2
0

tls1.c 54 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057
  1. /*
  2. * Copyright (c) 2007, Cameron Rich
  3. *
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions are met:
  8. *
  9. * * Redistributions of source code must retain the above copyright notice,
  10. * this list of conditions and the following disclaimer.
  11. * * Redistributions in binary form must reproduce the above copyright notice,
  12. * this list of conditions and the following disclaimer in the documentation
  13. * and/or other materials provided with the distribution.
  14. * * Neither the name of the axTLS project nor the names of its contributors
  15. * may be used to endorse or promote products derived from this software
  16. * without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
  22. * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  23. * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  24. * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  25. * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  26. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  27. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. */
  30. /**
  31. * Common ssl/tlsv1 code to both the client and server implementations.
  32. */
  33. #include <string.h>
  34. #include <stdlib.h>
  35. #include <stdio.h>
  36. #include <stdarg.h>
  37. #include "ssl.h"
  38. /* The session expiry time */
  39. #define SSL_EXPIRY_TIME (CONFIG_SSL_EXPIRY_TIME*3600)
  40. static const uint8_t g_hello_request[] = { HS_HELLO_REQUEST, 0, 0, 0 };
  41. static const uint8_t g_chg_cipher_spec_pkt[] = { 1 };
  42. static const char * server_finished = "server finished";
  43. static const char * client_finished = "client finished";
  44. static int do_handshake(SSL *ssl, uint8_t *buf, int read_len);
  45. static void set_key_block(SSL *ssl, int is_write);
  46. static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
  47. static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt);
  48. static int send_raw_packet(SSL *ssl, uint8_t protocol);
  49. /**
  50. * The server will pick the cipher based on the order that the order that the
  51. * ciphers are listed. This order is defined at compile time.
  52. */
  53. #ifdef CONFIG_SSL_SKELETON_MODE
  54. const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] =
  55. { SSL_RC4_128_SHA };
  56. #else
  57. static void session_free(SSL_SESSION *ssl_sessions[], int sess_index);
  58. const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] =
  59. #ifdef CONFIG_SSL_PROT_LOW /* low security, fast speed */
  60. { SSL_RC4_128_SHA, SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_MD5 };
  61. #elif CONFIG_SSL_PROT_MEDIUM /* medium security, medium speed */
  62. { SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };
  63. #else /* CONFIG_SSL_PROT_HIGH */ /* high security, low speed */
  64. { SSL_AES256_SHA, SSL_AES128_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };
  65. #endif
  66. #endif /* CONFIG_SSL_SKELETON_MODE */
  67. /**
  68. * The cipher map containing all the essentials for each cipher.
  69. */
  70. #ifdef CONFIG_SSL_SKELETON_MODE
  71. static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
  72. {
  73. { /* RC4-SHA */
  74. SSL_RC4_128_SHA, /* RC4-SHA */
  75. 16, /* key size */
  76. 0, /* iv size */
  77. 2*(SHA1_SIZE+16), /* key block size */
  78. 0, /* no padding */
  79. SHA1_SIZE, /* digest size */
  80. hmac_sha1, /* hmac algorithm */
  81. (crypt_func)RC4_crypt, /* encrypt */
  82. (crypt_func)RC4_crypt /* decrypt */
  83. },
  84. };
  85. #else
  86. static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
  87. {
  88. { /* AES128-SHA */
  89. SSL_AES128_SHA, /* AES128-SHA */
  90. 16, /* key size */
  91. 16, /* iv size */
  92. 2*(SHA1_SIZE+16+16), /* key block size */
  93. 16, /* block padding size */
  94. SHA1_SIZE, /* digest size */
  95. hmac_sha1, /* hmac algorithm */
  96. (crypt_func)AES_cbc_encrypt, /* encrypt */
  97. (crypt_func)AES_cbc_decrypt /* decrypt */
  98. },
  99. { /* AES256-SHA */
  100. SSL_AES256_SHA, /* AES256-SHA */
  101. 32, /* key size */
  102. 16, /* iv size */
  103. 2*(SHA1_SIZE+32+16), /* key block size */
  104. 16, /* block padding size */
  105. SHA1_SIZE, /* digest size */
  106. hmac_sha1, /* hmac algorithm */
  107. (crypt_func)AES_cbc_encrypt, /* encrypt */
  108. (crypt_func)AES_cbc_decrypt /* decrypt */
  109. },
  110. { /* RC4-SHA */
  111. SSL_RC4_128_SHA, /* RC4-SHA */
  112. 16, /* key size */
  113. 0, /* iv size */
  114. 2*(SHA1_SIZE+16), /* key block size */
  115. 0, /* no padding */
  116. SHA1_SIZE, /* digest size */
  117. hmac_sha1, /* hmac algorithm */
  118. (crypt_func)RC4_crypt, /* encrypt */
  119. (crypt_func)RC4_crypt /* decrypt */
  120. },
  121. /*
  122. * This protocol is from SSLv2 days and is unlikely to be used - but was
  123. * useful for testing different possible digest algorithms.
  124. */
  125. { /* RC4-MD5 */
  126. SSL_RC4_128_MD5, /* RC4-MD5 */
  127. 16, /* key size */
  128. 0, /* iv size */
  129. 2*(MD5_SIZE+16), /* key block size */
  130. 0, /* no padding */
  131. MD5_SIZE, /* digest size */
  132. hmac_md5, /* hmac algorithm */
  133. (crypt_func)RC4_crypt, /* encrypt */
  134. (crypt_func)RC4_crypt /* decrypt */
  135. },
  136. };
  137. #endif
  138. static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
  139. uint8_t *out, int olen);
  140. static const cipher_info_t *get_cipher_info(uint8_t cipher);
  141. static void increment_read_sequence(SSL *ssl);
  142. static void increment_write_sequence(SSL *ssl);
  143. static void add_hmac_digest(SSL *ssl, int snd, uint8_t *hmac_header,
  144. const uint8_t *buf, int buf_len, uint8_t *hmac_buf);
  145. /* win32 VC6.0 doesn't have variadic macros */
  146. #if defined(WIN32) && !defined(CONFIG_SSL_FULL_MODE)
  147. void DISPLAY_BYTES(SSL *ssl, const char *format,
  148. const uint8_t *data, int size, ...) {}
  149. #endif
  150. /**
  151. * Establish a new client/server context.
  152. */
  153. EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
  154. {
  155. SSL_CTX *ssl_ctx = (SSL_CTX *)calloc(1, sizeof (SSL_CTX));
  156. ssl_ctx->options = options;
  157. if (load_key_certs(ssl_ctx) < 0)
  158. {
  159. free(ssl_ctx); /* can't load our key/certificate pair, so die */
  160. return NULL;
  161. }
  162. #ifndef CONFIG_SSL_SKELETON_MODE
  163. ssl_ctx->num_sessions = num_sessions;
  164. #endif
  165. SSL_CTX_MUTEX_INIT(ssl_ctx->mutex);
  166. #ifndef CONFIG_SSL_SKELETON_MODE
  167. if (num_sessions)
  168. {
  169. ssl_ctx->ssl_sessions = (SSL_SESSION **)
  170. calloc(1, num_sessions*sizeof(SSL_SESSION *));
  171. }
  172. #endif
  173. return ssl_ctx;
  174. }
  175. /*
  176. * Remove a client/server context.
  177. */
  178. EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx)
  179. {
  180. SSL *ssl;
  181. int i;
  182. if (ssl_ctx == NULL)
  183. return;
  184. ssl = ssl_ctx->head;
  185. /* clear out all the ssl entries */
  186. while (ssl)
  187. {
  188. SSL *next = ssl->next;
  189. ssl_free(ssl);
  190. ssl = next;
  191. }
  192. #ifndef CONFIG_SSL_SKELETON_MODE
  193. /* clear out all the sessions */
  194. for (i = 0; i < ssl_ctx->num_sessions; i++)
  195. session_free(ssl_ctx->ssl_sessions, i);
  196. free(ssl_ctx->ssl_sessions);
  197. #endif
  198. i = 0;
  199. while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf)
  200. {
  201. free(ssl_ctx->certs[i].buf);
  202. ssl_ctx->certs[i++].buf = NULL;
  203. }
  204. #ifdef CONFIG_SSL_CERT_VERIFICATION
  205. remove_ca_certs(ssl_ctx->ca_cert_ctx);
  206. #endif
  207. ssl_ctx->chain_length = 0;
  208. SSL_CTX_MUTEX_DESTROY(ssl_ctx->mutex);
  209. RSA_free(ssl_ctx->rsa_ctx);
  210. RNG_terminate();
  211. free(ssl_ctx);
  212. }
  213. /*
  214. * Free any used resources used by this connection.
  215. */
  216. EXP_FUNC void STDCALL ssl_free(SSL *ssl)
  217. {
  218. SSL_CTX *ssl_ctx;
  219. if (ssl == NULL) /* just ignore null pointers */
  220. return;
  221. /* spec says we must notify when we are dying */
  222. send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
  223. ssl_ctx = ssl->ssl_ctx;
  224. SSL_CTX_LOCK(ssl_ctx->mutex);
  225. /* adjust the server SSL list */
  226. if (ssl->prev)
  227. ssl->prev->next = ssl->next;
  228. else
  229. ssl_ctx->head = ssl->next;
  230. if (ssl->next)
  231. ssl->next->prev = ssl->prev;
  232. else
  233. ssl_ctx->tail = ssl->prev;
  234. SSL_CTX_UNLOCK(ssl_ctx->mutex);
  235. /* may already be free - but be sure */
  236. free(ssl->encrypt_ctx);
  237. free(ssl->decrypt_ctx);
  238. disposable_free(ssl);
  239. #ifdef CONFIG_SSL_CERT_VERIFICATION
  240. x509_free(ssl->x509_ctx);
  241. #endif
  242. free(ssl);
  243. }
  244. /*
  245. * Read the SSL connection and send any alerts for various errors.
  246. */
  247. EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
  248. {
  249. int ret = basic_read(ssl, in_data);
  250. /* check for return code so we can send an alert */
  251. if (ret < SSL_OK)
  252. {
  253. if (ret != SSL_ERROR_CONN_LOST)
  254. {
  255. send_alert(ssl, ret);
  256. #ifndef CONFIG_SSL_SKELETON_MODE
  257. /* something nasty happened, so get rid of this session */
  258. kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
  259. #endif
  260. }
  261. }
  262. return ret;
  263. }
  264. /*
  265. * Write application data to the client
  266. */
  267. EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
  268. {
  269. int n = out_len, nw, i, tot = 0;
  270. /* maximum size of a TLS packet is around 16kB, so fragment */
  271. do
  272. {
  273. nw = n;
  274. if (nw > RT_MAX_PLAIN_LENGTH) /* fragment if necessary */
  275. nw = RT_MAX_PLAIN_LENGTH;
  276. if ((i = send_packet(ssl, PT_APP_PROTOCOL_DATA,
  277. &out_data[tot], nw)) <= 0)
  278. {
  279. out_len = i; /* an error */
  280. break;
  281. }
  282. tot += i;
  283. n -= i;
  284. } while (n > 0);
  285. return out_len;
  286. }
  287. /**
  288. * Add a certificate to the certificate chain.
  289. */
  290. int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
  291. {
  292. int ret = SSL_ERROR_NO_CERT_DEFINED, i = 0;
  293. SSL_CERT *ssl_cert;
  294. X509_CTX *cert = NULL;
  295. int offset;
  296. while (ssl_ctx->certs[i].buf && i < CONFIG_SSL_MAX_CERTS)
  297. i++;
  298. if (i == CONFIG_SSL_MAX_CERTS) /* too many certs */
  299. {
  300. #ifdef CONFIG_SSL_FULL_MODE
  301. printf("Error: maximum number of certs added - change of "
  302. "compile-time configuration required\n");
  303. #endif
  304. goto error;
  305. }
  306. if ((ret = x509_new(buf, &offset, &cert)))
  307. goto error;
  308. #if defined (CONFIG_SSL_FULL_MODE)
  309. if (ssl_ctx->options & SSL_DISPLAY_CERTS)
  310. x509_print(cert, NULL);
  311. #endif
  312. ssl_cert = &ssl_ctx->certs[i];
  313. ssl_cert->size = len;
  314. ssl_cert->buf = (uint8_t *)malloc(len);
  315. memcpy(ssl_cert->buf, buf, len);
  316. ssl_ctx->chain_length++;
  317. len -= offset;
  318. ret = SSL_OK; /* ok so far */
  319. /* recurse? */
  320. if (len > 0)
  321. {
  322. ret = add_cert(ssl_ctx, &buf[offset], len);
  323. }
  324. error:
  325. x509_free(cert); /* don't need anymore */
  326. return ret;
  327. }
  328. #ifdef CONFIG_SSL_CERT_VERIFICATION
  329. /**
  330. * Add a certificate authority.
  331. */
  332. int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
  333. {
  334. int ret = SSL_ERROR_NO_CERT_DEFINED;
  335. int i = 0;
  336. int offset;
  337. CA_CERT_CTX *ca_cert_ctx;
  338. if (ssl_ctx->ca_cert_ctx == NULL)
  339. ssl_ctx->ca_cert_ctx = (CA_CERT_CTX *)calloc(1, sizeof(CA_CERT_CTX));
  340. ca_cert_ctx = ssl_ctx->ca_cert_ctx;
  341. while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
  342. i++;
  343. if (i > CONFIG_X509_MAX_CA_CERTS)
  344. {
  345. #ifdef CONFIG_SSL_FULL_MODE
  346. printf("Error: maximum number of CA certs added - change of "
  347. "compile-time configuration required\n");
  348. #endif
  349. goto error;
  350. }
  351. if ((ret = x509_new(buf, &offset, &ca_cert_ctx->cert[i])))
  352. goto error;
  353. len -= offset;
  354. ret = SSL_OK; /* ok so far */
  355. /* recurse? */
  356. if (len > 0)
  357. ret = add_cert_auth(ssl_ctx, &buf[offset], len);
  358. error:
  359. return ret;
  360. }
  361. /*
  362. * Retrieve an X.509 distinguished name component
  363. */
  364. EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
  365. {
  366. if (ssl->x509_ctx == NULL)
  367. return NULL;
  368. switch (component)
  369. {
  370. case SSL_X509_CERT_COMMON_NAME:
  371. return ssl->x509_ctx->cert_dn[X509_COMMON_NAME];
  372. case SSL_X509_CERT_ORGANIZATION:
  373. return ssl->x509_ctx->cert_dn[X509_ORGANIZATION];
  374. case SSL_X509_CERT_ORGANIZATIONAL_NAME:
  375. return ssl->x509_ctx->cert_dn[X509_ORGANIZATIONAL_UNIT];
  376. case SSL_X509_CA_CERT_COMMON_NAME:
  377. return ssl->x509_ctx->ca_cert_dn[X509_COMMON_NAME];
  378. case SSL_X509_CA_CERT_ORGANIZATION:
  379. return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATION];
  380. case SSL_X509_CA_CERT_ORGANIZATIONAL_NAME:
  381. return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATIONAL_UNIT];
  382. default:
  383. return NULL;
  384. }
  385. }
  386. #endif
  387. /*
  388. * Find an ssl object based on the client's file descriptor.
  389. */
  390. EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd)
  391. {
  392. SSL *ssl;
  393. SSL_CTX_LOCK(ssl_ctx->mutex);
  394. ssl = ssl_ctx->head;
  395. /* search through all the ssl entries */
  396. while (ssl)
  397. {
  398. if (ssl->client_fd == client_fd)
  399. {
  400. SSL_CTX_UNLOCK(ssl_ctx->mutex);
  401. return ssl;
  402. }
  403. ssl = ssl->next;
  404. }
  405. SSL_CTX_UNLOCK(ssl_ctx->mutex);
  406. return NULL;
  407. }
  408. /*
  409. * Force the client to perform its handshake again.
  410. */
  411. EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl)
  412. {
  413. int ret = SSL_OK;
  414. disposable_new(ssl);
  415. #ifdef CONFIG_SSL_ENABLE_CLIENT
  416. if (IS_SET_SSL_FLAG(SSL_IS_CLIENT))
  417. {
  418. ret = do_client_connect(ssl);
  419. }
  420. else
  421. #endif
  422. {
  423. send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
  424. g_hello_request, sizeof(g_hello_request));
  425. SET_SSL_FLAG(SSL_NEED_RECORD);
  426. }
  427. return ret;
  428. }
  429. /**
  430. * @brief Get what we need for key info.
  431. * @param cipher [in] The cipher information we are after
  432. * @param key_size [out] The key size for the cipher
  433. * @param iv_size [out] The iv size for the cipher
  434. * @return The amount of key information we need.
  435. */
  436. static const cipher_info_t *get_cipher_info(uint8_t cipher)
  437. {
  438. int i;
  439. for (i = 0; i < NUM_PROTOCOLS; i++)
  440. {
  441. if (cipher_info[i].cipher == cipher)
  442. {
  443. return &cipher_info[i];
  444. }
  445. }
  446. return NULL; /* error */
  447. }
  448. /*
  449. * Get a new ssl context for a new connection.
  450. */
  451. SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
  452. {
  453. SSL *ssl = (SSL *)calloc(1, sizeof(SSL));
  454. ssl->ssl_ctx = ssl_ctx;
  455. ssl->need_bytes = SSL_RECORD_SIZE; /* need a record */
  456. ssl->client_fd = client_fd;
  457. ssl->flag = SSL_NEED_RECORD;
  458. ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */
  459. ssl->hs_status = SSL_NOT_OK; /* not connected */
  460. #ifdef CONFIG_ENABLE_VERIFICATION
  461. ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
  462. #endif
  463. disposable_new(ssl);
  464. /* a bit hacky but saves a few bytes of memory */
  465. ssl->flag |= ssl_ctx->options;
  466. SSL_CTX_LOCK(ssl_ctx->mutex);
  467. if (ssl_ctx->head == NULL)
  468. {
  469. ssl_ctx->head = ssl;
  470. ssl_ctx->tail = ssl;
  471. }
  472. else
  473. {
  474. ssl->prev = ssl_ctx->tail;
  475. ssl_ctx->tail->next = ssl;
  476. ssl_ctx->tail = ssl;
  477. }
  478. SSL_CTX_UNLOCK(ssl_ctx->mutex);
  479. return ssl;
  480. }
  481. /*
  482. * Add a private key to a context.
  483. */
  484. int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj)
  485. {
  486. int ret = SSL_OK;
  487. /* get the private key details */
  488. if (asn1_get_private_key(ssl_obj->buf, ssl_obj->len, &ssl_ctx->rsa_ctx))
  489. {
  490. ret = SSL_ERROR_INVALID_KEY;
  491. goto error;
  492. }
  493. error:
  494. return ret;
  495. }
  496. /**
  497. * Increment the read sequence number (as a 64 bit endian indepenent #)
  498. */
  499. static void increment_read_sequence(SSL *ssl)
  500. {
  501. int i;
  502. for (i = 7; i >= 0; i--)
  503. {
  504. if (++ssl->read_sequence[i])
  505. break;
  506. }
  507. }
  508. /**
  509. * Increment the read sequence number (as a 64 bit endian indepenent #)
  510. */
  511. static void increment_write_sequence(SSL *ssl)
  512. {
  513. int i;
  514. for (i = 7; i >= 0; i--)
  515. {
  516. if (++ssl->write_sequence[i])
  517. break;
  518. }
  519. }
  520. /**
  521. * Work out the HMAC digest in a packet.
  522. */
  523. static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
  524. const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
  525. {
  526. int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
  527. uint8_t *t_buf = (uint8_t *)alloca(hmac_len+10);
  528. memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ?
  529. ssl->write_sequence : ssl->read_sequence, 8);
  530. memcpy(&t_buf[8], hmac_header, SSL_RECORD_SIZE);
  531. memcpy(&t_buf[8+SSL_RECORD_SIZE], buf, buf_len);
  532. ssl->cipher_info->hmac(t_buf, hmac_len,
  533. (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ?
  534. ssl->server_mac : ssl->client_mac,
  535. ssl->cipher_info->digest_size, hmac_buf);
  536. #if 0
  537. print_blob("record", ssl->hmac_tx, SSL_RECORD_SIZE);
  538. print_blob("buf", buf, buf_len);
  539. if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE)
  540. {
  541. print_blob("write seq", ssl->write_sequence, 8);
  542. }
  543. else
  544. {
  545. print_blob("read seq", ssl->read_sequence, 8);
  546. }
  547. if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ)
  548. {
  549. print_blob("server mac",
  550. ssl->server_mac, ssl->cipher_info->digest_size);
  551. }
  552. else
  553. {
  554. print_blob("client mac",
  555. ssl->client_mac, ssl->cipher_info->digest_size);
  556. }
  557. print_blob("hmac", hmac_buf, SHA1_SIZE);
  558. #endif
  559. }
  560. /**
  561. * Verify that the digest of a packet is correct.
  562. */
  563. static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
  564. {
  565. uint8_t hmac_buf[SHA1_SIZE];
  566. int hmac_offset;
  567. if (ssl->cipher_info->padding_size)
  568. {
  569. hmac_offset = read_len-buf[read_len-1]-ssl->cipher_info->digest_size-1;
  570. }
  571. else
  572. {
  573. hmac_offset = read_len - ssl->cipher_info->digest_size;
  574. }
  575. /* sanity check the offset */
  576. if (hmac_offset < 0)
  577. {
  578. return SSL_ERROR_INVALID_HMAC;
  579. }
  580. ssl->hmac_header[3] = hmac_offset >> 8; /* insert size */
  581. ssl->hmac_header[4] = hmac_offset & 0xff;
  582. add_hmac_digest(ssl, mode, ssl->hmac_header, buf, hmac_offset, hmac_buf);
  583. if (memcmp(hmac_buf, &buf[hmac_offset], ssl->cipher_info->digest_size))
  584. {
  585. return SSL_ERROR_INVALID_HMAC;
  586. }
  587. return hmac_offset;
  588. }
  589. /**
  590. * Add a packet to the end of our sent and received packets, so that we may use
  591. * it to calculate the hash at the end.
  592. */
  593. void add_packet(SSL *ssl, const uint8_t *pkt, int len)
  594. {
  595. MD5_Update(&ssl->dc->md5_ctx, pkt, len);
  596. SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
  597. }
  598. /**
  599. * Work out the MD5 PRF.
  600. */
  601. static void p_hash_md5(const uint8_t *sec, int sec_len,
  602. uint8_t *seed, int seed_len, uint8_t *out, int olen)
  603. {
  604. uint8_t a1[128];
  605. /* A(1) */
  606. hmac_md5(seed, seed_len, sec, sec_len, a1);
  607. memcpy(&a1[MD5_SIZE], seed, seed_len);
  608. hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
  609. while (olen > MD5_SIZE)
  610. {
  611. uint8_t a2[MD5_SIZE];
  612. out += MD5_SIZE;
  613. olen -= MD5_SIZE;
  614. /* A(N) */
  615. hmac_md5(a1, MD5_SIZE, sec, sec_len, a2);
  616. memcpy(a1, a2, MD5_SIZE);
  617. /* work out the actual hash */
  618. hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
  619. }
  620. }
  621. /**
  622. * Work out the SHA1 PRF.
  623. */
  624. static void p_hash_sha1(const uint8_t *sec, int sec_len,
  625. uint8_t *seed, int seed_len, uint8_t *out, int olen)
  626. {
  627. uint8_t a1[128];
  628. /* A(1) */
  629. hmac_sha1(seed, seed_len, sec, sec_len, a1);
  630. memcpy(&a1[SHA1_SIZE], seed, seed_len);
  631. hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
  632. while (olen > SHA1_SIZE)
  633. {
  634. uint8_t a2[SHA1_SIZE];
  635. out += SHA1_SIZE;
  636. olen -= SHA1_SIZE;
  637. /* A(N) */
  638. hmac_sha1(a1, SHA1_SIZE, sec, sec_len, a2);
  639. memcpy(a1, a2, SHA1_SIZE);
  640. /* work out the actual hash */
  641. hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
  642. }
  643. }
  644. /**
  645. * Work out the PRF.
  646. */
  647. static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
  648. uint8_t *out, int olen)
  649. {
  650. int len, i;
  651. const uint8_t *S1, *S2;
  652. uint8_t xbuf[256]; /* needs to be > the amount of key data */
  653. uint8_t ybuf[256]; /* needs to be > the amount of key data */
  654. len = sec_len/2;
  655. S1 = sec;
  656. S2 = &sec[len];
  657. len += (sec_len & 1); /* add for odd, make longer */
  658. p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
  659. p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
  660. for (i = 0; i < olen; i++)
  661. out[i] = xbuf[i] ^ ybuf[i];
  662. }
  663. /**
  664. * Generate a master secret based on the client/server random data and the
  665. * premaster secret.
  666. */
  667. void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
  668. {
  669. uint8_t buf[128]; /* needs to be > 13+32+32 in size */
  670. strcpy((char *)buf, "master secret");
  671. memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
  672. memcpy(&buf[45], ssl->dc->server_random, SSL_RANDOM_SIZE);
  673. prf(premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->dc->master_secret,
  674. SSL_SECRET_SIZE);
  675. }
  676. /**
  677. * Generate a 'random' blob of data used for the generation of keys.
  678. */
  679. static void generate_key_block(uint8_t *client_random, uint8_t *server_random,
  680. uint8_t *master_secret, uint8_t *key_block, int key_block_size)
  681. {
  682. uint8_t buf[128];
  683. strcpy((char *)buf, "key expansion");
  684. memcpy(&buf[13], server_random, SSL_RANDOM_SIZE);
  685. memcpy(&buf[45], client_random, SSL_RANDOM_SIZE);
  686. prf(master_secret, SSL_SECRET_SIZE, buf, 77, key_block, key_block_size);
  687. }
  688. /**
  689. * Calculate the digest used in the finished message. This function also
  690. * doubles up as a certificate verify function.
  691. */
  692. void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
  693. {
  694. uint8_t mac_buf[128];
  695. uint8_t *q = mac_buf;
  696. MD5_CTX md5_ctx = ssl->dc->md5_ctx;
  697. SHA1_CTX sha1_ctx = ssl->dc->sha1_ctx;
  698. if (label)
  699. {
  700. strcpy((char *)q, label);
  701. q += strlen(label);
  702. }
  703. MD5_Final(q, &md5_ctx);
  704. q += MD5_SIZE;
  705. SHA1_Final(q, &sha1_ctx);
  706. q += SHA1_SIZE;
  707. if (label)
  708. {
  709. prf(ssl->dc->master_secret, SSL_SECRET_SIZE, mac_buf, (int)(q-mac_buf),
  710. digest, SSL_FINISHED_HASH_SIZE);
  711. }
  712. else /* for use in a certificate verify */
  713. {
  714. memcpy(digest, mac_buf, MD5_SIZE + SHA1_SIZE);
  715. }
  716. #if 0
  717. printf("label: %s\n", label);
  718. print_blob("master secret", ssl->dc->master_secret, 48);
  719. print_blob("mac_buf", mac_buf, q-mac_buf);
  720. print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
  721. #endif
  722. }
  723. /**
  724. * Retrieve (and initialise) the context of a cipher.
  725. */
  726. static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
  727. {
  728. switch (ssl->cipher)
  729. {
  730. #ifndef CONFIG_SSL_SKELETON_MODE
  731. case SSL_AES128_SHA:
  732. {
  733. AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
  734. AES_set_key(aes_ctx, key, iv, AES_MODE_128);
  735. if (is_decrypt)
  736. {
  737. AES_convert_key(aes_ctx);
  738. }
  739. return (void *)aes_ctx;
  740. }
  741. case SSL_AES256_SHA:
  742. {
  743. AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
  744. AES_set_key(aes_ctx, key, iv, AES_MODE_256);
  745. if (is_decrypt)
  746. {
  747. AES_convert_key(aes_ctx);
  748. }
  749. return (void *)aes_ctx;
  750. }
  751. break;
  752. case SSL_RC4_128_MD5:
  753. #endif
  754. case SSL_RC4_128_SHA:
  755. {
  756. RC4_CTX *rc4_ctx = (RC4_CTX *)malloc(sizeof(RC4_CTX));
  757. RC4_setup(rc4_ctx, key, 16);
  758. return (void *)rc4_ctx;
  759. }
  760. break;
  761. }
  762. return NULL; /* its all gone wrong */
  763. }
  764. /**
  765. * Send a packet over the socket.
  766. */
  767. static int send_raw_packet(SSL *ssl, uint8_t protocol)
  768. {
  769. uint8_t *rec_buf = ssl->bm_all_data;
  770. int pkt_size = SSL_RECORD_SIZE+ssl->bm_index;
  771. int sent = 0;
  772. int ret = SSL_OK;
  773. rec_buf[0] = protocol;
  774. rec_buf[1] = 0x03; /* version = 3.1 (TLS) */
  775. rec_buf[2] = 0x01;
  776. rec_buf[3] = ssl->bm_index >> 8;
  777. rec_buf[4] = ssl->bm_index & 0xff;
  778. DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_all_data,
  779. pkt_size, pkt_size);
  780. while (sent < pkt_size)
  781. {
  782. if ((ret = SOCKET_WRITE(ssl->client_fd,
  783. &ssl->bm_all_data[sent], pkt_size)) < 0)
  784. {
  785. ret = SSL_ERROR_CONN_LOST;
  786. break;
  787. }
  788. sent += ret;
  789. /* keep going until the write buffer has some space */
  790. if (sent != pkt_size)
  791. {
  792. fd_set wfds;
  793. FD_ZERO(&wfds);
  794. FD_SET(ssl->client_fd, &wfds);
  795. if (select(ssl->client_fd + 1, NULL, &wfds, NULL, NULL) < 0)
  796. {
  797. ret = SSL_ERROR_CONN_LOST;
  798. break;
  799. }
  800. }
  801. }
  802. SET_SSL_FLAG(SSL_NEED_RECORD); /* reset for next time */
  803. ssl->bm_index = 0;
  804. if (protocol != PT_APP_PROTOCOL_DATA)
  805. {
  806. /* always return SSL_OK during handshake */
  807. ret = SSL_OK;
  808. }
  809. return ret;
  810. }
  811. /**
  812. * Send an encrypted packet with padding bytes if necessary.
  813. */
  814. int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
  815. {
  816. int msg_length = length;
  817. int ret, pad_bytes = 0;
  818. ssl->bm_index = msg_length;
  819. /* if our state is bad, don't bother */
  820. if (ssl->hs_status == SSL_ERROR_DEAD)
  821. return SSL_ERROR_CONN_LOST;
  822. if (in) /* has the buffer already been initialised? */
  823. {
  824. memcpy(ssl->bm_data, in, length);
  825. }
  826. if (IS_SET_SSL_FLAG(SSL_TX_ENCRYPTED))
  827. {
  828. int mode = IS_SET_SSL_FLAG(SSL_IS_CLIENT) ?
  829. SSL_CLIENT_WRITE : SSL_SERVER_WRITE;
  830. uint8_t hmac_header[SSL_RECORD_SIZE];
  831. hmac_header[0] = protocol;
  832. hmac_header[1] = 0x03;
  833. hmac_header[2] = 0x01;
  834. hmac_header[3] = length >> 8;
  835. hmac_header[4] = length & 0xff;
  836. if (protocol == PT_HANDSHAKE_PROTOCOL)
  837. {
  838. DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
  839. if (ssl->bm_data[0] != HS_HELLO_REQUEST)
  840. {
  841. add_packet(ssl, ssl->bm_data, ssl->bm_index);
  842. }
  843. }
  844. /* add the packet digest */
  845. msg_length += ssl->cipher_info->digest_size;
  846. ssl->bm_index = msg_length;
  847. add_hmac_digest(ssl, mode, hmac_header, ssl->bm_data, length,
  848. &ssl->bm_data[length]);
  849. /* add padding? */
  850. if (ssl->cipher_info->padding_size)
  851. {
  852. int last_blk_size = msg_length%ssl->cipher_info->padding_size;
  853. pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
  854. /* ensure we always have at least 1 padding byte */
  855. if (pad_bytes == 0)
  856. pad_bytes += ssl->cipher_info->padding_size;
  857. memset(&ssl->bm_data[msg_length], pad_bytes-1, pad_bytes);
  858. msg_length += pad_bytes;
  859. ssl->bm_index = msg_length;
  860. }
  861. DISPLAY_BYTES(ssl, "unencrypted write", ssl->bm_data, msg_length);
  862. increment_write_sequence(ssl);
  863. /* now encrypt the packet */
  864. ssl->cipher_info->encrypt(ssl->encrypt_ctx, ssl->bm_data,
  865. ssl->bm_data, msg_length);
  866. }
  867. else if (protocol == PT_HANDSHAKE_PROTOCOL)
  868. {
  869. DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
  870. if (ssl->bm_data[0] != HS_HELLO_REQUEST)
  871. {
  872. add_packet(ssl, ssl->bm_data, ssl->bm_index);
  873. }
  874. }
  875. if ((ret = send_raw_packet(ssl, protocol)) <= 0)
  876. return ret;
  877. return length; /* just return what we wanted to send */
  878. }
  879. /**
  880. * Work out the cipher keys we are going to use for this session based on the
  881. * master secret.
  882. */
  883. static void set_key_block(SSL *ssl, int is_write)
  884. {
  885. const cipher_info_t *ciph_info = get_cipher_info(ssl->cipher);
  886. uint8_t *q;
  887. uint8_t client_key[32], server_key[32]; /* big enough for AES256 */
  888. uint8_t client_iv[16], server_iv[16]; /* big enough for AES128/256 */
  889. int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
  890. /* only do once in a handshake */
  891. if (ssl->dc->key_block == NULL)
  892. {
  893. ssl->dc->key_block = (uint8_t *)malloc(ciph_info->key_block_size);
  894. #if 0
  895. print_blob("client", ssl->dc->client_random, 32);
  896. print_blob("server", ssl->dc->server_random, 32);
  897. print_blob("master", ssl->dc->master_secret, SSL_SECRET_SIZE);
  898. #endif
  899. generate_key_block(ssl->dc->client_random, ssl->dc->server_random,
  900. ssl->dc->master_secret, ssl->dc->key_block,
  901. ciph_info->key_block_size);
  902. #if 0
  903. print_blob("keyblock", ssl->key_block, ciph_info->key_block_size);
  904. #endif
  905. }
  906. q = ssl->dc->key_block;
  907. if ((is_client && is_write) || (!is_client && !is_write))
  908. {
  909. memcpy(ssl->client_mac, q, ciph_info->digest_size);
  910. }
  911. q += ciph_info->digest_size;
  912. if ((!is_client && is_write) || (is_client && !is_write))
  913. {
  914. memcpy(ssl->server_mac, q, ciph_info->digest_size);
  915. }
  916. q += ciph_info->digest_size;
  917. memcpy(client_key, q, ciph_info->key_size);
  918. q += ciph_info->key_size;
  919. memcpy(server_key, q, ciph_info->key_size);
  920. q += ciph_info->key_size;
  921. #ifndef CONFIG_SSL_SKELETON_MODE
  922. if (ciph_info->iv_size) /* RC4 has no IV, AES does */
  923. {
  924. memcpy(client_iv, q, ciph_info->iv_size);
  925. q += ciph_info->iv_size;
  926. memcpy(server_iv, q, ciph_info->iv_size);
  927. q += ciph_info->iv_size;
  928. }
  929. #endif
  930. free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
  931. /* now initialise the ciphers */
  932. if (is_client)
  933. {
  934. finished_digest(ssl, server_finished, ssl->dc->final_finish_mac);
  935. if (is_write)
  936. ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0);
  937. else
  938. ssl->decrypt_ctx = crypt_new(ssl, server_key, server_iv, 1);
  939. }
  940. else
  941. {
  942. finished_digest(ssl, client_finished, ssl->dc->final_finish_mac);
  943. if (is_write)
  944. ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0);
  945. else
  946. ssl->decrypt_ctx = crypt_new(ssl, client_key, client_iv, 1);
  947. }
  948. ssl->cipher_info = ciph_info;
  949. }
  950. /**
  951. * Read the SSL connection.
  952. */
  953. int basic_read(SSL *ssl, uint8_t **in_data)
  954. {
  955. int ret = SSL_OK;
  956. int read_len, is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
  957. uint8_t *buf = ssl->bm_data;
  958. read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_read_index],
  959. ssl->need_bytes-ssl->got_bytes);
  960. /* connection has gone, so die */
  961. if (read_len <= 0)
  962. {
  963. ret = SSL_ERROR_CONN_LOST;
  964. ssl->hs_status = SSL_ERROR_DEAD; /* make sure it stays dead */
  965. goto error;
  966. }
  967. DISPLAY_BYTES(ssl, "received %d bytes",
  968. &ssl->bm_data[ssl->bm_read_index], read_len, read_len);
  969. ssl->got_bytes += read_len;
  970. ssl->bm_read_index += read_len;
  971. /* haven't quite got what we want, so try again later */
  972. if (ssl->got_bytes < ssl->need_bytes)
  973. return SSL_OK;
  974. read_len = ssl->got_bytes;
  975. ssl->got_bytes = 0;
  976. if (IS_SET_SSL_FLAG(SSL_NEED_RECORD))
  977. {
  978. /* check for sslv2 "client hello" */
  979. if (buf[0] & 0x80 && buf[2] == 1 && buf[3] == 0x03)
  980. {
  981. #ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE
  982. DISPLAY_BYTES(ssl, "ssl2 record", buf, 5);
  983. add_packet(ssl, &buf[2], 3);
  984. ret = process_sslv23_client_hello(ssl);
  985. #else
  986. printf("Error: no SSLv23 handshaking allowed\n"); TTY_FLUSH();
  987. ret = SSL_ERROR_NOT_SUPPORTED;
  988. #endif
  989. goto error; /* not an error - just get out of here */
  990. }
  991. ssl->need_bytes = (buf[3] << 8) + buf[4];
  992. /* do we violate the spec with the message size? */
  993. if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
  994. {
  995. ret = SSL_ERROR_INVALID_PROT_MSG;
  996. goto error;
  997. }
  998. CLR_SSL_FLAG(SSL_NEED_RECORD);
  999. memcpy(ssl->hmac_header, buf, 3); /* store for hmac */
  1000. ssl->record_type = buf[0];
  1001. goto error; /* no error, we're done */
  1002. }
  1003. /* for next time - just do it now in case of an error */
  1004. SET_SSL_FLAG(SSL_NEED_RECORD);
  1005. ssl->need_bytes = SSL_RECORD_SIZE;
  1006. /* decrypt if we need to */
  1007. if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
  1008. {
  1009. ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
  1010. read_len = verify_digest(ssl,
  1011. is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
  1012. /* does the hmac work? */
  1013. if (read_len < 0)
  1014. {
  1015. ret = read_len;
  1016. goto error;
  1017. }
  1018. DISPLAY_BYTES(ssl, "decrypted", buf, read_len);
  1019. increment_read_sequence(ssl);
  1020. }
  1021. /* The main part of the SSL packet */
  1022. switch (ssl->record_type)
  1023. {
  1024. case PT_HANDSHAKE_PROTOCOL:
  1025. ssl->dc->bm_proc_index = 0;
  1026. ret = do_handshake(ssl, buf, read_len);
  1027. break;
  1028. case PT_CHANGE_CIPHER_SPEC:
  1029. if (ssl->next_state != HS_FINISHED)
  1030. {
  1031. ret = SSL_ERROR_INVALID_HANDSHAKE;
  1032. goto error;
  1033. }
  1034. /* all encrypted from now on */
  1035. SET_SSL_FLAG(SSL_RX_ENCRYPTED);
  1036. set_key_block(ssl, 0);
  1037. memset(ssl->read_sequence, 0, 8);
  1038. break;
  1039. case PT_APP_PROTOCOL_DATA:
  1040. if (in_data)
  1041. {
  1042. *in_data = ssl->bm_data; /* point to the work buffer */
  1043. (*in_data)[read_len] = 0; /* null terminate just in case */
  1044. }
  1045. ret = read_len;
  1046. break;
  1047. case PT_ALERT_PROTOCOL:
  1048. /* return the alert # with alert bit set */
  1049. ret = -buf[1];
  1050. DISPLAY_ALERT(ssl, buf[1]);
  1051. break;
  1052. default:
  1053. ret = SSL_ERROR_INVALID_PROT_MSG;
  1054. break;
  1055. }
  1056. error:
  1057. ssl->bm_read_index = 0; /* reset to go again */
  1058. if (ret < SSL_OK && in_data)/* if all wrong, then clear this buffer ptr */
  1059. *in_data = NULL;
  1060. return ret;
  1061. }
  1062. /**
  1063. * Do some basic checking of data and then perform the appropriate handshaking.
  1064. */
  1065. static int do_handshake(SSL *ssl, uint8_t *buf, int read_len)
  1066. {
  1067. int hs_len = (buf[2]<<8) + buf[3];
  1068. uint8_t handshake_type = buf[0];
  1069. int ret = SSL_OK;
  1070. int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
  1071. /* some integrity checking on the handshake */
  1072. PARANOIA_CHECK(read_len-SSL_HS_HDR_SIZE, hs_len);
  1073. if (handshake_type != ssl->next_state)
  1074. {
  1075. /* handle a special case on the client */
  1076. if (!is_client || handshake_type != HS_CERT_REQ ||
  1077. ssl->next_state != HS_SERVER_HELLO_DONE)
  1078. {
  1079. ret = SSL_ERROR_INVALID_HANDSHAKE;
  1080. goto error;
  1081. }
  1082. }
  1083. hs_len += SSL_HS_HDR_SIZE; /* adjust for when adding packets */
  1084. ssl->bm_index = hs_len; /* store the size and check later */
  1085. DISPLAY_STATE(ssl, 0, handshake_type, 0);
  1086. if (handshake_type != HS_CERT_VERIFY && handshake_type != HS_HELLO_REQUEST)
  1087. add_packet(ssl, buf, hs_len);
  1088. #if defined(CONFIG_SSL_ENABLE_CLIENT)
  1089. ret = is_client ?
  1090. do_clnt_handshake(ssl, handshake_type, buf, hs_len) :
  1091. do_svr_handshake(ssl, handshake_type, buf, hs_len);
  1092. #else
  1093. ret = do_svr_handshake(ssl, handshake_type, buf, hs_len);
  1094. #endif
  1095. /* just use recursion to get the rest */
  1096. if (hs_len < read_len && ret == SSL_OK)
  1097. ret = do_handshake(ssl, &buf[hs_len], read_len-hs_len);
  1098. error:
  1099. return ret;
  1100. }
  1101. /**
  1102. * Sends the change cipher spec message. We have just read a finished message
  1103. * from the client.
  1104. */
  1105. int send_change_cipher_spec(SSL *ssl)
  1106. {
  1107. int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC,
  1108. g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
  1109. SET_SSL_FLAG(SSL_TX_ENCRYPTED);
  1110. set_key_block(ssl, 1);
  1111. memset(ssl->write_sequence, 0, 8);
  1112. return ret;
  1113. }
  1114. /**
  1115. * Send a "finished" message
  1116. */
  1117. int send_finished(SSL *ssl)
  1118. {
  1119. uint8_t *buf = ssl->bm_data;
  1120. buf[0] = HS_FINISHED;
  1121. buf[1] = 0;
  1122. buf[2] = 0;
  1123. buf[3] = SSL_FINISHED_HASH_SIZE;
  1124. /* now add the finished digest mac (12 bytes) */
  1125. finished_digest(ssl,
  1126. IS_SET_SSL_FLAG(SSL_IS_CLIENT) ?
  1127. client_finished : server_finished, &buf[4]);
  1128. #ifndef CONFIG_SSL_SKELETON_MODE
  1129. /* store in the session cache */
  1130. if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions)
  1131. {
  1132. memcpy(ssl->session->master_secret,
  1133. ssl->dc->master_secret, SSL_SECRET_SIZE);
  1134. }
  1135. #endif
  1136. return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
  1137. NULL, SSL_FINISHED_HASH_SIZE+4);
  1138. }
  1139. /**
  1140. * Send an alert message.
  1141. * Return 1 if the alert was an "error".
  1142. */
  1143. int send_alert(SSL *ssl, int error_code)
  1144. {
  1145. int alert_num = 0;
  1146. int is_warning = 0;
  1147. uint8_t buf[2];
  1148. /* Don't bother we're already dead */
  1149. if (ssl->hs_status == SSL_ERROR_DEAD)
  1150. {
  1151. return SSL_ERROR_CONN_LOST;
  1152. }
  1153. #ifdef CONFIG_SSL_FULL_MODE
  1154. if (IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
  1155. ssl_display_error(error_code);
  1156. #endif
  1157. switch (error_code)
  1158. {
  1159. case SSL_ALERT_CLOSE_NOTIFY:
  1160. is_warning = 1;
  1161. alert_num = SSL_ALERT_CLOSE_NOTIFY;
  1162. break;
  1163. case SSL_ERROR_CONN_LOST: /* don't send alert just yet */
  1164. is_warning = 1;
  1165. break;
  1166. case SSL_ERROR_INVALID_HANDSHAKE:
  1167. case SSL_ERROR_INVALID_PROT_MSG:
  1168. alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
  1169. break;
  1170. case SSL_ERROR_INVALID_HMAC:
  1171. case SSL_ERROR_FINISHED_INVALID:
  1172. alert_num = SSL_ALERT_BAD_RECORD_MAC;
  1173. break;
  1174. case SSL_ERROR_INVALID_VERSION:
  1175. alert_num = SSL_ALERT_INVALID_VERSION;
  1176. break;
  1177. case SSL_ERROR_INVALID_SESSION:
  1178. case SSL_ERROR_NO_CIPHER:
  1179. case SSL_ERROR_INVALID_KEY:
  1180. alert_num = SSL_ALERT_ILLEGAL_PARAMETER;
  1181. break;
  1182. case SSL_ERROR_BAD_CERTIFICATE:
  1183. alert_num = SSL_ALERT_BAD_CERTIFICATE;
  1184. break;
  1185. default:
  1186. /* a catch-all for any badly verified certificates */
  1187. alert_num = (error_code <= SSL_X509_OFFSET) ?
  1188. SSL_ALERT_BAD_CERTIFICATE : SSL_ALERT_UNEXPECTED_MESSAGE;
  1189. break;
  1190. }
  1191. buf[0] = is_warning ? 1 : 2;
  1192. buf[1] = alert_num;
  1193. send_packet(ssl, PT_ALERT_PROTOCOL, buf, sizeof(buf));
  1194. DISPLAY_ALERT(ssl, alert_num);
  1195. return is_warning ? 0 : 1;
  1196. }
  1197. /**
  1198. * Process a client finished message.
  1199. */
  1200. int process_finished(SSL *ssl, int hs_len)
  1201. {
  1202. uint8_t *buf = ssl->bm_data;
  1203. int ret = SSL_OK;
  1204. int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
  1205. int resume = IS_SET_SSL_FLAG(SSL_SESSION_RESUME);
  1206. PARANOIA_CHECK(ssl->bm_index, SSL_FINISHED_HASH_SIZE+4);
  1207. /* check that we all work before we continue */
  1208. if (memcmp(ssl->dc->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
  1209. return SSL_ERROR_FINISHED_INVALID;
  1210. if ((!is_client && !resume) || (is_client && resume))
  1211. {
  1212. if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
  1213. ret = send_finished(ssl);
  1214. }
  1215. /* if we ever renegotiate */
  1216. ssl->next_state = is_client ? HS_HELLO_REQUEST : HS_CLIENT_HELLO;
  1217. ssl->hs_status = ret; /* set the final handshake status */
  1218. error:
  1219. return ret;
  1220. }
  1221. /**
  1222. * Send a certificate.
  1223. */
  1224. int send_certificate(SSL *ssl)
  1225. {
  1226. int i = 0;
  1227. uint8_t *buf = ssl->bm_data;
  1228. int offset = 7;
  1229. int chain_length;
  1230. buf[0] = HS_CERTIFICATE;
  1231. buf[1] = 0;
  1232. buf[4] = 0;
  1233. while (i < ssl->ssl_ctx->chain_length)
  1234. {
  1235. SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
  1236. buf[offset++] = 0;
  1237. buf[offset++] = cert->size >> 8; /* cert 1 length */
  1238. buf[offset++] = cert->size & 0xff;
  1239. memcpy(&buf[offset], cert->buf, cert->size);
  1240. offset += cert->size;
  1241. i++;
  1242. }
  1243. chain_length = offset - 7;
  1244. buf[5] = chain_length >> 8; /* cert chain length */
  1245. buf[6] = chain_length & 0xff;
  1246. chain_length += 3;
  1247. buf[2] = chain_length >> 8; /* handshake length */
  1248. buf[3] = chain_length & 0xff;
  1249. ssl->bm_index = offset;
  1250. return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
  1251. }
  1252. /**
  1253. * Create a blob of memory that we'll get rid of once the handshake is
  1254. * complete.
  1255. */
  1256. void disposable_new(SSL *ssl)
  1257. {
  1258. if (ssl->dc == NULL)
  1259. {
  1260. ssl->dc = (DISPOSABLE_CTX *)calloc(1, sizeof(DISPOSABLE_CTX));
  1261. MD5_Init(&ssl->dc->md5_ctx);
  1262. SHA1_Init(&ssl->dc->sha1_ctx);
  1263. }
  1264. }
  1265. /**
  1266. * Remove the temporary blob of memory.
  1267. */
  1268. void disposable_free(SSL *ssl)
  1269. {
  1270. if (ssl->dc)
  1271. {
  1272. free(ssl->dc->key_block);
  1273. memset(ssl->dc, 0, sizeof(DISPOSABLE_CTX));
  1274. free(ssl->dc);
  1275. ssl->dc = NULL;
  1276. }
  1277. }
  1278. #ifndef CONFIG_SSL_SKELETON_MODE /* no session resumption in this mode */
  1279. /**
  1280. * Find if an existing session has the same session id. If so, use the
  1281. * master secret from this session for session resumption.
  1282. */
  1283. SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[],
  1284. SSL *ssl, const uint8_t *session_id)
  1285. {
  1286. time_t tm = time(NULL);
  1287. time_t oldest_sess_time = tm;
  1288. SSL_SESSION *oldest_sess = NULL;
  1289. int i;
  1290. /* no sessions? Then bail */
  1291. if (max_sessions == 0)
  1292. return NULL;
  1293. SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
  1294. if (session_id)
  1295. {
  1296. for (i = 0; i < max_sessions; i++)
  1297. {
  1298. if (ssl_sessions[i])
  1299. {
  1300. /* kill off any expired sessions */
  1301. if (tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME)
  1302. {
  1303. session_free(ssl_sessions, i);
  1304. continue;
  1305. }
  1306. /* if the session id matches, it must still be less than
  1307. the expiry time */
  1308. if (memcmp(ssl_sessions[i]->session_id, session_id,
  1309. SSL_SESSION_ID_SIZE) == 0)
  1310. {
  1311. ssl->session_index = i;
  1312. memcpy(ssl->dc->master_secret,
  1313. ssl_sessions[i]->master_secret, SSL_SECRET_SIZE);
  1314. SET_SSL_FLAG(SSL_SESSION_RESUME);
  1315. SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
  1316. return ssl_sessions[i]; /* a session was found */
  1317. }
  1318. }
  1319. }
  1320. }
  1321. /* If we've got here, no matching session was found - so create one */
  1322. for (i = 0; i < max_sessions; i++)
  1323. {
  1324. if (ssl_sessions[i] == NULL)
  1325. {
  1326. /* perfect, this will do */
  1327. ssl_sessions[i] = (SSL_SESSION *)calloc(1, sizeof(SSL_SESSION));
  1328. ssl_sessions[i]->conn_time = tm;
  1329. ssl->session_index = i;
  1330. SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
  1331. return ssl_sessions[i]; /* return the session object */
  1332. }
  1333. else if (ssl_sessions[i]->conn_time <= oldest_sess_time)
  1334. {
  1335. /* find the oldest session */
  1336. oldest_sess_time = ssl_sessions[i]->conn_time;
  1337. oldest_sess = ssl_sessions[i];
  1338. ssl->session_index = i;
  1339. }
  1340. }
  1341. /* ok, we've used up all of our sessions. So blow the oldest session away */
  1342. oldest_sess->conn_time = tm;
  1343. memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
  1344. memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
  1345. SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
  1346. return oldest_sess;
  1347. }
  1348. /**
  1349. * Free an existing session.
  1350. */
  1351. static void session_free(SSL_SESSION *ssl_sessions[], int sess_index)
  1352. {
  1353. if (ssl_sessions[sess_index])
  1354. {
  1355. free(ssl_sessions[sess_index]);
  1356. ssl_sessions[sess_index] = NULL;
  1357. }
  1358. }
  1359. /**
  1360. * This ssl object doesn't want this session anymore.
  1361. */
  1362. void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl)
  1363. {
  1364. SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
  1365. if (ssl->ssl_ctx->num_sessions)
  1366. {
  1367. session_free(ssl_sessions, ssl->session_index);
  1368. ssl->session = NULL;
  1369. }
  1370. SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
  1371. }
  1372. #endif /* CONFIG_SSL_SKELETON_MODE */
  1373. /*
  1374. * Get the session id for a handshake. This will be a 32 byte sequence.
  1375. */
  1376. EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
  1377. {
  1378. return ssl->session_id;
  1379. }
  1380. /*
  1381. * Get the session id size for a handshake.
  1382. */
  1383. EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl)
  1384. {
  1385. return ssl->sess_id_size;
  1386. }
  1387. /*
  1388. * Return the cipher id (in the SSL form).
  1389. */
  1390. EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl)
  1391. {
  1392. return ssl->cipher;
  1393. }
  1394. /*
  1395. * Return the status of the handshake.
  1396. */
  1397. EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl)
  1398. {
  1399. return ssl->hs_status;
  1400. }
  1401. /*
  1402. * Retrieve various parameters about the SSL engine.
  1403. */
  1404. EXP_FUNC int STDCALL ssl_get_config(int offset)
  1405. {
  1406. switch (offset)
  1407. {
  1408. /* return the appropriate build mode */
  1409. case SSL_BUILD_MODE:
  1410. #if defined(CONFIG_SSL_FULL_MODE)
  1411. return SSL_BUILD_FULL_MODE;
  1412. #elif defined(CONFIG_SSL_ENABLE_CLIENT)
  1413. return SSL_BUILD_ENABLE_CLIENT;
  1414. #elif defined(CONFIG_ENABLE_VERIFICATION)
  1415. return SSL_BUILD_ENABLE_VERIFICATION;
  1416. #elif defined(CONFIG_SSL_SERVER_ONLY )
  1417. return SSL_BUILD_SERVER_ONLY;
  1418. #else
  1419. return SSL_BUILD_SKELETON_MODE;
  1420. #endif
  1421. case SSL_MAX_CERT_CFG_OFFSET:
  1422. return CONFIG_SSL_MAX_CERTS;
  1423. #ifdef CONFIG_SSL_CERT_VERIFICATION
  1424. case SSL_MAX_CA_CERT_CFG_OFFSET:
  1425. return CONFIG_X509_MAX_CA_CERTS;
  1426. #endif
  1427. #ifdef CONFIG_SSL_HAS_PEM
  1428. case SSL_HAS_PEM:
  1429. return 1;
  1430. #endif
  1431. default:
  1432. return 0;
  1433. }
  1434. }
  1435. #ifdef CONFIG_SSL_CERT_VERIFICATION
  1436. /**
  1437. * Authenticate a received certificate.
  1438. */
  1439. EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
  1440. {
  1441. int ret;
  1442. SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
  1443. ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
  1444. SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
  1445. if (ret) /* modify into an SSL error type */
  1446. {
  1447. ret = SSL_X509_ERROR(ret);
  1448. }
  1449. return ret;
  1450. }
  1451. /**
  1452. * Process a certificate message.
  1453. */
  1454. int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
  1455. {
  1456. int ret = SSL_OK;
  1457. uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
  1458. int pkt_size = ssl->bm_index;
  1459. int cert_size, offset = 5;
  1460. int total_cert_size = (buf[offset]<<8) + buf[offset+1];
  1461. int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
  1462. X509_CTX **chain = x509_ctx;
  1463. offset += 2;
  1464. PARANOIA_CHECK(total_cert_size, offset);
  1465. while (offset < total_cert_size)
  1466. {
  1467. offset++; /* skip empty char */
  1468. cert_size = (buf[offset]<<8) + buf[offset+1];
  1469. offset += 2;
  1470. if (x509_new(&buf[offset], NULL, chain))
  1471. {
  1472. ret = SSL_ERROR_BAD_CERTIFICATE;
  1473. goto error;
  1474. }
  1475. /* DISPLAY_CERT(ssl, *chain); */
  1476. chain = &((*chain)->next);
  1477. offset += cert_size;
  1478. }
  1479. PARANOIA_CHECK(pkt_size, offset);
  1480. /* if we are client we can do the verify now or later */
  1481. if (is_client && !IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER))
  1482. {
  1483. ret = ssl_verify_cert(ssl);
  1484. }
  1485. ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
  1486. ssl->dc->bm_proc_index += offset;
  1487. error:
  1488. return ret;
  1489. }
  1490. #endif /* CONFIG_SSL_CERT_VERIFICATION */
  1491. /**
  1492. * Debugging routine to display SSL handshaking stuff.
  1493. */
  1494. #ifdef CONFIG_SSL_FULL_MODE
  1495. /**
  1496. * Debugging routine to display SSL states.
  1497. */
  1498. void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
  1499. {
  1500. const char *str;
  1501. if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
  1502. return;
  1503. printf(not_ok ? "Error - invalid State:\t" : "State:\t");
  1504. printf(is_send ? "sending " : "receiving ");
  1505. switch (state)
  1506. {
  1507. case HS_HELLO_REQUEST:
  1508. str = "Hello Request (0)";
  1509. break;
  1510. case HS_CLIENT_HELLO:
  1511. str = "Client Hello (1)";
  1512. break;
  1513. case HS_SERVER_HELLO:
  1514. str = "Server Hello (2)";
  1515. break;
  1516. case HS_CERTIFICATE:
  1517. str = "Certificate (11)";
  1518. break;
  1519. case HS_SERVER_KEY_XCHG:
  1520. str = "Certificate Request (12)";
  1521. break;
  1522. case HS_CERT_REQ:
  1523. str = "Certificate Request (13)";
  1524. break;
  1525. case HS_SERVER_HELLO_DONE:
  1526. str = "Server Hello Done (14)";
  1527. break;
  1528. case HS_CERT_VERIFY:
  1529. str = "Certificate Verify (15)";
  1530. break;
  1531. case HS_CLIENT_KEY_XCHG:
  1532. str = "Client Key Exchange (16)";
  1533. break;
  1534. case HS_FINISHED:
  1535. str = "Finished (16)";
  1536. break;
  1537. default:
  1538. str = "Error (Unknown)";
  1539. break;
  1540. }
  1541. printf("%s\n", str);
  1542. TTY_FLUSH();
  1543. }
  1544. /**
  1545. * Debugging routine to display X509 certificates.
  1546. */
  1547. void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx)
  1548. {
  1549. if (!IS_SET_SSL_FLAG(SSL_DISPLAY_CERTS))
  1550. return;
  1551. x509_print(x509_ctx, ssl->ssl_ctx->ca_cert_ctx);
  1552. TTY_FLUSH();
  1553. }
  1554. /**
  1555. * Debugging routine to display RSA objects
  1556. */
  1557. void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx)
  1558. {
  1559. if (!IS_SET_SSL_FLAG(SSL_DISPLAY_RSA))
  1560. return;
  1561. RSA_print(rsa_ctx);
  1562. TTY_FLUSH();
  1563. }
  1564. /**
  1565. * Debugging routine to display SSL handshaking bytes.
  1566. */
  1567. void DISPLAY_BYTES(SSL *ssl, const char *format,
  1568. const uint8_t *data, int size, ...)
  1569. {
  1570. va_list(ap);
  1571. if (!IS_SET_SSL_FLAG(SSL_DISPLAY_BYTES))
  1572. return;
  1573. va_start(ap, size);
  1574. print_blob(format, data, size, va_arg(ap, char *));
  1575. va_end(ap);
  1576. TTY_FLUSH();
  1577. }
  1578. /**
  1579. * Debugging routine to display SSL handshaking errors.
  1580. */
  1581. EXP_FUNC void STDCALL ssl_display_error(int error_code)
  1582. {
  1583. if (error_code == SSL_OK)
  1584. return;
  1585. printf("Error: ");
  1586. /* X509 error? */
  1587. if (error_code < SSL_X509_OFFSET)
  1588. {
  1589. printf("%s\n", x509_display_error(error_code - SSL_X509_OFFSET));
  1590. return;
  1591. }
  1592. /* SSL alert error code */
  1593. if (error_code > SSL_ERROR_CONN_LOST)
  1594. {
  1595. printf("SSL error %d\n", -error_code);
  1596. return;
  1597. }
  1598. switch (error_code)
  1599. {
  1600. case SSL_ERROR_DEAD:
  1601. printf("connection dead");
  1602. break;
  1603. case SSL_ERROR_INVALID_HANDSHAKE:
  1604. printf("invalid handshake");
  1605. break;
  1606. case SSL_ERROR_INVALID_PROT_MSG:
  1607. printf("invalid protocol message");
  1608. break;
  1609. case SSL_ERROR_INVALID_HMAC:
  1610. printf("invalid mac");
  1611. break;
  1612. case SSL_ERROR_INVALID_VERSION:
  1613. printf("invalid version");
  1614. break;
  1615. case SSL_ERROR_INVALID_SESSION:
  1616. printf("invalid session");
  1617. break;
  1618. case SSL_ERROR_NO_CIPHER:
  1619. printf("no cipher");
  1620. break;
  1621. case SSL_ERROR_CONN_LOST:
  1622. printf("connection lost");
  1623. break;
  1624. case SSL_ERROR_BAD_CERTIFICATE:
  1625. printf("bad certificate");
  1626. break;
  1627. case SSL_ERROR_INVALID_KEY:
  1628. printf("invalid key");
  1629. break;
  1630. case SSL_ERROR_FINISHED_INVALID:
  1631. printf("finished invalid");
  1632. break;
  1633. case SSL_ERROR_NO_CERT_DEFINED:
  1634. printf("no certificate defined");
  1635. break;
  1636. case SSL_ERROR_NOT_SUPPORTED:
  1637. printf("Option not supported");
  1638. break;
  1639. default:
  1640. printf("undefined as yet - %d", error_code);
  1641. break;
  1642. }
  1643. printf("\n");
  1644. TTY_FLUSH();
  1645. }
  1646. /**
  1647. * Debugging routine to display alerts.
  1648. */
  1649. void DISPLAY_ALERT(SSL *ssl, int alert)
  1650. {
  1651. if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
  1652. return;
  1653. printf("Alert: ");
  1654. switch (alert)
  1655. {
  1656. case SSL_ALERT_CLOSE_NOTIFY:
  1657. printf("close notify");
  1658. break;
  1659. case SSL_ALERT_INVALID_VERSION:
  1660. printf("invalid version");
  1661. break;
  1662. case SSL_ALERT_BAD_CERTIFICATE:
  1663. printf("bad certificate");
  1664. break;
  1665. case SSL_ALERT_UNEXPECTED_MESSAGE:
  1666. printf("unexpected message");
  1667. break;
  1668. case SSL_ALERT_BAD_RECORD_MAC:
  1669. printf("bad record mac");
  1670. break;
  1671. case SSL_ALERT_HANDSHAKE_FAILURE:
  1672. printf("handshake failure");
  1673. break;
  1674. case SSL_ALERT_ILLEGAL_PARAMETER:
  1675. printf("illegal parameter");
  1676. break;
  1677. case SSL_ALERT_DECODE_ERROR:
  1678. printf("decode error");
  1679. break;
  1680. case SSL_ALERT_DECRYPT_ERROR:
  1681. printf("decrypt error");
  1682. break;
  1683. default:
  1684. printf("alert - (unknown %d)", alert);
  1685. break;
  1686. }
  1687. printf("\n");
  1688. TTY_FLUSH();
  1689. }
  1690. #endif /* CONFIG_SSL_FULL_MODE */
  1691. /**
  1692. * Return the version of this library.
  1693. */
  1694. EXP_FUNC const char * STDCALL ssl_version()
  1695. {
  1696. static const char * axtls_version = AXTLS_VERSION;
  1697. return axtls_version;
  1698. }
  1699. /**
  1700. * Enable the various language bindings to work regardless of the
  1701. * configuration - they just return an error statement and a bad return code.
  1702. */
  1703. #if !defined(CONFIG_SSL_FULL_MODE)
  1704. EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
  1705. #endif
  1706. #ifdef CONFIG_BINDINGS
  1707. #if !defined(CONFIG_SSL_ENABLE_CLIENT)
  1708. EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
  1709. uint8_t *session_id, uint8_t sess_id_size)
  1710. {
  1711. printf(unsupported_str);
  1712. return NULL;
  1713. }
  1714. #endif
  1715. #if !defined(CONFIG_SSL_CERT_VERIFICATION)
  1716. EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
  1717. {
  1718. printf(unsupported_str);
  1719. return -1;
  1720. }
  1721. EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
  1722. {
  1723. printf(unsupported_str);
  1724. return NULL;
  1725. }
  1726. #endif /* CONFIG_SSL_CERT_VERIFICATION */
  1727. #endif /* CONFIG_BINDINGS */