 header[ 8] = (unsigned char) type; 00426 header[ 9] = (unsigned char)( len >> 8 ); 00427 header[10] = (unsigned char)( len ); 00428 00429 memset( padding, 0x36, 40 ); 00430 sha1_starts( &sha1 ); 00431 sha1_update( &sha1, secret, 20 ); 00432 sha1_update( &sha1, padding, 40 ); 00433 sha1_update( &sha1, header, 11 ); 00434 sha1_update( &sha1, buf, len ); 00435 sha1_finish( &sha1, buf + len ); 00436 00437 memset( padding, 0x5C, 40 ); 00438 sha1_starts( &sha1 ); 00439 sha1_update( &sha1, secret, 20 ); 00440 sha1_update( &sha1, padding, 40 ); 00441 sha1_update( &sha1, buf + len, 20 ); 00442 sha1_finish( &sha1, buf + len ); 00443 } 00444 00445 /* 00446 * Encryption/decryption functions 00447 */ 00448 static int ssl_encrypt_buf( ssl_context *ssl ) 00449 { 00450 int i, padlen; 00451 00452 SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); 00453 00454 /* 00455 * Add MAC then encrypt 00456 */ 00457 if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) 00458 { 00459 if( ssl->maclen == 16 ) 00460 ssl_mac_md5( ssl->mac_enc, 00461 ssl->out_msg, ssl->out_msglen, 00462 ssl->out_ctr, ssl->out_msgtype ); 00463 00464 if( ssl->maclen == 20 ) 00465 ssl_mac_sha1( ssl->mac_enc, 00466 ssl->out_msg, ssl->out_msglen, 00467 ssl->out_ctr, ssl->out_msgtype ); 00468 } 00469 else 00470 { 00471 if( ssl->maclen == 16 ) 00472 md5_hmac( ssl->mac_enc, 16, 00473 ssl->out_ctr, ssl->out_msglen + 13, 00474 ssl->out_msg + ssl->out_msglen ); 00475 00476 if( ssl->maclen == 20 ) 00477 sha1_hmac( ssl->mac_enc, 20, 00478 ssl->out_ctr, ssl->out_msglen + 13, 00479 ssl->out_msg + ssl->out_msglen ); 00480 } 00481 00482 SSL_DEBUG_BUF( 4, "computed mac", 00483 ssl->out_msg + ssl->out_msglen, ssl->maclen ); 00484 00485 ssl->out_msglen += ssl->maclen; 00486 00487 for( i = 7; i >= 0; i-- ) 00488 if( ++ssl->out_ctr[i] != 0 ) 00489 break; 00490 00491 if( ssl->ivlen == 0 ) 00492 { 00493 #if defined(XYSSL_ARC4_C) 00494 padlen = 0; 00495 00496 SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " 00497 "including %d bytes of padding", 00498 ssl->out_msglen, 0 ) ); 00499 00500 SSL_DEBUG_BUF( 4, "before encrypt: output payload", 00501 ssl->out_msg, ssl->out_msglen ); 00502 00503 arc4_crypt( (arc4_context *) ssl->ctx_enc, 00504 ssl->out_msg, ssl->out_msglen ); 00505 #else 00506 return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); 00507 #endif 00508 } 00509 else 00510 { 00511 padlen = ssl->ivlen - ( ssl->out_msglen + 1 ) % ssl->ivlen; 00512 if( padlen == ssl->ivlen ) 00513 padlen = 0; 00514 00515 for( i = 0; i <= padlen; i++ ) 00516 ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen; 00517 00518 ssl->out_msglen += padlen + 1; 00519 00520 SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " 00521 "including %d bytes of padding", 00522 ssl->out_msglen, padlen + 1 ) ); 00523 00524 SSL_DEBUG_BUF( 4, "before encrypt: output payload", 00525 ssl->out_msg, ssl->out_msglen ); 00526 00527 switch( ssl->ivlen ) 00528 { 00529 case 8: 00530 #if defined(XYSSL_DES_C) 00531 des3_crypt_cbc( (des3_context *) ssl->ctx_enc, 00532 DES_ENCRYPT, ssl->out_msglen, 00533 ssl->iv_enc, ssl->out_msg, ssl->out_msg ); 00534 break; 00535 #endif 00536 00537 case 16: 00538 #if defined(XYSSL_AES_C) 00539 aes_crypt_cbc( (aes_context *) ssl->ctx_enc, 00540 AES_ENCRYPT, ssl->out_msglen, 00541 ssl->iv_enc, ssl->out_msg, ssl->out_msg ); 00542 break; 00543 #endif 00544 00545 default: 00546 return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); 00547 } 00548 } 00549 00550 SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) ); 00551 00552 return( 0 ); 00553 } 00554 00555 static int ssl_decrypt_buf( ssl_context *ssl ) 00556 { 00557 int i, padlen; 00558 unsigned char tmp[20]; 00559 00560 SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) ); 00561 00562 if( ssl->in_msglen < ssl->minlen ) 00563 { 00564 SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)", 00565 ssl->in_msglen, ssl->minlen ) ); 00566 return( XYSSL_ERR_SSL_INVALID_MAC ); 00567 } 00568 00569 if( ssl->ivlen == 0 ) 00570 { 00571 #if defined(XYSSL_ARC4_C) 00572 padlen = 0; 00573 arc4_crypt( (arc4_context *) ssl->ctx_dec, 00574 ssl->in_msg, ssl->in_msglen ); 00575 #else 00576 return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); 00577 #endif 00578 } 00579 else 00580 { 00581 /* 00582 * Decrypt and check the padding 00583 */ 00584 if( ssl->in_msglen % ssl->ivlen != 0 ) 00585 { 00586 SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0", 00587 ssl->in_msglen, ssl->ivlen ) ); 00588 return( XYSSL_ERR_SSL_INVALID_MAC ); 00589 } 00590 00591 switch( ssl->ivlen ) 00592 { 00593 #if defined(XYSSL_DES_C) 00594 case 8: 00595 des3_crypt_cbc( (des3_context *) ssl->ctx_dec, 00596 DES_DECRYPT, ssl->in_msglen, 00597 ssl->iv_dec, ssl->in_msg, ssl->in_msg ); 00598 break; 00599 #endif 00600 00601 #if defined(XYSSL_AES_C) 00602 case 16: 00603 aes_crypt_cbc( (aes_context *) ssl->ctx_dec, 00604 AES_DECRYPT, ssl->in_msglen, 00605 ssl->iv_dec, ssl->in_msg, ssl->in_msg ); 00606 break; 00607 #endif 00608 00609 default: 00610 return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); 00611 } 00612 00613 padlen = 1 + ssl->in_msg[ssl->in_msglen - 1]; 00614 00615 if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) 00616 { 00617 if( padlen > ssl->ivlen ) 00618 { 00619 SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, " 00620 "should be no more than %d", 00621 padlen, ssl->ivlen ) ); 00622 padlen = 0; 00623 } 00624 } 00625 else 00626 { 00627 /* 00628 * TLSv1: always check the padding 00629 */ 00630 for( i = 1; i <= padlen; i++ ) 00631 { 00632 if( ssl->in_msg[ssl->in_msglen - i] != padlen - 1 ) 00633 { 00634 SSL_DEBUG_MSG( 1, ( "bad padding byte: should be " 00635 "%02x, but is %02x", padlen - 1, 00636 ssl->in_msg[ssl->in_msglen - i] ) ); 00637 padlen = 0; 00638 } 00639 } 00640 } 00641 } 00642 00643 SSL_DEBUG_BUF( 4, "raw buffer after decryption", 00644 ssl->in_msg, ssl->in_msglen ); 00645 00646 /* 00647 * Always compute the MAC (RFC4346, CBCTIME). 00648 */ 00649 ssl->in_msglen -= ( ssl->maclen + padlen ); 00650 00651 ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 ); 00652 ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen ); 00653 00654 memcpy( tmp, ssl->in_msg + ssl->in_msglen, 20 ); 00655 00656 if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) 00657 { 00658 if( ssl->maclen == 16 ) 00659 ssl_mac_md5( ssl->mac_dec, 00660 ssl->in_msg, ssl->in_msglen, 00661 ssl->in_ctr, ssl->in_msgtype ); 00662 else 00663 ssl_mac_sha1( ssl->mac_dec, 00664 ssl->in_msg, ssl->in_msglen, 00665 ssl->in_ctr, ssl->in_msgtype ); 00666 } 00667 else 00668 { 00669 if( ssl->maclen == 16 ) 00670 md5_hmac( ssl->mac_dec, 16, 00671 ssl->in_ctr, ssl->in_msglen + 13, 00672 ssl->in_msg + ssl->in_msglen ); 00673 else 00674 sha1_hmac( ssl->mac_dec, 20, 00675 ssl->in_ctr, ssl->in_msglen + 13, 00676 ssl->in_msg + ssl->in_msglen ); 00677 } 00678 00679 SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->maclen ); 00680 SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen, 00681 ssl->maclen ); 00682 00683 if( memcmp( tmp, ssl->in_msg + ssl->in_msglen, 00684 ssl->maclen ) != 0 ) 00685 { 00686 SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); 00687 return( XYSSL_ERR_SSL_INVALID_MAC ); 00688 } 00689 00690 /* 00691 * Finally check the padding length; bad padding 00692 * will produce the same error as an invalid MAC. 00693 */ 00694 if( ssl->ivlen != 0 && padlen == 0 ) 00695 return( XYSSL_ERR_SSL_INVALID_MAC ); 00696 00697 if( ssl->in_msglen == 0 ) 00698 { 00699 ssl->nb_zero++; 00700 00701 /* 00702 * Three or more empty messages may be a DoS attack 00703 * (excessive CPU consumption). 00704 */ 00705 if( ssl->nb_zero > 3 ) 00706 { 00707 SSL_DEBUG_MSG( 1, ( "received four consecutive empty " 00708 "messages, possible DoS attack" ) ); 00709 return( XYSSL_ERR_SSL_INVALID_MAC ); 00710 } 00711 } 00712 else 00713 ssl->nb_zero = 0; 00714 00715 for( i = 7; i >= 0; i-- ) 00716 if( ++ssl->in_ctr[i] != 0 ) 00717 break; 00718 00719 SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) ); 00720 00721 return( 0 ); 00722 } 00723 00724 /* 00725 * Fill the input message buffer 00726 */ 00727 int ssl_fetch_input( ssl_context *ssl, int nb_want ) 00728 { 00729 int ret, len; 00730 00731 SSL_DEBUG_MSG( 2, ( "=> fetch input" ) ); 00732 00733 while( ssl->in_left < nb_want ) 00734 { 00735 len = nb_want - ssl->in_left; 00736 ret = ssl->f_recv( ssl->p_recv, ssl->in_hdr + ssl->in_left, len ); 00737 00738 SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", 00739 ssl->in_left, nb_want ) ); 00740 SSL_DEBUG_RET( 2, "ssl->f_recv", ret ); 00741 00742 if( ret < 0 ) 00743 return( ret ); 00744 00745 ssl->in_left += ret; 00746 } 00747 00748 SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); 00749 00750 return( 0 ); 00751 } 00752 00753 /* 00754 * Flush any data not yet written 00755 */ 00756 int ssl_flush_output( ssl_context *ssl ) 00757 { 00758 int ret; 00759 unsigned char *buf; 00760 00761 SSL_DEBUG_MSG( 2, ( "=> flush output" ) ); 00762 00763 while( ssl->out_left > 0 ) 00764 { 00765 SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d", 00766 5 + ssl->out_msglen, ssl->out_left ) ); 00767 00768 buf = ssl->out_hdr + 5 + ssl->out_msglen - ssl->out_left; 00769 ret = ssl->f_send( ssl->p_send, buf, ssl->out_left ); 00770 SSL_DEBUG_RET( 2, "ssl->f_send", ret ); 00771 00772 if( ret <= 0 ) 00773 return( ret ); 00774 00775 ssl->out_left -= ret; 00776 } 00777 00778 SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); 00779 00780 return( 0 ); 00781 } 00782 00783 /* 00784 * Record layer functions 00785 */ 00786 int ssl_write_record( ssl_context *ssl ) 00787 { 00788 int ret, len = ssl->out_msglen; 00789 00790 SSL_DEBUG_MSG( 2, ( "=> write record" ) ); 00791 00792 ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; 00793 ssl->out_hdr[1] = (unsigned char) ssl->major_ver; 00794 ssl->out_hdr[2] = (unsigned char) ssl->minor_ver; 00795 ssl->out_hdr[3] = (unsigned char)( len >> 8 ); 00796 ssl->out_hdr[4] = (unsigned char)( len ); 00797 00798 if( ssl->out_msgtype == SSL_MSG_HANDSHAKE ) 00799 { 00800 ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 ); 00801 ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 ); 00802 ssl->out_msg[3] = (unsigned char)( ( len - 4 ) ); 00803 00804 md5_update( &ssl->fin_md5 , ssl->out_msg, len ); 00805 sha1_update( &ssl->fin_sha1, ssl->out_msg, len ); 00806 } 00807 00808 if( ssl->do_crypt != 0 ) 00809 { 00810 if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 ) 00811 { 00812 SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); 00813 return( ret ); 00814 } 00815 00816 len = ssl->out_msglen; 00817 ssl->out_hdr[3] = (unsigned char)( len >> 8 ); 00818 ssl->out_hdr[4] = (unsigned char)( len ); 00819 } 00820 00821 ssl->out_left = 5 + ssl->out_msglen; 00822 00823 SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, " 00824 "version = [%d:%d], msglen = %d", 00825 ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], 00826 ( ssl->out_hdr[3] << 8 ) | ssl->out_hdr[4] ) ); 00827 00828 SSL_DEBUG_BUF( 4, "output record sent to network", 00829 ssl->out_hdr, 5 + ssl->out_msglen ); 00830 00831 if( ( ret = ssl_flush_output( ssl ) ) != 0 ) 00832 { 00833 SSL_DEBUG_RET( 1, "ssl_flush_output", ret ); 00834 return( ret ); 00835 } 00836 00837 SSL_DEBUG_MSG( 2, ( "<= write record" ) ); 00838 00839 return( 0 ); 00840 } 00841 00842 int ssl_read_record( ssl_context *ssl ) 00843 { 00844 int ret; 00845 00846 SSL_DEBUG_MSG( 2, ( "=> read record" ) ); 00847 00848 if( ssl->in_hslen != 0 && 00849 ssl->in_hslen < ssl->in_msglen ) 00850 { 00851 /* 00852 * Get next Handshake message in the current record 00853 */ 00854 ssl->in_msglen -= ssl->in_hslen; 00855 00856 memcpy( ssl->in_msg, ssl->in_msg + ssl->in_hslen, 00857 ssl->in_msglen ); 00858 00859 ssl->in_hslen = 4; 00860 ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3]; 00861 00862 SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" 00863 " %d, type = %d, hslen = %d", 00864 ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); 00865 00866 if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 ) 00867 { 00868 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); 00869 return( XYSSL_ERR_SSL_INVALID_RECORD ); 00870 } 00871 00872 if( ssl->in_msglen < ssl->in_hslen ) 00873 { 00874 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); 00875 return( XYSSL_ERR_SSL_INVALID_RECORD ); 00876 } 00877 00878 md5_update( &ssl->fin_md5 , ssl->in_msg, ssl->in_hslen ); 00879 sha1_update( &ssl->fin_sha1, ssl->in_msg, ssl->in_hslen ); 00880 00881 return( 0 ); 00882 } 00883 00884 ssl->in_hslen = 0; 00885 00886 /* 00887 * Read the record header and validate it 00888 */ 00889 if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 ) 00890 { 00891 SSL_DEBUG_RET( 1, "ssl_fetch_input", ret ); 00892 return( ret ); 00893 } 00894 00895 ssl->in_msgtype = ssl->in_hdr[0]; 00896 ssl->in_msglen = ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4]; 00897 00898 SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " 00899 "version = [%d:%d], msglen = %d", 00900 ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2], 00901 ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4] ) ); 00902 00903 if( ssl->in_hdr[1] != ssl->major_ver ) 00904 { 00905 SSL_DEBUG_MSG( 1, ( "major version mismatch" ) ); 00906 return( XYSSL_ERR_SSL_INVALID_RECORD ); 00907 } 00908 00909 if( ssl->in_hdr[2] != SSL_MINOR_VERSION_0 && 00910 ssl->in_hdr[2] != SSL_MINOR_VERSION_1 ) 00911 { 00912 SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) ); 00913 return( XYSSL_ERR_SSL_INVALID_RECORD ); 00914 } 00915 00916 /* 00917 * Make sure the message length is acceptable 00918 */ 00919 if( ssl->do_crypt == 0 ) 00920 { 00921 if( ssl->in_msglen < 1 || 00922 ssl->in_msglen > SSL_MAX_CONTENT_LEN ) 00923 { 00924 SSL_DEBUG_MSG( 1, ( "bad message length" ) ); 00925 return( XYSSL_ERR_SSL_INVALID_RECORD ); 00926 } 00927 } 00928 else 00929 { 00930 if( ssl->in_msglen < ssl->minlen ) 00931 { 00932 SSL_DEBUG_MSG( 1, ( "bad message length" ) ); 00933 return( XYSSL_ERR_SSL_INVALID_RECORD ); 00934 } 00935 00936 if( ssl->minor_ver == SSL_MINOR_VERSION_0 && 00937 ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN ) 00938 { 00939 SSL_DEBUG_MSG( 1, ( "bad message length" ) ); 00940 return( XYSSL_ERR_SSL_INVALID_RECORD ); 00941 } 00942 00943 /* 00944 * TLS encrypted messages can have up to 256 bytes of padding 00945 */ 00946 if( ssl->minor_ver == SSL_MINOR_VERSION_1 && 00947 ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN + 256 ) 00948 { 00949 SSL_DEBUG_MSG( 1, ( "bad message length" ) ); 00950 return( XYSSL_ERR_SSL_INVALID_RECORD ); 00951 } 00952 } 00953 00954 /* 00955 * Read and optionally decrypt the message contents 00956 */ 00957 if( ( ret = ssl_fetch_input( ssl, 5 + ssl->in_msglen ) ) != 0 ) 00958 { 00959 SSL_DEBUG_RET( 1, "ssl_fetch_input", ret ); 00960 return( ret ); 00961 } 00962 00963 SSL_DEBUG_BUF( 4, "input record from network", 00964 ssl->in_hdr, 5 + ssl->in_msglen ); 00965 00966 if( ssl->do_crypt != 0 ) 00967 { 00968 if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 ) 00969 { 00970 SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret ); 00971 return( ret ); 00972 } 00973 00974 SSL_DEBUG_BUF( 4, "input payload after decrypt", 00975 ssl->in_msg, ssl->in_msglen ); 00976 00977 if( ssl->in_msglen > SSL_MAX_CONTENT_LEN ) 00978 { 00979 SSL_DEBUG_MSG( 1, ( "bad message length" ) ); 00980 return( XYSSL_ERR_SSL_INVALID_RECORD ); 00981 } 00982 } 00983 00984 if( ssl->in_msgtype == SSL_MSG_HANDSHAKE ) 00985 { 00986 ssl->in_hslen = 4; 00987 ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3]; 00988 00989 SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" 00990 " %d, type = %d, hslen = %d", 00991 ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); 00992 00993 /* 00994 * Additional checks to validate the handshake header 00995 */ 00996 if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 ) 00997 { 00998 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); 00999 return( XYSSL_ERR_SSL_INVALID_RECORD ); 01000 } 01001 01002 if( ssl->in_msglen < ssl->in_hslen ) 01003 { 01004 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); 01005 return( XYSSL_ERR_SSL_INVALID_RECORD ); 01006 } 01007 01008 md5_update( &ssl->fin_md5 , ssl->in_msg, ssl->in_hslen ); 01009 sha1_update( &ssl->fin_sha1, ssl->in_msg, ssl->in_hslen ); 01010 } 01011 01012 if( ssl->in_msgtype == SSL_MSG_ALERT ) 01013 { 01014 SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]", 01015 ssl->in_msg[0], ssl->in_msg[1] ) ); 01016 01017 /* 01018 * Ignore non-fatal alerts, except close_notify 01019 */ 01020 if( ssl->in_msg[0] == SSL_ALERT_FATAL ) 01021 { 01022 SSL_DEBUG_MSG( 1, ( "is a fatal alert message" ) ); 01023 return( XYSSL_ERR_SSL_FATAL_ALERT_MESSAGE | ssl->in_msg[1] ); 01024 } 01025 01026 if( ssl->in_msg[0] == SSL_ALERT_WARNING && 01027 ssl->in_msg[1] == SSL_ALERT_CLOSE_NOTIFY ) 01028 { 01029 SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); 01030 return( XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY ); 01031 } 01032 } 01033 01034 ssl->in_left = 0; 01035 01036 SSL_DEBUG_MSG( 2, ( "<= read record" ) ); 01037 01038 return( 0 ); 01039 } 01040 01041 /* 01042 * Handshake functions 01043 */ 01044 int ssl_write_certificate( ssl_context *ssl ) 01045 { 01046 int ret, i, n; 01047 x509_cert *crt; 01048 01049 SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); 01050 01051 if( ssl->endpoint == SSL_IS_CLIENT ) 01052 { 01053 if( ssl->client_auth == 0 ) 01054 { 01055 SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); 01056 ssl->state++; 01057 return( 0 ); 01058 } 01059 01060 /* 01061 * If using SSLv3 and got no cert, send an Alert message 01062 * (otherwise an empty Certificate message will be sent). 01063 */ 01064 if( ssl->own_cert == NULL && 01065 ssl->minor_ver == SSL_MINOR_VERSION_0 ) 01066 { 01067 ssl->out_msglen = 2; 01068 ssl->out_msgtype = SSL_MSG_ALERT; 01069 ssl->out_msg[0] = SSL_ALERT_WARNING; 01070 ssl->out_msg[1] = SSL_ALERT_NO_CERTIFICATE; 01071 01072 SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) ); 01073 goto write_msg; 01074 } 01075 } 01076 else /* SSL_IS_SERVER */ 01077 { 01078 if( ssl->own_cert == NULL ) 01079 { 01080 SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) ); 01081 return( XYSSL_ERR_SSL_CERTIFICATE_REQUIRED ); 01082 } 01083 } 01084 01085 SSL_DEBUG_CRT( 3, "own certificate", ssl->own_cert ); 01086 01087 /* 01088 * 0 . 0 handshake type 01089 * 1 . 3 handshake length 01090 * 4 . 6 length of all certs 01091 * 7 . 9 length of cert. 1 01092 * 10 . n-1 peer certificate 01093 * n . n+2 length of cert. 2 01094 * n+3 . ... upper level cert, etc. 01095 */ 01096 i = 7; 01097 crt = ssl->own_cert; 01098 01099 while( crt != NULL && crt->next != NULL ) 01100 { 01101 n = crt->raw.len; 01102 if( i + 3 + n > SSL_MAX_CONTENT_LEN ) 01103 { 01104 SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d", 01105 i + 3 + n, SSL_MAX_CONTENT_LEN ) ); 01106 return( XYSSL_ERR_SSL_CERTIFICATE_TOO_LARGE ); 01107 } 01108 01109 ssl->out_msg[i ] = (unsigned char)( n >> 16 ); 01110 ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); 01111 ssl->out_msg[i + 2] = (unsigned char)( n ); 01112 01113 i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); 01114 i += n; crt = crt->next; 01115 } 01116 01117 ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); 01118 ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); 01119 ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); 01120 01121 ssl->out_msglen = i; 01122 ssl->out_msgtype = SSL_MSG_HANDSHAKE; 01123 ssl->out_msg[0] = SSL_HS_CERTIFICATE; 01124 01125 write_msg: 01126 01127 ssl->state++; 01128 01129 if( ( ret = ssl_write_record( ssl ) ) != 0 ) 01130 { 01131 SSL_DEBUG_RET( 1, "ssl_write_record", ret ); 01132 return( ret ); 01133 } 01134 01135 SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); 01136 01137 return( 0 ); 01138 } 01139 01140 int ssl_parse_certificate( ssl_context *ssl ) 01141 { 01142 int ret, i, n; 01143 01144 SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); 01145 01146 if( ssl->endpoint == SSL_IS_SERVER && 01147 ssl->authmode == SSL_VERIFY_NONE ) 01148 { 01149 SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); 01150 ssl->state++; 01151 return( 0 ); 01152 } 01153 01154 if( ( ret = ssl_read_record( ssl ) ) != 0 ) 01155 { 01156 SSL_DEBUG_RET( 1, "ssl_read_record", ret ); 01157 return( ret ); 01158 } 01159 01160 ssl->state++; 01161 01162 /* 01163 * Check if the client sent an empty certificate 01164 */ 01165 if( ssl->endpoint == SSL_IS_SERVER && 01166 ssl->minor_ver == SSL_MINOR_VERSION_0 ) 01167 { 01168 if( ssl->in_msglen == 2 && 01169 ssl->in_msgtype == SSL_MSG_ALERT && 01170 ssl->in_msg[0] == SSL_ALERT_WARNING && 01171 ssl->in_msg[1] == SSL_ALERT_NO_CERTIFICATE ) 01172 { 01173 SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) ); 01174 01175 if( ssl->authmode == SSL_VERIFY_OPTIONAL ) 01176 return( 0 ); 01177 else 01178 return( XYSSL_ERR_SSL_NO_CLIENT_CERTIFICATE ); 01179 } 01180 } 01181 01182 if( ssl->endpoint == SSL_IS_SERVER && 01183 ssl->minor_ver != SSL_MINOR_VERSION_0 ) 01184 { 01185 if( ssl->in_hslen == 7 && 01186 ssl->in_msgtype == SSL_MSG_HANDSHAKE && 01187 ssl->in_msg[0] == SSL_HS_CERTIFICATE && 01188 memcmp( ssl->in_msg + 4, "0円0円0円", 3 ) == 0 ) 01189 { 01190 SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); 01191 01192 if( ssl->authmode == SSL_VERIFY_REQUIRED ) 01193 return( XYSSL_ERR_SSL_NO_CLIENT_CERTIFICATE ); 01194 else 01195 return( 0 ); 01196 } 01197 } 01198 01199 if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) 01200 { 01201 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); 01202 return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE ); 01203 } 01204 01205 if( ssl->in_msg[0] != SSL_HS_CERTIFICATE || ssl->in_hslen < 10 ) 01206 { 01207 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); 01208 return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE ); 01209 } 01210 01211 /* 01212 * Same message structure as in ssl_write_certificate() 01213 */ 01214 n = ( ssl->in_msg[5] << 8 ) | ssl->in_msg[6]; 01215 01216 if( ssl->in_msg[4] != 0 || ssl->in_hslen != 7 + n ) 01217 { 01218 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); 01219 return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE ); 01220 } 01221 01222 if( ( ssl->peer_cert = (x509_cert *) malloc( 01223 sizeof( x509_cert ) ) ) == NULL ) 01224 { 01225 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", 01226 sizeof( x509_cert ) ) ); 01227 return( 1 ); 01228 } 01229 01230 memset( ssl->peer_cert, 0, sizeof( x509_cert ) ); 01231 01232 i = 7; 01233 01234 while( i < ssl->in_hslen ) 01235 { 01236 if( ssl->in_msg[i] != 0 ) 01237 { 01238 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); 01239 return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE ); 01240 } 01241 01242 n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) 01243 | (unsigned int) ssl->in_msg[i + 2]; 01244 i += 3; 01245 01246 if( n < 128 || i + n > ssl->in_hslen ) 01247 { 01248 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); 01249 return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE ); 01250 } 01251 01252 ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n ); 01253 if( ret != 0 ) 01254 { 01255 SSL_DEBUG_RET( 1, " x509parse_crt", ret ); 01256 return( ret ); 01257 } 01258 01259 i += n; 01260 } 01261 01262 SSL_DEBUG_CRT( 3, "peer certificate", ssl->peer_cert ); 01263 01264 if( ssl->authmode != SSL_VERIFY_NONE ) 01265 { 01266 if( ssl->ca_chain == NULL ) 01267 { 01268 SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); 01269 return( XYSSL_ERR_SSL_CA_CHAIN_REQUIRED ); 01270 } 01271 01272 ret = x509parse_verify( ssl->peer_cert, ssl->ca_chain, 01273 ssl->peer_cn, &ssl->verify_result ); 01274 01275 if( ret != 0 ) 01276 SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); 01277 01278 if( ssl->authmode != SSL_VERIFY_REQUIRED ) 01279 ret = 0; 01280 } 01281 01282 SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); 01283 01284 return( ret ); 01285 } 01286 01287 int ssl_write_change_cipher_spec( ssl_context *ssl ) 01288 { 01289 int ret; 01290 01291 SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) ); 01292 01293 ssl->out_msgtype = SSL_MSG_CHANGE_CIPHER_SPEC; 01294 ssl->out_msglen = 1; 01295 ssl->out_msg[0] = 1; 01296 01297 ssl->do_crypt = 0; 01298 ssl->state++; 01299 01300 if( ( ret = ssl_write_record( ssl ) ) != 0 ) 01301 { 01302 SSL_DEBUG_RET( 1, "ssl_write_record", ret ); 01303 return( ret ); 01304 } 01305 01306 SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) ); 01307 01308 return( 0 ); 01309 } 01310 01311 int ssl_parse_change_cipher_spec( ssl_context *ssl ) 01312 { 01313 int ret; 01314 01315 SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) ); 01316 01317 ssl->do_crypt = 0; 01318 01319 if( ( ret = ssl_read_record( ssl ) ) != 0 ) 01320 { 01321 SSL_DEBUG_RET( 1, "ssl_read_record", ret ); 01322 return( ret ); 01323 } 01324 01325 if( ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC ) 01326 { 01327 SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); 01328 return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE ); 01329 } 01330 01331 if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 ) 01332 { 01333 SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); 01334 return( XYSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC ); 01335 } 01336 01337 ssl->state++; 01338 01339 SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) ); 01340 01341 return( 0 ); 01342 } 01343 01344 static void ssl_calc_finished( 01345 ssl_context *ssl, unsigned char *buf, int from, 01346 md5_context *md5, sha1_context *sha1 ) 01347 { 01348 int len = 12; 01349 char *sender; 01350 unsigned char padbuf[48]; 01351 unsigned char md5sum[16]; 01352 unsigned char sha1sum[20]; 01353 01354 SSL_DEBUG_MSG( 2, ( "=> calc finished" ) ); 01355 01356 /* 01357 * SSLv3: 01358 * hash = 01359 * MD5( master + pad2 + 01360 * MD5( handshake + sender + master + pad1 ) ) 01361 * + SHA1( master + pad2 + 01362 * SHA1( handshake + sender + master + pad1 ) ) 01363 * 01364 * TLSv1: 01365 * hash = PRF( master, finished_label, 01366 * MD5( handshake ) + SHA1( handshake ) )[0..11] 01367 */ 01368 01369 SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) 01370 md5->state, sizeof( md5->state ) ); 01371 01372 SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) 01373 sha1->state, sizeof( sha1->state ) ); 01374 01375 if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) 01376 { 01377 sender = ( from == SSL_IS_CLIENT ) ? (char *) "CLNT" 01378 : (char *) "SRVR"; 01379 01380 memset( padbuf, 0x36, 48 ); 01381 01382 md5_update( md5, (unsigned char *) sender, 4 ); 01383 md5_update( md5, ssl->session->master, 48 ); 01384 md5_update( md5, padbuf, 48 ); 01385 md5_finish( md5, md5sum ); 01386 01387 sha1_update( sha1, (unsigned char *) sender, 4 ); 01388 sha1_update( sha1, ssl->session->master, 48 ); 01389 sha1_update( sha1, padbuf, 40 ); 01390 sha1_finish( sha1, sha1sum ); 01391 01392 memset( padbuf, 0x5C, 48 ); 01393 01394 md5_starts( md5 ); 01395 md5_update( md5, ssl->session->master, 48 ); 01396 md5_update( md5, padbuf, 48 ); 01397 md5_update( md5, md5sum, 16 ); 01398 md5_finish( md5, buf ); 01399 01400 sha1_starts( sha1 ); 01401 sha1_update( sha1, ssl->session->master, 48 ); 01402 sha1_update( sha1, padbuf , 40 ); 01403 sha1_update( sha1, sha1sum, 20 ); 01404 sha1_finish( sha1, buf + 16 ); 01405 01406 len += 24; 01407 } 01408 else 01409 { 01410 sender = ( from == SSL_IS_CLIENT ) 01411 ? (char *) "client finished" 01412 : (char *) "server finished"; 01413 01414 md5_finish( md5, padbuf ); 01415 sha1_finish( sha1, padbuf + 16 ); 01416 01417 tls1_prf( ssl->session->master, 48, sender, 01418 padbuf, 36, buf, len ); 01419 } 01420 01421 SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); 01422 01423 memset( md5, 0, sizeof( md5_context ) ); 01424 memset( sha1, 0, sizeof( sha1_context ) ); 01425 01426 memset( padbuf, 0, sizeof( padbuf ) ); 01427 memset( md5sum, 0, sizeof( md5sum ) ); 01428 memset( sha1sum, 0, sizeof( sha1sum ) ); 01429 01430 SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); 01431 } 01432 01433 int ssl_write_finished( ssl_context *ssl ) 01434 { 01435 int ret, hash_len; 01436 md5_context md5; 01437 sha1_context sha1; 01438 01439 SSL_DEBUG_MSG( 2, ( "=> write finished" ) ); 01440 01441 memcpy( &md5 , &ssl->fin_md5 , sizeof( md5_context ) ); 01442 memcpy( &sha1, &ssl->fin_sha1, sizeof( sha1_context ) ); 01443 01444 ssl_calc_finished( ssl, ssl->out_msg + 4, 01445 ssl->endpoint, &md5, &sha1 ); 01446 01447 hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12; 01448 01449 ssl->out_msglen = 4 + hash_len; 01450 ssl->out_msgtype = SSL_MSG_HANDSHAKE; 01451 ssl->out_msg[0] = SSL_HS_FINISHED; 01452 01453 /* 01454 * In case of session resuming, invert the client and server 01455 * ChangeCipherSpec messages order. 01456 */ 01457 if( ssl->resume != 0 ) 01458 { 01459 if( ssl->endpoint == SSL_IS_CLIENT ) 01460 ssl->state = SSL_HANDSHAKE_OVER; 01461 else 01462 ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC; 01463 } 01464 else 01465 ssl->state++; 01466 01467 ssl->do_crypt = 1; 01468 01469 if( ( ret = ssl_write_record( ssl ) ) != 0 ) 01470 { 01471 SSL_DEBUG_RET( 1, "ssl_write_record", ret ); 01472 return( ret ); 01473 } 01474 01475 SSL_DEBUG_MSG( 2, ( "<= write finished" ) ); 01476 01477 return( 0 ); 01478 } 01479 01480 int ssl_parse_finished( ssl_context *ssl ) 01481 { 01482 int ret, hash_len; 01483 md5_context md5; 01484 sha1_context sha1; 01485 unsigned char buf[36]; 01486 01487 SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); 01488 01489 memcpy( &md5 , &ssl->fin_md5 , sizeof( md5_context ) ); 01490 memcpy( &sha1, &ssl->fin_sha1, sizeof( sha1_context ) ); 01491 01492 ssl->do_crypt = 1; 01493 01494 if( ( ret = ssl_read_record( ssl ) ) != 0 ) 01495 { 01496 SSL_DEBUG_RET( 1, "ssl_read_record", ret ); 01497 return( ret ); 01498 } 01499 01500 if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) 01501 { 01502 SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); 01503 return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE ); 01504 } 01505 01506 hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12; 01507 01508 if( ssl->in_msg[0] != SSL_HS_FINISHED || 01509 ssl->in_hslen != 4 + hash_len ) 01510 { 01511 SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); 01512 return( XYSSL_ERR_SSL_BAD_HS_FINISHED ); 01513 } 01514 01515 ssl_calc_finished( ssl, buf, ssl->endpoint ^ 1, &md5, &sha1 ); 01516 01517 if( memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 ) 01518 { 01519 SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); 01520 return( XYSSL_ERR_SSL_BAD_HS_FINISHED ); 01521 } 01522 01523 if( ssl->resume != 0 ) 01524 { 01525 if( ssl->endpoint == SSL_IS_CLIENT ) 01526 ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC; 01527 01528 if( ssl->endpoint == SSL_IS_SERVER ) 01529 ssl->state = SSL_HANDSHAKE_OVER; 01530 } 01531 else 01532 ssl->state++; 01533 01534 SSL_DEBUG_MSG( 2, ( "<= parse finished" ) ); 01535 01536 return( 0 ); 01537 } 01538 01539 /* 01540 * Initialize an SSL context 01541 */ 01542 int ssl_init( ssl_context *ssl ) 01543 { 01544 int len = SSL_BUFFER_LEN; 01545 01546 memset( ssl, 0, sizeof( ssl_context ) ); 01547 01548 ssl->in_ctr = (unsigned char *) malloc( len ); 01549 ssl->in_hdr = ssl->in_ctr + 8; 01550 ssl->in_msg = ssl->in_ctr + 13; 01551 01552 if( ssl->in_ctr == NULL ) 01553 { 01554 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) ); 01555 return( 1 ); 01556 } 01557 01558 ssl->out_ctr = (unsigned char *) malloc( len ); 01559 ssl->out_hdr = ssl->out_ctr + 8; 01560 ssl->out_msg = ssl->out_ctr + 13; 01561 01562 if( ssl->out_ctr == NULL ) 01563 { 01564 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) ); 01565 free( ssl-> in_ctr ); 01566 return( 1 ); 01567 } 01568 01569 memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN ); 01570 memset( ssl->out_ctr, 0, SSL_BUFFER_LEN ); 01571 01572 ssl->hostname = NULL; 01573 ssl->hostname_len = 0; 01574 01575 md5_starts( &ssl->fin_md5 ); 01576 sha1_starts( &ssl->fin_sha1 ); 01577 01578 return( 0 ); 01579 } 01580 01581 /* 01582 * SSL set accessors 01583 */ 01584 void ssl_set_endpoint( ssl_context *ssl, int endpoint ) 01585 { 01586 ssl->endpoint = endpoint; 01587 } 01588 01589 void ssl_set_authmode( ssl_context *ssl, int authmode ) 01590 { 01591 ssl->authmode = authmode; 01592 } 01593 01594 void ssl_set_rng( ssl_context *ssl, 01595 int (*f_rng)(void *), 01596 void *p_rng ) 01597 { 01598 ssl->f_rng = f_rng; 01599 ssl->p_rng = p_rng; 01600 } 01601 01602 void ssl_set_dbg( ssl_context *ssl, 01603 void (*f_dbg)(void *, int, char *), 01604 void *p_dbg ) 01605 { 01606 ssl->f_dbg = f_dbg; 01607 ssl->p_dbg = p_dbg; 01608 } 01609 01610 void ssl_set_bio( ssl_context *ssl, 01611 int (*f_recv)(void *, unsigned char *, int), void *p_recv, 01612 int (*f_send)(void *, unsigned char *, int), void *p_send ) 01613 { 01614 ssl->f_recv = f_recv; 01615 ssl->f_send = f_send; 01616 ssl->p_recv = p_recv; 01617 ssl->p_send = p_send; 01618 } 01619 01620 void ssl_set_scb( ssl_context *ssl, 01621 int (*s_get)(ssl_context *), 01622 int (*s_set)(ssl_context *) ) 01623 { 01624 ssl->s_get = s_get; 01625 ssl->s_set = s_set; 01626 } 01627 01628 void ssl_set_session( ssl_context *ssl, int resume, int timeout, 01629 ssl_session *session ) 01630 { 01631 ssl->resume = resume; 01632 ssl->timeout = timeout; 01633 ssl->session = session; 01634 } 01635 01636 void ssl_set_ciphers( ssl_context *ssl, int *ciphers ) 01637 { 01638 ssl->ciphers = ciphers; 01639 } 01640 01641 void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain, 01642 char *peer_cn ) 01643 { 01644 ssl->ca_chain = ca_chain; 01645 ssl->peer_cn = peer_cn; 01646 } 01647 01648 void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert, 01649 rsa_context *rsa_key ) 01650 { 01651 ssl->own_cert = own_cert; 01652 ssl->rsa_key = rsa_key; 01653 } 01654 01655 int ssl_set_dh_param( ssl_context *ssl, char *dhm_P, char *dhm_G ) 01656 { 01657 int ret; 01658 01659 if( ( ret = mpi_read_string( &ssl->dhm_ctx.P, 16, dhm_P ) ) != 0 ) 01660 { 01661 SSL_DEBUG_RET( 1, "mpi_read_string", ret ); 01662 return( ret ); 01663 } 01664 01665 if( ( ret = mpi_read_string( &ssl->dhm_ctx.G, 16, dhm_G ) ) != 0 ) 01666 { 01667 SSL_DEBUG_RET( 1, "mpi_read_string", ret ); 01668 return( ret ); 01669 } 01670 01671 return( 0 ); 01672 } 01673 01674 int ssl_set_hostname( ssl_context *ssl, char *hostname ) 01675 { 01676 if( hostname == NULL ) 01677 return( XYSSL_ERR_SSL_BAD_INPUT_DATA ); 01678 01679 ssl->hostname_len = strlen( hostname ); 01680 ssl->hostname = (unsigned char *) malloc( ssl->hostname_len ); 01681 01682 memcpy( ssl->hostname, (unsigned char *) hostname, 01683 ssl->hostname_len ); 01684 01685 return( 0 ); 01686 } 01687 01688 /* 01689 * SSL get accessors 01690 */ 01691 int ssl_get_bytes_avail( ssl_context *ssl ) 01692 { 01693 return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); 01694 } 01695 01696 int ssl_get_verify_result( ssl_context *ssl ) 01697 { 01698 return( ssl->verify_result ); 01699 } 01700 01701 char *ssl_get_cipher( ssl_context *ssl ) 01702 { 01703 switch( ssl->session->cipher ) 01704 { 01705 #if defined(XYSSL_ARC4_C) 01706 case SSL_RSA_RC4_128_MD5: 01707 return( "SSL_RSA_RC4_128_MD5" ); 01708 01709 case SSL_RSA_RC4_128_SHA: 01710 return( "SSL_RSA_RC4_128_SHA" ); 01711 #endif 01712 01713 #if defined(XYSSL_DES_C) 01714 case SSL_RSA_DES_168_SHA: 01715 return( "SSL_RSA_DES_168_SHA" ); 01716 01717 case SSL_EDH_RSA_DES_168_SHA: 01718 return( "SSL_EDH_RSA_DES_168_SHA" ); 01719 #endif 01720 01721 #if defined(XYSSL_AES_C) 01722 case SSL_RSA_AES_128_SHA: 01723 return( "SSL_RSA_AES_128_SHA" ); 01724 01725 case SSL_RSA_AES_256_SHA: 01726 return( "SSL_RSA_AES_256_SHA" ); 01727 01728 case SSL_EDH_RSA_AES_256_SHA: 01729 return( "SSL_EDH_RSA_AES_256_SHA" ); 01730 #endif 01731 01732 default: 01733 break; 01734 } 01735 01736 return( "unknown" ); 01737 } 01738 01739 int ssl_default_ciphers[] = 01740 { 01741 #if defined(XYSSL_DHM_C) 01742 #if defined(XYSSL_AES_C) 01743 SSL_EDH_RSA_AES_256_SHA, 01744 #endif 01745 #if defined(XYSSL_DES_C) 01746 SSL_EDH_RSA_DES_168_SHA, 01747 #endif 01748 #endif 01749 01750 #if defined(XYSSL_AES_C) 01751 SSL_RSA_AES_128_SHA, 01752 SSL_RSA_AES_256_SHA, 01753 #endif 01754 #if defined(XYSSL_DES_C) 01755 SSL_RSA_DES_168_SHA, 01756 #endif 01757 #if defined(XYSSL_ARC4_C) 01758 SSL_RSA_RC4_128_SHA, 01759 SSL_RSA_RC4_128_MD5, 01760 #endif 01761 0 01762 }; 01763 01764 /* 01765 * Perform the SSL handshake 01766 */ 01767 int ssl_handshake( ssl_context *ssl ) 01768 { 01769 int ret = XYSSL_ERR_SSL_FEATURE_UNAVAILABLE; 01770 01771 SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); 01772 01773 #if defined(XYSSL_SSL_CLI_C) 01774 if( ssl->endpoint == SSL_IS_CLIENT ) 01775 ret = ssl_handshake_client( ssl ); 01776 #endif 01777 01778 #if defined(XYSSL_SSL_SRV_C) 01779 if( ssl->endpoint == SSL_IS_SERVER ) 01780 ret = ssl_handshake_server( ssl ); 01781 #endif 01782 01783 SSL_DEBUG_MSG( 2, ( "<= handshake" ) ); 01784 01785 return( ret ); 01786 } 01787 01788 /* 01789 * Receive application data decrypted from the SSL layer 01790 */ 01791 int ssl_read( ssl_context *ssl, unsigned char *buf, int len ) 01792 { 01793 int ret, n; 01794 01795 SSL_DEBUG_MSG( 2, ( "=> read" ) ); 01796 01797 if( ssl->state != SSL_HANDSHAKE_OVER ) 01798 { 01799 if( ( ret = ssl_handshake( ssl ) ) != 0 ) 01800 { 01801 SSL_DEBUG_RET( 1, "ssl_handshake", ret ); 01802 return( ret ); 01803 } 01804 } 01805 01806 if( ssl->in_offt == NULL ) 01807 { 01808 if( ( ret = ssl_read_record( ssl ) ) != 0 ) 01809 { 01810 SSL_DEBUG_RET( 1, "ssl_read_record", ret ); 01811 return( ret ); 01812 } 01813 01814 if( ssl->in_msglen == 0 && 01815 ssl->in_msgtype == SSL_MSG_APPLICATION_DATA ) 01816 { 01817 /* 01818 * OpenSSL sends empty messages to randomize the IV 01819 */ 01820 if( ( ret = ssl_read_record( ssl ) ) != 0 ) 01821 { 01822 SSL_DEBUG_RET( 1, "ssl_read_record", ret ); 01823 return( ret ); 01824 } 01825 } 01826 01827 if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA ) 01828 { 01829 SSL_DEBUG_MSG( 1, ( "bad application data message" ) ); 01830 return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE ); 01831 } 01832 01833 ssl->in_offt = ssl->in_msg; 01834 } 01835 01836 n = ( len < ssl->in_msglen ) 01837 ? len : ssl->in_msglen; 01838 01839 memcpy( buf, ssl->in_offt, n ); 01840 ssl->in_msglen -= n; 01841 01842 if( ssl->in_msglen == 0 ) 01843 /* all bytes consumed */ 01844 ssl->in_offt = NULL; 01845 else 01846 /* more data available */ 01847 ssl->in_offt += n; 01848 01849 SSL_DEBUG_MSG( 2, ( "<= read" ) ); 01850 01851 return( n ); 01852 } 01853 01854 /* 01855 * Send application data to be encrypted by the SSL layer 01856 */ 01857 int ssl_write( ssl_context *ssl, unsigned char *buf, int len ) 01858 { 01859 int ret, n; 01860 01861 SSL_DEBUG_MSG( 2, ( "=> write" ) ); 01862 01863 if( ssl->state != SSL_HANDSHAKE_OVER ) 01864 { 01865 if( ( ret = ssl_handshake( ssl ) ) != 0 ) 01866 { 01867 SSL_DEBUG_RET( 1, "ssl_handshake", ret ); 01868 return( ret ); 01869 } 01870 } 01871 01872 n = ( len < SSL_MAX_CONTENT_LEN ) 01873 ? len : SSL_MAX_CONTENT_LEN; 01874 01875 if( ssl->out_left != 0 ) 01876 { 01877 if( ( ret = ssl_flush_output( ssl ) ) != 0 ) 01878 { 01879 SSL_DEBUG_RET( 1, "ssl_flush_output", ret ); 01880 return( ret ); 01881 } 01882 } 01883 else 01884 { 01885 ssl->out_msglen = n; 01886 ssl->out_msgtype = SSL_MSG_APPLICATION_DATA; 01887 memcpy( ssl->out_msg, buf, n ); 01888 01889 if( ( ret = ssl_write_record( ssl ) ) != 0 ) 01890 { 01891 SSL_DEBUG_RET( 1, "ssl_write_record", ret ); 01892 return( ret ); 01893 } 01894 } 01895 01896 SSL_DEBUG_MSG( 2, ( "<= write" ) ); 01897 01898 return( n ); 01899 } 01900 01901 /* 01902 * Notify the peer that the connection is being closed 01903 */ 01904 int ssl_close_notify( ssl_context *ssl ) 01905 { 01906 int ret; 01907 01908 SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); 01909 01910 if( ( ret = ssl_flush_output( ssl ) ) != 0 ) 01911 { 01912 SSL_DEBUG_RET( 1, "ssl_flush_output", ret ); 01913 return( ret ); 01914 } 01915 01916 if( ssl->state == SSL_HANDSHAKE_OVER ) 01917 { 01918 ssl->out_msgtype = SSL_MSG_ALERT; 01919 ssl->out_msglen = 2; 01920 ssl->out_msg[0] = SSL_ALERT_WARNING; 01921 ssl->out_msg[1] = SSL_ALERT_CLOSE_NOTIFY; 01922 01923 if( ( ret = ssl_write_record( ssl ) ) != 0 ) 01924 { 01925 SSL_DEBUG_RET( 1, "ssl_write_record", ret ); 01926 return( ret ); 01927 } 01928 } 01929 01930 SSL_DEBUG_MSG( 2, ( "<= write close notify" ) ); 01931 01932 return( ret ); 01933 } 01934 01935 /* 01936 * Free an SSL context 01937 */ 01938 void ssl_free( ssl_context *ssl ) 01939 { 01940 SSL_DEBUG_MSG( 2, ( "=> free" ) ); 01941 01942 if( ssl->peer_cert != NULL ) 01943 { 01944 x509_free( ssl->peer_cert ); 01945 memset( ssl->peer_cert, 0, sizeof( x509_cert ) ); 01946 free( ssl->peer_cert ); 01947 } 01948 01949 if( ssl->out_ctr != NULL ) 01950 { 01951 memset( ssl->out_ctr, 0, SSL_BUFFER_LEN ); 01952 free( ssl->out_ctr ); 01953 } 01954 01955 if( ssl->in_ctr != NULL ) 01956 { 01957 memset( ssl->in_ctr, 0, SSL_BUFFER_LEN ); 01958 free( ssl->in_ctr ); 01959 } 01960 01961 #if defined(XYSSL_DHM_C) 01962 dhm_free( &ssl->dhm_ctx ); 01963 #endif 01964 01965 if ( ssl->hostname != NULL) 01966 { 01967 memset( ssl->hostname, 0, ssl->hostname_len ); 01968 free( ssl->hostname ); 01969 ssl->hostname_len = 0; 01970 } 01971 01972 memset( ssl, 0, sizeof( ssl_context ) ); 01973 01974 SSL_DEBUG_MSG( 2, ( "<= free" ) ); 01975 } 01976 01977 #endif