AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
0f3f9c3c73
mbedtls/library/ssl_msg.c

5728 lines
192 KiB
C
Raw Normal View History

- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
/*
Adapt preamble for newly created ssl_msg.c
2020-02-05 16:14:29 +00:00
* Generic SSL/TLS messaging layer functions
* (record layer + retransmission state machine)
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
*
Adapt preamble for newly created ssl_msg.c
2020-02-05 16:14:29 +00:00
* Copyright (C) 2006-2020, ARM Limited, All Rights Reserved
Change main license to Apache 2.0
2015-09-04 12:21:07 +00:00
* SPDX-License-Identifier: Apache-2.0
- Fixed copyright message
2010-07-18 20:36:00 +00:00
*
Change main license to Apache 2.0
2015-09-04 12:21:07 +00:00
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
- Updated Copyright notices
2009-01-04 16:27:10 +00:00
*
Change main license to Apache 2.0
2015-09-04 12:21:07 +00:00
* http://www.apache.org/licenses/LICENSE-2.0
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
*
Change main license to Apache 2.0
2015-09-04 12:21:07 +00:00
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
*
Change main license to Apache 2.0
2015-09-04 12:21:07 +00:00
* This file is part of mbed TLS (https://tls.mbed.org)
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
*/
/*
* The SSL 3.0 specification was drafted by Netscape in 1996,
* and became an IETF standard in 1999.
*
* http://wp.netscape.com/eng/ssl3/
* http://www.ietf.org/rfc/rfc2246.txt
* http://www.ietf.org/rfc/rfc4346.txt
*/
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
#if !defined(MBEDTLS_CONFIG_FILE)
Rename include directory to mbedtls
2015-03-09 17:05:11 +00:00
#include "mbedtls/config.h"
Adapt sources to configurable config.h name
2014-04-29 10:39:06 +00:00
#else
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
#include MBEDTLS_CONFIG_FILE
Adapt sources to configurable config.h name
2014-04-29 10:39:06 +00:00
#endif
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
#if defined(MBEDTLS_SSL_TLS_C)
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Abstracts away time()/stdlib.h into platform Substitutes time() into a configurable platform interface to allow it to be easily substituted.
2016-04-26 06:43:27 +00:00
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
Rename include directory to mbedtls
2015-03-09 17:05:11 +00:00
#include "mbedtls/ssl.h"
Create ssl_internal.h and move some functions
2015-05-26 09:57:05 +00:00
#include "mbedtls/ssl_internal.h"
Put includes in alphabetical order The library style is to start with the includes corresponding to the current module and then the rest in alphabetical order. Some modules have several header files (eg. ssl_internal.h). The recently added error.h includes did not respect this convention and this commit restores it. In some cases this is not possible just by moving the error.h declarations. This commit fixes the pre-existing order in these instances too.
2019-12-18 15:07:04 +00:00
#include "mbedtls/debug.h"
#include "mbedtls/error.h"
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 14:51:09 +00:00
#include "mbedtls/platform_util.h"
Add Mbed TLS version to SSL sessions The format of serialized SSL sessions depends on the version and the configuration of Mbed TLS; attempts to restore sessions established in different versions and/or configurations lead to undefined behaviour. This commit adds an 3-byte version header to the serialized session generated and cleanly fails ticket parsing in case a session from a non-matching version of Mbed TLS is presented.
2019-05-16 11:39:07 +00:00
#include "mbedtls/version.h"
Ability to disable server_name extension (RFC 6066)
2013-08-27 19:55:01 +00:00
cleanup library and some basic tests. Includes, add guards to includes
2015-02-06 13:43:58 +00:00
#include <string.h>
Adapt mbedtls_ssl_get_key_exchange_md_tls1_2 to PSA hashing
2019-01-10 10:27:10 +00:00
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
#include "psa/crypto.h"
#endif
Fix an x509 compatibility issue Certificates with unsupported algorithms in the certificate chain prevented verification even if a certificate before the unsupported ones was already trusted. We change the behaviour to ignoring every certificate with unknown (unsupported) signature algorithm oid when parsing the certificate chain received from the peer.
2016-10-07 13:47:14 +00:00
#if defined(MBEDTLS_X509_CRT_PARSE_C)
Rename include directory to mbedtls
2015-03-09 17:05:11 +00:00
#include "mbedtls/oid.h"
Add extendedKeyUsage checking in SSL modules
2014-04-11 09:06:22 +00:00
#endif
Add const qualifier to handshake header reading functions
2018-08-28 16:18:56 +00:00
static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );
Introduce function to reset in/out pointers
2018-08-10 10:12:52 +00:00
Preparation for timers Currently directly using timing.c, plan to use callbacks later to loosen coupling, but first just get things working.
2014-09-29 12:04:42 +00:00
/*
* Start a timer.
* Passing millisecs = 0 cancels a running timer.
*/
Move ssl_set_timer() to public namespace
2020-02-05 10:37:26 +00:00
void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs )
Preparation for timers Currently directly using timing.c, plan to use callbacks later to loosen coupling, but first just get things working.
2014-09-29 12:04:42 +00:00
{
Prepare the SSL modules for using timer callbacks
2015-05-12 18:55:41 +00:00
if( ssl->f_set_timer == NULL )
return;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) );
ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs );
Preparation for timers Currently directly using timing.c, plan to use callbacks later to loosen coupling, but first just get things working.
2014-09-29 12:04:42 +00:00
}
/*
* Return -1 is timer is expired, 0 if it isn't.
*/
Move ssl_check_timer() to public namespace
2020-02-05 10:39:31 +00:00
int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl )
Preparation for timers Currently directly using timing.c, plan to use callbacks later to loosen coupling, but first just get things working.
2014-09-29 12:04:42 +00:00
{
Prepare the SSL modules for using timer callbacks
2015-05-12 18:55:41 +00:00
if( ssl->f_get_timer == NULL )
No timer -> to timeout (optional for TLS)
2015-05-13 15:28:43 +00:00
return( 0 );
Prepare the SSL modules for using timer callbacks
2015-05-12 18:55:41 +00:00
if( ssl->f_get_timer( ssl->p_timer ) == 2 )
SSL timer fixes: not DTLS only, start cancelled
2015-05-13 14:22:05 +00:00
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) );
Preparation for timers Currently directly using timing.c, plan to use callbacks later to loosen coupling, but first just get things working.
2014-09-29 12:04:42 +00:00
return( -1 );
SSL timer fixes: not DTLS only, start cancelled
2015-05-13 14:22:05 +00:00
}
Preparation for timers Currently directly using timing.c, plan to use callbacks later to loosen coupling, but first just get things working.
2014-09-29 12:04:42 +00:00
return( 0 );
}
Introduce configuration option and API for SSL record checking
2019-07-03 15:13:00 +00:00
#if defined(MBEDTLS_SSL_RECORD_CHECKING)
Implement record checking API This commit implements the record checking API mbedtls_ssl_check_record() on top of the restructured incoming record stack. Specifically, it makes use of the fact that the core processing routines ssl_parse_record_header() mbedtls_ssl_decrypt_buf() now operate on instances of the SSL record structure mbedtls_record instead of the previous mbedtls_ssl_context::in_xxx fields.
2019-07-12 13:40:00 +00:00
static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
unsigned char *buf,
size_t len,
mbedtls_record *rec );
Introduce configuration option and API for SSL record checking
2019-07-03 15:13:00 +00:00
int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
unsigned char *buf,
size_t buflen )
{
Implement record checking API This commit implements the record checking API mbedtls_ssl_check_record() on top of the restructured incoming record stack. Specifically, it makes use of the fact that the core processing routines ssl_parse_record_header() mbedtls_ssl_decrypt_buf() now operate on instances of the SSL record structure mbedtls_record instead of the previous mbedtls_ssl_context::in_xxx fields.
2019-07-12 13:40:00 +00:00
int ret = 0;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen );
/* We don't support record checking in TLS because
* (a) there doesn't seem to be a usecase for it, and
* (b) In SSLv3 and TLS 1.0, CBC record decryption has state
* and we'd need to backup the transform here.
*/
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
{
ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
goto exit;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
else
{
Resolve #2800 - move declaration to avoid unused variable warning in case MBEDTLS_SSL_PROTO_DTLS was undefined
2019-09-26 18:03:24 +00:00
mbedtls_record rec;
Implement record checking API This commit implements the record checking API mbedtls_ssl_check_record() on top of the restructured incoming record stack. Specifically, it makes use of the fact that the core processing routines ssl_parse_record_header() mbedtls_ssl_decrypt_buf() now operate on instances of the SSL record structure mbedtls_record instead of the previous mbedtls_ssl_context::in_xxx fields.
2019-07-12 13:40:00 +00:00
ret = ssl_parse_record_header( ssl, buf, buflen, &rec );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 3, "ssl_parse_record_header", ret );
goto exit;
}
if( ssl->transform_in != NULL )
{
ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in, &rec );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 3, "mbedtls_ssl_decrypt_buf", ret );
goto exit;
}
}
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
exit:
/* On success, we have decrypted the buffer in-place, so make
* sure we don't leak any plaintext data. */
mbedtls_platform_zeroize( buf, buflen );
/* For the purpose of this API, treat messages with unexpected CID
* as well as such from future epochs as unexpected. */
if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID ||
ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
{
ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
}
MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
return( ret );
Introduce configuration option and API for SSL record checking
2019-07-03 15:13:00 +00:00
}
#endif /* MBEDTLS_SSL_RECORD_CHECKING */
Don't immediately flush datagram after preparing a record This commit finally enables datagram packing by modifying the record preparation function ssl_write_record() to not always calling mbedtls_ssl_flush_output().
2018-08-06 10:33:50 +00:00
#define SSL_DONT_FORCE_FLUSH 0
#define SSL_FORCE_FLUSH 1
SSL timer fixes: not DTLS only, start cancelled
2015-05-13 14:22:05 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Increase record buffer pointer after preparing a record The packing of multiple records within a single datagram works by increasing the pointer `out_hdr` (pointing to the beginning of the next outgoing record) within the datagram buffer, as long as space is available and no flush was mandatory. This commit does not yet change the code's behavior of always flushing after preparing a record, but it introduces the logic of increasing `out_hdr` after preparing the record, and resetting it after the flush has been completed.
2018-08-06 10:19:13 +00:00
Style: Group buffering-related forward declarations in ssl_tls.c
2018-08-28 09:09:23 +00:00
/* Forward declarations for functions related to message buffering. */
static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
uint8_t slot );
static void ssl_free_buffered_record( mbedtls_ssl_context *ssl );
static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
static int ssl_load_buffered_record( mbedtls_ssl_context *ssl );
static int ssl_buffer_message( mbedtls_ssl_context *ssl );
Adapt ssl_buffer_future_record() to work with SSL record structure
2019-07-11 11:43:20 +00:00
static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
mbedtls_record const *rec );
Rename another_record_in_datagram to next_record_is_in_datagram
2018-08-28 16:16:31 +00:00
static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl );
Style: Group buffering-related forward declarations in ssl_tls.c
2018-08-28 09:09:23 +00:00
Uniformly treat MTU as size_t
2018-08-22 13:41:02 +00:00
static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
Increase record buffer pointer after preparing a record The packing of multiple records within a single datagram works by increasing the pointer `out_hdr` (pointing to the beginning of the next outgoing record) within the datagram buffer, as long as space is available and no flush was mandatory. This commit does not yet change the code's behavior of always flushing after preparing a record, but it introduces the logic of increasing `out_hdr` after preparing the record, and resetting it after the flush has been completed.
2018-08-06 10:19:13 +00:00
{
Move ssl_get_current_mtu() to public namespace
2020-02-05 10:50:12 +00:00
size_t mtu = mbedtls_ssl_get_current_mtu( ssl );
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t out_buf_len = ssl->out_buf_len;
#else
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
#endif
Increase record buffer pointer after preparing a record The packing of multiple records within a single datagram works by increasing the pointer `out_hdr` (pointing to the beginning of the next outgoing record) within the datagram buffer, as long as space is available and no flush was mandatory. This commit does not yet change the code's behavior of always flushing after preparing a record, but it introduces the logic of increasing `out_hdr` after preparing the record, and resetting it after the flush has been completed.
2018-08-06 10:19:13 +00:00
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
if( mtu != 0 && mtu < out_buf_len )
Uniformly treat MTU as size_t
2018-08-22 13:41:02 +00:00
return( mtu );
Increase record buffer pointer after preparing a record The packing of multiple records within a single datagram works by increasing the pointer `out_hdr` (pointing to the beginning of the next outgoing record) within the datagram buffer, as long as space is available and no flush was mandatory. This commit does not yet change the code's behavior of always flushing after preparing a record, but it introduces the logic of increasing `out_hdr` after preparing the record, and resetting it after the flush has been completed.
2018-08-06 10:19:13 +00:00
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
return( out_buf_len );
Increase record buffer pointer after preparing a record The packing of multiple records within a single datagram works by increasing the pointer `out_hdr` (pointing to the beginning of the next outgoing record) within the datagram buffer, as long as space is available and no flush was mandatory. This commit does not yet change the code's behavior of always flushing after preparing a record, but it introduces the logic of increasing `out_hdr` after preparing the record, and resetting it after the flush has been completed.
2018-08-06 10:19:13 +00:00
}
Don't immediately flush datagram after preparing a record This commit finally enables datagram packing by modifying the record preparation function ssl_write_record() to not always calling mbedtls_ssl_flush_output().
2018-08-06 10:33:50 +00:00
static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl )
{
Uniformly treat MTU as size_t
2018-08-22 13:41:02 +00:00
size_t const bytes_written = ssl->out_left;
size_t const mtu = ssl_get_maximum_datagram_size( ssl );
Don't immediately flush datagram after preparing a record This commit finally enables datagram packing by modifying the record preparation function ssl_write_record() to not always calling mbedtls_ssl_flush_output().
2018-08-06 10:33:50 +00:00
/* Double-check that the write-index hasn't gone
* past what we can transmit in a single datagram. */
Uniformly treat MTU as size_t
2018-08-22 13:41:02 +00:00
if( bytes_written > mtu )
Don't immediately flush datagram after preparing a record This commit finally enables datagram packing by modifying the record preparation function ssl_write_record() to not always calling mbedtls_ssl_flush_output().
2018-08-06 10:33:50 +00:00
{
/* Should never happen... */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
return( (int) ( mtu - bytes_written ) );
}
static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl )
{
Initialize return values to an error Initializing the return values to an error is best practice and makes the library more robust against programmer errors.
2019-12-16 11:46:15 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Don't immediately flush datagram after preparing a record This commit finally enables datagram packing by modifying the record preparation function ssl_write_record() to not always calling mbedtls_ssl_flush_output().
2018-08-06 10:33:50 +00:00
size_t remaining, expansion;
ssl_tls: fix maximum output length set maximum output length to MBEDTLS_SSL_OUT_CONTENT_LEN instead of MBEDTLS_SSL_MAX_CONTENT_LEN.
2018-10-11 11:20:19 +00:00
size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
Don't immediately flush datagram after preparing a record This commit finally enables datagram packing by modifying the record preparation function ssl_write_record() to not always calling mbedtls_ssl_flush_output().
2018-08-06 10:33:50 +00:00
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl );
if( max_len > mfl )
max_len = mfl;
Limit MTU by maximum fragment length setting By the standard (RFC 6066, Sect. 4), the Maximum Fragment Length (MFL) extension limits the maximum record payload size, but not the maximum datagram size. However, not inferring any limitations on the MTU when setting the MFL means that a party has no means to dynamically inform the peer about MTU limitations. This commit changes the function ssl_get_remaining_payload_in_datagram() to never return more than MFL - { Total size of all records within the current datagram } thereby limiting the MTU to MFL + { Maximum Record Expansion }.
2018-08-24 09:47:29 +00:00
/* By the standard (RFC 6066 Sect. 4), the MFL extension
* only limits the maximum record payload size, so in theory
* we would be allowed to pack multiple records of payload size
* MFL into a single datagram. However, this would mean that there's
* no way to explicitly communicate MTU restrictions to the peer.
*
* The following reduction of max_len makes sure that we never
* write datagrams larger than MFL + Record Expansion Overhead.
*/
if( max_len <= ssl->out_left )
return( 0 );
max_len -= ssl->out_left;
Don't immediately flush datagram after preparing a record This commit finally enables datagram packing by modifying the record preparation function ssl_write_record() to not always calling mbedtls_ssl_flush_output().
2018-08-06 10:33:50 +00:00
#endif
ret = ssl_get_remaining_space_in_datagram( ssl );
if( ret < 0 )
return( ret );
remaining = (size_t) ret;
ret = mbedtls_ssl_get_record_expansion( ssl );
if( ret < 0 )
return( ret );
expansion = (size_t) ret;
if( remaining <= expansion )
return( 0 );
remaining -= expansion;
if( remaining >= max_len )
remaining = max_len;
return( (int) remaining );
}
Implement timeout back-off (fixed range for now)
2014-09-30 20:21:31 +00:00
/*
* Double the retransmit timeout value, within the allowed range,
* returning -1 if the maximum value has already been reached.
*/
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
Implement timeout back-off (fixed range for now)
2014-09-30 20:21:31 +00:00
{
uint32_t new_timeout;
Move things to conf substructure A simple series of sed invocations. This is the first step, purely internal changes. The conf substructure is not ready to be shared between contexts yet.
2015-05-04 08:55:58 +00:00
if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max )
Implement timeout back-off (fixed range for now)
2014-09-30 20:21:31 +00:00
return( -1 );
Implement PMTU auto-reduction in handshake
2018-08-20 07:34:02 +00:00
/* Implement the final paragraph of RFC 6347 section 4.1.1.1
* in the following way: after the initial transmission and a first
* retransmission, back off to a temporary estimated MTU of 508 bytes.
* This value is guaranteed to be deliverable (if not guaranteed to be
* delivered) of any compliant IPv4 (and IPv6) network, and should work
* on most non-IP stacks too. */
if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min )
Disable dtls fragmentation for ClientHello messages Set the handshake mtu to unlimited when encountering a ClienHello message and reset it to its previous value after writing the record.
2018-10-05 12:06:01 +00:00
{
Implement PMTU auto-reduction in handshake
2018-08-20 07:34:02 +00:00
ssl->handshake->mtu = 508;
Disable dtls fragmentation for ClientHello messages Set the handshake mtu to unlimited when encountering a ClienHello message and reset it to its previous value after writing the record.
2018-10-05 12:06:01 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "mtu autoreduction to %d bytes", ssl->handshake->mtu ) );
}
Implement PMTU auto-reduction in handshake
2018-08-20 07:34:02 +00:00
Implement timeout back-off (fixed range for now)
2014-09-30 20:21:31 +00:00
new_timeout = 2 * ssl->handshake->retransmit_timeout;
/* Avoid arithmetic overflow and range overflow */
if( new_timeout < ssl->handshake->retransmit_timeout ||
Move things to conf substructure A simple series of sed invocations. This is the first step, purely internal changes. The conf substructure is not ready to be shared between contexts yet.
2015-05-04 08:55:58 +00:00
new_timeout > ssl->conf->hs_timeout_max )
Implement timeout back-off (fixed range for now)
2014-09-30 20:21:31 +00:00
{
Move things to conf substructure A simple series of sed invocations. This is the first step, purely internal changes. The conf substructure is not ready to be shared between contexts yet.
2015-05-04 08:55:58 +00:00
new_timeout = ssl->conf->hs_timeout_max;
Implement timeout back-off (fixed range for now)
2014-09-30 20:21:31 +00:00
}
ssl->handshake->retransmit_timeout = new_timeout;
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
Implement timeout back-off (fixed range for now)
2014-09-30 20:21:31 +00:00
ssl->handshake->retransmit_timeout ) );
return( 0 );
}
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
Implement timeout back-off (fixed range for now)
2014-09-30 20:21:31 +00:00
{
Move things to conf substructure A simple series of sed invocations. This is the first step, purely internal changes. The conf substructure is not ready to be shared between contexts yet.
2015-05-04 08:55:58 +00:00
ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
Implement timeout back-off (fixed range for now)
2014-09-30 20:21:31 +00:00
ssl->handshake->retransmit_timeout ) );
}
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Implement timeout back-off (fixed range for now)
2014-09-30 20:21:31 +00:00
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl,
Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)
2014-05-01 11:03:14 +00:00
const unsigned char *key_enc, const unsigned char *key_dec,
size_t keylen,
const unsigned char *iv_enc, const unsigned char *iv_dec,
size_t ivlen,
const unsigned char *mac_enc, const unsigned char *mac_dec,
Fix formatting in various code to match spacing from coding style
2014-06-17 14:39:18 +00:00
size_t maclen ) = NULL;
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL;
int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL;
int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL;
int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL;
int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL;
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* The function below is only used in the Lucky 13 counter-measure in
* mbedtls_ssl_decrypt_buf(). These are the defines that guard the call site. */
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) && \
( defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2) )
/* This function makes sure every byte in the memory region is accessed
* (in ascending addresses order) */
static void ssl_read_memory( unsigned char *p, size_t len )
- Correctly handle SHA256 ciphersuites in SSLv3 - Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
unsigned char acc = 0;
volatile unsigned char force;
- Correctly handle SHA256 ciphersuites in SSLv3 - Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
for( ; len != 0; p++, len-- )
acc ^= *p;
Add _init() and _free() for hash modules
2014-06-26 10:09:34 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
force = acc;
(void) force;
}
#endif /* SSL_SOME_MODES_USE_MAC && ( TLS1 || TLS1_1 || TLS1_2 ) */
- Correctly handle SHA256 ciphersuites in SSLv3 - Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Encryption/decryption functions
*/
Change ssl_tls to use new MD API and check ret code
2017-06-29 16:09:42 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* This functions transforms a DTLS plaintext fragment and a record content
* type into an instance of the DTLSInnerPlaintext structure:
*
* struct {
* opaque content[DTLSPlaintext.length];
* ContentType real_type;
* uint8 zeros[length_of_padding];
* } DTLSInnerPlaintext;
*
* Input:
* - `content`: The beginning of the buffer holding the
* plaintext to be wrapped.
* - `*content_size`: The length of the plaintext in Bytes.
* - `max_len`: The number of Bytes available starting from
* `content`. This must be `>= *content_size`.
* - `rec_type`: The desired record content type.
*
* Output:
* - `content`: The beginning of the resulting DTLSInnerPlaintext structure.
* - `*content_size`: The length of the resulting DTLSInnerPlaintext structure.
*
* Returns:
* - `0` on success.
* - A negative error code if `max_len` didn't offer enough space
* for the expansion.
*/
static int ssl_cid_build_inner_plaintext( unsigned char *content,
size_t *content_size,
size_t remaining,
uint8_t rec_type )
{
size_t len = *content_size;
size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY -
( len + 1 ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY ) %
MBEDTLS_SSL_CID_PADDING_GRANULARITY;
Change ssl_tls to use new MD API and check ret code
2017-06-29 16:09:42 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Write real content type */
if( remaining == 0 )
return( -1 );
content[ len ] = rec_type;
len++;
remaining--;
- Correctly handle SHA256 ciphersuites in SSLv3 - Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( remaining < pad )
return( -1 );
memset( content + len, 0, pad );
len += pad;
remaining -= pad;
- Correctly handle SHA256 ciphersuites in SSLv3 - Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
*content_size = len;
return( 0 );
- Correctly handle SHA256 ciphersuites in SSLv3 - Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* This function parses a DTLSInnerPlaintext structure.
* See ssl_cid_build_inner_plaintext() for details. */
static int ssl_cid_parse_inner_plaintext( unsigned char const *content,
size_t *content_size,
uint8_t *rec_type )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t remaining = *content_size;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Determine length of padding by skipping zeroes from the back. */
do
Have the temporary buffer allocated dynamically Change `tmp` buffer to be dynamically allocated, as it is now dependent on external label given as input, in `tls_prf_generic()`.
2019-05-07 15:31:49 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( remaining == 0 )
return( -1 );
remaining--;
} while( content[ remaining ] == 0 );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
*content_size = remaining;
*rec_type = content[ remaining ];
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* `add_data` must have size 13 Bytes if the CID extension is disabled,
* and 13 + 1 + CID-length Bytes if the CID extension is enabled. */
static void ssl_extract_add_data_from_record( unsigned char* add_data,
size_t *add_data_len,
mbedtls_record *rec )
{
/* Quoting RFC 5246 (TLS 1.2):
*
* additional_data = seq_num + TLSCompressed.type +
* TLSCompressed.version + TLSCompressed.length;
*
* For the CID extension, this is extended as follows
* (quoting draft-ietf-tls-dtls-connection-id-05,
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05):
*
* additional_data = seq_num + DTLSPlaintext.type +
* DTLSPlaintext.version +
* cid +
* cid_length +
* length_of_DTLSInnerPlaintext;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( add_data, rec->ctr, sizeof( rec->ctr ) );
add_data[8] = rec->type;
memcpy( add_data + 9, rec->ver, sizeof( rec->ver ) );
Remove calls to xxx_hmac() from SSL modules
2015-03-24 17:08:19 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( rec->cid_len != 0 )
Have the temporary buffer allocated dynamically Change `tmp` buffer to be dynamically allocated, as it is now dependent on external label given as input, in `tls_prf_generic()`.
2019-05-07 15:31:49 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( add_data + 11, rec->cid, rec->cid_len );
add_data[11 + rec->cid_len + 0] = rec->cid_len;
add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 8 ) & 0xFF;
add_data[11 + rec->cid_len + 2] = ( rec->data_len >> 0 ) & 0xFF;
*add_data_len = 13 + 1 + rec->cid_len;
Have the temporary buffer allocated dynamically Change `tmp` buffer to be dynamically allocated, as it is now dependent on external label given as input, in `tls_prf_generic()`.
2019-05-07 15:31:49 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF;
add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF;
*add_data_len = 13;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Move ssl_mac() from ssl_tls.c to ssl_msg.c
2020-02-07 10:26:36 +00:00
#if defined(MBEDTLS_SSL_PROTO_SSL3)
#define SSL3_MAC_MAX_BYTES 20 /* MD-5 or SHA-1 */
/*
* SSLv3.0 MAC functions
*/
static void ssl_mac( mbedtls_md_context_t *md_ctx,
const unsigned char *secret,
const unsigned char *buf, size_t len,
const unsigned char *ctr, int type,
unsigned char out[SSL3_MAC_MAX_BYTES] )
{
unsigned char header[11];
unsigned char padding[48];
int padlen;
int md_size = mbedtls_md_get_size( md_ctx->md_info );
int md_type = mbedtls_md_get_type( md_ctx->md_info );
/* Only MD5 and SHA-1 supported */
if( md_type == MBEDTLS_MD_MD5 )
padlen = 48;
else
padlen = 40;
memcpy( header, ctr, 8 );
header[ 8] = (unsigned char) type;
header[ 9] = (unsigned char)( len >> 8 );
header[10] = (unsigned char)( len );
memset( padding, 0x36, padlen );
mbedtls_md_starts( md_ctx );
mbedtls_md_update( md_ctx, secret, md_size );
mbedtls_md_update( md_ctx, padding, padlen );
mbedtls_md_update( md_ctx, header, 11 );
mbedtls_md_update( md_ctx, buf, len );
mbedtls_md_finish( md_ctx, out );
memset( padding, 0x5C, padlen );
mbedtls_md_starts( md_ctx );
mbedtls_md_update( md_ctx, secret, md_size );
mbedtls_md_update( md_ctx, padding, padlen );
mbedtls_md_update( md_ctx, out, md_size );
mbedtls_md_finish( md_ctx, out );
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform,
mbedtls_record *rec,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
Use multipart PSA key derivation API
2019-08-17 08:30:28 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_cipher_mode_t mode;
int auth_done = 0;
unsigned char * data;
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
size_t add_data_len;
size_t post_avail;
Use multipart PSA key derivation API
2019-08-17 08:30:28 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* The SSL context is only used for debugging purposes! */
#if !defined(MBEDTLS_DEBUG_C)
ssl = NULL; /* make sure we don't use it except for debug */
((void) ssl);
#endif
Use multipart PSA key derivation API
2019-08-17 08:30:28 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* The PRNG is used for dynamic IV generation that's used
* for CBC transformations in TLS 1.1 and TLS 1.2. */
#if !( defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_AES_C) || \
defined(MBEDTLS_ARIA_C) || \
defined(MBEDTLS_CAMELLIA_C) ) && \
( defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) ) )
((void) f_rng);
((void) p_rng);
#endif
Implement tls_prf_generic using the PSA API
2019-01-14 08:51:11 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
Implement tls_prf_generic using the PSA API
2019-01-14 08:51:11 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( transform == NULL )
Implement tls_prf_generic using the PSA API
2019-01-14 08:51:11 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to encrypt_buf" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Implement tls_prf_generic using the PSA API
2019-01-14 08:51:11 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( rec == NULL
|| rec->buf == NULL
|| rec->buf_len < rec->data_offset
|| rec->buf_len - rec->data_offset < rec->data_len
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|| rec->cid_len != 0
#endif
)
ssl_tls: add key destruction upon generator failure
2019-01-14 10:37:13 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to encrypt_buf" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
ssl_tls: add key destruction upon generator failure
2019-01-14 10:37:13 +00:00
}
Implement tls_prf_generic using the PSA API
2019-01-14 08:51:11 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
data = rec->buf + rec->data_offset;
post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
data, rec->data_len );
Factor tls_prf_sha{256,384} together
2015-03-26 10:11:49 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );
Factor tls_prf_sha{256,384} together
2015-03-26 10:11:49 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
Have the temporary buffer allocated dynamically Change `tmp` buffer to be dynamically allocated, as it is now dependent on external label given as input, in `tls_prf_generic()`.
2019-05-07 15:31:49 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d",
(unsigned) rec->data_len,
MBEDTLS_SSL_OUT_CONTENT_LEN ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Have the temporary buffer allocated dynamically Change `tmp` buffer to be dynamically allocated, as it is now dependent on external label given as input, in `tls_prf_generic()`.
2019-05-07 15:31:49 +00:00
}
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Add CID information
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
rec->cid_len = transform->out_cid_len;
memcpy( rec->cid, transform->out_cid, transform->out_cid_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len );
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( rec->cid_len != 0 )
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Wrap plaintext into DTLSInnerPlaintext structure.
* See ssl_cid_build_inner_plaintext() for more information.
*
* Note that this changes `rec->data_len`, and hence
* `post_avail` needs to be recalculated afterwards.
*/
if( ssl_cid_build_inner_plaintext( data,
&rec->data_len,
post_avail,
rec->type ) != 0 )
{
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
rec->type = MBEDTLS_SSL_MSG_CID;
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 19:19:20 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Add MAC before if needed
*/
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
if( mode == MBEDTLS_MODE_STREAM ||
( mode == MBEDTLS_MODE_CBC
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
&& transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 19:19:20 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
) )
{
if( post_avail < transform->maclen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
- Abstracted checksum updating during handshake
2012-04-18 16:10:25 +00:00
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
#if defined(MBEDTLS_SSL_PROTO_SSL3)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
Move ssl_mac() from ssl_tls.c to ssl_msg.c
2020-02-07 10:26:36 +00:00
unsigned char mac[SSL3_MAC_MAX_BYTES];
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl_mac( &transform->md_ctx_enc, transform->mac_enc,
data, rec->data_len, rec->ctr, rec->type, mac );
memcpy( data + rec->data_len, mac, transform->maclen );
}
else
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 19:19:20 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
{
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 19:19:20 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 19:19:20 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
add_data_len );
mbedtls_md_hmac_update( &transform->md_ctx_enc,
data, rec->data_len );
mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
mbedtls_md_hmac_reset( &transform->md_ctx_enc );
Fixed dependency on POLARSSL_SHA4_C in ssl modules
2012-11-24 10:26:46 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( data + rec->data_len, mac, transform->maclen );
}
else
Fixed dependency on POLARSSL_SHA4_C in ssl modules
2012-11-24 10:26:46 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", data + rec->data_len,
transform->maclen );
Implement PSA-based PSK-to-MS derivation in mbedtls_ssl_derive_keys
2018-10-23 14:26:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
rec->data_len += transform->maclen;
post_avail -= transform->maclen;
auth_done++;
Implement PSA-based PSK-to-MS derivation in mbedtls_ssl_derive_keys
2018-10-23 14:26:22 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
Implement PSA-based PSK-to-MS derivation in mbedtls_ssl_derive_keys
2018-10-23 14:26:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Encrypt
*/
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
if( mode == MBEDTLS_MODE_STREAM )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
"including %d bytes of padding",
rec->data_len, 0 ) );
Implement PSA-based PSK-to-MS derivation in mbedtls_ssl_derive_keys
2018-10-23 14:26:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
transform->iv_enc, transform->ivlen,
data, rec->data_len,
data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
Implement PSA-based PSK-to-MS derivation in mbedtls_ssl_derive_keys
2018-10-23 14:26:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
Add function to retrieve the tls_prf type Add `tls_prf_get_type()` static function that returns the `mbedtls_tls_prf_types` according to the used `tls_prf` function.
2019-05-14 17:19:13 +00:00
}
else
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
Add public API for tls_prf Add a public API for key derivation, introducing an enum for `tls_prf` type.
2019-05-12 11:54:30 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
if( mode == MBEDTLS_MODE_GCM ||
mode == MBEDTLS_MODE_CCM ||
mode == MBEDTLS_MODE_CHACHAPOLY )
Add public API for tls_prf Add a public API for key derivation, introducing an enum for `tls_prf` type.
2019-05-12 11:54:30 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char iv[12];
size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen;
Fix missing tls version test failures Add checks for tls_prf tests with the relevant tls version configuration.
2019-05-15 11:54:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Check that there's space for both the authentication tag
* and the explicit IV before and after the record content. */
if( post_avail < transform->taglen ||
rec->data_offset < explicit_iv_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
Add public API for tls_prf Add a public API for key derivation, introducing an enum for `tls_prf` type.
2019-05-12 11:54:30 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Generate IV
*/
if( transform->ivlen == 12 && transform->fixed_ivlen == 4 )
{
/* GCM and CCM: fixed || explicit (=seqnum) */
memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
memcpy( iv + transform->fixed_ivlen, rec->ctr,
explicit_iv_len );
/* Prefix record content with explicit IV. */
memcpy( data - explicit_iv_len, rec->ctr, explicit_iv_len );
}
else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 )
{
/* ChachaPoly: fixed XOR sequence number */
unsigned char i;
Add public API for tls_prf Add a public API for key derivation, introducing an enum for `tls_prf` type.
2019-05-12 11:54:30 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
Remove "handshake" input from populate_transform()
2019-05-06 11:32:17 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
for( i = 0; i < 8; i++ )
iv[i+4] ^= rec->ctr[i];
}
else
{
/* Reminder if we ever add an AEAD mode with a different size */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
Partially rm 'ssl' input from populate_transform()
2019-05-06 11:48:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
Remove ciphersuite_info from ssl_transform Prior to this commit, the security parameter struct `ssl_transform` contained a `ciphersuite_info` field pointing to the information structure for the negotiated ciphersuite. However, the only information extracted from that structure that was used in the core encryption and decryption functions `ssl_encrypt_buf`/`ssl_decrypt_buf` was the authentication tag length in case of an AEAD cipher. The present commit removes the `ciphersuite_info` field from the `ssl_transform` structure and adds an explicit `taglen` field for AEAD authentication tag length. This is in accordance with the principle that the `ssl_transform` structure should contain the raw parameters needed for the record encryption and decryption functions to work, but not the higher-level information that gave rise to them. For example, the `ssl_transform` structure implicitly contains the encryption/decryption keys within their cipher contexts, but it doesn't contain the SSL master or premaster secrets. Likewise, it contains an explicit `maclen`, while the status of the 'Truncated HMAC' extension -- which determines the value of `maclen` when the `ssl_transform` structure is created in `ssl_derive_keys` -- is not contained in `ssl_transform`. The `ciphersuite_info` pointer was used in other places outside the encryption/decryption functions during the handshake, and for these functions to work, this commit adds a `ciphersuite_info` pointer field to the handshake-local `ssl_handshake_params` structure.
2017-12-27 21:34:08 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
iv, transform->ivlen );
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)",
data - explicit_iv_len, explicit_iv_len );
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
add_data, add_data_len );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
"including 0 bytes of padding",
rec->data_len ) );
Save Hello random bytes for later use
2019-07-09 10:54:17 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Encrypt and authenticate
*/
Remove "handshake" input from populate_transform()
2019-05-06 11:32:17 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
iv, transform->ivlen,
add_data, add_data_len, /* add data */
data, rec->data_len, /* source */
data, &rec->data_len, /* destination */
data + rec->data_len, transform->taglen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret );
return( ret );
}
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-01-07 17:20:04 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
data + rec->data_len, transform->taglen );
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-01-07 17:20:04 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
rec->data_len += transform->taglen + explicit_iv_len;
rec->data_offset -= explicit_iv_len;
post_avail -= transform->taglen;
auth_done++;
}
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) )
if( mode == MBEDTLS_MODE_CBC )
Copy CIDs into SSL transform if use of CID has been negotiated
2019-04-26 15:22:27 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t padlen, i;
size_t olen;
Skip copying CIDs to SSL transforms until CID feature is complete This commit temporarily comments the copying of the negotiated CIDs into the established ::mbedtls_ssl_transform in mbedtls_ssl_derive_keys() until the CID feature has been fully implemented. While mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() do support CID-based record protection by now and can be unit tested, the following two changes in the rest of the stack are still missing before CID-based record protection can be integrated: - Parsing of CIDs in incoming records. - Allowing the new CID record content type for incoming records. - Dealing with a change of record content type during record decryption. Further, since mbedtls_ssl_get_peer_cid() judges the use of CIDs by the CID fields in the currently transforms, this change also requires temporarily disabling some grepping for ssl_client2 / ssl_server2 debug output in ssl-opt.sh.
2019-04-30 12:52:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Currently we're always using minimal padding
* (up to 255 bytes would be allowed). */
padlen = transform->ivlen - ( rec->data_len + 1 ) % transform->ivlen;
if( padlen == transform->ivlen )
padlen = 0;
Slightly reorder CID debug messages during creation of transforms
2019-05-15 09:21:55 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Check there's enough space in the buffer for the padding. */
if( post_avail < padlen + 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
Copy CIDs into SSL transform if use of CID has been negotiated
2019-04-26 15:22:27 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
for( i = 0; i <= padlen; i++ )
data[rec->data_len + i] = (unsigned char) padlen;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
rec->data_len += padlen + 1;
post_avail -= padlen + 1;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
* Prepend per-record IV for block cipher in TLS v1.1 and up as per
* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
*/
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
{
if( f_rng == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "No PRNG provided to encrypt_record routine" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- Added SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA ciphersuites to SSL
2009-01-11 20:25:36 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( rec->data_offset < transform->ivlen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
Re-arrange some code in ssl_derive_keys()
2014-06-18 13:34:40 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Generate IV
*/
ret = f_rng( p_rng, transform->iv_enc, transform->ivlen );
if( ret != 0 )
return( ret );
Implement ChachaPoly mode in TLS
2018-06-18 09:16:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( data - transform->ivlen, transform->iv_enc,
transform->ivlen );
Re-arrange some code in ssl_derive_keys()
2014-06-18 13:34:40 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
Implement ChachaPoly mode in TLS
2018-06-18 09:16:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
"including %d bytes of IV and %d bytes of padding",
rec->data_len, transform->ivlen,
padlen + 1 ) );
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
transform->iv_enc,
transform->ivlen,
data, rec->data_len,
data, &olen ) ) != 0 )
Re-arrange some code in ssl_derive_keys()
2014-06-18 13:34:40 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
Re-arrange some code in ssl_derive_keys()
2014-06-18 13:34:40 +00:00
}
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( rec->data_len != olen )
Add fallback to non-compliant truncated HMAC for compatibiltiy In case truncated HMAC must be used but the Mbed TLS peer hasn't been updated yet, one can use the compile-time option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT to temporarily fall back to the old, non-compliant implementation of the truncated HMAC extension.
2017-11-20 16:36:41 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
Add fallback to non-compliant truncated HMAC for compatibiltiy In case truncated HMAC must be used but the Mbed TLS peer hasn't been updated yet, one can use the compile-time option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT to temporarily fall back to the old, non-compliant implementation of the truncated HMAC extension.
2017-11-20 16:36:41 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
{
/*
* Save IV in SSL3 and TLS1
*/
memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv,
transform->ivlen );
}
else
Add fallback to non-compliant truncated HMAC for compatibiltiy In case truncated HMAC must be used but the Mbed TLS peer hasn't been updated yet, one can use the compile-time option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT to temporarily fall back to the old, non-compliant implementation of the truncated HMAC extension.
2017-11-20 16:36:41 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
{
data -= transform->ivlen;
rec->data_offset -= transform->ivlen;
rec->data_len += transform->ivlen;
Add fallback to non-compliant truncated HMAC for compatibiltiy In case truncated HMAC must be used but the Mbed TLS peer hasn't been updated yet, one can use the compile-time option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT to temporarily fall back to the old, non-compliant implementation of the truncated HMAC extension.
2017-11-20 16:36:41 +00:00
}
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( auth_done == 0 )
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-01-07 17:20:04 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
Fix computation of minlen for encrypted packets
2014-06-18 14:06:02 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* MAC(MAC_write_key, seq_num +
* TLSCipherText.type +
* TLSCipherText.version +
* length_of( (IV +) ENC(...) ) +
* IV + // except for TLS 1.0
* ENC(content + padding + padding_length));
Fix computation of minlen for encrypted packets
2014-06-18 14:06:02 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( post_avail < transform->maclen)
Fix computation of minlen for encrypted packets
2014-06-18 14:06:02 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
Fix computation of minlen for encrypted packets
2014-06-18 14:06:02 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
add_data_len );
mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
add_data_len );
mbedtls_md_hmac_update( &transform->md_ctx_enc,
data, rec->data_len );
mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
mbedtls_md_hmac_reset( &transform->md_ctx_enc );
memcpy( data + rec->data_len, mac, transform->maclen );
rec->data_len += transform->maclen;
post_avail -= transform->maclen;
auth_done++;
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-01-07 17:20:04 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from `ssl_derive_keys` if relevant modes are not enabled This commit guards code specific to AEAD, CBC and stream cipher modes in `ssl_derive_keys` by the respective configuration flags, analogous to the guards that are already in place in the record decryption and encryption functions `ssl_decrypt_buf` resp. `ssl_decrypt_buf`.
2018-01-03 15:32:31 +00:00
else
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */
Remove code from `ssl_derive_keys` if relevant modes are not enabled This commit guards code specific to AEAD, CBC and stream cipher modes in `ssl_derive_keys` by the respective configuration flags, analogous to the guards that are already in place in the record decryption and encryption functions `ssl_decrypt_buf` resp. `ssl_decrypt_buf`.
2018-01-03 15:32:31 +00:00
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Make extra sure authentication was performed, exactly once */
if( auth_done != 1 )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
mbedtls_ssl_transform *transform,
mbedtls_record *rec )
{
size_t olen;
mbedtls_cipher_mode_t mode;
int ret, auth_done = 0;
Reduce size of `ssl_transform` if no MAC ciphersuite is enabled The hash contexts `ssl_transform->md_ctx_{enc/dec}` are not used if only AEAD ciphersuites are enabled. This commit removes them from the `ssl_transform` struct in this case, saving a few bytes.
2018-01-03 15:32:51 +00:00
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t padlen = 0, correct = 1;
#endif
unsigned char* data;
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_IN_LEN_MAX ];
size_t add_data_len;
Add a length check in ssl_derive_keys()
2014-01-18 17:22:55 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if !defined(MBEDTLS_DEBUG_C)
ssl = NULL; /* make sure we don't use it except for debug */
((void) ssl);
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 19:19:20 +00:00
#endif
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-01-07 17:20:04 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
if( rec == NULL ||
rec->buf == NULL ||
rec->buf_len < rec->data_offset ||
rec->buf_len - rec->data_offset < rec->data_len )
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to decrypt_buf" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
data = rec->buf + rec->data_offset;
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec );
Add an extra key export function Add an additional function `mbedtls_ssl_export_keys_ext_t()` for exporting key, that adds additional information such as the used `tls_prf` and the random bytes.
2019-05-07 15:33:40 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/*
* Match record's CID with incoming CID.
*/
if( rec->cid_len != transform->in_cid_len ||
memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
Add an extra key export function Add an additional function `mbedtls_ssl_export_keys_ext_t()` for exporting key, that adds additional information such as the used `tls_prf` and the random bytes.
2019-05-07 15:33:40 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( MBEDTLS_ERR_SSL_UNEXPECTED_CID );
Add an extra key export function Add an additional function `mbedtls_ssl_export_keys_ext_t()` for exporting key, that adds additional information such as the used `tls_prf` and the random bytes.
2019-05-07 15:33:40 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Use PSA-based ciphers for record protections in TLS-1.2 only Reasons: - For the first release, we attempt to support TLS-1.2 only, - At least TLS-1.0 is known to not work at the moment, as for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt() updates the structure field for the IV in the cipher context, which the PSA-based implementation currently doesn't.
2018-11-17 22:27:38 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
if( mode == MBEDTLS_MODE_STREAM )
Setup PSA-based cipher context in mbedtls_ssl_derive_keys() This commit changes the code path in mbedtls_ssl_derive_keys() responsible for setting up record protection cipher contexts to attempt to use the new API mbedtls_cipher_setup_psa() in case MBEDTLS_USE_PSA_CRYPTO is set. For that, the AEAD tag length must be provided, which is already computed earlier in mbedtls_ssl_derive_keys() and only needs to be stored a function scope to be available for mbedtls_cipher_setup_psa(). If mbedtls_cipher_setup_psa() fails cleanly indicating that the requested cipher is not supported in PSA, we fall through to the default setup using mbedtls_cipher_setup(). However, we print a debug message in this case, to allow catching the fallthrough in tests where we know we're using a cipher which should be supported by PSA.
2018-11-16 15:21:18 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
padlen = 0;
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
transform->iv_dec,
transform->ivlen,
data, rec->data_len,
data, &olen ) ) != 0 )
Use PSA-based ciphers for record protections in TLS-1.2 only Reasons: - For the first release, we attempt to support TLS-1.2 only, - At least TLS-1.0 is known to not work at the moment, as for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt() updates the structure field for the IV in the cipher context, which the PSA-based implementation currently doesn't.
2018-11-17 22:27:38 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
Use PSA-based ciphers for record protections in TLS-1.2 only Reasons: - For the first release, we attempt to support TLS-1.2 only, - At least TLS-1.0 is known to not work at the moment, as for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt() updates the structure field for the IV in the cipher context, which the PSA-based implementation currently doesn't.
2018-11-17 22:27:38 +00:00
}
Setup PSA-based cipher context in mbedtls_ssl_derive_keys() This commit changes the code path in mbedtls_ssl_derive_keys() responsible for setting up record protection cipher contexts to attempt to use the new API mbedtls_cipher_setup_psa() in case MBEDTLS_USE_PSA_CRYPTO is set. For that, the AEAD tag length must be provided, which is already computed earlier in mbedtls_ssl_derive_keys() and only needs to be stored a function scope to be available for mbedtls_cipher_setup_psa(). If mbedtls_cipher_setup_psa() fails cleanly indicating that the requested cipher is not supported in PSA, we fall through to the default setup using mbedtls_cipher_setup(). However, we print a debug message in this case, to allow catching the fallthrough in tests where we know we're using a cipher which should be supported by PSA.
2018-11-16 15:21:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( rec->data_len != olen )
Use PSA-based ciphers for record protections in TLS-1.2 only Reasons: - For the first release, we attempt to support TLS-1.2 only, - At least TLS-1.0 is known to not work at the moment, as for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt() updates the structure field for the IV in the cipher context, which the PSA-based implementation currently doesn't.
2018-11-17 22:27:38 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Use PSA-based ciphers for record protections in TLS-1.2 only Reasons: - For the first release, we attempt to support TLS-1.2 only, - At least TLS-1.0 is known to not work at the moment, as for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt() updates the structure field for the IV in the cipher context, which the PSA-based implementation currently doesn't.
2018-11-17 22:27:38 +00:00
}
}
Setup PSA-based cipher context in mbedtls_ssl_derive_keys() This commit changes the code path in mbedtls_ssl_derive_keys() responsible for setting up record protection cipher contexts to attempt to use the new API mbedtls_cipher_setup_psa() in case MBEDTLS_USE_PSA_CRYPTO is set. For that, the AEAD tag length must be provided, which is already computed earlier in mbedtls_ssl_derive_keys() and only needs to be stored a function scope to be available for mbedtls_cipher_setup_psa(). If mbedtls_cipher_setup_psa() fails cleanly indicating that the requested cipher is not supported in PSA, we fall through to the default setup using mbedtls_cipher_setup(). However, we print a debug message in this case, to allow catching the fallthrough in tests where we know we're using a cipher which should be supported by PSA.
2018-11-16 15:21:18 +00:00
else
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
if( mode == MBEDTLS_MODE_GCM ||
mode == MBEDTLS_MODE_CCM ||
mode == MBEDTLS_MODE_CHACHAPOLY )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
unsigned char iv[12];
size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen;
AES_CBC ciphersuites now run purely via cipher layer
2013-08-31 15:25:14 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Prepare IV from explicit and implicit data.
*/
/* Check that there's enough space for the explicit IV
* (at the beginning of the record) and the MAC (at the
* end of the record). */
if( rec->data_len < explicit_iv_len + transform->taglen )
Use PSA-based ciphers for record protections in TLS-1.2 only Reasons: - For the first release, we attempt to support TLS-1.2 only, - At least TLS-1.0 is known to not work at the moment, as for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt() updates the structure field for the IV in the cipher context, which the PSA-based implementation currently doesn't.
2018-11-17 22:27:38 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
"+ taglen (%d)", rec->data_len,
explicit_iv_len, transform->taglen ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
Use PSA-based ciphers for record protections in TLS-1.2 only Reasons: - For the first release, we attempt to support TLS-1.2 only, - At least TLS-1.0 is known to not work at the moment, as for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt() updates the structure field for the IV in the cipher context, which the PSA-based implementation currently doesn't.
2018-11-17 22:27:38 +00:00
}
Setup PSA-based cipher context in mbedtls_ssl_derive_keys() This commit changes the code path in mbedtls_ssl_derive_keys() responsible for setting up record protection cipher contexts to attempt to use the new API mbedtls_cipher_setup_psa() in case MBEDTLS_USE_PSA_CRYPTO is set. For that, the AEAD tag length must be provided, which is already computed earlier in mbedtls_ssl_derive_keys() and only needs to be stored a function scope to be available for mbedtls_cipher_setup_psa(). If mbedtls_cipher_setup_psa() fails cleanly indicating that the requested cipher is not supported in PSA, we fall through to the default setup using mbedtls_cipher_setup(). However, we print a debug message in this case, to allow catching the fallthrough in tests where we know we're using a cipher which should be supported by PSA.
2018-11-16 15:21:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
if( transform->ivlen == 12 && transform->fixed_ivlen == 4 )
Use PSA-based ciphers for record protections in TLS-1.2 only Reasons: - For the first release, we attempt to support TLS-1.2 only, - At least TLS-1.0 is known to not work at the moment, as for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt() updates the structure field for the IV in the cipher context, which the PSA-based implementation currently doesn't.
2018-11-17 22:27:38 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* GCM and CCM: fixed || explicit */
/* Fixed */
memcpy( iv, transform->iv_dec, transform->fixed_ivlen );
/* Explicit */
memcpy( iv + transform->fixed_ivlen, data, 8 );
Use PSA-based ciphers for record protections in TLS-1.2 only Reasons: - For the first release, we attempt to support TLS-1.2 only, - At least TLS-1.0 is known to not work at the moment, as for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt() updates the structure field for the IV in the cipher context, which the PSA-based implementation currently doesn't.
2018-11-17 22:27:38 +00:00
}
else
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
if( transform->ivlen == 12 && transform->fixed_ivlen == 12 )
Use PSA-based ciphers for record protections in TLS-1.2 only Reasons: - For the first release, we attempt to support TLS-1.2 only, - At least TLS-1.0 is known to not work at the moment, as for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt() updates the structure field for the IV in the cipher context, which the PSA-based implementation currently doesn't.
2018-11-17 22:27:38 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* ChachaPoly: fixed XOR sequence number */
unsigned char i;
Simplify switching on mode in ssl_tls.c
2013-10-25 16:33:32 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( iv, transform->iv_dec, transform->fixed_ivlen );
Don't special-case NULL cipher in ssl_tls.c
2013-10-25 16:42:44 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
for( i = 0; i < 8; i++ )
iv[i+4] ^= rec->ctr[i];
Simplify switching on mode in ssl_tls.c
2013-10-25 16:33:32 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
#endif /* MBEDTLS_CHACHAPOLY_C */
Simplify switching on mode in ssl_tls.c
2013-10-25 16:33:32 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Reminder if we ever add an AEAD mode with a different size */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Simplify switching on mode in ssl_tls.c
2013-10-25 16:33:32 +00:00
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Group changes to data, data_len, and add_data, because
* add_data depends on data_len. */
data += explicit_iv_len;
rec->data_offset += explicit_iv_len;
rec->data_len -= explicit_iv_len + transform->taglen;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
add_data, add_data_len );
/* Because of the check above, we know that there are
* explicit_iv_len Bytes preceeding data, and taglen
* bytes following data + data_len. This justifies
* the debug message and the invocation of
* mbedtls_cipher_auth_decrypt() below. */
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen );
MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", data + rec->data_len,
transform->taglen );
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Decrypt and authenticate
*/
if( ( ret = mbedtls_cipher_auth_decrypt( &transform->cipher_ctx_dec,
iv, transform->ivlen,
add_data, add_data_len,
data, rec->data_len,
data, &olen,
data + rec->data_len,
transform->taglen ) ) != 0 )
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret );
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
return( MBEDTLS_ERR_SSL_INVALID_MAC );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( ret );
}
auth_done++;
Start extraction ssl_set_handshake_prfs() For now just moving code around, will improve signature in the next commit.
2019-04-30 09:54:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Double-check that AEAD decryption doesn't change content length. */
if( olen != rec->data_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
Start extraction ssl_set_handshake_prfs() For now just moving code around, will improve signature in the next commit.
2019-04-30 09:54:22 +00:00
}
else
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) )
if( mode == MBEDTLS_MODE_CBC )
Start extraction ssl_set_handshake_prfs() For now just moving code around, will improve signature in the next commit.
2019-04-30 09:54:22 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t minlen = 0;
/*
* Check immediate ciphertext sanity
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
{
/* The ciphertext is prefixed with the CBC IV. */
minlen += transform->ivlen;
}
Start extraction ssl_set_handshake_prfs() For now just moving code around, will improve signature in the next commit.
2019-04-30 09:54:22 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Size considerations:
*
* - The CBC cipher text must not be empty and hence
* at least of size transform->ivlen.
*
* Together with the potential IV-prefix, this explains
* the first of the two checks below.
*
* - The record must contain a MAC, either in plain or
* encrypted, depending on whether Encrypt-then-MAC
* is used or not.
* - If it is, the message contains the IV-prefix,
* the CBC ciphertext, and the MAC.
* - If it is not, the padded plaintext, and hence
* the CBC ciphertext, has at least length maclen + 1
* because there is at least the padding length byte.
*
* As the CBC ciphertext is not empty, both cases give the
* lower bound minlen + maclen + 1 on the record size, which
* we test for in the second check below.
*/
if( rec->data_len < minlen + transform->ivlen ||
rec->data_len < minlen + transform->maclen + 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) "
"+ 1 ) ( + expl IV )", rec->data_len,
transform->ivlen,
transform->maclen ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
Improve signature of ssl_compute_master() Make it more explicit what's used. Unfortunately, we still need ssl as a parameter for debugging, and because calc_verify wants it as a parameter (for all TLS versions except SSL3 it would actually only need handshake, but SSL3 also accesses session_negotiate). It's also because of calc_verify that we can't make it const yet, but see next commit.
2019-05-03 07:46:14 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Authenticate before decrypt if enabled
*/
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
{
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
Start extracting ssl_compute_master() For now just moving code around, not changing indentation. Calling convention and signature are going to be adjusted in upcoming commits.
2019-04-30 10:08:59 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
Start extracting ssl_compute_master() For now just moving code around, not changing indentation. Calling convention and signature are going to be adjusted in upcoming commits.
2019-04-30 10:08:59 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Update data_len in tandem with add_data.
*
* The subtraction is safe because of the previous check
* data_len >= minlen + maclen + 1.
*
* Afterwards, we know that data + data_len is followed by at
* least maclen Bytes, which justifies the call to
* mbedtls_ssl_safer_memcmp() below.
*
* Further, we still know that data_len > minlen */
rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
Start extracting ssl_compute_master() For now just moving code around, not changing indentation. Calling convention and signature are going to be adjusted in upcoming commits.
2019-04-30 10:08:59 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Calculate expected MAC. */
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
add_data_len );
mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
add_data_len );
mbedtls_md_hmac_update( &transform->md_ctx_dec,
data, rec->data_len );
mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect );
mbedtls_md_hmac_reset( &transform->md_ctx_dec );
Start extracting ssl_compute_master() For now just moving code around, not changing indentation. Calling convention and signature are going to be adjusted in upcoming commits.
2019-04-30 10:08:59 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len,
transform->maclen );
MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect,
transform->maclen );
Start extracting ssl_compute_master() For now just moving code around, not changing indentation. Calling convention and signature are going to be adjusted in upcoming commits.
2019-04-30 10:08:59 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Compare expected MAC with MAC at the end of the record. */
if( mbedtls_ssl_safer_memcmp( data + rec->data_len, mac_expect,
transform->maclen ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
auth_done++;
}
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
Start extracting ssl_compute_master() For now just moving code around, not changing indentation. Calling convention and signature are going to be adjusted in upcoming commits.
2019-04-30 10:08:59 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Check length sanity
*/
Reduce indentation in ssl_compute_master() Exit earlier when there's noting to do. For a small diff, review with 'git show -w'.
2019-05-03 07:16:16 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* We know from above that data_len > minlen >= 0,
* so the following check in particular implies that
* data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */
if( rec->data_len % transform->ivlen != 0 )
Reduce indentation in ssl_compute_master() Exit earlier when there's noting to do. For a small diff, review with 'git show -w'.
2019-05-03 07:16:16 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
rec->data_len, transform->ivlen ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
Reduce indentation in ssl_compute_master() Exit earlier when there's noting to do. For a small diff, review with 'git show -w'.
2019-05-03 07:16:16 +00:00
}
Start extracting ssl_compute_master() For now just moving code around, not changing indentation. Calling convention and signature are going to be adjusted in upcoming commits.
2019-04-30 10:08:59 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
* Initialize for prepended IV for block cipher in TLS v1.1 and up
*/
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
Reduce indentation in ssl_compute_master() Exit earlier when there's noting to do. For a small diff, review with 'git show -w'.
2019-05-03 07:16:16 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Safe because data_len >= minlen + ivlen = 2 * ivlen. */
memcpy( transform->iv_dec, data, transform->ivlen );
data += transform->ivlen;
rec->data_offset += transform->ivlen;
rec->data_len -= transform->ivlen;
Start extracting ssl_compute_master() For now just moving code around, not changing indentation. Calling convention and signature are going to be adjusted in upcoming commits.
2019-04-30 10:08:59 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
Reduce indentation in ssl_compute_master() Exit earlier when there's noting to do. For a small diff, review with 'git show -w'.
2019-05-03 07:16:16 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* We still have data_len % ivlen == 0 and data_len >= ivlen here. */
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
transform->iv_dec, transform->ivlen,
data, rec->data_len, data, &olen ) ) != 0 )
Start extracting ssl_compute_master() For now just moving code around, not changing indentation. Calling convention and signature are going to be adjusted in upcoming commits.
2019-04-30 10:08:59 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
Reduce indentation in ssl_compute_master() Exit earlier when there's noting to do. For a small diff, review with 'git show -w'.
2019-05-03 07:16:16 +00:00
return( ret );
}
Start extracting ssl_compute_master() For now just moving code around, not changing indentation. Calling convention and signature are going to be adjusted in upcoming commits.
2019-04-30 10:08:59 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Double-check that length hasn't changed during decryption. */
if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
Move handling of randbytes to derive_keys()
2019-05-06 10:05:58 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
{
/*
* Save IV in SSL3 and TLS1, where CBC decryption of consecutive
* records is equivalent to CBC decryption of the concatenation
* of the records; in other words, IVs are maintained across
* record decryptions.
*/
memcpy( transform->iv_dec, transform->cipher_ctx_dec.iv,
transform->ivlen );
}
Remove 'session' input from populate_tranform() When using this function to deserialize, it's not a problem to have a session structure as input as we'll have one around anyway (most probably freshly deserialised). However for tests it's convenient to be able to build a transform without having a session structure around. Also, removing this structure from parameters makes the function signature more uniform, the only exception left being the ssl param at the end that's hard to avoid for now.
2019-05-10 08:50:04 +00:00
#endif
Move handling of randbytes to derive_keys()
2019-05-06 10:05:58 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Safe since data_len >= minlen + maclen + 1, so after having
* subtracted at most minlen and maclen up to this point,
* data_len > 0 (because of data_len % ivlen == 0, it's actually
* >= ivlen ). */
padlen = data[rec->data_len - 1];
Move handling of randbytes to derive_keys()
2019-05-06 10:05:58 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( auth_done == 1 )
Move compress_buf allocation to derive_keys
2019-05-06 10:44:24 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
correct *= ( rec->data_len >= padlen + 1 );
padlen *= ( rec->data_len >= padlen + 1 );
Move compress_buf allocation to derive_keys
2019-05-06 10:44:24 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if( rec->data_len < transform->maclen + padlen + 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
rec->data_len,
transform->maclen,
padlen + 1 ) );
}
Move compress_buf allocation to derive_keys
2019-05-06 10:44:24 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
correct *= ( rec->data_len >= transform->maclen + padlen + 1 );
padlen *= ( rec->data_len >= transform->maclen + padlen + 1 );
}
Make calc_verify() return the length as well Simplifies ssl_compute_hash(), but unfortunately not so much the other uses.
2019-05-03 09:43:28 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
padlen++;
- Abstracted checksum updating during handshake
2012-04-18 16:10:25 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Regardless of the validity of the padding,
* we have data_len >= padlen here. */
Add _init() and _free() for hash modules
2014-06-26 10:09:34 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_SSL3)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
if( padlen > transform->ivlen )
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
"should be no more than %d",
padlen, transform->ivlen ) );
#endif
correct = 0;
}
}
else
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
{
/* The padding check involves a series of up to 256
* consecutive memory reads at the end of the record
* plaintext buffer. In order to hide the length and
* validity of the padding, always perform exactly
* `min(256,plaintext_len)` reads (but take into account
* only the last `padlen` bytes for the padding check). */
size_t pad_count = 0;
size_t real_count = 0;
volatile unsigned char* const check = data;
- Abstracted checksum updating during handshake
2012-04-18 16:10:25 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Index of first padding byte; it has been ensured above
* that the subtraction is safe. */
size_t const padding_idx = rec->data_len - padlen;
size_t const num_checks = rec->data_len <= 256 ? rec->data_len : 256;
size_t const start_idx = rec->data_len - num_checks;
size_t idx;
Make calc_verify() return the length as well Simplifies ssl_compute_hash(), but unfortunately not so much the other uses.
2019-05-03 09:43:28 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
for( idx = start_idx; idx < rec->data_len; idx++ )
{
real_count |= ( idx >= padding_idx );
pad_count += real_count * ( check[idx] == padlen - 1 );
}
correct &= ( pad_count == padlen );
- Abstracted checksum updating during handshake
2012-04-18 16:10:25 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if( padlen > 0 && correct == 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
#endif
padlen &= correct * 0x1FF;
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
ssl_tls: use PSA to compute running handshake hash for TLS 1.2
2019-01-29 14:14:33 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* If the padding was found to be invalid, padlen == 0
* and the subtraction is safe. If the padding was found valid,
* padlen hasn't been changed and the previous assertion
* data_len >= padlen still holds. */
rec->data_len -= padlen;
ssl_tls: use PSA to compute running handshake hash for TLS 1.2
2019-01-29 14:14:33 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
#endif /* MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */
ssl_tls: use PSA to compute running handshake hash for TLS 1.2
2019-01-29 14:14:33 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
ssl_tls: use PSA to compute running handshake hash for TLS 1.2
2019-01-29 14:14:33 +00:00
}
Make calc_verify() return the length as well Simplifies ssl_compute_hash(), but unfortunately not so much the other uses.
2019-05-03 09:43:28 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption",
data, rec->data_len );
#endif
ssl_tls: use PSA to compute running handshake hash for TLS 1.2
2019-01-29 14:14:33 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Authenticate if not done yet.
* Compute the MAC regardless of the padding result (RFC4346, CBCTIME).
*/
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
if( auth_done == 0 )
ssl_tls: use PSA to compute running handshake hash for TLS 1.2
2019-01-29 14:14:33 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
Make calc_verify() return the length as well Simplifies ssl_compute_hash(), but unfortunately not so much the other uses.
2019-05-03 09:43:28 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* If the initial value of padlen was such that
* data_len < maclen + padlen + 1, then padlen
* got reset to 1, and the initial check
* data_len >= minlen + maclen + 1
* guarantees that at this point we still
* have at least data_len >= maclen.
*
* If the initial value of padlen was such that
* data_len >= maclen + padlen + 1, then we have
* subtracted either padlen + 1 (if the padding was correct)
* or 0 (if the padding was incorrect) since then,
* hence data_len >= maclen in any case.
*/
rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_SSL3)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
ssl_mac( &transform->md_ctx_dec,
transform->mac_dec,
data, rec->data_len,
rec->ctr, rec->type,
mac_expect );
}
else
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
{
/*
* Process MAC and always update for padlen afterwards to make
* total time independent of padlen.
*
* Known timing attacks:
* - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf)
*
* To compensate for different timings for the MAC calculation
* depending on how much padding was removed (which is determined
* by padlen), process extra_run more blocks through the hash
* function.
*
* The formula in the paper is
* extra_run = ceil( (L1-55) / 64 ) - ceil( (L2-55) / 64 )
* where L1 is the size of the header plus the decrypted message
* plus CBC padding and L2 is the size of the header plus the
* decrypted message. This is for an underlying hash function
* with 64-byte blocks.
* We use ( (Lx+8) / 64 ) to handle 'negative Lx' values
* correctly. We round down instead of up, so -56 is the correct
* value for our calculations instead of -55.
*
* Repeat the formula rather than defining a block_size variable.
* This avoids requiring division by a variable at runtime
* (which would be marginally less efficient and would require
* linking an extra division function in some builds).
*/
size_t j, extra_run = 0;
unsigned char tmp[MBEDTLS_MD_MAX_BLOCK_SIZE];
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* The next two sizes are the minimum and maximum values of
* in_msglen over all padlen values.
*
* They're independent of padlen, since we previously did
* data_len -= padlen.
*
* Note that max_len + maclen is never more than the buffer
* length, as we previously did in_msglen -= maclen too.
*/
const size_t max_len = rec->data_len + padlen;
const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
Use a specific function in the PSK callback
2015-05-07 14:59:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memset( tmp, 0, sizeof( tmp ) );
Factor PSK pms computation to ssl_tls.c
2013-10-14 11:09:25 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
switch( mbedtls_md_get_type( transform->md_ctx_dec.md_info ) )
{
#if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \
defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_MD5:
case MBEDTLS_MD_SHA1:
case MBEDTLS_MD_SHA256:
/* 8 bytes of message size, 64-byte compression blocks */
extra_run =
( add_data_len + rec->data_len + padlen + 8 ) / 64 -
( add_data_len + rec->data_len + 8 ) / 64;
break;
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA384:
/* 16 bytes of message size, 128-byte compression blocks */
extra_run =
( add_data_len + rec->data_len + padlen + 16 ) / 128 -
( add_data_len + rec->data_len + 16 ) / 128;
break;
#endif
default:
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
Factor PSK pms computation to ssl_tls.c
2013-10-14 11:09:25 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
extra_run &= correct * 0xFF;
Fix other int casts in bounds checking Not a security issue as here we know the buffer is large enough (unless something else if badly wrong in the code), and the value cast to int is less than 2^16 (again, unless issues elsewhere). Still changing to a more correct check as a matter of principle
2015-10-21 10:35:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
add_data_len );
mbedtls_md_hmac_update( &transform->md_ctx_dec, data,
rec->data_len );
/* Make sure we access everything even when padlen > 0. This
* makes the synchronisation requirements for just-in-time
* Prime+Probe attacks much tighter and hopefully impractical. */
ssl_read_memory( data + rec->data_len, padlen );
mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect );
Fix other int casts in bounds checking Not a security issue as here we know the buffer is large enough (unless something else if badly wrong in the code), and the value cast to int is less than 2^16 (again, unless issues elsewhere). Still changing to a more correct check as a matter of principle
2015-10-21 10:35:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Call mbedtls_md_process at least once due to cache attacks
* that observe whether md_process() was called of not */
for( j = 0; j < extra_run + 1; j++ )
mbedtls_md_process( &transform->md_ctx_dec, tmp );
Fixes different off by ones
2018-05-30 07:13:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_md_hmac_reset( &transform->md_ctx_dec );
Factor PSK pms computation to ssl_tls.c
2013-10-14 11:09:25 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Make sure we access all the memory that could contain the MAC,
* before we check it in the next code block. This makes the
* synchronisation requirements for just-in-time Prime+Probe
* attacks much tighter and hopefully impractical. */
ssl_read_memory( data + min_len,
max_len - min_len + transform->maclen );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */
Factor PSK pms computation to ssl_tls.c
2013-10-14 11:09:25 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Factor PSK pms computation to ssl_tls.c
2013-10-14 11:09:25 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, transform->maclen );
MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len, transform->maclen );
#endif
Factor PSK pms computation to ssl_tls.c
2013-10-14 11:09:25 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( mbedtls_ssl_safer_memcmp( data + rec->data_len, mac_expect,
transform->maclen ) != 0 )
Factor PSK pms computation to ssl_tls.c
2013-10-14 11:09:25 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
#endif
correct = 0;
Factor PSK pms computation to ssl_tls.c
2013-10-14 11:09:25 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
auth_done++;
}
Factor PSK pms computation to ssl_tls.c
2013-10-14 11:09:25 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Finally check the correct flag
*/
if( correct == 0 )
return( MBEDTLS_ERR_SSL_INVALID_MAC );
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
Factor PSK pms computation to ssl_tls.c
2013-10-14 11:09:25 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Make extra sure authentication was performed, exactly once */
if( auth_done != 1 )
Factor PSK pms computation to ssl_tls.c
2013-10-14 11:09:25 +00:00
{
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Factor PSK pms computation to ssl_tls.c
2013-10-14 11:09:25 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( rec->cid_len != 0 )
{
ret = ssl_cid_parse_inner_plaintext( data, &rec->data_len,
&rec->type );
if( ret != 0 )
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Fix possible buffer overflow with PSK
2014-03-25 15:28:12 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
Factor PSK pms computation to ssl_tls.c
2013-10-14 11:09:25 +00:00
return( 0 );
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#undef MAC_NONE
#undef MAC_PLAINTEXT
#undef MAC_CIPHERTEXT
#if defined(MBEDTLS_ZLIB_SUPPORT)
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Compression/decompression functions
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_compress_buf( mbedtls_ssl_context *ssl )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *msg_post = ssl->out_msg;
ptrdiff_t bytes_written = ssl->out_msg - ssl->out_buf;
size_t len_pre = ssl->out_msglen;
unsigned char *msg_pre = ssl->compress_buf;
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t out_buf_len = ssl->out_buf_len;
#else
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
#endif
- Correctly handle SHA256 ciphersuites in SSLv3 - Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> compress buf" ) );
Add counter-measure to cache-based Lucky 13 The basis for the Lucky 13 family of attacks is for an attacker to be able to distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding. Since our code sets padlen = 0 for invalid padding, the length of the input to the HMAC function, and the location where we read the MAC, give information about that. A local attacker could gain information about that by observing via a cache attack whether the bytes at the end of the record (at the location of would-be padding) have been read during MAC verification (computation + comparison). Let's make sure they're always read.
2018-06-28 08:38:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( len_pre == 0 )
return( 0 );
Add counter-measure to cache-based Lucky 13 The basis for the Lucky 13 family of attacks is for an attacker to be able to distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding. Since our code sets padlen = 0 for invalid padding, the length of the input to the HMAC function, and the location where we read the MAC, give information about that. A local attacker could gain information about that by observing via a cache attack whether the bytes at the end of the record (at the location of would-be padding) have been read during MAC verification (computation + comparison). Let's make sure they're always read.
2018-06-28 08:38:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( msg_pre, ssl->out_msg, len_pre );
Add counter-measure to cache-based Lucky 13 The basis for the Lucky 13 family of attacks is for an attacker to be able to distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding. Since our code sets padlen = 0 for invalid padding, the length of the input to the HMAC function, and the location where we read the MAC, give information about that. A local attacker could gain information about that by observing via a cache attack whether the bytes at the end of the record (at the location of would-be padding) have been read during MAC verification (computation + comparison). Let's make sure they're always read.
2018-06-28 08:38:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
ssl->out_msglen ) );
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
ssl->out_msg, ssl->out_msglen );
Implement inner plaintext parsing/writing for CID-based connections
2019-04-29 16:31:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->transform_out->ctx_deflate.next_in = msg_pre;
ssl->transform_out->ctx_deflate.avail_in = len_pre;
ssl->transform_out->ctx_deflate.next_out = msg_post;
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
ssl->transform_out->ctx_deflate.avail_out = out_buf_len - bytes_written;
Implement inner plaintext parsing/writing for CID-based connections
2019-04-29 16:31:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
if( ret != Z_OK )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) );
return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
}
Implement inner plaintext parsing/writing for CID-based connections
2019-04-29 16:31:37 +00:00
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
ssl->out_msglen = out_buf_len -
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->transform_out->ctx_deflate.avail_out - bytes_written;
Implement inner plaintext parsing/writing for CID-based connections
2019-04-29 16:31:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
ssl->out_msglen ) );
Implement inner plaintext parsing/writing for CID-based connections
2019-04-29 16:31:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
ssl->out_msg, ssl->out_msglen );
Implement inner plaintext parsing/writing for CID-based connections
2019-04-29 16:31:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= compress buf" ) );
Implement inner plaintext parsing/writing for CID-based connections
2019-04-29 16:31:37 +00:00
return( 0 );
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *msg_post = ssl->in_msg;
ptrdiff_t header_bytes = ssl->in_msg - ssl->in_buf;
size_t len_pre = ssl->in_msglen;
unsigned char *msg_pre = ssl->compress_buf;
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t in_buf_len = ssl->in_buf_len;
#else
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
#endif
Incorporate CID into MAC computations during record protection This commit modifies ssl_decrypt_buf() and ssl_encrypt_buf() to include the CID into authentication data during record protection. It does not yet implement the new DTLSInnerPlaintext format from https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04
2019-04-29 12:52:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) );
Incorporate CID into MAC computations during record protection This commit modifies ssl_decrypt_buf() and ssl_encrypt_buf() to include the CID into authentication data during record protection. It does not yet implement the new DTLSInnerPlaintext format from https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04
2019-04-29 12:52:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( len_pre == 0 )
return( 0 );
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( msg_pre, ssl->in_msg, len_pre );
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
ssl->in_msglen ) );
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
ssl->in_msg, ssl->in_msglen );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->transform_in->ctx_inflate.next_in = msg_pre;
ssl->transform_in->ctx_inflate.avail_in = len_pre;
ssl->transform_in->ctx_inflate.next_out = msg_post;
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
ssl->transform_in->ctx_inflate.avail_out = in_buf_len - header_bytes;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
if( ret != Z_OK )
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) );
return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
Refactor for clearer correctness/security
2015-01-13 09:59:51 +00:00
}
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
ssl->in_msglen = in_buf_len -
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->transform_in->ctx_inflate.avail_out - header_bytes;
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
ssl->in_msglen ) );
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
ssl->in_msg, ssl->in_msglen );
Improve debugging message. This actually prints only the payload, not the potential IV and/or MAC, so (to me at least) it's much less confusing
2014-11-21 10:38:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) );
Implement inner plaintext parsing/writing for CID-based connections
2019-04-29 16:31:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
}
#endif /* MBEDTLS_ZLIB_SUPPORT */
Implement inner plaintext parsing/writing for CID-based connections
2019-04-29 16:31:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Fill the input message buffer by appending data to it.
* The amount of data already fetched is in ssl->in_left.
*
* If we return 0, is it guaranteed that (at least) nb_want bytes are
* available (from this read and/or a previous one). Otherwise, an error code
* is returned (possibly EOF or WANT_READ).
*
* With stream transport (TLS) on success ssl->in_left == nb_want, but
* with datagram transport (DTLS) on success ssl->in_left >= nb_want,
* since we always read a whole datagram at once.
*
* For DTLS, it is up to the caller to set ssl->next_record_offset when
* they're done reading a record.
*/
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t in_buf_len = ssl->in_buf_len;
#else
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
"or mbedtls_ssl_set_bio()" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Implement inner plaintext parsing/writing for CID-based connections
2019-04-29 16:31:37 +00:00
}
Incorporate CID into MAC computations during record protection This commit modifies ssl_decrypt_buf() and ssl_encrypt_buf() to include the CID into authentication data during record protection. It does not yet implement the new DTLSInnerPlaintext format from https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04
2019-04-29 12:52:53 +00:00
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
if( nb_want > in_buf_len - (size_t)( ssl->in_hdr - ssl->in_buf ) )
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
Implement inner plaintext parsing/writing for CID-based connections
2019-04-29 16:31:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
uint32_t timeout;
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Just to be sure */
if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL )
Skip MAC computation/check when GCM is used
2013-10-25 17:31:25 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use "
"mbedtls_ssl_set_timer_cb() for DTLS" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Skip MAC computation/check when GCM is used
2013-10-25 17:31:25 +00:00
}
Fix heap corruption in ssl_decrypt_buf Previously, MAC validation for an incoming record proceeded as follows: 1) Make a copy of the MAC contained in the record; 2) Compute the expected MAC in place, overwriting the presented one; 3) Compare both. This resulted in a record buffer overflow if truncated MAC was used, as in this case the record buffer only reserved 10 bytes for the MAC, but the MAC computation routine in 2) always wrote a full digest. For specially crafted records, this could be used to perform a controlled write of up to 6 bytes past the boundary of the heap buffer holding the record, thereby corrupting the heap structures and potentially leading to a crash or remote code execution. This commit fixes this by making the following change: 1) Compute the expected MAC in a temporary buffer that has the size of the underlying message digest. 2) Compare to this to the MAC contained in the record, potentially restricting to the first 10 bytes if truncated HMAC is used. A similar fix is applied to the encryption routine `ssl_encrypt_buf`.
2017-11-09 18:57:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* The point is, we need to always read a full datagram at once, so we
* sometimes read more then requested, and handle the additional data.
* It could be the rest of the current record (while fetching the
* header) and/or some other records in the same datagram.
*/
Fix heap corruption in ssl_decrypt_buf Previously, MAC validation for an incoming record proceeded as follows: 1) Make a copy of the MAC contained in the record; 2) Compute the expected MAC in place, overwriting the presented one; 3) Compare both. This resulted in a record buffer overflow if truncated MAC was used, as in this case the record buffer only reserved 10 bytes for the MAC, but the MAC computation routine in 2) always wrote a full digest. For specially crafted records, this could be used to perform a controlled write of up to 6 bytes past the boundary of the heap buffer holding the record, thereby corrupting the heap structures and potentially leading to a crash or remote code execution. This commit fixes this by making the following change: 1) Compute the expected MAC in a temporary buffer that has the size of the underlying message digest. 2) Compare to this to the MAC contained in the record, potentially restricting to the first 10 bytes if truncated HMAC is used. A similar fix is applied to the encryption routine `ssl_encrypt_buf`.
2017-11-09 18:57:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Move to the next record in the already read datagram if applicable
*/
if( ssl->next_record_offset != 0 )
Skip MAC computation/check when GCM is used
2013-10-25 17:31:25 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_left < ssl->next_record_offset )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->in_left -= ssl->next_record_offset;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_left != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d",
ssl->next_record_offset ) );
memmove( ssl->in_hdr,
ssl->in_hdr + ssl->next_record_offset,
ssl->in_left );
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->next_record_offset = 0;
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
ssl->in_left, nb_want ) );
/*
* Done if we already have enough data.
*/
if( nb_want <= ssl->in_left)
ARC4 ciphersuites using only cipher layer
2013-09-02 12:57:01 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
return( 0 );
ARC4 ciphersuites using only cipher layer
2013-09-02 12:57:01 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* A record can't be split across datagrams. If we need to read but
* are not at the beginning of a new record, the caller did something
* wrong.
*/
if( ssl->in_left != 0 )
ARC4 ciphersuites using only cipher layer
2013-09-02 12:57:01 +00:00
{
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
ARC4 ciphersuites using only cipher layer
2013-09-02 12:57:01 +00:00
}
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-01-07 17:20:04 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Don't even try to read if time's out already.
* This avoids by-passing the timer when repeatedly receiving messages
* that will end up being dropped.
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-01-07 17:20:04 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( mbedtls_ssl_check_timer( ssl ) != 0 )
Implement ChachaPoly mode in TLS
2018-06-18 09:16:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "timer has expired" ) );
ret = MBEDTLS_ERR_SSL_TIMEOUT;
Implement ChachaPoly mode in TLS
2018-06-18 09:16:43 +00:00
}
else
Use seq_num as AEAD nonce by default
2014-10-29 21:29:20 +00:00
{
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
len = in_buf_len - ( ssl->in_hdr - ssl->in_buf );
Use seq_num as AEAD nonce by default
2014-10-29 21:29:20 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
timeout = ssl->handshake->retransmit_timeout;
else
timeout = ssl->conf->read_timeout;
Fix uninitialized variable access in debug output of record enc/dec
2019-04-26 12:34:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) );
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->f_recv_timeout != NULL )
ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
timeout );
else
ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len );
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ret == 0 )
return( MBEDTLS_ERR_SSL_CONN_EOF );
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ret == MBEDTLS_ERR_SSL_TIMEOUT )
- Added support for TLS v1.1 - Renamed some SSL defines to prevent future naming confusion
2010-07-25 14:24:53 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) );
mbedtls_ssl_set_timer( ssl, 0 );
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl_double_retransmit_timeout( ssl ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) );
return( MBEDTLS_ERR_SSL_TIMEOUT );
}
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
return( ret );
}
- Added support for TLS v1.1 - Renamed some SSL defines to prevent future naming confusion
2010-07-25 14:24:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( MBEDTLS_ERR_SSL_WANT_READ );
}
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
{
if( ( ret = mbedtls_ssl_resend_hello_request( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend_hello_request",
ret );
return( ret );
}
- Added support for TLS v1.1 - Renamed some SSL defines to prevent future naming confusion
2010-07-25 14:24:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( MBEDTLS_ERR_SSL_WANT_READ );
}
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
- Added support for TLS v1.1 - Renamed some SSL defines to prevent future naming confusion
2010-07-25 14:24:53 +00:00
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ret < 0 )
All CBC ciphersuites via the cipher layer
2013-08-31 15:40:26 +00:00
return( ret );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->in_left = ret;
}
else
All CBC ciphersuites via the cipher layer
2013-08-31 15:40:26 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
ssl->in_left, nb_want ) );
Implement EtM
2014-10-29 11:07:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
while( ssl->in_left < nb_want )
Implement EtM
2014-10-29 11:07:57 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
len = nb_want - ssl->in_left;
Implement EtM
2014-10-29 11:07:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( mbedtls_ssl_check_timer( ssl ) != 0 )
ret = MBEDTLS_ERR_SSL_TIMEOUT;
else
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->f_recv_timeout != NULL )
{
ret = ssl->f_recv_timeout( ssl->p_bio,
ssl->in_hdr + ssl->in_left, len,
ssl->conf->read_timeout );
}
else
{
ret = ssl->f_recv( ssl->p_bio,
ssl->in_hdr + ssl->in_left, len );
}
Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory.
2017-12-27 21:37:21 +00:00
}
Refactor for clearer correctness/security
2015-01-13 09:59:51 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
ssl->in_left, nb_want ) );
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
Fix uninitialized variable access in debug output of record enc/dec
2019-04-26 12:34:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ret == 0 )
return( MBEDTLS_ERR_SSL_CONN_EOF );
Fix for the RFC erratum
2014-11-04 13:40:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ret < 0 )
return( ret );
Implement EtM
2014-10-29 11:07:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "f_recv returned %d bytes but only %lu were requested",
ret, (unsigned long)len ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
Compute outgoing MAC in temporary buffer for MAC-then-Encrypt A previous commit changed the record encryption function `ssl_encrypt_buf` to compute the MAC in a temporary buffer and copying the relevant part of it (which is strictly smaller if the truncated HMAC extension is used) to the outgoing message buffer. However, the change was only made in case Encrypt-Then-MAC was enabled, but not in case of MAC-Then-Encrypt. While this doesn't constitute a problem, for the sake of uniformity this commit changes `ssl_encrypt_buf` to compute the MAC in a temporary buffer in this case, too.
2018-01-05 16:24:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->in_left += ret;
Implement EtM
2014-10-29 11:07:57 +00:00
}
Refactor for clearer correctness/security
2015-01-13 09:59:51 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
return( 0 );
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Flush any data not yet written
*/
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *buf;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->f_send == NULL )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
"or mbedtls_ssl_set_bio()" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Avoid incrementing counter if data is flushed */
if( ssl->out_left == 0 )
Re-enable CID comparison when decrypting CID-based records
2019-05-08 12:02:22 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
return( 0 );
Re-enable CID comparison when decrypting CID-based records
2019-05-08 12:02:22 +00:00
}
Incorporate CID into MAC computations during record protection This commit modifies ssl_decrypt_buf() and ssl_encrypt_buf() to include the CID into authentication data during record protection. It does not yet implement the new DTLSInnerPlaintext format from https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04
2019-04-29 12:52:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
while( ssl->out_left > 0 )
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-01-07 17:20:04 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
buf = ssl->out_hdr - ssl->out_left;
ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret );
if( ret <= 0 )
ARC4 ciphersuites using only cipher layer
2013-09-02 12:57:01 +00:00
return( ret );
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) )
ARC4 ciphersuites using only cipher layer
2013-09-02 12:57:01 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1,
( "f_send returned %d bytes but only %lu bytes were sent",
ret, (unsigned long)ssl->out_left ) );
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
ARC4 ciphersuites using only cipher layer
2013-09-02 12:57:01 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->out_left -= ret;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
ssl->out_hdr = ssl->out_buf;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-01-07 17:20:04 +00:00
else
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->out_hdr = ssl->out_buf + 8;
}
mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out );
Fix length checking for AEAD ciphersuites
2014-06-17 08:54:17 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
Improve documentation of mbedtls_ssl_decrypt_buf()
2019-07-10 12:55:25 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
}
Implement ChachaPoly mode in TLS
2018-06-18 09:16:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Functions to handle the DTLS retransmission state machine
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/*
* Append current handshake message to current outgoing flight
*/
static int ssl_flight_append( mbedtls_ssl_context *ssl )
{
mbedtls_ssl_flight_item *msg;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_flight_append" ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "message appended to flight",
ssl->out_msg, ssl->out_msglen );
Improve documentation of mbedtls_ssl_decrypt_buf()
2019-07-10 12:55:25 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Allocate space for current message */
if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed",
sizeof( mbedtls_ssl_flight_item ) ) );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
Implement ChachaPoly mode in TLS
2018-06-18 09:16:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) );
mbedtls_free( msg );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
Implement ChachaPoly mode in TLS
2018-06-18 09:16:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Copy current handshake message with headers */
memcpy( msg->p, ssl->out_msg, ssl->out_msglen );
msg->len = ssl->out_msglen;
msg->type = ssl->out_msgtype;
msg->next = NULL;
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-01-07 17:20:04 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Append to the current flight */
if( ssl->handshake->flight == NULL )
ssl->handshake->flight = msg;
else
{
mbedtls_ssl_flight_item *cur = ssl->handshake->flight;
while( cur->next != NULL )
cur = cur->next;
cur->next = msg;
}
Provide standalone version of `ssl_decrypt_buf` Analogous to the previous commit, but concerning the record decryption routine `ssl_decrypt_buf`. An important change regards the checking of CBC padding: Prior to this commit, the CBC padding check always read 256 bytes at the end of the internal record buffer, almost always going past the boundaries of the record under consideration. In order to stay within the bounds of the given record, this commit changes this behavior by always reading the last min(256, plaintext_len) bytes of the record plaintext buffer and taking into consideration the last `padlen` of these for the padding check. With this change, the memory access pattern and runtime of the padding check is entirely determined by the size of the encrypted record, in particular not giving away any information on the validity of the padding. The following depicts the different behaviors: 1) Previous CBC padding check 1.a) Claimed padding length <= plaintext length +----------------------------------------+----+ | Record plaintext buffer | | PL | +----------------------------------------+----+ \__ PL __/ +------------------------------------... | read for padding check ... +------------------------------------... | contents discarded from here 1.b) Claimed padding length > plaintext length +----------------------------------------+----+ | Record plaintext buffer | PL | +----------------------------------------+----+ +-------------------------... | read for padding check ... +-------------------------... | contents discarded from here 2) New CBC padding check +----------------------------------------+----+ | Record plaintext buffer | | PL | +----------------------------------------+----+ \__ PL __/ +---------------------------------------+ | read for padding check | +---------------------------------------+ | contents discarded until here
2017-12-27 21:28:58 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_flight_append" ) );
return( 0 );
}
Provide standalone version of `ssl_decrypt_buf` Analogous to the previous commit, but concerning the record decryption routine `ssl_decrypt_buf`. An important change regards the checking of CBC padding: Prior to this commit, the CBC padding check always read 256 bytes at the end of the internal record buffer, almost always going past the boundaries of the record under consideration. In order to stay within the bounds of the given record, this commit changes this behavior by always reading the last min(256, plaintext_len) bytes of the record plaintext buffer and taking into consideration the last `padlen` of these for the padding check. With this change, the memory access pattern and runtime of the padding check is entirely determined by the size of the encrypted record, in particular not giving away any information on the validity of the padding. The following depicts the different behaviors: 1) Previous CBC padding check 1.a) Claimed padding length <= plaintext length +----------------------------------------+----+ | Record plaintext buffer | | PL | +----------------------------------------+----+ \__ PL __/ +------------------------------------... | read for padding check ... +------------------------------------... | contents discarded from here 1.b) Claimed padding length > plaintext length +----------------------------------------+----+ | Record plaintext buffer | PL | +----------------------------------------+----+ +-------------------------... | read for padding check ... +-------------------------... | contents discarded from here 2) New CBC padding check +----------------------------------------+----+ | Record plaintext buffer | | PL | +----------------------------------------+----+ \__ PL __/ +---------------------------------------+ | read for padding check | +---------------------------------------+ | contents discarded until here
2017-12-27 21:28:58 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Free the current flight of handshake messages
*/
void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight )
{
mbedtls_ssl_flight_item *cur = flight;
mbedtls_ssl_flight_item *next;
Provide standalone version of `ssl_decrypt_buf` Analogous to the previous commit, but concerning the record decryption routine `ssl_decrypt_buf`. An important change regards the checking of CBC padding: Prior to this commit, the CBC padding check always read 256 bytes at the end of the internal record buffer, almost always going past the boundaries of the record under consideration. In order to stay within the bounds of the given record, this commit changes this behavior by always reading the last min(256, plaintext_len) bytes of the record plaintext buffer and taking into consideration the last `padlen` of these for the padding check. With this change, the memory access pattern and runtime of the padding check is entirely determined by the size of the encrypted record, in particular not giving away any information on the validity of the padding. The following depicts the different behaviors: 1) Previous CBC padding check 1.a) Claimed padding length <= plaintext length +----------------------------------------+----+ | Record plaintext buffer | | PL | +----------------------------------------+----+ \__ PL __/ +------------------------------------... | read for padding check ... +------------------------------------... | contents discarded from here 1.b) Claimed padding length > plaintext length +----------------------------------------+----+ | Record plaintext buffer | PL | +----------------------------------------+----+ +-------------------------... | read for padding check ... +-------------------------... | contents discarded from here 2) New CBC padding check +----------------------------------------+----+ | Record plaintext buffer | | PL | +----------------------------------------+----+ \__ PL __/ +---------------------------------------+ | read for padding check | +---------------------------------------+ | contents discarded until here
2017-12-27 21:28:58 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
while( cur != NULL )
{
next = cur->next;
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-01-07 17:20:04 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_free( cur->p );
mbedtls_free( cur );
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-01-07 17:20:04 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
cur = next;
}
}
GCM ciphersuites using only cipher layer
2013-09-05 14:10:41 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Swap transform_out and out_ctr with the alternative ones
*/
Fix compile errors with MBEDTLS_SSL_HW_RECORD_ACCEL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 08:53:42 +00:00
static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
{
mbedtls_ssl_transform *tmp_transform;
unsigned char tmp_out_ctr[8];
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->transform_out == ssl->handshake->alt_transform_out )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) );
Fix compile errors with MBEDTLS_SSL_HW_RECORD_ACCEL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 08:53:42 +00:00
return( 0 );
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
}
- Added support for TLS v1.1 - Renamed some SSL defines to prevent future naming confusion
2010-07-25 14:24:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
/* Swap transforms */
tmp_transform = ssl->transform_out;
ssl->transform_out = ssl->handshake->alt_transform_out;
ssl->handshake->alt_transform_out = tmp_transform;
/* Swap epoch + sequence_number */
memcpy( tmp_out_ctr, ssl->cur_out_ctr, 8 );
memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, 8 );
memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 );
/* Adjust to the newly activated transform */
mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out );
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_activate != NULL )
{
Fix compile errors with MBEDTLS_SSL_HW_RECORD_ACCEL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 08:53:42 +00:00
int ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND );
if( ret != 0 )
Provide standalone version of `ssl_decrypt_buf` Analogous to the previous commit, but concerning the record decryption routine `ssl_decrypt_buf`. An important change regards the checking of CBC padding: Prior to this commit, the CBC padding check always read 256 bytes at the end of the internal record buffer, almost always going past the boundaries of the record under consideration. In order to stay within the bounds of the given record, this commit changes this behavior by always reading the last min(256, plaintext_len) bytes of the record plaintext buffer and taking into consideration the last `padlen` of these for the padding check. With this change, the memory access pattern and runtime of the padding check is entirely determined by the size of the encrypted record, in particular not giving away any information on the validity of the padding. The following depicts the different behaviors: 1) Previous CBC padding check 1.a) Claimed padding length <= plaintext length +----------------------------------------+----+ | Record plaintext buffer | | PL | +----------------------------------------+----+ \__ PL __/ +------------------------------------... | read for padding check ... +------------------------------------... | contents discarded from here 1.b) Claimed padding length > plaintext length +----------------------------------------+----+ | Record plaintext buffer | PL | +----------------------------------------+----+ +-------------------------... | read for padding check ... +-------------------------... | contents discarded from here 2) New CBC padding check +----------------------------------------+----+ | Record plaintext buffer | | PL | +----------------------------------------+----+ \__ PL __/ +---------------------------------------+ | read for padding check | +---------------------------------------+ | contents discarded until here
2017-12-27 21:28:58 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
Provide standalone version of `ssl_decrypt_buf` Analogous to the previous commit, but concerning the record decryption routine `ssl_decrypt_buf`. An important change regards the checking of CBC padding: Prior to this commit, the CBC padding check always read 256 bytes at the end of the internal record buffer, almost always going past the boundaries of the record under consideration. In order to stay within the bounds of the given record, this commit changes this behavior by always reading the last min(256, plaintext_len) bytes of the record plaintext buffer and taking into consideration the last `padlen` of these for the padding check. With this change, the memory access pattern and runtime of the padding check is entirely determined by the size of the encrypted record, in particular not giving away any information on the validity of the padding. The following depicts the different behaviors: 1) Previous CBC padding check 1.a) Claimed padding length <= plaintext length +----------------------------------------+----+ | Record plaintext buffer | | PL | +----------------------------------------+----+ \__ PL __/ +------------------------------------... | read for padding check ... +------------------------------------... | contents discarded from here 1.b) Claimed padding length > plaintext length +----------------------------------------+----+ | Record plaintext buffer | PL | +----------------------------------------+----+ +-------------------------... | read for padding check ... +-------------------------... | contents discarded from here 2) New CBC padding check +----------------------------------------+----+ | Record plaintext buffer | | PL | +----------------------------------------+----+ \__ PL __/ +---------------------------------------+ | read for padding check | +---------------------------------------+ | contents discarded until here
2017-12-27 21:28:58 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
}
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 19:19:20 +00:00
#endif
Fix compile errors with MBEDTLS_SSL_HW_RECORD_ACCEL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 08:53:42 +00:00
return( 0 );
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
}
Fixed timing difference resulting from badly formatted padding.
2013-01-03 13:52:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Retransmit the current flight of messages.
*/
int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
{
int ret = 0;
Count timeout per flight, not per message
2014-09-29 13:29:48 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = mbedtls_ssl_flight_transmit( ssl );
Always save flight first, (re)send later This will allow fragmentation to always happen in the same place, always from a buffer distinct from ssl->out_msg, and with the same way of resuming after returning WANT_WRITE
2017-09-13 10:45:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( ret );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Transmit or retransmit the current flight of messages.
*
* Need to remember the current message in case flush_output returns
* WANT_WRITE, causing us to exit this function and come back later.
* This function must be called until state is no longer SENDING.
*/
int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Initialize return values to an error Initializing the return values to an error is best practice and makes the library more robust against programmer errors.
2019-12-16 11:46:15 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise flight transmission" ) );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->handshake->cur_msg = ssl->handshake->flight;
ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
Fix compile errors with MBEDTLS_SSL_HW_RECORD_ACCEL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 08:53:42 +00:00
ret = ssl_swap_epochs( ssl );
if( ret != 0 )
return( ret );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
while( ssl->handshake->cur_msg != NULL )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t max_frag_len;
const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg;
Expand and fix resend infrastructure
2014-09-19 13:09:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int const is_finished =
( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
cur->p[0] == MBEDTLS_SSL_HS_FINISHED );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
uint8_t const force_flush = ssl->disable_datagram_packing == 1 ?
SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Swap epochs before sending Finished: we can't do it after
* sending ChangeCipherSpec, in case write returns WANT_READ.
* Must be done before copying, may change out_msg pointer */
if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) );
Fix compile errors with MBEDTLS_SSL_HW_RECORD_ACCEL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 08:53:42 +00:00
ret = ssl_swap_epochs( ssl );
if( ret != 0 )
return( ret );
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
}
Restructure ssl_handshake_init() and small fixes
2014-06-26 11:37:14 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = ssl_get_remaining_payload_in_datagram( ssl );
if( ret < 0 )
return( ret );
max_frag_len = (size_t) ret;
Remember suitable hash function for any signature algorithm. This commit changes `ssl_parse_signature_algorithms_ext` to remember one suitable ( := supported by client and by our config ) hash algorithm per signature algorithm. It also modifies the ciphersuite checking function `ssl_ciphersuite_match` to refuse a suite if there is no suitable hash algorithm. Finally, it adds the corresponding entry to the ChangeLog.
2017-04-28 16:15:26 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* CCS is copied as is, while HS messages may need fragmentation */
if( cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
{
if( max_frag_len == 0 )
{
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );
Restructure ssl_handshake_init() and small fixes
2014-06-26 11:37:14 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
continue;
}
Add mbedtls_ssl_set_hs_authmode While at it, fix the following: - on server with RSA_PSK, we don't want to set flags (client auth happens via the PSK, no cert is expected). - use safer tests (eg == OPTIONAL vs != REQUIRED)
2015-06-19 10:16:31 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( ssl->out_msg, cur->p, cur->len );
ssl->out_msglen = cur->len;
ssl->out_msgtype = cur->type;
Add restart support for ECDSA client auth
2017-05-17 09:56:15 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Update position inside current message */
ssl->handshake->cur_msg_p += cur->len;
}
else
{
const unsigned char * const p = ssl->handshake->cur_msg_p;
const size_t hs_len = cur->len - 12;
const size_t frag_off = p - ( cur->p + 12 );
const size_t rem_len = hs_len - frag_off;
size_t cur_hs_frag_len, max_hs_frag_len;
Add field for peer's raw public key to TLS handshake param structure When removing the (session-local) copy of the peer's CRT chain, we must keep a handshake-local copy of the peer's public key, as (naturally) every key exchange will make use of that public key at some point to verify that the peer actually owns the corresponding private key (e.g., verify signatures from ServerKeyExchange or CertificateVerify, or encrypt a PMS in a RSA-based exchange, or extract static (EC)DH parameters). This commit adds a PK context field `peer_pubkey` to the handshake parameter structure `mbedtls_handshake_params_init()` and adapts the init and free functions accordingly. It does not yet make actual use of the new field.
2019-02-06 16:18:31 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) )
{
if( is_finished )
Fix compile errors with MBEDTLS_SSL_HW_RECORD_ACCEL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 08:53:42 +00:00
{
ret = ssl_swap_epochs( ssl );
if( ret != 0 )
return( ret );
}
Restructure ssl_handshake_init() and small fixes
2014-06-26 11:37:14 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );
Adapt cipher and MD layer with _init() and _free()
2014-07-01 12:53:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
continue;
}
max_hs_frag_len = max_frag_len - 12;
Adapt cipher and MD layer with _init() and _free()
2014-07-01 12:53:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
cur_hs_frag_len = rem_len > max_hs_frag_len ?
max_hs_frag_len : rem_len;
Restructure ssl_handshake_init() and small fixes
2014-06-26 11:37:14 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( frag_off == 0 && cur_hs_frag_len != hs_len )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message (%u > %u)",
(unsigned) cur_hs_frag_len,
(unsigned) max_hs_frag_len ) );
}
Restructure ssl_handshake_init() and small fixes
2014-06-26 11:37:14 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Messages are stored with handshake headers as if not fragmented,
* copy beginning of headers then fill fragmentation fields.
* Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
memcpy( ssl->out_msg, cur->p, 6 );
Restructure ssl_handshake_init() and small fixes
2014-06-26 11:37:14 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff );
ssl->out_msg[7] = ( ( frag_off >> 8 ) & 0xff );
ssl->out_msg[8] = ( ( frag_off ) & 0xff );
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff );
ssl->out_msg[10] = ( ( cur_hs_frag_len >> 8 ) & 0xff );
ssl->out_msg[11] = ( ( cur_hs_frag_len ) & 0xff );
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Copy the handshake message content and set records fields */
memcpy( ssl->out_msg + 12, p, cur_hs_frag_len );
ssl->out_msglen = cur_hs_frag_len + 12;
ssl->out_msgtype = cur->type;
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Update position inside current message */
ssl->handshake->cur_msg_p += cur_hs_frag_len;
}
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* If done with the current message move to the next one if any */
if( ssl->handshake->cur_msg_p >= cur->p + cur->len )
{
if( cur->next != NULL )
{
ssl->handshake->cur_msg = cur->next;
ssl->handshake->cur_msg_p = cur->next->p + 12;
}
else
{
ssl->handshake->cur_msg = NULL;
ssl->handshake->cur_msg_p = NULL;
}
}
Removed extra spaces on end of lines
2013-04-16 11:15:56 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Actually send the message out */
if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
return( ret );
}
Restructure ssl_handshake_init() and small fixes
2014-06-26 11:37:14 +00:00
}
Init and free new contexts in the right place for SSL to prevent memory leaks
2013-07-04 09:51:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );
ssl_key_cert not available in all configurations
2014-07-09 09:09:24 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Update state and set timer */
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
else
Fix order of ssl_conf vs ssl_setup in programs Except ssl_phtread_server that will be done later
2015-05-11 09:25:46 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
mbedtls_ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
Fix order of ssl_conf vs ssl_setup in programs Except ssl_phtread_server that will be done later
2015-05-11 09:25:46 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_flight_transmit" ) );
Expand and fix resend infrastructure
2014-09-19 13:09:21 +00:00
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
return( 0 );
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* To be called when the last message of an incoming flight is received.
*/
void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl )
Allow disabling HelloVerifyRequest
2014-07-23 15:52:09 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* We won't need to resend that one any more */
mbedtls_ssl_flight_free( ssl->handshake->flight );
ssl->handshake->flight = NULL;
ssl->handshake->cur_msg = NULL;
Allow disabling HelloVerifyRequest
2014-07-23 15:52:09 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* The next incoming flight will start with this msg_seq */
ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq;
Allow disabling HelloVerifyRequest
2014-07-23 15:52:09 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* We don't want to remember CCS's across flight boundaries. */
ssl->handshake->buffering.seen_ccs = 0;
Allow disabling HelloVerifyRequest
2014-07-23 15:52:09 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Clear future message buffering structure. */
mbedtls_ssl_buffering_free( ssl );
Allow disabling HelloVerifyRequest
2014-07-23 15:52:09 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Cancel timer */
mbedtls_ssl_set_timer( ssl, 0 );
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
}
else
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
}
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* To be called when the last message of an outgoing flight is send.
*/
void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
{
ssl_reset_retransmit_timeout( ssl );
mbedtls_ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
}
else
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Handshake layer functions
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Write (DTLS: or queue) current handshake (including CCS) message.
*
* - fill in handshake headers
* - update handshake checksum
* - DTLS: save message for resending
* - then pass to the record layer
*
* DTLS: except for HelloRequest, messages are only queued, and will only be
* actually sent when calling flight_transmit() or resend().
*
* Inputs:
* - ssl->out_msglen: 4 + actual handshake message len
* (4 is the size of handshake headers for TLS)
* - ssl->out_msg[0]: the handshake type (ClientHello, ServerHello, etc)
* - ssl->out_msg + 4: the handshake message body
*
* Outputs, ie state before passing to flight_append() or write_record():
* - ssl->out_msglen: the length of the record contents
* (including handshake headers but excluding record headers)
* - ssl->out_msg: the record contents (handshake headers + content)
*/
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const size_t hs_len = ssl->out_msglen - 4;
const unsigned char hs_type = ssl->out_msg[0];
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write handshake message" ) );
/*
* Sanity checks
Set pointer to start of plaintext at record decryption time The SSL context structure mbedtls_ssl_context contains several pointers ssl->in_hdr, ssl->in_len, ssl->in_iv, ssl->in_msg pointing to various parts of the record header in an incoming record, and they are setup in the static function ssl_update_in_pointers() based on the _expected_ transform for the next incoming record. In particular, the pointer ssl->in_msg is set to where the record plaintext should reside after record decryption, and an assertion double-checks this after each call to ssl_decrypt_buf(). This commit removes the dependency of ssl_update_in_pointers() on the expected incoming transform by setting ssl->in_msg to ssl->in_iv -- the beginning of the record content (potentially including the IV) -- and adjusting ssl->in_msg after calling ssl_decrypt_buf() on a protected record. Care has to be taken to not load ssl->in_msg before calling mbedtls_ssl_read_record(), then, which was previously the case in ssl_parse_server_hello(); the commit fixes that.
2019-05-08 08:38:41 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
{
/* In SSLv3, the client might send a NoCertificate alert. */
#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
if( ! ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) )
#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
}
/* Whenever we send anything different from a
* HelloRequest we should be in a handshake - double check. */
if( ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) &&
ssl->handshake == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
Set pointer to start of plaintext at record decryption time The SSL context structure mbedtls_ssl_context contains several pointers ssl->in_hdr, ssl->in_len, ssl->in_iv, ssl->in_msg pointing to various parts of the record header in an incoming record, and they are setup in the static function ssl_update_in_pointers() based on the _expected_ transform for the next incoming record. In particular, the pointer ssl->in_msg is set to where the record plaintext should reside after record decryption, and an assertion double-checks this after each call to ssl_decrypt_buf(). This commit removes the dependency of ssl_update_in_pointers() on the expected incoming transform by setting ssl->in_msg to ssl->in_iv -- the beginning of the record content (potentially including the IV) -- and adjusting ssl->in_msg after calling ssl_decrypt_buf() on a protected record. Care has to be taken to not load ssl->in_msg before calling mbedtls_ssl_read_record(), then, which was previously the case in ssl_parse_server_hello(); the commit fixes that.
2019-05-08 08:38:41 +00:00
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
}
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Double-check that we did not exceed the bounds
* of the outgoing record buffer.
* This should never fail as the various message
* writing functions must obey the bounds of the
* outgoing record buffer, but better be safe.
*
* Note: We deliberately do not check for the MTU or MFL here.
*/
if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: "
"size %u, maximum %u",
(unsigned) ssl->out_msglen,
(unsigned) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Fill handshake headers
*/
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
{
ssl->out_msg[1] = (unsigned char)( hs_len >> 16 );
ssl->out_msg[2] = (unsigned char)( hs_len >> 8 );
ssl->out_msg[3] = (unsigned char)( hs_len );
Move deduction of internal record buffer pointers to function The SSL/TLS module maintains a number of internally used pointers `out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the various parts of the record header. These pointers have to be kept in sync and sometimes need update: Most notably, the `out_msg` pointer should always point to the beginning of the record payload, and its offset from the pointer `out_iv` pointing to the end of the record header is determined by the length of the explicit IV used in the current record protection mechanism. This commit introduces functions deducing these pointers from the pointers `out_hdr` / `in_hdr` to the beginning of the header of the current outgoing / incoming record. The flexibility gained by these functions will subsequently be used to allow shifting of `out_hdr` for the purpose of packing multiple records into a single datagram.
2018-08-06 08:26:08 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* DTLS has additional fields in the Handshake layer,
* between the length field and the actual payload:
* uint16 message_seq;
* uint24 fragment_offset;
* uint24 fragment_length;
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
/* Make room for the additional DTLS fields */
if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
"size %u, maximum %u",
(unsigned) ( hs_len ),
(unsigned) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
Split ssl_init() -> ssl_setup()
2015-04-28 22:48:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memmove( ssl->out_msg + 12, ssl->out_msg + 4, hs_len );
ssl->out_msglen += 8;
Introduce function to reset in/out pointers
2018-08-10 10:12:52 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Write message_seq and update it, except for HelloRequest */
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
{
ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
++( ssl->handshake->out_msg_seq );
}
else
{
ssl->out_msg[4] = 0;
ssl->out_msg[5] = 0;
}
/* Handshake hashes are computed without fragmentation,
* so set frag_offset = 0 and frag_len = hs_len for now */
memset( ssl->out_msg + 6, 0x00, 3 );
memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/* Update running hashes of handshake messages seen */
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
}
/* Either send now, or just save to be sent (and resent) later */
Introduce function to reset in/out pointers
2018-08-10 10:12:52 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) )
Introduce function to reset in/out pointers
2018-08-10 10:12:52 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = ssl_flight_append( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret );
return( ret );
}
Introduce function to reset in/out pointers
2018-08-10 10:12:52 +00:00
}
else
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif
Introduce function to reset in/out pointers
2018-08-10 10:12:52 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret );
return( ret );
}
Introduce function to reset in/out pointers
2018-08-10 10:12:52 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write handshake message" ) );
Introduce function to reset in/out pointers
2018-08-10 10:12:52 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Record layer functions
*/
- Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS
2012-09-28 07:31:51 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Write current record.
*
* Uses:
* - ssl->out_msgtype: type of the message (AppData, Handshake, Alert, CCS)
* - ssl->out_msglen: length of the record content (excl headers)
* - ssl->out_msg: record content
*/
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
{
int ret, done = 0;
size_t len = ssl->out_msglen;
uint8_t flush = force_flush;
Move comment to a separate line
2018-07-24 11:53:31 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
Fix memory leak in ssl_setup
2018-07-04 15:41:58 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_ZLIB_SUPPORT)
if( ssl->transform_out != NULL &&
ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
Let MBEDTLS_SSL_MAX_CONTENT_LEN to be split into outward & inward sizes For the situation where the mbedTLS device has limited RAM, but the other end of the connection doesn't support the max_fragment_length extension. To be spec-compliant, mbedTLS has to keep a 16384 byte incoming buffer. However the outgoing buffer can be made smaller without breaking spec compliance, and we save some RAM. See comments in include/mbedtls/config.h for some more details. (The lower limit of outgoing buffer size is the buffer size used during handshake/cert negotiation. As the handshake is half-duplex it might even be possible to store this data in the "incoming" buffer during the handshake, which would save even more RAM - but it would also be a lot hackier and error-prone. I didn't really explore this possibility, but thought I'd mention it here in case someone sees this later on a mission to jam mbedTLS into an even tinier RAM footprint.)
2016-05-25 10:56:48 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compress_buf", ret );
return( ret );
}
Let MBEDTLS_SSL_MAX_CONTENT_LEN to be split into outward & inward sizes For the situation where the mbedTLS device has limited RAM, but the other end of the connection doesn't support the max_fragment_length extension. To be spec-compliant, mbedTLS has to keep a 16384 byte incoming buffer. However the outgoing buffer can be made smaller without breaking spec compliance, and we save some RAM. See comments in include/mbedtls/config.h for some more details. (The lower limit of outgoing buffer size is the buffer size used during handshake/cert negotiation. As the handshake is half-duplex it might even be possible to store this data in the "incoming" buffer during the handshake, which would save even more RAM - but it would also be a lot hackier and error-prone. I didn't really explore this possibility, but thought I'd mention it here in case someone sees this later on a mission to jam mbedTLS into an even tinier RAM footprint.)
2016-05-25 10:56:48 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
len = ssl->out_msglen;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /*MBEDTLS_ZLIB_SUPPORT */
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_write != NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_write()" ) );
Fix memory leak in ssl_setup
2018-07-04 15:41:58 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = mbedtls_ssl_hw_record_write( ssl );
if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_write", ret );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
Fix memory leak in ssl_setup
2018-07-04 15:41:58 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ret == 0 )
done = 1;
}
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
if( !done )
{
unsigned i;
size_t protected_record_size;
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t out_buf_len = ssl->out_buf_len;
#else
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Skip writing the record content type to after the encryption,
* as it may change when using the CID extension. */
Fix memory leak in ssl_setup
2018-07-04 15:41:58 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
ssl->conf->transport, ssl->out_hdr + 1 );
Fix memory leak in ssl_setup
2018-07-04 15:41:58 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
ssl->out_len[0] = (unsigned char)( len >> 8 );
ssl->out_len[1] = (unsigned char)( len );
Fix memory leak in ssl_setup
2018-07-04 15:41:58 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->transform_out != NULL )
{
mbedtls_record rec;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
rec.buf = ssl->out_iv;
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
rec.buf_len = out_buf_len - ( ssl->out_iv - ssl->out_buf );
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
rec.data_len = ssl->out_msglen;
rec.data_offset = ssl->out_msg - rec.buf;
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( &rec.ctr[0], ssl->out_ctr, 8 );
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
ssl->conf->transport, rec.ver );
rec.type = ssl->out_msgtype;
Fix unused variable warning in ssl_session_reset_int() The `partial` argument is only used when DTLS and same port client reconnect are enabled. This commit marks the variable as unused if that's not the case.
2018-08-10 11:38:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* The CID is set by mbedtls_ssl_encrypt_buf(). */
rec.cid_len = 0;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Make renegotiation a compile-time option
2014-11-03 07:23:14 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
return( ret );
}
SSL timer fixes: not DTLS only, start cancelled
2015-05-13 14:22:05 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( rec.data_offset != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Update the record content type and CID. */
ssl->out_msgtype = rec.type;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID )
memcpy( ssl->out_cid, rec.cid, rec.cid_len );
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_msglen = len = rec.data_len;
ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 );
ssl->out_len[1] = (unsigned char)( rec.data_len );
}
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
- Added ssl_session_reset() to allow re-use of already set non-connection specific context information
2011-10-06 12:37:39 +00:00
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* In case of DTLS, double-check that we don't exceed
* the remaining space in the datagram. */
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
ret = ssl_get_remaining_space_in_datagram( ssl );
if( ret < 0 )
return( ret );
- Added ssl_session_reset() to allow re-use of already set non-connection specific context information
2011-10-06 12:37:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( protected_record_size > (size_t) ret )
{
/* Should never happen */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- Added ssl_session_reset() to allow re-use of already set non-connection specific context information
2011-10-06 12:37:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Now write the potentially updated record content type. */
ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
Store outgoing record sequence number outside record buffer This commit is another step towards supporting the packing of multiple records within a single datagram. Previously, the incremental outgoing record sequence number was statically stored within the record buffer, at its final place within the record header. This slightly increased efficiency as it was not necessary to copy the sequence number when writing outgoing records. When allowing multiple records within a single datagram, it is necessary to allow the position of the current record within the datagram buffer to be flexible; in particular, there is no static address for the record sequence number field within the record header. This commit introduces an additional field `cur_out_ctr` within the main SSL context structure `mbedtls_ssl_context` to keep track of the outgoing record sequence number independent of the buffer used for the current record / datagram. Whenever a new record is written, this sequence number is copied to the the address `out_ctr` of the sequence number header field within the current outgoing record.
2018-08-06 08:40:20 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
"version = [%d:%d], msglen = %d",
ssl->out_hdr[0], ssl->out_hdr[1],
ssl->out_hdr[2], len ) );
- Added ssl_session_reset() to allow re-use of already set non-connection specific context information
2011-10-06 12:37:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
ssl->out_hdr, protected_record_size );
Reset session_in/out pointers in ssl_session_reset_int() Fixes #1941.
2018-08-13 15:35:15 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->out_left += protected_record_size;
ssl->out_hdr += protected_record_size;
mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out );
Minor improvements in ssl_session_reset_int()
2018-08-10 10:20:38 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- )
if( ++ssl->cur_out_ctr[i - 1] != 0 )
break;
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* The loop goes to its end iff the counter is wrapping */
if( i == mbedtls_ssl_ep_len( ssl ) )
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
}
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
}
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
flush == SSL_DONT_FORCE_FLUSH )
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t remaining;
ret = ssl_get_remaining_payload_in_datagram( ssl );
if( ret < 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_remaining_payload_in_datagram",
ret );
return( ret );
}
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
remaining = (size_t) ret;
if( remaining == 0 )
{
flush = SSL_FORCE_FLUSH;
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Still %u bytes available in current datagram", (unsigned) remaining ) );
}
Fixed memory leak in ssl_free() and ssl_reset() for active session
2013-02-14 10:19:38 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Fixed memory leak in ssl_free() and ssl_reset() for active session
2013-02-14 10:19:38 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( flush == SSL_FORCE_FLUSH ) &&
( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
Fix API
2015-09-08 09:58:14 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
return( ret );
Fix API
2015-09-08 09:58:14 +00:00
}
Add ssl_set_client_transport_id()
2014-07-22 15:32:01 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) );
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
return( 0 );
- Added ssl_session_reset() to allow re-use of already set non-connection specific context information
2011-10-06 12:37:39 +00:00
}
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Make datagram packing dynamically configurable This commit adds a public function `mbedtls_ssl_conf_datagram_packing()` that allows to allow / forbid the packing of multiple records within a single datagram.
2018-08-14 12:22:10 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
- Added verification callback in certificate verification chain in order to allow external blacklisting
2011-01-13 17:54:59 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msglen < ssl->in_hslen ||
memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 ||
memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 )
{
return( 1 );
}
return( 0 );
- Added verification callback in certificate verification chain in order to allow external blacklisting
2011-01-13 17:54:59 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( ( ssl->in_msg[9] << 16 ) |
( ssl->in_msg[10] << 8 ) |
ssl->in_msg[11] );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( ( ssl->in_msg[6] << 16 ) |
( ssl->in_msg[7] << 8 ) |
ssl->in_msg[8] );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_check_hs_header( mbedtls_ssl_context const *ssl )
Introduce f_recv_timeout callback
2014-09-17 08:47:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
uint32_t msg_len, frag_off, frag_len;
Split ssl_set_read_timeout() out of bio_timeout()
2015-05-06 14:38:52 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
msg_len = ssl_get_hs_total_len( ssl );
frag_off = ssl_get_hs_frag_off( ssl );
frag_len = ssl_get_hs_frag_len( ssl );
Move MTU setting to SSL context, not config This setting belongs to the individual connection, not to a configuration shared by many connections. (If a default value is desired, that can be handled by the application code that calls mbedtls_ssl_set_mtu().) There are at least two ways in which this matters: - per-connection settings can be adjusted if MTU estimates become available during the lifetime of the connection - it is at least conceivable that a server might recognize restricted clients based on range of IPs and immediately set a lower MTU for them. This is much easier to do with a per-connection setting than by maintaining multiple near-duplicated ssl_config objects that differ only by the MTU setting.
2018-08-20 08:37:23 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( frag_off > msg_len )
return( -1 );
Introduce f_recv_timeout callback
2014-09-17 08:47:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( frag_len > msg_len - frag_off )
return( -1 );
SSL timer fixes: not DTLS only, start cancelled
2015-05-13 14:22:05 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( frag_len + 12 > ssl->in_msglen )
return( -1 );
Prepare the SSL modules for using timer callbacks
2015-05-12 18:55:41 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Mark bits in bitmask (used for DTLS HS reassembly)
*/
static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
unsigned int start_bits, end_bits;
Fix reusing session more than once
2013-08-02 13:34:52 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
start_bits = 8 - ( offset % 8 );
if( start_bits != 8 )
Fix reusing session more than once
2013-08-02 13:34:52 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t first_byte_idx = offset / 8;
Fix reusing session more than once
2013-08-02 13:34:52 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Special case */
if( len <= start_bits )
{
for( ; len != 0; len-- )
mask[first_byte_idx] |= 1 << ( start_bits - len );
Fix reusing session more than once
2013-08-02 13:34:52 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Avoid potential issues with offset or len becoming invalid */
return;
}
Fix reusing session more than once
2013-08-02 13:34:52 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
offset += start_bits; /* Now offset % 8 == 0 */
len -= start_bits;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
for( ; start_bits != 0; start_bits-- )
mask[first_byte_idx] |= 1 << ( start_bits - 1 );
}
Ability to specify allowed ciphersuites based on the protocol version. The ciphersuites parameter in the ssl_session structure changed from 'int *' to 'int *[4]'. The new function ssl_set_ciphersuite_for_version() sets specific entries inside this array. ssl_set_ciphersuite() sets all entries to the same value. (cherry picked from commit a62729888b9d8eafbfa952fca63a04100ed90f69) Conflicts: ChangeLog library/ssl_srv.c library/ssl_tls.c
2013-04-15 13:09:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
end_bits = len % 8;
if( end_bits != 0 )
{
size_t last_byte_idx = ( offset + len ) / 8;
Ability to specify allowed ciphersuites based on the protocol version. The ciphersuites parameter in the ssl_session structure changed from 'int *' to 'int *[4]'. The new function ssl_set_ciphersuite_for_version() sets specific entries inside this array. ssl_set_ciphersuite() sets all entries to the same value. (cherry picked from commit a62729888b9d8eafbfa952fca63a04100ed90f69) Conflicts: ChangeLog library/ssl_srv.c library/ssl_tls.c
2013-04-15 13:09:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
len -= end_bits; /* Now len % 8 == 0 */
Ability to specify allowed ciphersuites based on the protocol version. The ciphersuites parameter in the ssl_session structure changed from 'int *' to 'int *[4]'. The new function ssl_set_ciphersuite_for_version() sets specific entries inside this array. ssl_set_ciphersuite() sets all entries to the same value. (cherry picked from commit a62729888b9d8eafbfa952fca63a04100ed90f69) Conflicts: ChangeLog library/ssl_srv.c library/ssl_tls.c
2013-04-15 13:09:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
for( ; end_bits != 0; end_bits-- )
mask[last_byte_idx] |= 1 << ( 8 - end_bits );
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memset( mask + offset / 8, 0xFF, len / 8 );
Add mbedtls_ssl_conf_cert_profile()
2015-06-17 08:58:20 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Check that bitmask is full
*/
static int ssl_bitmask_check( unsigned char *mask, size_t len )
Change internal structs for multi-cert support
2013-09-23 12:46:13 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t i;
Change internal structs for multi-cert support
2013-09-23 12:46:13 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
for( i = 0; i < len / 8; i++ )
if( mask[i] != 0xFF )
return( -1 );
Change internal structs for multi-cert support
2013-09-23 12:46:13 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
for( i = 0; i < len % 8; i++ )
if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 )
return( -1 );
Change internal structs for multi-cert support
2013-09-23 12:46:13 +00:00
Rework ssl_set_own_cert() internals
2015-05-10 19:13:36 +00:00
return( 0 );
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* msg_len does not include the handshake header */
static size_t ssl_get_reassembly_buffer_size( size_t msg_len,
unsigned add_bitmap )
Rework ssl_set_own_cert() internals
2015-05-10 19:13:36 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t alloc_len;
Change internal structs for multi-cert support
2013-09-23 12:46:13 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
alloc_len = 12; /* Handshake header */
alloc_len += msg_len; /* Content buffer */
Add X.509 CA callback to SSL configuration and implement setter API
2019-03-27 16:54:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( add_bitmap )
alloc_len += msg_len / 8 + ( msg_len % 8 != 0 ); /* Bitmap */
Add X.509 CA callback to SSL configuration and implement setter API
2019-03-27 16:54:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( alloc_len );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
- Generalized external private key implementation handling (like PKCS#11) in SSL/TLS
2012-09-27 19:15:01 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Add ssl_set_hs_ca_chain()
2015-05-11 06:46:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl )
Add ssl_set_hs_ca_chain()
2015-05-11 06:46:37 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( ( ssl->in_msg[1] << 16 ) |
( ssl->in_msg[2] << 8 ) |
ssl->in_msg[3] );
Add ssl_set_hs_ca_chain()
2015-05-11 06:46:37 +00:00
}
Add mbedtls_ssl_set_hs_authmode While at it, fix the following: - on server with RSA_PSK, we don't want to set flags (client auth happens via the PSK, no cert is expected). - use safer tests (eg == OPTIONAL vs != REQUIRED)
2015-06-19 10:16:31 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
Add mbedtls_ssl_set_hs_authmode While at it, fix the following: - on server with RSA_PSK, we don't want to set flags (client auth happens via the PSK, no cert is expected). - use safer tests (eg == OPTIONAL vs != REQUIRED)
2015-06-19 10:16:31 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d",
ssl->in_msglen ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
Add ssl_set_hs_own_cert()
2015-05-10 21:10:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );
Implement context-specific verification callbacks
2019-04-03 11:52:50 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
" %d, type = %d, hslen = %d",
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
Add mbedtls_ssl_set_hs_ecjpake_password()
2015-09-15 10:43:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
if( ssl_check_hs_header( ssl ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid handshake header" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
if( ssl->handshake != NULL &&
( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
recv_msg_seq != ssl->handshake->in_msg_seq ) ||
( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) )
{
if( recv_msg_seq > ssl->handshake->in_msg_seq )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received future handshake message of sequence number %u (next %u)",
recv_msg_seq,
ssl->handshake->in_msg_seq ) );
return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
}
/* Retransmit only on last message from previous flight, to avoid
* too many retransmissions.
* Besides, No sane server ever retransmits HelloVerifyRequest */
if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 &&
ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
"message_seq = %d, start_of_flight = %d",
recv_msg_seq,
ssl->handshake->in_flight_start_seq ) );
if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
return( ret );
}
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
"message_seq = %d, expected = %d",
recv_msg_seq,
ssl->handshake->in_msg_seq ) );
}
return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
}
/* Wait until message completion to increment in_msg_seq */
Add mbedtls_ssl_set_hs_ecjpake_password()
2015-09-15 10:43:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Message reassembly is handled alongside buffering of future
* messages; the commonality is that both handshake fragments and
* future messages cannot be forwarded immediately to the
* handshake logic layer. */
if( ssl_hs_is_proper_fragment( ssl ) == 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) );
return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
}
}
Add mbedtls_ssl_set_hs_ecjpake_password()
2015-09-15 10:43:43 +00:00
else
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/* With TLS we don't handle fragmentation (for now) */
if( ssl->in_msglen < ssl->in_hslen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
Add mbedtls_ssl_set_hs_ecjpake_password()
2015-09-15 10:43:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
Add mbedtls_ssl_set_hs_ecjpake_password()
2015-09-15 10:43:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
Implement API for configuration of opaque PSKs This commit adds implementations of the two new API functions mbedtls_ssl_conf_psk_opaque() mbedtls_ssl_set_hs_psk_opaque().
2018-10-22 14:31:26 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL )
Fix handling of long PSK identities fixes #238
2015-08-27 14:37:35 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
Fix handling of long PSK identities fixes #238
2015-08-27 14:37:35 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Handshake message is complete, increment counter */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL )
PSK callback added to SSL server
2013-09-18 15:29:31 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
unsigned offset;
mbedtls_ssl_hs_buffer *hs_buf;
Set len var to 0 when buf is freed in ssl_tls.c
2017-07-05 13:25:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Increment handshake sequence number */
hs->in_msg_seq++;
Implement API for configuration of opaque PSKs This commit adds implementations of the two new API functions mbedtls_ssl_conf_psk_opaque() mbedtls_ssl_set_hs_psk_opaque().
2018-10-22 14:31:26 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Clear up handshake buffering and reassembly structure.
*/
/* Free first entry */
ssl_buffering_free_slot( ssl, 0 );
/* Shift all other entries */
for( offset = 0, hs_buf = &hs->buffering.hs[0];
offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS;
offset++, hs_buf++ )
{
*hs_buf = *(hs_buf + 1);
}
/* Create a fresh last entry */
memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
PSK callback added to SSL server
2013-09-18 15:29:31 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif
}
/*
* DTLS anti-replay: RFC 6347 4.1.2.6
*
* in_window is a field of bits numbered from 0 (lsb) to 63 (msb).
* Bit n is set iff record number in_window_top - n has been seen.
*
* Usually, in_window_top is the last record number seen and the lsb of
* in_window is set. The only exception is the initial state (record number 0
* not seen yet).
*/
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl )
{
ssl->in_window_top = 0;
ssl->in_window = 0;
Implement API for configuration of opaque PSKs This commit adds implementations of the two new API functions mbedtls_ssl_conf_psk_opaque() mbedtls_ssl_set_hs_psk_opaque().
2018-10-22 14:31:26 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static inline uint64_t ssl_load_six_bytes( unsigned char *buf )
Implement API for configuration of opaque PSKs This commit adds implementations of the two new API functions mbedtls_ssl_conf_psk_opaque() mbedtls_ssl_set_hs_psk_opaque().
2018-10-22 14:31:26 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( ( (uint64_t) buf[0] << 40 ) |
( (uint64_t) buf[1] << 32 ) |
( (uint64_t) buf[2] << 24 ) |
( (uint64_t) buf[3] << 16 ) |
( (uint64_t) buf[4] << 8 ) |
( (uint64_t) buf[5] ) );
PSK callback added to SSL server
2013-09-18 15:29:31 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr )
Share code for PSK identity configuration This commit shares the code for setting the PSK identity hint between the functions mbedtls_ssl_conf_psk() and mbedtls_ssl_conf_psk_opaque().
2018-11-15 13:33:04 +00:00
{
Initialize return values to an error Initializing the return values to an error is best practice and makes the library more robust against programmer errors.
2019-12-16 11:46:15 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
unsigned char *original_in_ctr;
Share code for PSK identity configuration This commit shares the code for setting the PSK identity hint between the functions mbedtls_ssl_conf_psk() and mbedtls_ssl_conf_psk_opaque().
2018-11-15 13:33:04 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
// save original in_ctr
original_in_ctr = ssl->in_ctr;
Do not allow configuring zero-length PSK fix error when calloc is called with size 0
2019-11-20 13:54:36 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
// use counter from record
ssl->in_ctr = record_in_ctr;
Share code for PSK identity configuration This commit shares the code for setting the PSK identity hint between the functions mbedtls_ssl_conf_psk() and mbedtls_ssl_conf_psk_opaque().
2018-11-15 13:33:04 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = mbedtls_ssl_dtls_replay_check( (mbedtls_ssl_context const *) ssl );
Share code for PSK identity configuration This commit shares the code for setting the PSK identity hint between the functions mbedtls_ssl_conf_psk() and mbedtls_ssl_conf_psk_opaque().
2018-11-15 13:33:04 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
// restore the counter
ssl->in_ctr = original_in_ctr;
Share code for PSK identity configuration This commit shares the code for setting the PSK identity hint between the functions mbedtls_ssl_conf_psk() and mbedtls_ssl_conf_psk_opaque().
2018-11-15 13:33:04 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return ret;
Implement API for configuration of opaque PSKs This commit adds implementations of the two new API functions mbedtls_ssl_conf_psk_opaque() mbedtls_ssl_set_hs_psk_opaque().
2018-10-22 14:31:26 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Return 0 if sequence number is acceptable, -1 otherwise
*/
int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl )
Use a specific function in the PSK callback
2015-05-07 14:59:54 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
uint64_t bit;
Use a specific function in the PSK callback
2015-05-07 14:59:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
return( 0 );
if( rec_seqnum > ssl->in_window_top )
return( 0 );
Use a specific function in the PSK callback
2015-05-07 14:59:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
bit = ssl->in_window_top - rec_seqnum;
Use a specific function in the PSK callback
2015-05-07 14:59:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( bit >= 64 )
return( -1 );
Use a specific function in the PSK callback
2015-05-07 14:59:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 )
return( -1 );
Use a specific function in the PSK callback
2015-05-07 14:59:54 +00:00
return( 0 );
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Update replay window on new validated record
*/
void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
Implement API for configuration of opaque PSKs This commit adds implementations of the two new API functions mbedtls_ssl_conf_psk_opaque() mbedtls_ssl_set_hs_psk_opaque().
2018-10-22 14:31:26 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
Implement API for configuration of opaque PSKs This commit adds implementations of the two new API functions mbedtls_ssl_conf_psk_opaque() mbedtls_ssl_set_hs_psk_opaque().
2018-10-22 14:31:26 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
return;
Implement API for configuration of opaque PSKs This commit adds implementations of the two new API functions mbedtls_ssl_conf_psk_opaque() mbedtls_ssl_set_hs_psk_opaque().
2018-10-22 14:31:26 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( rec_seqnum > ssl->in_window_top )
{
/* Update window_top and the contents of the window */
uint64_t shift = rec_seqnum - ssl->in_window_top;
Implement API for configuration of opaque PSKs This commit adds implementations of the two new API functions mbedtls_ssl_conf_psk_opaque() mbedtls_ssl_set_hs_psk_opaque().
2018-10-22 14:31:26 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( shift >= 64 )
ssl->in_window = 1;
else
{
ssl->in_window <<= shift;
ssl->in_window |= 1;
}
Implement API for configuration of opaque PSKs This commit adds implementations of the two new API functions mbedtls_ssl_conf_psk_opaque() mbedtls_ssl_set_hs_psk_opaque().
2018-10-22 14:31:26 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->in_window_top = rec_seqnum;
}
else
{
/* Mark that number as seen in the current window */
uint64_t bit = ssl->in_window_top - rec_seqnum;
Implement API for configuration of opaque PSKs This commit adds implementations of the two new API functions mbedtls_ssl_conf_psk_opaque() mbedtls_ssl_set_hs_psk_opaque().
2018-10-22 14:31:26 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( bit < 64 ) /* Always true, but be extra sure */
ssl->in_window |= (uint64_t) 1 << bit;
}
Added pre-shared key handling for the client side of SSL / TLS Client side handling of the pure PSK ciphersuites is now in the base code.
2013-04-16 16:05:29 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
Deprecate mbedtls_ssl_conf_dh_param
2017-10-04 14:28:46 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
/*
* Without any SSL context, check if a datagram looks like a ClientHello with
* a valid cookie, and if it doesn't, generate a HelloVerifyRequest message.
* Both input and output include full DTLS headers.
*
* - if cookie is valid, return 0
* - if ClientHello looks superficially valid but cookie is not,
* fill obuf and set olen, then
* return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
* - otherwise return a specific error code
*/
static int ssl_check_dtls_clihlo_cookie(
mbedtls_ssl_cookie_write_t *f_cookie_write,
mbedtls_ssl_cookie_check_t *f_cookie_check,
void *p_cookie,
const unsigned char *cli_id, size_t cli_id_len,
const unsigned char *in, size_t in_len,
unsigned char *obuf, size_t buf_len, size_t *olen )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t sid_len, cookie_len;
unsigned char *p;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Structure of ClientHello with record and handshake headers,
* and expected values. We don't need to check a lot, more checks will be
* done when actually parsing the ClientHello - skipping those checks
* avoids code duplication and does not make cookie forging any easier.
*
* 0-0 ContentType type; copied, must be handshake
* 1-2 ProtocolVersion version; copied
* 3-4 uint16 epoch; copied, must be 0
* 5-10 uint48 sequence_number; copied
* 11-12 uint16 length; (ignored)
*
* 13-13 HandshakeType msg_type; (ignored)
* 14-16 uint24 length; (ignored)
* 17-18 uint16 message_seq; copied
* 19-21 uint24 fragment_offset; copied, must be 0
* 22-24 uint24 fragment_length; (ignored)
*
* 25-26 ProtocolVersion client_version; (ignored)
* 27-58 Random random; (ignored)
* 59-xx SessionID session_id; 1 byte len + sid_len content
* 60+ opaque cookie<0..2^8-1>; 1 byte len + content
* ...
*
* Minimum length is 61 bytes.
*/
if( in_len < 61 ||
in[0] != MBEDTLS_SSL_MSG_HANDSHAKE ||
in[3] != 0 || in[4] != 0 ||
in[19] != 0 || in[20] != 0 || in[21] != 0 )
Upgrade default DHM params size
2015-05-06 16:33:07 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
Upgrade default DHM params size
2015-05-06 16:33:07 +00:00
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
sid_len = in[59];
if( sid_len > in_len - 61 )
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
cookie_len = in[60 + sid_len];
if( cookie_len > in_len - 60 )
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
Add ssl_conf_dh_param_bin superseding ssl_conf_dh_param
2017-10-04 14:29:08 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len,
cli_id, cli_id_len ) == 0 )
Add ssl_conf_dh_param_bin superseding ssl_conf_dh_param
2017-10-04 14:29:08 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Valid cookie */
return( 0 );
Add ssl_conf_dh_param_bin superseding ssl_conf_dh_param
2017-10-04 14:29:08 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* If we get here, we've got an invalid cookie, let's prepare HVR.
*
* 0-0 ContentType type; copied
* 1-2 ProtocolVersion version; copied
* 3-4 uint16 epoch; copied
* 5-10 uint48 sequence_number; copied
* 11-12 uint16 length; olen - 13
*
* 13-13 HandshakeType msg_type; hello_verify_request
* 14-16 uint24 length; olen - 25
* 17-18 uint16 message_seq; copied
* 19-21 uint24 fragment_offset; copied
* 22-24 uint24 fragment_length; olen - 25
*
* 25-26 ProtocolVersion server_version; 0xfe 0xff
* 27-27 opaque cookie<0..2^8-1>; cookie_len = olen - 27, cookie
*
* Minimum length is 28.
*/
if( buf_len < 28 )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Copy most fields and adapt others */
memcpy( obuf, in, 25 );
obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST;
obuf[25] = 0xfe;
obuf[26] = 0xff;
- Added reading of DHM context from memory and file
2011-01-06 15:48:19 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Generate and write actual cookie */
p = obuf + 28;
if( f_cookie_write( p_cookie,
&p, obuf + buf_len, cli_id, cli_id_len ) != 0 )
Upgrade default DHM params size
2015-05-06 16:33:07 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Upgrade default DHM params size
2015-05-06 16:33:07 +00:00
}
- Added reading of DHM context from memory and file
2011-01-06 15:48:19 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
*olen = p - obuf;
- Added reading of DHM context from memory and file
2011-01-06 15:48:19 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Go back and fill length fields */
obuf[27] = (unsigned char)( *olen - 28 );
Add ssl_conf_dhm_min_bitlen()
2015-06-11 12:49:42 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 );
obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 );
obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) );
obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 );
obuf[12] = (unsigned char)( ( *olen - 13 ) );
return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
Create API for mbedtls_ssl_conf_sig_hashes(). Not implemented yet.
2015-06-17 10:43:26 +00:00
}
ssl_set_curves is no longer ECDHE only
2014-02-04 14:52:33 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Handle possible client reconnect with the same UDP quadruplet
* (RFC 6347 Section 4.2.8).
*
* Called by ssl_parse_record_header() in case we receive an epoch 0 record
* that looks like a ClientHello.
*
* - if the input looks like a ClientHello without cookies,
* send back HelloVerifyRequest, then
* return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
* - if the input looks like a ClientHello with a valid cookie,
* reset the session of the current context, and
* return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
* - if anything goes wrong, return a specific error code
*
* mbedtls_ssl_read_record() will ignore the record if anything else than
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function
* cannot not return 0.
ssl_set_curves is no longer ECDHE only
2014-02-04 14:52:33 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
Change how hostname is stored internally
2015-05-06 09:47:06 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->conf->f_cookie_write == NULL ||
ssl->conf->f_cookie_check == NULL )
Make mbedtls_ssl_set_hostname safe to be called multiple times Zeroize and free previously set hostnames before overwriting them. Also, allow clearance of hostname by providing NULL parameter.
2017-04-07 12:25:49 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* If we can't use cookies to verify reachability of the peer,
* drop the record. */
return( 0 );
Make mbedtls_ssl_set_hostname safe to be called multiple times Zeroize and free previously set hostnames before overwriting them. Also, allow clearance of hostname by providing NULL parameter.
2017-04-07 12:25:49 +00:00
}
Fixed potential heap buffer overflow on large hostname setting
2013-08-19 12:25:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = ssl_check_dtls_clihlo_cookie(
ssl->conf->f_cookie_write,
ssl->conf->f_cookie_check,
ssl->conf->p_cookie,
ssl->cli_id, ssl->cli_id_len,
ssl->in_buf, ssl->in_left,
ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len );
Added max length checking of hostname
2015-09-27 21:50:49 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
Make mbedtls_ssl_set_hostname safe to be called multiple times Zeroize and free previously set hostnames before overwriting them. Also, allow clearance of hostname by providing NULL parameter.
2017-04-07 12:25:49 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Don't check write errors as we can't do anything here.
* If the error is permanent we'll catch it later,
* if it's not, then hopefully it'll work next time. */
(void) ssl->f_send( ssl->p_bio, ssl->out_buf, len );
ret = 0;
Make mbedtls_ssl_set_hostname safe to be called multiple times Zeroize and free previously set hostnames before overwriting them. Also, allow clearance of hostname by providing NULL parameter.
2017-04-07 12:25:49 +00:00
}
Removed extra spaces on end of lines
2013-04-16 11:15:56 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ret == 0 )
{
/* Got a valid cookie, partially reset context */
if( ( ret = mbedtls_ssl_session_reset_int( ssl, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret );
return( ret );
}
Make mbedtls_ssl_set_hostname safe to be called multiple times Zeroize and free previously set hostnames before overwriting them. Also, allow clearance of hostname by providing NULL parameter.
2017-04-07 12:25:49 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT );
Make mbedtls_ssl_set_hostname safe to be called multiple times Zeroize and free previously set hostnames before overwriting them. Also, allow clearance of hostname by providing NULL parameter.
2017-04-07 12:25:49 +00:00
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( ret );
- Added ServerName extension parsing (SNI) at server side
2012-09-27 21:49:42 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
- Added ServerName extension parsing (SNI) at server side
2012-09-27 21:49:42 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_check_record_type( uint8_t record_type )
Add ALPN interface
2014-04-04 14:08:41 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE &&
record_type != MBEDTLS_SSL_MSG_ALERT &&
record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
Implement ALPN client-side
2014-04-07 08:57:45 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Implement ALPN client-side
2014-04-07 08:57:45 +00:00
}
return( 0 );
Add ALPN interface
2014-04-04 14:08:41 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* ContentType type;
* ProtocolVersion version;
* uint16 epoch; // DTLS only
* uint48 sequence_number; // DTLS only
* uint16 length;
*
* Return 0 if header looks sane (and, for DTLS, the record is expected)
* MBEDTLS_ERR_SSL_INVALID_RECORD if the header looks bad,
* MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected.
*
* With DTLS, mbedtls_ssl_read_record() will:
* 1. proceed with the record if this function returns 0
* 2. drop only the current record if this function returns UNEXPECTED_RECORD
* 3. return CLIENT_RECONNECT if this function return that value
* 4. drop the whole datagram if this function returns anything else.
* Point 2 is needed when the peer is resending, and we have already received
* the first record from a datagram but are still waiting for the others.
*/
static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
unsigned char *buf,
size_t len,
mbedtls_record *rec )
More ssl_set_XXX() functions can return BAD_INPUT
2014-02-10 13:25:10 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int major_ver, minor_ver;
- Added ssl_set_max_version() to set the client's maximum sent version number
2011-10-06 13:04:09 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t const rec_hdr_type_offset = 0;
size_t const rec_hdr_type_len = 1;
- Added option to add minimum accepted SSL/TLS protocol version
2012-09-28 13:28:45 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t const rec_hdr_version_offset = rec_hdr_type_offset +
rec_hdr_type_len;
size_t const rec_hdr_version_len = 2;
Implement FALLBACK_SCSV client-side
2014-10-20 11:34:59 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t const rec_hdr_ctr_len = 8;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
uint32_t rec_epoch;
size_t const rec_hdr_ctr_offset = rec_hdr_version_offset +
rec_hdr_version_len;
Implement optional CA list suppression in Certificate Request According to RFC5246 the server can indicate the known Certificate Authorities or can constrain the aurhorisation space by sending a certificate list. This part of the message is optional and if omitted, the client may send any certificate in the response. The previous behaviour of mbed TLS was to always send the name of all the CAs that are configured as root CAs. In certain cases this might cause usability and privacy issues for example: - If the list of the CA names is longer than the peers input buffer then the handshake will fail - If the configured CAs belong to third parties, this message gives away information on the relations to these third parties Therefore we introduce an option to suppress the CA list in the Certificate Request message. Providing this feature as a runtime option comes with a little cost in code size and advantages in maintenance and flexibility.
2017-04-10 11:42:31 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
size_t const rec_hdr_cid_offset = rec_hdr_ctr_offset +
rec_hdr_ctr_len;
size_t rec_hdr_cid_len = 0;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Implement initial negotiation of EtM Not implemented yet: - actually using EtM - conditions on renegotiation
2014-10-27 12:57:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t rec_hdr_len_offset; /* To be determined */
size_t const rec_hdr_len_len = 2;
Add negotiation of Extended Master Secret (But not the actual thing yet.)
2014-10-20 16:40:56 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Check minimum lengths for record header.
*/
Add ssl_set_arc4_support() Rationale: if people want to disable RC4 but otherwise keep the default suite list, it was cumbersome. Also, since it uses a global array, ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like the best place, even if it means temporarily adding one SSL setting.
2015-01-12 12:43:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Add ssl_set_max_frag_len()
2013-07-16 10:45:26 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
rec_hdr_len_offset = rec_hdr_ctr_offset + rec_hdr_ctr_len;
}
else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
{
rec_hdr_len_offset = rec_hdr_version_offset + rec_hdr_version_len;
Prepare migrating max fragment length to session Remove max_frag_len member so that reseting session by memset()ing it to zero does the right thing.
2013-07-18 10:32:27 +00:00
}
Forbid setting max_frag_len > MAX_CONTENT_LEN
2013-07-17 12:33:38 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( len < rec_hdr_len_offset + rec_hdr_len_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "datagram of length %u too small to hold DTLS record header of length %u",
(unsigned) len,
(unsigned)( rec_hdr_len_len + rec_hdr_len_len ) ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
Add ssl_set_renegotiation_enforced()
2014-07-03 17:29:16 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Parse and validate record content type
*/
Session ticket expiration checked on server
2013-08-14 14:52:14 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
rec->type = buf[ rec_hdr_type_offset ];
Add ssl_set_session_tickets()
2013-08-03 11:02:31 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Check record content type */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
rec->cid_len = 0;
Add an extra key export function Add an additional function `mbedtls_ssl_export_keys_ext_t()` for exporting key, that adds additional information such as the used `tls_prf` and the random bytes.
2019-05-07 15:33:40 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->conf->cid_len != 0 &&
rec->type == MBEDTLS_SSL_MSG_CID )
{
/* Shift pointers to account for record header including CID
* struct {
* ContentType special_type = tls12_cid;
* ProtocolVersion version;
* uint16 epoch;
* uint48 sequence_number;
* opaque cid[cid_length]; // Additional field compared to
* // default DTLS record format
* uint16 length;
* opaque enc_content[DTLSCiphertext.length];
* } DTLSCiphertext;
*/
Added key export API
2015-10-02 12:33:37 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* So far, we only support static CID lengths
* fixed in the configuration. */
rec_hdr_cid_len = ssl->conf->cid_len;
rec_hdr_len_offset += rec_hdr_cid_len;
Pass the SSL context to async callbacks When a handshake step starts an asynchronous operation, the application needs to know which SSL connection the operation is for, so that when the operation completes, the application can wake that connection up. Therefore the async start callbacks need to take the SSL context as an argument. It isn't enough to let them set a cookie in the SSL connection, the application needs to be able to find the right SSL connection later. Also pass the SSL context to the other callbacks for consistency. Add a new field to the handshake that the application can use to store a per-connection context. This new field replaces the former context (operation_ctx) that was created by the start function and passed to the resume function. Add a boolean flag to the handshake structure to track whether an asynchronous operation is in progress. This is more robust than relying on the application to set a non-null application context.
2018-04-25 18:39:48 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( len < rec_hdr_len_offset + rec_hdr_len_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "datagram of length %u too small to hold DTLS record header including CID, length %u",
(unsigned) len,
(unsigned)( rec_hdr_len_offset + rec_hdr_len_len ) ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
Don't pass the async config data to async callbacks The config data is in the SSL config, so callbacks can retrieve it from there, with the new function mbedtls_ssl_conf_get_async_config_data.
2018-04-26 09:46:10 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* configured CID len is guaranteed at most 255, see
* MBEDTLS_SSL_CID_OUT_LEN_MAX in check_config.h */
rec->cid_len = (uint8_t) rec_hdr_cid_len;
memcpy( rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len );
}
Pass the SSL context to async callbacks When a handshake step starts an asynchronous operation, the application needs to know which SSL connection the operation is for, so that when the operation completes, the application can wake that connection up. Therefore the async start callbacks need to take the SSL context as an argument. It isn't enough to let them set a cookie in the SSL connection, the application needs to be able to find the right SSL connection later. Also pass the SSL context to the other callbacks for consistency. Add a new field to the handshake that the application can use to store a per-connection context. This new field replaces the former context (operation_ctx) that was created by the start function and passed to the resume function. Add a boolean flag to the handshake structure to track whether an asynchronous operation is in progress. This is more robust than relying on the application to set a non-null application context.
2018-04-25 18:39:48 +00:00
else
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
{
if( ssl_check_record_type( rec->type ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type %u",
(unsigned) rec->type ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Parse and validate record version
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
rec->ver[0] = buf[ rec_hdr_version_offset + 0 ];
rec->ver[1] = buf[ rec_hdr_version_offset + 1 ];
mbedtls_ssl_read_version( &major_ver, &minor_ver,
ssl->conf->transport,
&rec->ver[0] );
if( major_ver != ssl->major_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
if( minor_ver > ssl->conf->max_minor_ver )
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
}
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Parse/Copy record sequence number.
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Copy explicit record sequence number from input buffer. */
memcpy( &rec->ctr[0], buf + rec_hdr_ctr_offset,
rec_hdr_ctr_len );
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
{
/* Copy implicit record sequence number from SSL context structure. */
memcpy( &rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len );
}
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Parse record length.
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len;
rec->data_len = ( (size_t) buf[ rec_hdr_len_offset + 0 ] << 8 ) |
( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 );
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
"version = [%d:%d], msglen = %d",
rec->type,
major_ver, minor_ver, rec->data_len ) );
rec->buf = buf;
rec->buf_len = rec->data_offset + rec->data_len;
if( rec->data_len == 0 )
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* DTLS-related tests.
* Check epoch before checking length constraint because
* the latter varies with the epoch. E.g., if a ChangeCipherSpec
* message gets duplicated before the corresponding Finished message,
* the second ChangeCipherSpec should be discarded because it belongs
* to an old epoch, but not because its length is shorter than
* the minimum record length for packets using the new record transform.
* Note that these two kinds of failures are handled differently,
* as an unexpected record is silently skipped but an invalid
* record leads to the entire datagram being dropped.
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
rec_epoch = ( rec->ctr[0] << 8 ) | rec->ctr[1];
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Check that the datagram is large enough to contain a record
* of the advertised length. */
if( len < rec->data_offset + rec->data_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Datagram of length %u too small to contain record of advertised length %u.",
(unsigned) len,
(unsigned)( rec->data_offset + rec->data_len ) ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
/* Records from other, non-matching epochs are silently discarded.
* (The case of same-port Client reconnects must be considered in
* the caller). */
if( rec_epoch != ssl->in_epoch )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
"expected %d, received %d",
ssl->in_epoch, rec_epoch ) );
/* Records from the next epoch are considered for buffering
* (concretely: early Finished messages). */
if( rec_epoch == (unsigned) ssl->in_epoch + 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Consider record for buffering" ) );
return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
}
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
}
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
/* For records from the correct epoch, check whether their
* sequence number has been seen before. */
else if( mbedtls_ssl_dtls_record_replay_check( (mbedtls_ssl_context *) ssl,
&rec->ctr[0] ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
}
#endif
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport.
2017-10-10 10:51:19 +00:00
return( 0 );
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
Fix bug in ssl_get_verify_result()
2015-01-23 14:30:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Check for an epoch 0 ClientHello. We can't use in_msg here to
* access the first byte of record content (handshake type), as we
* have an active transform (possibly iv_len != 0), so use the
* fact that the record header len is 13 instead.
*/
if( rec_epoch == 0 &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_left > 13 &&
ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect "
"from the same port" ) );
return( ssl_handle_possible_reconnect( ssl ) );
}
Fix bug in ssl_get_verify_result()
2015-01-23 14:30:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* If applicable, decrypt record content
*/
static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
mbedtls_record *rec )
- Improved information provided about current Hashing, Cipher and Suite capabilities
2011-01-16 21:27:44 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret, done = 0;
Fixed possible NULL pointer exception in ssl_get_ciphersuite()
2013-03-06 09:23:34 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
rec->buf, rec->buf_len );
- Improved information provided about current Hashing, Cipher and Suite capabilities
2011-01-16 21:27:44 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_read != NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_read()" ) );
ret = mbedtls_ssl_hw_record_read( ssl );
if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_read", ret );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
if( ret == 0 )
done = 1;
}
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
if( !done && ssl->transform_in != NULL )
Adapt version-handling functions to DTLS
2014-02-10 12:43:33 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
unsigned char const old_msg_type = rec->type;
if( ( ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in,
rec ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID &&
ssl->conf->ignore_unexpected_cid
== MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ignoring unexpected CID" ) );
ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
return( ret );
}
if( old_msg_type != rec->type )
{
MBEDTLS_SSL_DEBUG_MSG( 4, ( "record type after decrypt (before %d): %d",
old_msg_type, rec->type ) );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
rec->buf + rec->data_offset, rec->data_len );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* We have already checked the record content type
* in ssl_parse_record_header(), failing or silently
* dropping the record in the case of an unknown type.
*
* Since with the use of CIDs, the record content type
* might change during decryption, re-check the record
* content type, but treat a failure as fatal this time. */
if( ssl_check_record_type( rec->type ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
if( rec->data_len == 0 )
Adapt version-handling functions to DTLS
2014-02-10 12:43:33 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
&& rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
{
/* TLS v1.2 explicitly disallows zero-length messages which are not application data */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
ssl->nb_zero++;
/*
* Three or more empty messages may be a DoS attack
* (excessive CPU consumption).
*/
if( ssl->nb_zero > 3 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
"messages, possible DoS attack" ) );
/* Treat the records as if they were not properly authenticated,
* thereby failing the connection if we see more than allowed
* by the configured bad MAC threshold. */
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
}
else
ssl->nb_zero = 0;
Adapt version-handling functions to DTLS
2014-02-10 12:43:33 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
; /* in_ctr read from peer, not maintained internally */
}
else
#endif
{
unsigned i;
for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- )
if( ++ssl->in_ctr[i - 1] != 0 )
break;
Adapt version-handling functions to DTLS
2014-02-10 12:43:33 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* The loop goes to its end iff the counter is wrapping */
if( i == mbedtls_ssl_ep_len( ssl ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
}
Adapt version-handling functions to DTLS
2014-02-10 12:43:33 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
Adapt version-handling functions to DTLS
2014-02-10 12:43:33 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- Added function for stringified SSL/TLS version
2011-01-15 17:35:19 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_ssl_dtls_replay_update( ssl );
- Added function for stringified SSL/TLS version
2011-01-15 17:35:19 +00:00
}
Add ssl_get_record_expansion()
2014-10-14 15:47:31 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Check actual (decrypted) record content length against
* configured maximum. */
if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
Add ssl_get_record_expansion()
2014-10-14 15:47:31 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Add ssl_get_record_expansion()
2014-10-14 15:47:31 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
Add ssl_get_record_expansion()
2014-10-14 15:47:31 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Read a record.
*
* Silently ignore non-fatal alert (and for DTLS, invalid records as well,
* RFC 6347 4.1.2.7) and continue reading until a valid record is found.
*
*/
Add mbedtls_ssl_get_max_frag_len() This is not very useful for TLS as mbedtls_ssl_write() will automatically fragment and return the length used, and the application should check for that anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an error, and the application needs to be able to query the maximum length instead of just guessing.
2015-08-31 16:30:52 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Helper functions for mbedtls_ssl_read_record(). */
static int ssl_consume_current_message( mbedtls_ssl_context *ssl );
static int ssl_get_next_record( mbedtls_ssl_context *ssl );
static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl );
Add mbedtls_ssl_get_max_frag_len() This is not very useful for TLS as mbedtls_ssl_write() will automatically fragment and return the length used, and the application should check for that anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an error, and the application needs to be able to query the maximum length instead of just guessing.
2015-08-31 16:30:52 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
unsigned update_hs_digest )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Add mbedtls_ssl_get_max_frag_len() This is not very useful for TLS as mbedtls_ssl_write() will automatically fragment and return the length used, and the application should check for that anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an error, and the application needs to be able to query the maximum length instead of just guessing.
2015-08-31 16:30:52 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) );
if( ssl->keep_current_message == 0 )
Make handshake fragmentation follow max_frag_len Note: no interop tests in ssl-opt.sh for now, as some of them make us run into bugs in (the CI's default versions of) OpenSSL and GnuTLS, so interop tests will be added later once the situation is clarified. <- TODO
2017-09-19 11:00:47 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
do {
Make handshake fragmentation follow max_frag_len Note: no interop tests in ssl-opt.sh for now, as some of them make us run into bugs in (the CI's default versions of) OpenSSL and GnuTLS, so interop tests will be added later once the situation is clarified. <- TODO
2017-09-19 11:00:47 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = ssl_consume_current_message( ssl );
if( ret != 0 )
return( ret );
Add mbedtls_ssl_get_max_frag_len() This is not very useful for TLS as mbedtls_ssl_write() will automatically fragment and return the length used, and the application should check for that anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an error, and the application needs to be able to query the maximum length instead of just guessing.
2015-08-31 16:30:52 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl_record_is_in_progress( ssl ) == 0 )
{
Implement PMTU auto-reduction in handshake
2018-08-20 07:34:02 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int have_buffered = 0;
Implement PMTU auto-reduction in handshake
2018-08-20 07:34:02 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* We only check for buffered messages if the
* current datagram is fully consumed. */
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl_next_record_is_in_datagram( ssl ) == 0 )
{
if( ssl_load_buffered_message( ssl ) == 0 )
have_buffered = 1;
}
Implement PMTU auto-reduction in handshake
2018-08-20 07:34:02 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( have_buffered == 0 )
Implement PMTU auto-reduction in handshake
2018-08-20 07:34:02 +00:00
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
{
ret = ssl_get_next_record( ssl );
if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
continue;
Implement PMTU auto-reduction in handshake
2018-08-20 07:34:02 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_get_next_record" ), ret );
return( ret );
}
}
}
Implement support for MTU setting
2017-09-21 11:49:50 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = mbedtls_ssl_handle_message_type( ssl );
Fix "unused parameter" warning in small configs
2018-08-21 09:20:58 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
{
/* Buffer future message */
ret = ssl_buffer_message( ssl );
if( ret != 0 )
return( ret );
Implement support for MTU setting
2017-09-21 11:49:50 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Implement support for MTU setting
2017-09-21 11:49:50 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
} while( MBEDTLS_ERR_SSL_NON_FATAL == ret ||
MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
Implement support for MTU setting
2017-09-21 11:49:50 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( 0 != ret )
{
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret );
Implement support for MTU setting
2017-09-21 11:49:50 +00:00
return( ret );
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
}
Implement support for MTU setting
2017-09-21 11:49:50 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
update_hs_digest == 1 )
Implement support for MTU setting
2017-09-21 11:49:50 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_ssl_update_handshake_status( ssl );
Implement support for MTU setting
2017-09-21 11:49:50 +00:00
}
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
Add ssl_get_session() to save session on client
2013-07-30 10:41:56 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "reuse previously read message" ) );
ssl->keep_current_message = 0;
Add ssl_get_session() to save session on client
2013-07-30 10:41:56 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) );
return( 0 );
Add ssl_get_session() to save session on client
2013-07-30 10:41:56 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl )
Add mbedtls_ssl_get_session_pointer() Avoid useless copy with mbedtls_ssl_get_session() before serialising. Used in ssl_client2 for testing and demonstrating usage, but unfortunately that means mbedtls_ssl_get_session() is no longer tested, which will be fixed in the next commit.
2019-05-20 09:12:28 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_left > ssl->next_record_offset )
return( 1 );
Add mbedtls_ssl_get_session_pointer() Avoid useless copy with mbedtls_ssl_get_session() before serialising. Used in ssl_client2 for testing and demonstrating usage, but unfortunately that means mbedtls_ssl_get_session() is no longer tested, which will be fixed in the next commit.
2019-05-20 09:12:28 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
Add mbedtls_ssl_get_session_pointer() Avoid useless copy with mbedtls_ssl_get_session() before serialising. Used in ssl_client2 for testing and demonstrating usage, but unfortunately that means mbedtls_ssl_get_session() is no longer tested, which will be fixed in the next commit.
2019-05-20 09:12:28 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
{
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
mbedtls_ssl_hs_buffer * hs_buf;
int ret = 0;
Encode relevant parts of the config in serialized session header This commit makes use of the added space in the session header to encode the state of those parts of the compile-time configuration which influence the structure of the serialized session in the present version of Mbed TLS. Specifically, these are - the options which influence the presence/omission of fields from mbedtls_ssl_session (which is currently shallow-copied into the serialized session) - the setting of MBEDTLS_X509_CRT_PARSE_C, which determines whether the serialized session contains a CRT-length + CRT-value pair after the shallow-copied mbedtls_ssl_session instance. - the setting of MBEDTLS_SSL_SESSION_TICKETS, which determines whether the serialized session contains a session ticket.
2019-05-16 11:50:45 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( hs == NULL )
return( -1 );
Encode relevant parts of the config in serialized session header This commit makes use of the added space in the session header to encode the state of those parts of the compile-time configuration which influence the structure of the serialized session in the present version of Mbed TLS. Specifically, these are - the options which influence the presence/omission of fields from mbedtls_ssl_session (which is currently shallow-copied into the serialized session) - the setting of MBEDTLS_X509_CRT_PARSE_C, which determines whether the serialized session contains a CRT-length + CRT-value pair after the shallow-copied mbedtls_ssl_session instance. - the setting of MBEDTLS_SSL_SESSION_TICKETS, which determines whether the serialized session contains a session ticket.
2019-05-16 11:50:45 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) );
Encode relevant parts of the config in serialized session header This commit makes use of the added space in the session header to encode the state of those parts of the compile-time configuration which influence the structure of the serialized session in the present version of Mbed TLS. Specifically, these are - the options which influence the presence/omission of fields from mbedtls_ssl_session (which is currently shallow-copied into the serialized session) - the setting of MBEDTLS_X509_CRT_PARSE_C, which determines whether the serialized session contains a CRT-length + CRT-value pair after the shallow-copied mbedtls_ssl_session instance. - the setting of MBEDTLS_SSL_SESSION_TICKETS, which determines whether the serialized session contains a session ticket.
2019-05-16 11:50:45 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ||
ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
{
/* Check if we have seen a ChangeCipherSpec before.
* If yes, synthesize a CCS record. */
if( !hs->buffering.seen_ccs )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "CCS not seen in the current flight" ) );
ret = -1;
goto exit;
}
Encode relevant parts of the config in serialized session header This commit makes use of the added space in the session header to encode the state of those parts of the compile-time configuration which influence the structure of the serialized session in the present version of Mbed TLS. Specifically, these are - the options which influence the presence/omission of fields from mbedtls_ssl_session (which is currently shallow-copied into the serialized session) - the setting of MBEDTLS_X509_CRT_PARSE_C, which determines whether the serialized session contains a CRT-length + CRT-value pair after the shallow-copied mbedtls_ssl_session instance. - the setting of MBEDTLS_SSL_SESSION_TICKETS, which determines whether the serialized session contains a session ticket.
2019-05-16 11:50:45 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Injecting buffered CCS message" ) );
ssl->in_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
ssl->in_msglen = 1;
ssl->in_msg[0] = 1;
Encode relevant parts of the config in serialized session header This commit makes use of the added space in the session header to encode the state of those parts of the compile-time configuration which influence the structure of the serialized session in the present version of Mbed TLS. Specifically, these are - the options which influence the presence/omission of fields from mbedtls_ssl_session (which is currently shallow-copied into the serialized session) - the setting of MBEDTLS_X509_CRT_PARSE_C, which determines whether the serialized session contains a CRT-length + CRT-value pair after the shallow-copied mbedtls_ssl_session instance. - the setting of MBEDTLS_SSL_SESSION_TICKETS, which determines whether the serialized session contains a session ticket.
2019-05-16 11:50:45 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* As long as they are equal, the exact value doesn't matter. */
ssl->in_left = 0;
ssl->next_record_offset = 0;
Add Mbed TLS version to SSL sessions The format of serialized SSL sessions depends on the version and the configuration of Mbed TLS; attempts to restore sessions established in different versions and/or configurations lead to undefined behaviour. This commit adds an 3-byte version header to the serialized session generated and cleanly fails ticket parsing in case a session from a non-matching version of Mbed TLS is presented.
2019-05-16 11:39:07 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
hs->buffering.seen_ccs = 0;
goto exit;
}
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_DEBUG_C)
/* Debug only */
{
unsigned offset;
for( offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
{
hs_buf = &hs->buffering.hs[offset];
if( hs_buf->is_valid == 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Future message with sequence number %u %s buffered.",
hs->in_msg_seq + offset,
hs_buf->is_complete ? "fully" : "partially" ) );
}
}
}
#endif /* MBEDTLS_DEBUG_C */
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Check if we have buffered and/or fully reassembled the
* next handshake message. */
hs_buf = &hs->buffering.hs[0];
if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) )
Avoid duplication of session format header
2019-07-23 14:52:45 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Synthesize a record containing the buffered HS message. */
size_t msg_len = ( hs_buf->data[1] << 16 ) |
( hs_buf->data[2] << 8 ) |
hs_buf->data[3];
Add Mbed TLS version to SSL sessions The format of serialized SSL sessions depends on the version and the configuration of Mbed TLS; attempts to restore sessions established in different versions and/or configurations lead to undefined behaviour. This commit adds an 3-byte version header to the serialized session generated and cleanly fails ticket parsing in case a session from a non-matching version of Mbed TLS is presented.
2019-05-16 11:39:07 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Double-check that we haven't accidentally buffered
* a message that doesn't fit into the input buffer. */
if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN )
Avoid duplication of session format header
2019-07-23 14:52:45 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Avoid duplication of session format header
2019-07-23 14:52:45 +00:00
}
Add Mbed TLS version to SSL sessions The format of serialized SSL sessions depends on the version and the configuration of Mbed TLS; attempts to restore sessions established in different versions and/or configurations lead to undefined behaviour. This commit adds an 3-byte version header to the serialized session generated and cleanly fails ticket parsing in case a session from a non-matching version of Mbed TLS is presented.
2019-05-16 11:39:07 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message has been buffered - load" ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered handshake message (incl. header)",
hs_buf->data, msg_len + 12 );
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->in_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->in_hslen = msg_len + 12;
ssl->in_msglen = msg_len + 12;
memcpy( ssl->in_msg, hs_buf->data, ssl->in_hslen );
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = 0;
goto exit;
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
Improve save API by always updating olen This allows callers to discover what an appropriate size is. Otherwise they'd have to either try repeatedly, or allocate an overly large buffer (or some combination of those). Adapt documentation an example usage in ssl_client2.
2019-05-21 09:01:32 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message %u not or only partially bufffered",
hs->in_msg_seq ) );
}
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = -1;
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
exit:
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_message" ) );
return( ret );
}
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
size_t desired )
{
int offset;
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Attempt to free buffered messages to have %u bytes available",
(unsigned) desired ) );
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Get rid of future records epoch first, if such exist. */
ssl_free_buffered_record( ssl );
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Check if we have enough space available now. */
if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
hs->buffering.total_bytes_buffered ) )
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing future epoch record" ) );
return( 0 );
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* We don't have enough space to buffer the next expected handshake
* message. Remove buffers used for future messages to gain space,
* starting with the most distant one. */
for( offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1;
offset >= 0; offset-- )
Improve save API by always updating olen This allows callers to discover what an appropriate size is. Otherwise they'd have to either try repeatedly, or allocate an overly large buffer (or some combination of those). Adapt documentation an example usage in ssl_client2.
2019-05-21 09:01:32 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Free buffering slot %d to make space for reassembly of next handshake message",
offset ) );
ssl_buffering_free_slot( ssl, (uint8_t) offset );
/* Check if we have enough space available now. */
if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
hs->buffering.total_bytes_buffered ) )
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing buffered HS messages" ) );
return( 0 );
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
}
Improve save API by always updating olen This allows callers to discover what an appropriate size is. Otherwise they'd have to either try repeatedly, or allocate an overly large buffer (or some combination of those). Adapt documentation an example usage in ssl_client2.
2019-05-21 09:01:32 +00:00
}
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( -1 );
}
static int ssl_buffer_message( mbedtls_ssl_context *ssl )
{
int ret = 0;
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
if( hs == NULL )
return( 0 );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_buffer_message" ) );
Add support for serialisation session with ticket On client side, this is required for the main use case where of serialising a session for later resumption, in case tickets are used. On server side, this doesn't change much as ticket_len will always be 0. This unblocks testing the functions by using them in ssl_client2, which will be done in the next commit.
2019-05-16 09:11:08 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
switch( ssl->in_msgtype )
Add support for serialisation session with ticket On client side, this is required for the main use case where of serialising a session for later resumption, in case tickets are used. On server side, this doesn't change much as ticket_len will always be 0. This unblocks testing the functions by using them in ssl_client2, which will be done in the next commit.
2019-05-16 09:11:08 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Remember CCS message" ) );
hs->buffering.seen_ccs = 1;
break;
Improve save API by always updating olen This allows callers to discover what an appropriate size is. Otherwise they'd have to either try repeatedly, or allocate an overly large buffer (or some combination of those). Adapt documentation an example usage in ssl_client2.
2019-05-21 09:01:32 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
case MBEDTLS_SSL_MSG_HANDSHAKE:
Improve save API by always updating olen This allows callers to discover what an appropriate size is. Otherwise they'd have to either try repeatedly, or allocate an overly large buffer (or some combination of those). Adapt documentation an example usage in ssl_client2.
2019-05-21 09:01:32 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
unsigned recv_msg_seq_offset;
unsigned recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
mbedtls_ssl_hs_buffer *hs_buf;
size_t msg_len = ssl->in_hslen - 12;
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* We should never receive an old handshake
* message - double-check nonetheless. */
if( recv_msg_seq < ssl->handshake->in_msg_seq )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
Add support for serialisation session with ticket On client side, this is required for the main use case where of serialising a session for later resumption, in case tickets are used. On server side, this doesn't change much as ticket_len will always be 0. This unblocks testing the functions by using them in ssl_client2, which will be done in the next commit.
2019-05-16 09:11:08 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
recv_msg_seq_offset = recv_msg_seq - ssl->handshake->in_msg_seq;
if( recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS )
{
/* Silently ignore -- message too far in the future */
MBEDTLS_SSL_DEBUG_MSG( 2,
( "Ignore future HS message with sequence number %u, "
"buffering window %u - %u",
recv_msg_seq, ssl->handshake->in_msg_seq,
ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS - 1 ) );
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
goto exit;
}
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering HS message with sequence number %u, offset %u ",
recv_msg_seq, recv_msg_seq_offset ) );
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
hs_buf = &hs->buffering.hs[ recv_msg_seq_offset ];
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Check if the buffering for this seq nr has already commenced. */
if( !hs_buf->is_valid )
{
size_t reassembly_buf_sz;
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
hs_buf->is_fragmented =
( ssl_hs_is_proper_fragment( ssl ) == 1 );
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* We copy the message back into the input buffer
* after reassembly, so check that it's not too large.
* This is an implementation-specific limitation
* and not one from the standard, hence it is not
* checked in ssl_check_hs_header(). */
if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN )
{
/* Ignore message */
goto exit;
}
Improve save API by always updating olen This allows callers to discover what an appropriate size is. Otherwise they'd have to either try repeatedly, or allocate an overly large buffer (or some combination of those). Adapt documentation an example usage in ssl_client2.
2019-05-21 09:01:32 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Check if we have enough space to buffer the message. */
if( hs->buffering.total_bytes_buffered >
MBEDTLS_SSL_DTLS_MAX_BUFFERING )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
reassembly_buf_sz = ssl_get_reassembly_buffer_size( msg_len,
hs_buf->is_fragmented );
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( reassembly_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
hs->buffering.total_bytes_buffered ) )
{
if( recv_msg_seq_offset > 0 )
{
/* If we can't buffer a future message because
* of space limitations -- ignore. */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
(unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
(unsigned) hs->buffering.total_bytes_buffered ) );
goto exit;
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- attempt to make space by freeing buffered future messages\n",
(unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
(unsigned) hs->buffering.total_bytes_buffered ) );
}
Avoid duplication of session format header
2019-07-23 14:52:45 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u (%u with bitmap) would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
(unsigned) msg_len,
(unsigned) reassembly_buf_sz,
MBEDTLS_SSL_DTLS_MAX_BUFFERING,
(unsigned) hs->buffering.total_bytes_buffered ) );
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
goto exit;
}
}
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
msg_len ) );
Add Mbed TLS version to SSL sessions The format of serialized SSL sessions depends on the version and the configuration of Mbed TLS; attempts to restore sessions established in different versions and/or configurations lead to undefined behaviour. This commit adds an 3-byte version header to the serialized session generated and cleanly fails ticket parsing in case a session from a non-matching version of Mbed TLS is presented.
2019-05-16 11:39:07 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
if( hs_buf->data == NULL )
{
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}
hs_buf->data_len = reassembly_buf_sz;
Add Mbed TLS version to SSL sessions The format of serialized SSL sessions depends on the version and the configuration of Mbed TLS; attempts to restore sessions established in different versions and/or configurations lead to undefined behaviour. This commit adds an 3-byte version header to the serialized session generated and cleanly fails ticket parsing in case a session from a non-matching version of Mbed TLS is presented.
2019-05-16 11:39:07 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Prepare final header: copy msg_type, length and message_seq,
* then add standardised fragment_offset and fragment_length */
memcpy( hs_buf->data, ssl->in_msg, 6 );
memset( hs_buf->data + 6, 0, 3 );
memcpy( hs_buf->data + 9, hs_buf->data + 1, 3 );
Add Mbed TLS version to SSL sessions The format of serialized SSL sessions depends on the version and the configuration of Mbed TLS; attempts to restore sessions established in different versions and/or configurations lead to undefined behaviour. This commit adds an 3-byte version header to the serialized session generated and cleanly fails ticket parsing in case a session from a non-matching version of Mbed TLS is presented.
2019-05-16 11:39:07 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
hs_buf->is_valid = 1;
hs->buffering.total_bytes_buffered += reassembly_buf_sz;
}
else
{
/* Make sure msg_type and length are consistent */
if( memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Fragment header mismatch - ignore" ) );
/* Ignore */
goto exit;
}
}
if( !hs_buf->is_complete )
{
size_t frag_len, frag_off;
unsigned char * const msg = hs_buf->data + 12;
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Check and copy current fragment
*/
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Validation of header fields already done in
* mbedtls_ssl_prepare_handshake_record(). */
frag_off = ssl_get_hs_frag_off( ssl );
frag_len = ssl_get_hs_frag_len( ssl );
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
frag_off, frag_len ) );
memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( hs_buf->is_fragmented )
{
unsigned char * const bitmask = msg + msg_len;
ssl_bitmask_set( bitmask, frag_off, frag_len );
hs_buf->is_complete = ( ssl_bitmask_check( bitmask,
msg_len ) == 0 );
}
else
{
hs_buf->is_complete = 1;
}
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message %scomplete",
hs_buf->is_complete ? "" : "not yet " ) );
}
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
break;
}
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
default:
/* We don't buffer other types of messages. */
break;
}
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
exit:
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_buffer_message" ) );
return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
{
Add support for serialisation session with ticket On client side, this is required for the main use case where of serialising a session for later resumption, in case tickets are used. On server side, this doesn't change much as ticket_len will always be 0. This unblocks testing the functions by using them in ssl_client2, which will be done in the next commit.
2019-05-16 09:11:08 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Consume last content-layer message and potentially
* update in_msglen which keeps track of the contents'
* consumption state.
*
* (1) Handshake messages:
* Remove last handshake message, move content
* and adapt in_msglen.
*
* (2) Alert messages:
* Consume whole record content, in_msglen = 0.
*
* (3) Change cipher spec:
* Consume whole record content, in_msglen = 0.
*
* (4) Application data:
* Don't do anything - the record layer provides
* the application data as a stream transport
* and consumes through mbedtls_ssl_read only.
*
Add support for serialisation session with ticket On client side, this is required for the main use case where of serialising a session for later resumption, in case tickets are used. On server side, this doesn't change much as ticket_len will always be 0. This unblocks testing the functions by using them in ssl_client2, which will be done in the next commit.
2019-05-16 09:11:08 +00:00
*/
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Case (1): Handshake messages */
if( ssl->in_hslen != 0 )
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Hard assertion to be sure that no application data
* is in flight, as corrupting ssl->in_msglen during
* ssl->in_offt != NULL is fatal. */
if( ssl->in_offt != NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Get next Handshake message in the current record
*/
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Notes:
* (1) in_hslen is not necessarily the size of the
* current handshake content: If DTLS handshake
* fragmentation is used, that's the fragment
* size instead. Using the total handshake message
* size here is faulty and should be changed at
* some point.
* (2) While it doesn't seem to cause problems, one
* has to be very careful not to assume that in_hslen
* is always <= in_msglen in a sensible communication.
* Again, it's wrong for DTLS handshake fragmentation.
* The following check is therefore mandatory, and
* should not be treated as a silently corrected assertion.
* Additionally, ssl->in_hslen might be arbitrarily out of
* bounds after handling a DTLS message with an unexpected
* sequence number, see mbedtls_ssl_prepare_handshake_record.
*/
if( ssl->in_hslen < ssl->in_msglen )
{
ssl->in_msglen -= ssl->in_hslen;
memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
ssl->in_msglen );
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record",
ssl->in_msg, ssl->in_msglen );
}
else
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->in_msglen = 0;
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->in_hslen = 0;
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Case (4): Application data */
else if( ssl->in_offt != NULL )
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Everything else (CCS & Alerts) */
else
Add support for serialisation session with ticket On client side, this is required for the main use case where of serialising a session for later resumption, in case tickets are used. On server side, this doesn't change much as ticket_len will always be 0. This unblocks testing the functions by using them in ssl_client2, which will be done in the next commit.
2019-05-16 09:11:08 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->in_msglen = 0;
Add support for serialisation session with ticket On client side, this is required for the main use case where of serialising a session for later resumption, in case tickets are used. On server side, this doesn't change much as ticket_len will always be 0. This unblocks testing the functions by using them in ssl_client2, which will be done in the next commit.
2019-05-16 09:11:08 +00:00
}
Add new ABI-independent format for serialization
2019-05-24 10:06:29 +00:00
Move session save/load function to ssl_tls.c This finishes making these functions public. Next step is to get them tested, but there's currently a blocker for that, see next commit (and the commit after it for tests).
2019-05-16 08:08:35 +00:00
return( 0 );
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl )
Add test for session_load() from small buffers This uncovered a bug that led to a double-free (in practice, in general could be free() on any invalid value): initially the session structure is loaded with `memcpy()` which copies the previous values of pointers peer_cert and ticket to heap-allocated buffers (or any other value if the input is attacker-controlled). Now if we exit before we got a chance to replace those invalid values with valid ones (for example because the input buffer is too small, or because the second malloc() failed), then the next call to session_free() is going to call free() on invalid pointers. This bug is fixed in this commit by always setting the pointers to NULL right after they've been read from the serialised state, so that the invalid values can never be used. (An alternative would be to NULL-ify them when writing, which was rejected mostly because we need to do it when reading anyway (as the consequences of free(invalid) are too severe to take any risk), so doing it when writing as well is redundant and a waste of code size.) Also, while thinking about what happens in case of errors, it became apparent to me that it was bad practice to leave the session structure in an half-initialised state and rely on the caller to call session_free(), so this commit also ensures we always clear the structure when loading failed.
2019-05-23 10:28:45 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msglen > 0 )
return( 1 );
Add test for session_load() from small buffers This uncovered a bug that led to a double-free (in practice, in general could be free() on any invalid value): initially the session structure is loaded with `memcpy()` which copies the previous values of pointers peer_cert and ticket to heap-allocated buffers (or any other value if the input is attacker-controlled). Now if we exit before we got a chance to replace those invalid values with valid ones (for example because the input buffer is too small, or because the second malloc() failed), then the next call to session_free() is going to call free() on invalid pointers. This bug is fixed in this commit by always setting the pointers to NULL right after they've been read from the serialised state, so that the invalid values can never be used. (An alternative would be to NULL-ify them when writing, which was rejected mostly because we need to do it when reading anyway (as the consequences of free(invalid) are too severe to take any risk), so doing it when writing as well is redundant and a waste of code size.) Also, while thinking about what happens in case of errors, it became apparent to me that it was bad practice to leave the session structure in an half-initialised state and rely on the caller to call session_free(), so this commit also ensures we always clear the structure when loading failed.
2019-05-23 10:28:45 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
Add test for session_load() from small buffers This uncovered a bug that led to a double-free (in practice, in general could be free() on any invalid value): initially the session structure is loaded with `memcpy()` which copies the previous values of pointers peer_cert and ticket to heap-allocated buffers (or any other value if the input is attacker-controlled). Now if we exit before we got a chance to replace those invalid values with valid ones (for example because the input buffer is too small, or because the second malloc() failed), then the next call to session_free() is going to call free() on invalid pointers. This bug is fixed in this commit by always setting the pointers to NULL right after they've been read from the serialised state, so that the invalid values can never be used. (An alternative would be to NULL-ify them when writing, which was rejected mostly because we need to do it when reading anyway (as the consequences of free(invalid) are too severe to take any risk), so doing it when writing as well is redundant and a waste of code size.) Also, while thinking about what happens in case of errors, it became apparent to me that it was bad practice to leave the session structure in an half-initialised state and rely on the caller to call session_free(), so this commit also ensures we always clear the structure when loading failed.
2019-05-23 10:28:45 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Added ssl_handshake_step() to allow single stepping the handshake process Single stepping the handshake process allows for better support of non-blocking network stacks and for getting information from specific handshake messages if wanted.
2013-01-25 13:49:24 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static void ssl_free_buffered_record( mbedtls_ssl_context *ssl )
Added ssl_handshake_step() to allow single stepping the handshake process Single stepping the handshake process allows for better support of non-blocking network stacks and for getting information from specific handshake messages if wanted.
2013-01-25 13:49:24 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
if( hs == NULL )
return;
Added ssl_handshake_step() to allow single stepping the handshake process Single stepping the handshake process allows for better support of non-blocking network stacks and for getting information from specific handshake messages if wanted.
2013-01-25 13:49:24 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( hs->buffering.future_record.data != NULL )
Added ssl_handshake_step() to allow single stepping the handshake process Single stepping the handshake process allows for better support of non-blocking network stacks and for getting information from specific handshake messages if wanted.
2013-01-25 13:49:24 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
hs->buffering.total_bytes_buffered -=
hs->buffering.future_record.len;
Added ssl_handshake_step() to allow single stepping the handshake process Single stepping the handshake process allows for better support of non-blocking network stacks and for getting information from specific handshake messages if wanted.
2013-01-25 13:49:24 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_free( hs->buffering.future_record.data );
hs->buffering.future_record.data = NULL;
Added ssl_handshake_step() to allow single stepping the handshake process Single stepping the handshake process allows for better support of non-blocking network stacks and for getting information from specific handshake messages if wanted.
2013-01-25 13:49:24 +00:00
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_load_buffered_record( mbedtls_ssl_context *ssl )
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
unsigned char * rec;
size_t rec_len;
unsigned rec_epoch;
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t in_buf_len = ssl->in_buf_len;
#else
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 0 );
Make ssl_renegotiate the only interface ssl_write_hello_request() is no private
2013-10-30 12:06:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( hs == NULL )
return( 0 );
Make ssl_renegotiate the only interface ssl_write_hello_request() is no private
2013-10-30 12:06:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
rec = hs->buffering.future_record.data;
rec_len = hs->buffering.future_record.len;
rec_epoch = hs->buffering.future_record.epoch;
Make ssl_renegotiate the only interface ssl_write_hello_request() is no private
2013-10-30 12:06:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( rec == NULL )
return( 0 );
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Only consider loading future records if the
* input buffer is empty. */
if( ssl_next_record_is_in_datagram( ssl ) == 1 )
return( 0 );
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_record" ) );
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( rec_epoch != ssl->in_epoch )
Fix message_seq with server-initiated renego
2014-08-19 17:18:39 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffered record not from current epoch." ) );
goto exit;
Fix message_seq with server-initiated renego
2014-08-19 17:18:39 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Found buffered record from current epoch - load" ) );
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Double-check that the record is not too large */
Add I/O buffer length fields to mbedtls_ssl_context Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Darryl Green <darryl.green@arm.com>
2019-11-28 14:29:44 +00:00
if( rec_len > in_buf_len - (size_t)( ssl->in_hdr - ssl->in_buf ) )
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( ssl->in_hdr, rec, rec_len );
ssl->in_left = rec_len;
ssl->next_record_offset = 0;
ssl_free_buffered_record( ssl );
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
exit:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_record" ) );
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
return( 0 );
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
mbedtls_record const *rec )
Make ssl_renegotiate the only interface ssl_write_hello_request() is no private
2013-10-30 12:06:54 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
Fix server-initiated renego with non-blocking I/O
2014-08-15 17:04:47 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Don't buffer future records outside handshakes. */
if( hs == NULL )
return( 0 );
Fix server-initiated renego with non-blocking I/O
2014-08-15 17:04:47 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Only buffer handshake records (we are only interested
* in Finished messages). */
if( rec->type != MBEDTLS_SSL_MSG_HANDSHAKE )
return( 0 );
Move some code around, improve documentation
2013-10-30 15:41:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Don't buffer more than one future epoch record. */
if( hs->buffering.future_record.data != NULL )
return( 0 );
Move some code around, improve documentation
2013-10-30 15:41:21 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Don't buffer record if there's not enough buffering space remaining. */
if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
hs->buffering.total_bytes_buffered ) )
Move some code around, improve documentation
2013-10-30 15:41:21 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
(unsigned) rec->buf_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
(unsigned) hs->buffering.total_bytes_buffered ) );
return( 0 );
Move some code around, improve documentation
2013-10-30 15:41:21 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Buffer record */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
ssl->in_epoch + 1 ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len );
Make ssl_renegotiate the only interface ssl_write_hello_request() is no private
2013-10-30 12:06:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* ssl_parse_record_header() only considers records
* of the next epoch as candidates for buffering. */
hs->buffering.future_record.epoch = ssl->in_epoch + 1;
hs->buffering.future_record.len = rec->buf_len;
Fix renegotiation at incorrect times in DTLS Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared 64 bits of record counter instead of 48 bits as described in RFC 6347 Section 4.3.1. This would cause the function's return value to be occasionally incorrect and the renegotiation routines to be triggered at unexpected times.
2016-12-15 17:01:16 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
hs->buffering.future_record.data =
mbedtls_calloc( 1, hs->buffering.future_record.len );
if( hs->buffering.future_record.data == NULL )
Auto-renegotiate before sequence number wrapping
2014-11-04 20:04:22 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* If we run out of RAM trying to buffer a
* record from the next epoch, just ignore. */
Auto-renegotiate before sequence number wrapping
2014-11-04 20:04:22 +00:00
return( 0 );
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( hs->buffering.future_record.data, rec->buf, rec->buf_len );
Auto-renegotiate before sequence number wrapping
2014-11-04 20:04:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
hs->buffering.total_bytes_buffered += rec->buf_len;
return( 0 );
Auto-renegotiate before sequence number wrapping
2014-11-04 20:04:22 +00:00
}
Make ssl_renegotiate the only interface ssl_write_hello_request() is no private
2013-10-30 12:06:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_PROTO_DTLS */
static int ssl_get_next_record( mbedtls_ssl_context *ssl )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Initialize return values to an error Initializing the return values to an error is best practice and makes the library more robust against programmer errors.
2019-12-16 11:46:15 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_record rec;
Add ability to resend last flight
2014-09-23 07:42:16 +00:00
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* We might have buffered a future record; if so,
* and if the epoch matches now, load it.
* On success, this call will set ssl->in_left to
* the length of the buffered record, so that
* the calls to ssl_fetch_input() below will
* essentially be no-ops. */
ret = ssl_load_buffered_record( ssl );
if( ret != 0 )
Auto-renegotiate before sequence number wrapping
2014-11-04 20:04:22 +00:00
return( ret );
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Auto-renegotiate before sequence number wrapping
2014-11-04 20:04:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Ensure that we have enough space available for the default form
* of TLS / DTLS record headers (5 Bytes for TLS, 13 Bytes for DTLS,
* with no space for CIDs counted in). */
ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) );
if( ret != 0 )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = ssl_parse_record_header( ssl, ssl->in_hdr, ssl->in_left, &rec );
if( ret != 0 )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = ssl_buffer_future_record( ssl, &rec );
if( ret != 0 )
return( ret );
- Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake. - Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN
2011-05-18 13:32:51 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Fall through to handling of unexpected records */
ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Fix mbedtls_ssl_read Don't fetch a new record in mbedtls_ssl_read_record_layer as long as an application data record is being processed.
2017-05-24 15:27:30 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD )
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
/* Reset in pointers to default state for TLS/DTLS records,
* assuming no CID and no offset between record content and
* record plaintext. */
mbedtls_ssl_update_in_pointers( ssl );
Handle late handshake messages gracefully
2014-09-06 10:27:02 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Setup internal message pointers from record structure. */
ssl->in_msgtype = rec.type;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->in_len = ssl->in_cid + rec.cid_len;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->in_iv = ssl->in_msg = ssl->in_len + 2;
ssl->in_msglen = rec.data_len;
Handle late handshake messages gracefully
2014-09-06 10:27:02 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = ssl_check_client_reconnect( ssl );
if( ret != 0 )
return( ret );
Handle late handshake messages gracefully
2014-09-06 10:27:02 +00:00
#endif
Fix mbedtls_ssl_read Don't fetch a new record in mbedtls_ssl_read_record_layer as long as an application data record is being processed.
2017-05-24 15:27:30 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Skip unexpected record (but not whole datagram) */
ssl->next_record_offset = rec.buf_len;
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record "
"(header)" ) );
Swap branches accepting/refusing renegotiation in in ssl_read
2017-10-17 10:03:04 +00:00
}
else
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Skip invalid record and the rest of the datagram */
ssl->next_record_offset = 0;
ssl->in_left = 0;
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record "
"(header)" ) );
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
}
ssl_read() stops returning non-application data
2014-08-19 10:28:50 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Get next record */
return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
#endif
Server: enforce renegotiation
2013-10-30 15:41:45 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( ret );
Server: enforce renegotiation
2013-10-30 15:41:45 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
}
ssl_read() stops returning non-application data
2014-08-19 10:28:50 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
/* Remember offset of next record within datagram. */
ssl->next_record_offset = rec.buf_len;
if( ssl->next_record_offset < ssl->in_left )
ssl_read() stops returning non-application data
2014-08-19 10:28:50 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
ssl_read() stops returning non-application data
2014-08-19 10:28:50 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
}
else
#endif
{
/*
* Fetch record contents from underlying transport.
*/
ret = mbedtls_ssl_fetch_input( ssl, rec.buf_len );
if( ret != 0 )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->in_left = 0;
}
Implement ssl_read() timeout (DTLS only for now)
2014-10-01 16:29:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Decrypt record contents.
*/
Add retransmission of HelloRequest
2014-10-15 11:52:48 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = ssl_prepare_record_content( ssl, &rec ) ) != 0 )
{
SSL timer fixes: not DTLS only, start cancelled
2015-05-13 14:22:05 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Add retransmission of HelloRequest
2014-10-15 11:52:48 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Silently discard invalid records */
if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
Add retransmission of HelloRequest
2014-10-15 11:52:48 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Except when waiting for Finished as a bad mac here
* probably means something went wrong in the handshake
* (eg wrong psk used, mitm downgrade attempt, etc.) */
if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED ||
ssl->state == MBEDTLS_SSL_SERVER_FINISHED )
{
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
{
mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
}
#endif
return( ret );
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( ssl->conf->badmac_limit != 0 &&
++ssl->badmac_seen >= ssl->conf->badmac_limit )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
#endif
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* As above, invalid records cause
* dismissal of the whole datagram. */
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->next_record_offset = 0;
ssl->in_left = 0;
Implement support for MTU setting
2017-09-21 11:49:50 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) );
return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
}
Implement support for MTU setting
2017-09-21 11:49:50 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( ret );
Fix max_fragment_length with DTLS
2014-10-13 15:55:52 +00:00
}
else
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
{
/* Error out (and send alert) on invalid records */
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
{
mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
}
#endif
return( ret );
}
Fix max_fragment_length with DTLS
2014-10-13 15:55:52 +00:00
}
- Undid fix for ssl_write that introduced a true bug when buffers are running full.
2011-06-08 13:10:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Reset in pointers to default state for TLS/DTLS records,
* assuming no CID and no offset between record content and
* record plaintext. */
mbedtls_ssl_update_in_pointers( ssl );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->in_len = ssl->in_cid + rec.cid_len;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->in_iv = ssl->in_len + 2;
/* The record content type may change during decryption,
* so re-read it. */
ssl->in_msgtype = rec.type;
/* Also update the input buffer, because unfortunately
* the server-side ssl_parse_client_hello() reparses the
* record header when receiving a ClientHello initiating
* a renegotiation. */
ssl->in_hdr[0] = rec.type;
ssl->in_msg = rec.buf + rec.data_offset;
ssl->in_msglen = rec.data_len;
ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 );
ssl->in_len[1] = (unsigned char)( rec.data_len );
#if defined(MBEDTLS_ZLIB_SUPPORT)
if( ssl->transform_in != NULL &&
ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
return( ret );
}
- Undid fix for ssl_write that introduced a true bug when buffers are running full.
2011-06-08 13:10:54 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Check actual (decompress) record content length against
* configured maximum. */
if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
- Undid fix for ssl_write that introduced a true bug when buffers are running full.
2011-06-08 13:10:54 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
- Undid fix for ssl_write that introduced a true bug when buffers are running full.
2011-06-08 13:10:54 +00:00
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_ZLIB_SUPPORT */
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
Add 1/n-1 record splitting
2015-01-07 11:39:44 +00:00
{
Initialize return values to an error Initializing the return values to an error is best practice and makes the library more robust against programmer errors.
2019-12-16 11:46:15 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Add 1/n-1 record splitting
2015-01-07 11:39:44 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Handle particular types of records
*/
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
Add 1/n-1 record splitting
2015-01-07 11:39:44 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 )
{
Add 1/n-1 record splitting
2015-01-07 11:39:44 +00:00
return( ret );
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
}
Add 1/n-1 record splitting
2015-01-07 11:39:44 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
{
if( ssl->in_msglen != 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %d",
ssl->in_msglen ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
Fix potential NULL dereference on bad usage
2015-04-15 17:09:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msg[0] != 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, content: %02x",
ssl->in_msg[0] ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
Fix potential NULL dereference on bad usage
2015-04-15 17:09:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
{
if( ssl->handshake == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping ChangeCipherSpec outside handshake" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
}
Add NULL checks to top-level SSL functions On normal use these should never be useful, but if the application has issues, it's best for us to return an error than to crash.
2015-09-01 15:43:40 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "received out-of-order ChangeCipherSpec - remember" ) );
return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
}
Fix potential NULL dereference on bad usage
2015-04-15 17:09:03 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
}
Fix potential NULL dereference on bad usage
2015-04-15 17:09:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
Fix potential NULL dereference on bad usage
2015-04-15 17:09:03 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msglen != 2 )
Fix potential NULL dereference on bad usage
2015-04-15 17:09:03 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Note: Standard allows for more than one 2 byte alert
to be packed in a single message, but Mbed TLS doesn't
currently support this. */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d",
ssl->in_msglen ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
Fix potential NULL dereference on bad usage
2015-04-15 17:09:03 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
ssl->in_msg[0], ssl->in_msg[1] ) );
Fix potential NULL dereference on bad usage
2015-04-15 17:09:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Ignore non-fatal alerts, except close_notify and no_renegotiation
*/
if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)",
ssl->in_msg[1] ) );
return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE );
}
Fix potential NULL dereference on bad usage
2015-04-15 17:09:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY );
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED)
if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no renegotiation alert" ) );
/* Will be handled when trying to parse ServerHello */
return( 0 );
}
#endif
Add NULL checks to top-level SSL functions On normal use these should never be useful, but if the application has issues, it's best for us to return an error than to crash.
2015-09-01 15:43:40 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
/* Will be handled in mbedtls_ssl_parse_certificate() */
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Silently ignore: fetch new message */
return MBEDTLS_ERR_SSL_NON_FATAL;
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Drop unexpected ApplicationData records,
* except at the beginning of renegotiations */
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->state == MBEDTLS_SSL_SERVER_HELLO )
#endif
)
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
return( MBEDTLS_ERR_SSL_NON_FATAL );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->handshake != NULL &&
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
{
mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl );
}
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Fix bug with ssl_close_notify and non-blocking I/O
2014-08-19 14:14:04 +00:00
return( 0 );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) );
}
int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
unsigned char level,
unsigned char message )
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Fix memory leak in ssl cipher usage
2013-09-23 15:12:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Init and free new contexts in the right place for SSL to prevent memory leaks
2013-07-04 09:51:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message ));
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
ssl->out_msglen = 2;
ssl->out_msg[0] = level;
ssl->out_msg[1] = message;
Adapt support for SNI to recent changes
2013-09-23 18:04:20 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
Adapt support for SNI to recent changes
2013-09-23 18:04:20 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
return( ret );
Adapt support for SNI to recent changes
2013-09-23 18:04:20 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) );
Adapt support for SNI to recent changes
2013-09-23 18:04:20 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
}
Introduce buffering structure for handshake messages This commit introduces, but does not yet put to use, a sub-structure of mbedtls_ssl_handshake_params::buffering that will be used for the buffering and/or reassembly of handshake messages with handshake sequence numbers that are greater or equal to the next expected sequence number.
2018-08-16 12:23:47 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl )
Introduce buffering structure for handshake messages This commit introduces, but does not yet put to use, a sub-structure of mbedtls_ssl_handshake_params::buffering that will be used for the buffering and/or reassembly of handshake messages with handshake sequence numbers that are greater or equal to the next expected sequence number.
2018-08-16 12:23:47 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Buffering: Free future record epoch after each flight The function ssl_free_buffered_record() frees a future epoch record, if such is present. Previously, it was called in mbedtls_handshake_free(), i.e. an unused buffered record would be cleared at the end of the handshake. This commit moves the call to the function ssl_buffering_free() responsible for freeing all buffering-related data, and which is called not only at the end of the handshake, but at the end of every flight. In particular, future record epochs won't be buffered across flight boundaries anymore, and they shouldn't.
2018-08-24 08:34:47 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
Add function to free a particular buffering slot This commit adds a static function ssl_buffering_free_slot() which allows to free a particular structure used to buffer and/or reassembly some handshake message.
2018-08-21 14:59:07 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
ssl->out_msglen = 1;
ssl->out_msg[0] = 1;
ssl_buffering_free_slot(): Double-check validity of slot index
2018-08-23 12:18:05 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->state++;
ssl_buffering_free_slot(): Double-check validity of slot index
2018-08-23 12:18:05 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
Introduce buffering structure for handshake messages This commit introduces, but does not yet put to use, a sub-structure of mbedtls_ssl_handshake_params::buffering that will be used for the buffering and/or reassembly of handshake messages with handshake sequence numbers that are greater or equal to the next expected sequence number.
2018-08-16 12:23:47 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
return( ret );
Introduce buffering structure for handshake messages This commit introduces, but does not yet put to use, a sub-structure of mbedtls_ssl_handshake_params::buffering that will be used for the buffering and/or reassembly of handshake messages with handshake sequence numbers that are greater or equal to the next expected sequence number.
2018-08-16 12:23:47 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
return( 0 );
}
Introduce buffering structure for handshake messages This commit introduces, but does not yet put to use, a sub-structure of mbedtls_ssl_handshake_params::buffering that will be used for the buffering and/or reassembly of handshake messages with handshake sequence numbers that are greater or equal to the next expected sequence number.
2018-08-16 12:23:47 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_handshake_free: take the SSL context as argument Change the signature of mbedtls_ssl_handshake_free again. Now take the whole SSL context as argument and not just the configuration and the handshake substructure. This is in preparation for changing the asynchronous cancel callback to take the SSL context as an argument.
2018-04-25 18:32:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
Restructure ssl_handshake_init() and small fixes
2014-06-26 11:37:14 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
Pass the SSL context to async callbacks When a handshake step starts an asynchronous operation, the application needs to know which SSL connection the operation is for, so that when the operation completes, the application can wake that connection up. Therefore the async start callbacks need to take the SSL context as an argument. It isn't enough to let them set a cookie in the SSL connection, the application needs to be able to find the right SSL connection later. Also pass the SSL context to the other callbacks for consistency. Add a new field to the handshake that the application can use to store a per-connection context. This new field replaces the former context (operation_ctx) that was created by the start function and passed to the resume function. Add a boolean flag to the handshake structure to track whether an asynchronous operation is in progress. This is more robust than relying on the application to set a non-null application context.
2018-04-25 18:39:48 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
Pass the SSL context to async callbacks When a handshake step starts an asynchronous operation, the application needs to know which SSL connection the operation is for, so that when the operation completes, the application can wake that connection up. Therefore the async start callbacks need to take the SSL context as an argument. It isn't enough to let them set a cookie in the SSL connection, the application needs to be able to find the right SSL connection later. Also pass the SSL context to the other callbacks for consistency. Add a new field to the handshake that the application can use to store a per-connection context. This new field replaces the former context (operation_ctx) that was created by the start function and passed to the resume function. Add a boolean flag to the handshake structure to track whether an asynchronous operation is in progress. This is more robust than relying on the application to set a non-null application context.
2018-04-25 18:39:48 +00:00
}
Init and free new contexts in the right place for SSL to prevent memory leaks
2013-07-04 09:51:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
Use a specific function in the PSK callback
2015-05-07 14:59:54 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
Use a specific function in the PSK callback
2015-05-07 14:59:54 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* CCS records are only accepted if they have length 1 and content '1',
* so we don't need to check this here. */
Rework SNI to fix memory issues
2013-09-24 20:30:56 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Switch to our negotiated transform and session parameters for inbound
* data.
Rework SNI to fix memory issues
2013-09-24 20:30:56 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
ssl->transform_in = ssl->transform_negotiate;
ssl->session_in = ssl->session_negotiate;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Rework SNI to fix memory issues
2013-09-24 20:30:56 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
mbedtls_ssl_dtls_replay_reset( ssl );
#endif
Rework SNI to fix memory issues
2013-09-24 20:30:56 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Increment epoch */
if( ++ssl->in_epoch == 0 )
Rework SNI to fix memory issues
2013-09-24 20:30:56 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
/* This is highly unlikely to happen for legitimate reasons, so
treat it as an attack and don't send an alert. */
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
Rework SNI to fix memory issues
2013-09-24 20:30:56 +00:00
}
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
memset( ssl->in_ctr, 0, 8 );
mbedtls_ssl_update_in_pointers( ssl );
Adapt support for SNI to recent changes
2013-09-23 18:04:20 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_activate != NULL )
Parse and verify peer CRT chain in local variable `mbedtls_ssl_parse_certificate()` parses the peer's certificate chain directly into the `peer_cert` field of the `mbedtls_ssl_session` structure being established. To allow to optionally remove this field from the session structure, this commit changes this to parse the peer's chain into a local variable instead first, which can then either be freed after CRT verification - in case the chain should not be stored - or mapped to the `peer_cert` if it should be kept. For now, only the latter is implemented.
2019-02-05 17:19:52 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
Parse and verify peer CRT chain in local variable `mbedtls_ssl_parse_certificate()` parses the peer's certificate chain directly into the `peer_cert` field of the `mbedtls_ssl_session` structure being established. To allow to optionally remove this field from the session structure, this commit changes this to parse the peer's chain into a local variable instead first, which can then either be freed after CRT verification - in case the chain should not be stored - or mapped to the `peer_cert` if it should be kept. For now, only the latter is implemented.
2019-02-05 17:19:52 +00:00
}
Add restart support for ECDSA client auth
2017-05-17 09:56:15 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->state++;
- Added simple SSL session cache implementation - Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
Introduce ticket field in session structure
2013-08-02 12:44:04 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( 0 );
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Once ssl->out_hdr as the address of the beginning of the
* next outgoing record is set, deduce the other pointers.
Document internal serialisation format This mainly follows the design document (saving all fields marked "saved" in the main structure and the transform sub-structure) with two exceptions: - things related to renegotiation are excluded here (there weren't quite in the design document as the possibility of allowing renegotiation was still on the table, which is no longer is) - also, ssl.secure_renegotiation (which is not guarded by MBEDTLS_SSL_RENEGOTIATION because it's used in initial handshakes even with renegotiation disabled) is still excluded, as we don't need it after the handshake. - things related to Connection ID are added, as they weren't present at the time the design document was written. The exact format of the header (value of the bitflag indicating compile-time options, whether and how to merge it with the serialized session header) will be determined later.
2019-07-10 12:58:45 +00:00
*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Note: For TLS, we save the implicit record sequence number
* (entering MAC computation) in the 8 bytes before ssl->out_hdr,
* and the caller has to make sure there's space for this.
Declare and document ssl_context_save()/load() Also introduce stub definitions so that things compile and link.
2019-05-28 11:02:16 +00:00
*/
Add session saving/loading For now, the header (version+format bytes) is duplicated. This might be optimized later.
2019-07-11 10:50:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Add transform (de)serialization
2019-07-15 07:04:11 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->out_ctr = ssl->out_hdr + 3;
Add transform (de)serialization
2019-07-15 07:04:11 +00:00
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->out_cid = ssl->out_ctr + 8;
ssl->out_len = ssl->out_cid;
if( transform != NULL )
ssl->out_len += transform->out_cid_len;
#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_len = ssl->out_ctr + 8;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_iv = ssl->out_len + 2;
}
else
#endif
Add transform (de)serialization
2019-07-15 07:04:11 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->out_ctr = ssl->out_hdr - 8;
ssl->out_len = ssl->out_hdr + 3;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->out_cid = ssl->out_len;
#endif
ssl->out_iv = ssl->out_hdr + 5;
Add transform (de)serialization
2019-07-15 07:04:11 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Adjust out_msg to make space for explicit IV, if used. */
if( transform != NULL &&
ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->out_msg = ssl->out_iv + transform->ivlen - transform->fixed_ivlen;
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
ssl->out_msg = ssl->out_iv;
}
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Once ssl->in_hdr as the address of the beginning of the
* next incoming record is set, deduce the other pointers.
*
* Note: For TLS, we save the implicit record sequence number
* (entering MAC computation) in the 8 bytes before ssl->in_hdr,
* and the caller has to make sure there's space for this.
*/
void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl )
{
/* This function sets the pointers to match the case
* of unprotected TLS/DTLS records, with both ssl->in_iv
* and ssl->in_msg pointing to the beginning of the record
* content.
*
* When decrypting a protected record, ssl->in_msg
* will be shifted to point to the beginning of the
* record plaintext.
*/
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* This sets the header pointers to match records
* without CID. When we receive a record containing
* a CID, the fields are shifted accordingly in
* ssl_parse_record_header(). */
ssl->in_ctr = ssl->in_hdr + 3;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->in_cid = ssl->in_ctr + 8;
ssl->in_len = ssl->in_cid; /* Default: no CID */
#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->in_len = ssl->in_ctr + 8;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->in_iv = ssl->in_len + 2;
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
#endif
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->in_ctr = ssl->in_hdr - 8;
ssl->in_len = ssl->in_hdr + 3;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->in_cid = ssl->in_len;
#endif
ssl->in_iv = ssl->in_hdr + 5;
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* This will be adjusted at record decryption time. */
ssl->in_msg = ssl->in_iv;
}
/*
* Setup an SSL context
*/
void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl )
{
/* Set the incoming and outgoing record pointers. */
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->out_hdr = ssl->out_buf;
ssl->in_hdr = ssl->in_buf;
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
#endif /* MBEDTLS_SSL_PROTO_DTLS */
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->out_hdr = ssl->out_buf + 8;
ssl->in_hdr = ssl->in_buf + 8;
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
}
Add session saving/loading For now, the header (version+format bytes) is duplicated. This might be optimized later.
2019-07-11 10:50:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Derive other internal pointers. */
mbedtls_ssl_update_out_pointers( ssl, NULL /* no transform enabled */ );
mbedtls_ssl_update_in_pointers ( ssl );
Declare and document ssl_context_save()/load() Also introduce stub definitions so that things compile and link.
2019-05-28 11:02:16 +00:00
}
Add transform (de)serialization
2019-07-15 07:04:11 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* SSL get accessors
Add transform (de)serialization
2019-07-15 07:04:11 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl )
Add transform (de)serialization
2019-07-15 07:04:11 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
Add transform (de)serialization
2019-07-15 07:04:11 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl )
Declare and document ssl_context_save()/load() Also introduce stub definitions so that things compile and link.
2019-05-28 11:02:16 +00:00
{
Add usage checks in context_load()
2019-07-11 07:56:30 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Case A: We're currently holding back
* a message for further processing.
Add usage checks in context_load()
2019-07-11 07:56:30 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->keep_current_message == 1 )
Add usage checks in context_load()
2019-07-11 07:56:30 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record held back for processing" ) );
return( 1 );
Add usage checks in context_load()
2019-07-11 07:56:30 +00:00
}
Add (stub) header writing and checking The number of meaning of the flags will be determined later, when handling the relevant struct members. For now three bytes are reserved as an example, but this number may change later.
2019-07-11 08:58:10 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Case B: Further records are pending in the current datagram.
Add (stub) header writing and checking The number of meaning of the flags will be determined later, when handling the relevant struct members. For now three bytes are reserved as an example, but this number may change later.
2019-07-11 08:58:10 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->in_left > ssl->next_record_offset )
Add (stub) header writing and checking The number of meaning of the flags will be determined later, when handling the relevant struct members. For now three bytes are reserved as an example, but this number may change later.
2019-07-11 08:58:10 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) );
return( 1 );
Add (stub) header writing and checking The number of meaning of the flags will be determined later, when handling the relevant struct members. For now three bytes are reserved as an example, but this number may change later.
2019-07-11 08:58:10 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Add (stub) header writing and checking The number of meaning of the flags will be determined later, when handling the relevant struct members. For now three bytes are reserved as an example, but this number may change later.
2019-07-11 08:58:10 +00:00
Add session saving/loading For now, the header (version+format bytes) is duplicated. This might be optimized later.
2019-07-11 10:50:53 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Case C: A handshake message is being processed.
Add session saving/loading For now, the header (version+format bytes) is duplicated. This might be optimized later.
2019-07-11 10:50:53 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen )
Avoid duplication of session format header
2019-07-23 14:52:45 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake messages within current record" ) );
return( 1 );
Avoid duplication of session format header
2019-07-23 14:52:45 +00:00
}
Add session saving/loading For now, the header (version+format bytes) is duplicated. This might be optimized later.
2019-07-11 10:50:53 +00:00
Add transform (de)serialization
2019-07-15 07:04:11 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Case D: An application data message is being processed
Add transform (de)serialization
2019-07-15 07:04:11 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_offt != NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data record is being processed" ) );
return( 1 );
}
Add transform (de)serialization
2019-07-15 07:04:11 +00:00
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* In all other cases, the rest of the message can be dropped.
* As in ssl_get_next_record, this needs to be adapted if
* we implement support for multiple alerts in single records.
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: nothing pending" ) );
return( 0 );
}
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
{
size_t transform_expansion = 0;
const mbedtls_ssl_transform *transform = ssl->transform_out;
unsigned block_size;
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl );
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( transform == NULL )
return( (int) out_hdr_len );
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_ZLIB_SUPPORT)
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
#endif
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
case MBEDTLS_MODE_GCM:
case MBEDTLS_MODE_CCM:
case MBEDTLS_MODE_CHACHAPOLY:
case MBEDTLS_MODE_STREAM:
transform_expansion = transform->minlen;
break;
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
case MBEDTLS_MODE_CBC:
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
block_size = mbedtls_cipher_get_block_size(
&transform->cipher_ctx_enc );
Add saved fields from top-level structure
2019-07-15 09:23:03 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Expansion due to the addition of the MAC. */
transform_expansion += transform->maclen;
Add setting of forced fields when deserializing
2019-07-15 09:53:51 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Expansion due to the addition of CBC padding;
* Theoretically up to 256 bytes, but we never use
* more than the block size of the underlying cipher. */
transform_expansion += block_size;
Add setting of forced fields when deserializing
2019-07-15 09:53:51 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* For TLS 1.1 or higher, an explicit IV is added
* after the record header. */
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
transform_expansion += block_size;
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
Fix SSL context deserialization The SSL context maintains a set of 'out pointers' indicating the address at which to write the header fields of the next outgoing record. Some of these addresses have a static offset from the beginning of the record header, while other offsets can vary depending on the active record encryption mechanism: For example, if an explicit IV is in use, there's an offset between the end of the record header and the beginning of the encrypted data to allow the explicit IV to be placed in between; also, if the DTLS Connection ID (CID) feature is in use, the CID is part of the record header, shifting all subsequent information (length, IV, data) to the back. When setting up an SSL context, the out pointers are initialized according to the identity transform + no CID, and it is important to keep them up to date whenever the record encryption mechanism changes, which is done by the helper function ssl_update_out_pointers(). During context deserialization, updating the out pointers according to the deserialized record transform went missing, leaving the out pointers the initial state. When attemping to encrypt a record in this state, this lead to failure if either a CID or an explicit IV was in use. This wasn't caught in the tests by the bad luck that they didn't use CID, _and_ used the default ciphersuite based on ChaChaPoly, which doesn't have an explicit IV. Changing either of this would have made the existing tests fail. This commit fixes the bug by adding a call to ssl_update_out_pointers() to ssl_context_load() implementing context deserialization. Extending test coverage is left for a separate commit.
2019-08-30 09:42:49 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
break;
Add setting of forced fields when deserializing
2019-07-15 09:53:51 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
default:
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
Add setting of forced fields when deserializing
2019-07-15 09:53:51 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( transform->out_cid_len != 0 )
transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
Declare and document ssl_context_save()/load() Also introduce stub definitions so that things compile and link.
2019-05-28 11:02:16 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( (int)( out_hdr_len + transform_expansion ) );
Declare and document ssl_context_save()/load() Also introduce stub definitions so that things compile and link.
2019-05-28 11:02:16 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_RENEGOTIATION)
Add session saving/loading For now, the header (version+format bytes) is duplicated. This might be optimized later.
2019-07-11 10:50:53 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Check record counters and renegotiate if they're above the limit.
Add session saving/loading For now, the header (version+format bytes) is duplicated. This might be optimized later.
2019-07-11 10:50:53 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
Add session saving/loading For now, the header (version+format bytes) is duplicated. This might be optimized later.
2019-07-11 10:50:53 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
size_t ep_len = mbedtls_ssl_ep_len( ssl );
int in_ctr_cmp;
int out_ctr_cmp;
Add session saving/loading For now, the header (version+format bytes) is duplicated. This might be optimized later.
2019-07-11 10:50:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ||
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ||
ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
{
return( 0 );
}
Add session saving/loading For now, the header (version+format bytes) is duplicated. This might be optimized later.
2019-07-11 10:50:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
ssl->conf->renego_period + ep_len, 8 - ep_len );
out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len,
ssl->conf->renego_period + ep_len, 8 - ep_len );
if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
{
return( 0 );
}
MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) );
return( mbedtls_ssl_renegotiate( ssl ) );
Add session saving/loading For now, the header (version+format bytes) is duplicated. This might be optimized later.
2019-07-11 10:50:53 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_RENEGOTIATION */
Add session saving/loading For now, the header (version+format bytes) is duplicated. This might be optimized later.
2019-07-11 10:50:53 +00:00
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Receive application data decrypted from the SSL layer
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
Restructure ssl_handshake_init() and small fixes
2014-06-26 11:37:14 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->handshake != NULL &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
return( ret );
}
TLS compression only allocates working buffer once
2013-10-11 07:59:44 +00:00
}
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* Check if renegotiation is necessary and/or handshake is
* in process. If yes, perform/continue, and fall through
* if an unexpected packet is received while the client
* is waiting for the ServerHello.
*
* (There is no equivalent to the last condition on
* the server-side as it is not treated as within
* a handshake while waiting for the ClientHello
* after a renegotiation request.)
*/
Fixed memory leak in ssl_free() and ssl_reset() for active session
2013-02-14 10:19:38 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ret = ssl_check_ctr_renegotiate( ssl );
if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
ret != 0 )
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
return( ret );
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
}
Ability to disable server_name extension (RFC 6066)
2013-08-27 19:55:01 +00:00
#endif
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = mbedtls_ssl_handshake( ssl );
if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
return( ret );
}
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Loop as long as no application data record is available */
while( ssl->in_offt == NULL )
{
/* Start timer if not already running */
if( ssl->f_get_timer != NULL &&
ssl->f_get_timer( ssl->p_timer ) == -1 )
{
mbedtls_ssl_set_timer( ssl, ssl->conf->read_timeout );
}
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
return( 0 );
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
}
Disable MD5 in handshake signatures by default
2015-12-04 14:02:56 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msglen == 0 &&
ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA )
{
/*
* OpenSSL sends empty messages to randomize the IV
*/
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
return( 0 );
Add SSL presets. No need to use a separate profile as in X.509, everything we need is already in ssl_config. Just load appropriate values.
2015-06-17 11:53:47 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
}
}
Add SSL presets. No need to use a separate profile as in X.509, everything we need is already in ssl_config. Just load appropriate values.
2015-06-17 11:53:47 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* - For client-side, expect SERVER_HELLO_REQUEST.
* - For server-side, expect CLIENT_HELLO.
* - Fail (TLS) or silently drop record (DTLS) in other cases.
*/
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
Make endpoint+transport args of config_defaults()
2015-05-04 17:32:36 +00:00
#if defined(MBEDTLS_SSL_CLI_C)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ||
ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* With DTLS, drop the packet (probably from last handshake) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
continue;
}
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
#endif /* MBEDTLS_SSL_CLI_C */
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_SRV_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) );
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* With DTLS, drop the packet (probably from last handshake) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
continue;
}
Move set_cbc_record_splitting() to conf
2015-05-05 15:34:53 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
#endif /* MBEDTLS_SSL_SRV_C */
Move set_cbc_record_splitting() to conf
2015-05-05 15:34:53 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_RENEGOTIATION)
/* Determine whether renegotiation attempt should be accepted */
if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
ssl->conf->allow_legacy_renegotiation ==
MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) )
{
/*
* Accept renegotiation request
*/
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* DTLS clients need to know renego is server-initiated */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
}
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ret = mbedtls_ssl_start_renegotiation( ssl );
if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_start_renegotiation",
ret );
return( ret );
}
}
else
#endif /* MBEDTLS_SSL_RENEGOTIATION */
{
/*
* Refuse renegotiation
*/
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
Implement optional CA list suppression in Certificate Request According to RFC5246 the server can indicate the known Certificate Authorities or can constrain the aurhorisation space by sending a certificate list. This part of the message is optional and if omitted, the client may send any certificate in the response. The previous behaviour of mbed TLS was to always send the name of all the CAs that are configured as root CAs. In certain cases this might cause usability and privacy issues for example: - If the list of the CA names is longer than the peers input buffer then the handshake will fail - If the configured CAs belong to third parties, this message gives away information on the relations to these third parties Therefore we introduce an option to suppress the CA list in the Certificate Request message. Providing this feature as a runtime option comes with a little cost in code size and advantages in maintenance and flexibility.
2017-04-10 11:42:31 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_SSL3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
/* SSLv3 does not have a "no_renegotiation" warning, so
we send a fatal alert and abort the connection. */
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
else
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
{
if( ( ret = mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_WARNING,
MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
{
return( ret );
}
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 ||
MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
}
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* At this point, we don't know whether the renegotiation has been
* completed or not. The cases to consider are the following:
* 1) The renegotiation is complete. In this case, no new record
* has been read yet.
* 2) The renegotiation is incomplete because the client received
* an application data record while awaiting the ServerHello.
* 3) The renegotiation is incomplete because the client received
* a non-handshake, non-application data message while awaiting
* the ServerHello.
* In each of these case, looping will be the proper action:
* - For 1), the next iteration will read a new record and check
* if it's application data.
* - For 2), the loop condition isn't satisfied as application data
* is present, hence continue is the same as break
* - For 3), the loop condition is satisfied and read_record
* will re-deliver the message that was held back by the client
* when expecting the ServerHello.
*/
continue;
}
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
#if defined(MBEDTLS_SSL_RENEGOTIATION)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
{
if( ssl->conf->renego_max_records >= 0 )
Add SSL presets. No need to use a separate profile as in X.509, everything we need is already in ssl_config. Just load appropriate values.
2015-06-17 11:53:47 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ++ssl->renego_records_seen > ssl->conf->renego_max_records )
Add SSL presets. No need to use a separate profile as in X.509, everything we need is already in ssl_config. Just load appropriate values.
2015-06-17 11:53:47 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
"but not honored by client" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
Add SSL presets. No need to use a separate profile as in X.509, everything we need is already in ssl_config. Just load appropriate values.
2015-06-17 11:53:47 +00:00
}
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
Add SSL presets. No need to use a separate profile as in X.509, everything we need is already in ssl_config. Just load appropriate values.
2015-06-17 11:53:47 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* Fatal and closure alerts handled by mbedtls_ssl_read_record() */
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) );
return( MBEDTLS_ERR_SSL_WANT_READ );
}
Add SSL presets. No need to use a separate profile as in X.509, everything we need is already in ssl_config. Just load appropriate values.
2015-06-17 11:53:47 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
Add SSL presets. No need to use a separate profile as in X.509, everything we need is already in ssl_config. Just load appropriate values.
2015-06-17 11:53:47 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl->in_offt = ssl->in_msg;
Add SSL presets. No need to use a separate profile as in X.509, everything we need is already in ssl_config. Just load appropriate values.
2015-06-17 11:53:47 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* We're going to return something now, cancel timer,
* except if handshake (renegotiation) is in progress */
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
mbedtls_ssl_set_timer( ssl, 0 );
Add SSL presets. No need to use a separate profile as in X.509, everything we need is already in ssl_config. Just load appropriate values.
2015-06-17 11:53:47 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* If we requested renego but received AppData, resend HelloRequest.
* Do it now, after setting in_offt, to avoid taking this branch
* again if ssl_write_hello_request() returns WANT_WRITE */
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
{
if( ( ret = mbedtls_ssl_resend_hello_request( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend_hello_request",
ret );
return( ret );
}
}
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Add SSL presets. No need to use a separate profile as in X.509, everything we need is already in ssl_config. Just load appropriate values.
2015-06-17 11:53:47 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
n = ( len < ssl->in_msglen )
? len : ssl->in_msglen;
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
memcpy( buf, ssl->in_offt, n );
ssl->in_msglen -= n;
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->in_msglen == 0 )
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* all bytes consumed */
ssl->in_offt = NULL;
ssl->keep_current_message = 0;
Separate psk and psk_identity buffers free Sometimes, psk_identity buffer can't released because psk buffer is NULL. So, separate it.
2017-12-20 07:29:30 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
Separate psk and psk_identity buffers free Sometimes, psk_identity buffer can't released because psk buffer is NULL. So, separate it.
2017-12-20 07:29:30 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/* more data available */
ssl->in_offt += n;
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) );
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( (int) n );
Introduce mbedtls_ssl_config_{init,defaults,free}()
2015-05-04 11:35:39 +00:00
}
Merge code for RSA and ECDSA in SSL
2013-08-21 14:14:26 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Send application data to be encrypted by the SSL layer, taking care of max
* fragment length and buffer size.
*
* According to RFC 5246 Section 6.2.1:
*
* Zero-length fragments of Application data MAY be sent as they are
* potentially useful as a traffic analysis countermeasure.
*
* Therefore, it is possible that the input message length is 0 and the
* corresponding return code is 0 on success.
Merge code for RSA and ECDSA in SSL
2013-08-21 14:14:26 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
static int ssl_write_real( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
Merge code for RSA and ECDSA in SSL
2013-08-21 14:14:26 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = mbedtls_ssl_get_max_out_record_payload( ssl );
const size_t max_len = (size_t) ret;
Merge code for RSA and ECDSA in SSL
2013-08-21 14:14:26 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ret < 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload", ret );
return( ret );
Remember suitable hash function for any signature algorithm. This commit changes `ssl_parse_signature_algorithms_ext` to remember one suitable ( := supported by client and by our config ) hash algorithm per signature algorithm. It also modifies the ciphersuite checking function `ssl_ciphersuite_match` to refuse a suite if there is no suitable hash algorithm. Finally, it adds the corresponding entry to the ChangeLog.
2017-04-28 16:15:26 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( len > max_len )
Use convert functions for SSL_SIG_* and SSL_HASH_*
2013-08-22 11:52:48 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
"maximum fragment length: %d > %d",
len, max_len ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
else
Use convert functions for SSL_SIG_* and SSL_HASH_*
2013-08-22 11:52:48 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
len = max_len;
Use convert functions for SSL_SIG_* and SSL_HASH_*
2013-08-22 11:52:48 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->out_left != 0 )
Remember suitable hash function for any signature algorithm. This commit changes `ssl_parse_signature_algorithms_ext` to remember one suitable ( := supported by client and by our config ) hash algorithm per signature algorithm. It also modifies the ciphersuite checking function `ssl_ciphersuite_match` to refuse a suite if there is no suitable hash algorithm. Finally, it adds the corresponding entry to the ChangeLog.
2017-04-28 16:15:26 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* The user has previously tried to send the data and
* MBEDTLS_ERR_SSL_WANT_WRITE or the message was only partially
* written. In this case, we expect the high-level write function
* (e.g. mbedtls_ssl_write()) to be called with the same parameters
*/
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
return( ret );
}
Remember suitable hash function for any signature algorithm. This commit changes `ssl_parse_signature_algorithms_ext` to remember one suitable ( := supported by client and by our config ) hash algorithm per signature algorithm. It also modifies the ciphersuite checking function `ssl_ciphersuite_match` to refuse a suite if there is no suitable hash algorithm. Finally, it adds the corresponding entry to the ChangeLog.
2017-04-28 16:15:26 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
else
Remember suitable hash function for any signature algorithm. This commit changes `ssl_parse_signature_algorithms_ext` to remember one suitable ( := supported by client and by our config ) hash algorithm per signature algorithm. It also modifies the ciphersuite checking function `ssl_ciphersuite_match` to refuse a suite if there is no suitable hash algorithm. Finally, it adds the corresponding entry to the ChangeLog.
2017-04-28 16:15:26 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
/*
* The user is trying to send a message the first time, so we need to
* copy the data into the internal buffers and setup the data structure
* to keep track of partial writes
*/
ssl->out_msglen = len;
ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
memcpy( ssl->out_msg, buf, len );
Remember suitable hash function for any signature algorithm. This commit changes `ssl_parse_signature_algorithms_ext` to remember one suitable ( := supported by client and by our config ) hash algorithm per signature algorithm. It also modifies the ciphersuite checking function `ssl_ciphersuite_match` to refuse a suite if there is no suitable hash algorithm. Finally, it adds the corresponding entry to the ChangeLog.
2017-04-28 16:15:26 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
return( ret );
}
Remember suitable hash function for any signature algorithm. This commit changes `ssl_parse_signature_algorithms_ext` to remember one suitable ( := supported by client and by our config ) hash algorithm per signature algorithm. It also modifies the ciphersuite checking function `ssl_ciphersuite_match` to refuse a suite if there is no suitable hash algorithm. Finally, it adds the corresponding entry to the ChangeLog.
2017-04-28 16:15:26 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( (int) len );
Remember suitable hash function for any signature algorithm. This commit changes `ssl_parse_signature_algorithms_ext` to remember one suitable ( := supported by client and by our config ) hash algorithm per signature algorithm. It also modifies the ciphersuite checking function `ssl_ciphersuite_match` to refuse a suite if there is no suitable hash algorithm. Finally, it adds the corresponding entry to the ChangeLog.
2017-04-28 16:15:26 +00:00
}
SSL_TLS doesn't depend on PK any more (But PK does depend on RSA or ECP.)
2013-09-20 10:29:15 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Write application data, doing 1/n-1 splitting if necessary.
*
* With non-blocking I/O, ssl_write_real() may return WANT_WRITE,
* then the caller will call us again with the same arguments, so
* remember whether we already did the split or not.
SSL_TLS doesn't depend on PK any more (But PK does depend on RSA or ECP.)
2013-09-20 10:29:15 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
static int ssl_write_split( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
Use convert functions for SSL_SIG_* and SSL_HASH_*
2013-08-22 11:52:48 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ssl->conf->cbc_record_splitting ==
MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ||
len <= 1 ||
ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 ||
mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc )
!= MBEDTLS_MODE_CBC )
Use convert functions for SSL_SIG_* and SSL_HASH_*
2013-08-22 11:52:48 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
return( ssl_write_real( ssl, buf, len ) );
Use convert functions for SSL_SIG_* and SSL_HASH_*
2013-08-22 11:52:48 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->split_done == 0 )
Implement sig_hashes
2015-06-17 12:34:48 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 )
return( ret );
ssl->split_done = 1;
Implement sig_hashes
2015-06-17 12:34:48 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 )
return( ret );
ssl->split_done = 0;
return( ret + 1 );
Implement sig_hashes
2015-06-17 12:34:48 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
Implement sig_hashes
2015-06-17 12:34:48 +00:00
Enforce our choice of allowed curves.
2014-02-04 15:18:07 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Write application data (public-facing wrapper)
Enforce our choice of allowed curves.
2014-02-04 15:18:07 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len )
Enforce our choice of allowed curves.
2014-02-04 15:18:07 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Enforce our choice of allowed curves.
2014-02-04 15:18:07 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );
Small internal changes in curve checking - switch from is_acceptable to the more usual check - add NULL check just in case user screwed up config
2015-06-17 10:10:46 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Enforce our choice of allowed curves.
2014-02-04 15:18:07 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
return( ret );
}
#endif
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
{
if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
return( ret );
}
}
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
ret = ssl_write_split( ssl, buf, len );
#else
ret = ssl_write_real( ssl, buf, len );
#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) );
return( ret );
Enforce our choice of allowed curves.
2014-02-04 15:18:07 +00:00
}
Check keyUsage in SSL client and server
2014-04-09 07:50:57 +00:00
Implement sig_hashes
2015-06-17 12:34:48 +00:00
/*
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
* Notify the peer that the connection is being closed
Implement sig_hashes
2015-06-17 12:34:48 +00:00
*/
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl )
Implement sig_hashes
2015-06-17 12:34:48 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Implement sig_hashes
2015-06-17 12:34:48 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
Implement sig_hashes
2015-06-17 12:34:48 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
Implement sig_hashes
2015-06-17 12:34:48 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( ssl->out_left != 0 )
return( mbedtls_ssl_flush_output( ssl ) );
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
{
if( ( ret = mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_WARNING,
MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret );
return( ret );
}
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
return( 0 );
Implement sig_hashes
2015-06-17 12:34:48 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
Check keyUsage in SSL client and server
2014-04-09 07:50:57 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( transform == NULL )
return;
#if defined(MBEDTLS_ZLIB_SUPPORT)
deflateEnd( &transform->ctx_deflate );
inflateEnd( &transform->ctx_inflate );
Add extendedKeyUsage checking in SSL modules
2014-04-11 09:06:22 +00:00
#endif
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_cipher_free( &transform->cipher_ctx_enc );
mbedtls_cipher_free( &transform->cipher_ctx_dec );
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
mbedtls_md_free( &transform->md_ctx_enc );
mbedtls_md_free( &transform->md_ctx_dec );
Add extendedKeyUsage checking in SSL modules
2014-04-11 09:06:22 +00:00
#endif
Check keyUsage in SSL client and server
2014-04-09 07:50:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
}
Check keyUsage in SSL client and server
2014-04-09 07:50:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
Check keyUsage in SSL client and server
2014-04-09 07:50:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl )
{
unsigned offset;
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
Check keyUsage in SSL client and server
2014-04-09 07:50:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( hs == NULL )
return;
Check keyUsage in SSL client and server
2014-04-09 07:50:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
ssl_free_buffered_record( ssl );
Check keyUsage in SSL client and server
2014-04-09 07:50:57 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
for( offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
ssl_buffering_free_slot( ssl, offset );
}
static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
uint8_t slot )
{
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot];
if( slot >= MBEDTLS_SSL_MAX_BUFFERED_HS )
return;
Add extendedKeyUsage checking in SSL modules
2014-04-11 09:06:22 +00:00
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
if( hs_buf->is_valid == 1 )
manually merge 9f98251 make extKeyUsage accessible
2015-04-20 10:01:48 +00:00
{
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
hs->buffering.total_bytes_buffered -= hs_buf->data_len;
mbedtls_platform_zeroize( hs_buf->data, hs_buf->data_len );
mbedtls_free( hs_buf->data );
memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
manually merge 9f98251 make extKeyUsage accessible
2015-04-20 10:01:48 +00:00
}
Check keyUsage in SSL client and server
2014-04-09 07:50:57 +00:00
}
Remove code from ssl_tls.c & ssl_msg.c to get disjoint functionality This commit is the final step in separating the functionality of what was originally ssl_tls.c into both ssl_tls.c and ssl_msg.c. So far, ssl_msg.c has been created as an identical copy of ssl_tls.c. For each block of code in these files, this commit removes it from precisely one of the two files, depending on where the respective functionality belongs. The splitting separates the following functionalities: 1) An implementation of the TLS and DTLS messaging layer, that is, the record layer as well as the DTLS retransmission state machine. This is now contained in ssl_msg.c 2) Handshake parsing and writing functions shared between client and server (functions specific to either client or server are implemented in ssl_cli.c and ssl_srv.c, respectively). This is remains in ssl_tls.c.
2020-02-05 14:44:10 +00:00
#endif /* MBEDTLS_SSL_PROTO_DTLS */
Fix misplaced #endif in ssl_tls.c
2014-04-29 13:11:17 +00:00
Handle DTLS version encoding and fix some checks
2014-02-11 17:15:03 +00:00
/*
* Convert version numbers to/from wire format
* and, for DTLS, to/from TLS equivalent.
*
* For TLS this is the identity.
Clarify Comments and Fix Typos (#651) Fixes many typos, and errors in comments. * Clarifies many comments * Grammar correction in config.pl help text * Removed comment about MBEDTLS_X509_EXT_NS_CERT_TYPE. * Comment typo fix (Dont => Don't) * Comment typo fix (assure => ensure) * Comment typo fix (byes => bytes) * Added citation for quoted standard * Comment typo fix (one complement => 1's complement) The is some debate about whether to prefer "one's complement", "ones' complement", or "1's complement". The more recent RFCs related to TLS (RFC 6347, RFC 4347, etc) use " 1's complement", so I followed that convention. * Added missing ")" in comment * Comment alignment * Incorrect comment after #endif
2016-11-06 12:45:15 +00:00
* For DTLS, use 1's complement (v -> 255 - v, and then map as follows:
Handle DTLS version encoding and fix some checks
2014-02-11 17:15:03 +00:00
* 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1)
* 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2)
*/
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
void mbedtls_ssl_write_version( int major, int minor, int transport,
Handle DTLS version encoding and fix some checks
2014-02-11 17:15:03 +00:00
unsigned char ver[2] )
{
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Handle DTLS version encoding and fix some checks
2014-02-11 17:15:03 +00:00
{
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
Handle DTLS version encoding and fix some checks
2014-02-11 17:15:03 +00:00
--minor; /* DTLS 1.0 stored as TLS 1.1 internally */
ver[0] = (unsigned char)( 255 - ( major - 2 ) );
ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
}
Fix a few warnings in reduced configs
2014-03-25 12:36:22 +00:00
else
#else
((void) transport);
Handle DTLS version encoding and fix some checks
2014-02-11 17:15:03 +00:00
#endif
Fix a few warnings in reduced configs
2014-03-25 12:36:22 +00:00
{
ver[0] = (unsigned char) major;
ver[1] = (unsigned char) minor;
}
Handle DTLS version encoding and fix some checks
2014-02-11 17:15:03 +00:00
}
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
Handle DTLS version encoding and fix some checks
2014-02-11 17:15:03 +00:00
const unsigned char ver[2] )
{
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Handle DTLS version encoding and fix some checks
2014-02-11 17:15:03 +00:00
{
*major = 255 - ver[0] + 2;
*minor = 255 - ver[1] + 1;
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
Handle DTLS version encoding and fix some checks
2014-02-11 17:15:03 +00:00
++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
}
Fix a few warnings in reduced configs
2014-03-25 12:36:22 +00:00
else
#else
((void) transport);
Handle DTLS version encoding and fix some checks
2014-02-11 17:15:03 +00:00
#endif
Fix a few warnings in reduced configs
2014-03-25 12:36:22 +00:00
{
*major = ver[0];
*minor = ver[1];
}
Handle DTLS version encoding and fix some checks
2014-02-11 17:15:03 +00:00
}
The Great Renaming A simple execution of tmp/invoke-rename.pl
2015-04-08 10:49:31 +00:00
#endif /* MBEDTLS_SSL_TLS_C */
Reference in New Issue Copy Permalink