| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2007-2016, Cameron Rich |
| 3 | * |
| 4 | * All rights reserved. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions are met: |
| 8 | * |
| 9 | * * Redistributions of source code must retain the above copyright notice, |
| 10 | * this list of conditions and the following disclaimer. |
| 11 | * * Redistributions in binary form must reproduce the above copyright notice, |
| 12 | * this list of conditions and the following disclaimer in the documentation |
| 13 | * and/or other materials provided with the distribution. |
| 14 | * * Neither the name of the axTLS project nor the names of its contributors |
| 15 | * may be used to endorse or promote products derived from this software |
| 16 | * without specific prior written permission. |
| 17 | * |
| 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR |
| 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
| 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
| 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF |
| 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
| 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
| 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 29 | */ |
| 30 | |
| 31 | #include <stdlib.h> |
| 32 | #include <string.h> |
| 33 | #include <time.h> |
| 34 | #include <stdio.h> |
| 35 | #include "os_port.h" |
| 36 | #include "ssl.h" |
| 37 | |
| 38 | #ifdef CONFIG_SSL_ENABLE_CLIENT /* all commented out if no client */ |
| 39 | |
| 40 | /* support sha512/384/256/1 RSA */ |
| 41 | static const uint8_t g_sig_alg[] = { |
| 42 | 0x00, SSL_EXT_SIG_ALG, |
| 43 | 0x00, 0x0a, 0x00, 0x08, |
| 44 | SIG_ALG_SHA512, SIG_ALG_RSA, |
| 45 | SIG_ALG_SHA384, SIG_ALG_RSA, |
| 46 | SIG_ALG_SHA256, SIG_ALG_RSA, |
| 47 | SIG_ALG_SHA1, SIG_ALG_RSA |
| 48 | }; |
| 49 | |
| 50 | static const uint8_t g_asn1_sha256[] = |
| 51 | { |
| 52 | 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, |
| 53 | 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 |
| 54 | }; |
| 55 | |
| 56 | static int send_client_hello(SSL *ssl); |
| 57 | static int process_server_hello(SSL *ssl); |
| 58 | static int process_server_hello_done(SSL *ssl); |
| 59 | static int send_client_key_xchg(SSL *ssl); |
| 60 | static int process_cert_req(SSL *ssl); |
| 61 | static int send_cert_verify(SSL *ssl); |
| 62 | |
| 63 | /* |
| 64 | * Establish a new SSL connection to an SSL server. |
| 65 | */ |
| 66 | EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, long client_fd, const |
| 67 | uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext) |
| 68 | { |
| 69 | SSL *ssl = ssl_new(ssl_ctx, client_fd); |
| 70 | ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */ |
| 71 | |
| 72 | #ifndef CONFIG_SSL_SKELETON_MODE |
| 73 | if (session_id && ssl_ctx->num_sessions) |
| 74 | { |
| 75 | if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */ |
| 76 | { |
| 77 | ssl_free(ssl); |
| 78 | return NULL; |
| 79 | } |
| 80 | |
| 81 | memcpy(ssl->session_id, session_id, sess_id_size); |
| 82 | ssl->sess_id_size = sess_id_size; |
| 83 | SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */ |
| 84 | } |
| 85 | #endif |
| 86 | |
| 87 | ssl->extensions = ssl_ext; |
| 88 | |
| 89 | SET_SSL_FLAG(SSL_IS_CLIENT); |
| 90 | do_client_connect(ssl); |
| 91 | return ssl; |
| 92 | } |
| 93 | |
| 94 | /* |
| 95 | * Process the handshake record. |
| 96 | */ |
| 97 | int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len) |
| 98 | { |
| 99 | int ret; |
| 100 | |
| 101 | /* To get here the state must be valid */ |
| 102 | switch (handshake_type) |
| 103 | { |
| 104 | case HS_SERVER_HELLO: |
| 105 | ret = process_server_hello(ssl); |
| 106 | break; |
| 107 | |
| 108 | case HS_CERTIFICATE: |
| 109 | ret = process_certificate(ssl, &ssl->x509_ctx); |
| 110 | break; |
| 111 | |
| 112 | case HS_SERVER_HELLO_DONE: |
| 113 | if ((ret = process_server_hello_done(ssl)) == SSL_OK) |
| 114 | { |
| 115 | if (IS_SET_SSL_FLAG(SSL_HAS_CERT_REQ)) |
| 116 | { |
| 117 | if ((ret = send_certificate(ssl)) == SSL_OK && |
| 118 | (ret = send_client_key_xchg(ssl)) == SSL_OK) |
| 119 | { |
| 120 | send_cert_verify(ssl); |
| 121 | } |
| 122 | } |
| 123 | else |
| 124 | { |
| 125 | ret = send_client_key_xchg(ssl); |
| 126 | } |
| 127 | |
| 128 | if (ret == SSL_OK && |
| 129 | (ret = send_change_cipher_spec(ssl)) == SSL_OK) |
| 130 | { |
| 131 | ret = send_finished(ssl); |
| 132 | } |
| 133 | } |
| 134 | break; |
| 135 | |
| 136 | case HS_CERT_REQ: |
| 137 | ret = process_cert_req(ssl); |
| 138 | break; |
| 139 | |
| 140 | case HS_FINISHED: |
| 141 | ret = process_finished(ssl, buf, hs_len); |
| 142 | disposable_free(ssl); /* free up some memory */ |
| 143 | /* note: client renegotiation is not allowed after this */ |
| 144 | break; |
| 145 | |
| 146 | case HS_HELLO_REQUEST: |
| 147 | disposable_new(ssl); |
| 148 | ret = do_client_connect(ssl); |
| 149 | break; |
| 150 | |
| 151 | default: |
| 152 | ret = SSL_ERROR_INVALID_HANDSHAKE; |
| 153 | break; |
| 154 | } |
| 155 | |
| 156 | return ret; |
| 157 | } |
| 158 | |
| 159 | /* |
| 160 | * Do the handshaking from the beginning. |
| 161 | */ |
| 162 | int do_client_connect(SSL *ssl) |
| 163 | { |
| 164 | int ret = SSL_OK; |
| 165 | |
| 166 | send_client_hello(ssl); /* send the client hello */ |
| 167 | ssl->bm_read_index = 0; |
| 168 | ssl->next_state = HS_SERVER_HELLO; |
| 169 | ssl->hs_status = SSL_NOT_OK; /* not connected */ |
| 170 | |
| 171 | /* sit in a loop until it all looks good */ |
| 172 | if (!IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS)) |
| 173 | { |
| 174 | while (ssl->hs_status != SSL_OK) |
| 175 | { |
| 176 | ret = ssl_read(ssl, NULL); |
| 177 | |
| 178 | if (ret < SSL_OK) |
| 179 | break; |
| 180 | } |
| 181 | |
| 182 | ssl->hs_status = ret; /* connected? */ |
| 183 | } |
| 184 | |
| 185 | return ret; |
| 186 | } |
| 187 | |
| 188 | /* |
| 189 | * Send the initial client hello. |
| 190 | */ |
| 191 | static int send_client_hello(SSL *ssl) |
| 192 | { |
| 193 | uint8_t *buf = ssl->bm_data; |
| 194 | time_t tm = time(NULL); |
| 195 | uint8_t *tm_ptr = &buf[6]; /* time will go here */ |
| 196 | int i, offset, ext_offset; |
| 197 | int ext_len = 0; |
| 198 | |
| 199 | |
| 200 | buf[0] = HS_CLIENT_HELLO; |
| 201 | buf[1] = 0; |
| 202 | buf[2] = 0; |
| 203 | /* byte 3 is calculated later */ |
| 204 | buf[4] = 0x03; |
| 205 | buf[5] = ssl->version & 0x0f; |
| 206 | |
| 207 | /* client random value - spec says that 1st 4 bytes are big endian time */ |
| 208 | *tm_ptr++ = (uint8_t)(((long)tm & 0xff000000) >> 24); |
| 209 | *tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16); |
| 210 | *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8); |
| 211 | *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff)); |
| 212 | if (get_random(SSL_RANDOM_SIZE-4, &buf[10]) < 0) |
| 213 | return SSL_NOT_OK; |
| 214 | |
| 215 | memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE); |
| 216 | offset = 6 + SSL_RANDOM_SIZE; |
| 217 | |
| 218 | /* give session resumption a go */ |
| 219 | if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME)) /* set initially by user */ |
| 220 | { |
| 221 | buf[offset++] = ssl->sess_id_size; |
| 222 | memcpy(&buf[offset], ssl->session_id, ssl->sess_id_size); |
| 223 | offset += ssl->sess_id_size; |
| 224 | CLR_SSL_FLAG(SSL_SESSION_RESUME); /* clear so we can set later */ |
| 225 | } |
| 226 | else |
| 227 | { |
| 228 | /* no session id - because no session resumption just yet */ |
| 229 | buf[offset++] = 0; |
| 230 | } |
| 231 | |
| 232 | buf[offset++] = 0; /* number of ciphers */ |
| 233 | buf[offset++] = NUM_PROTOCOLS*2;/* number of ciphers */ |
| 234 | |
| 235 | /* put all our supported protocols in our request */ |
| 236 | for (i = 0; i < NUM_PROTOCOLS; i++) |
| 237 | { |
| 238 | buf[offset++] = 0; /* cipher we are using */ |
| 239 | buf[offset++] = ssl_prot_prefs[i]; |
| 240 | } |
| 241 | |
| 242 | buf[offset++] = 1; /* no compression */ |
| 243 | buf[offset++] = 0; |
| 244 | |
| 245 | ext_offset = offset; |
| 246 | |
| 247 | buf[offset++] = 0; /* total length of extensions */ |
| 248 | buf[offset++] = 0; |
| 249 | |
| 250 | /* send the signature algorithm extension for TLS 1.2+ */ |
| 251 | if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) |
| 252 | { |
| 253 | memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg)); |
| 254 | offset += sizeof(g_sig_alg); |
| 255 | ext_len += sizeof(g_sig_alg); |
| 256 | } |
| 257 | |
| 258 | if (ssl->extensions != NULL) |
| 259 | { |
| 260 | /* send the host name if specified */ |
| 261 | if (ssl->extensions->host_name != NULL) |
| 262 | { |
| 263 | size_t host_len = strlen(ssl->extensions->host_name); |
| 264 | buf[offset++] = 0; |
| 265 | buf[offset++] = SSL_EXT_SERVER_NAME; /* server_name(0) (65535) */ |
| 266 | buf[offset++] = 0; |
| 267 | buf[offset++] = host_len + 5; /* server_name length */ |
| 268 | buf[offset++] = 0; |
| 269 | buf[offset++] = host_len + 3; /* server_list length */ |
| 270 | buf[offset++] = 0; /* host_name(0) (255) */ |
| 271 | buf[offset++] = 0; |
| 272 | buf[offset++] = host_len; /* host_name length */ |
| 273 | strncpy((char*) &buf[offset], ssl->extensions->host_name, host_len); |
| 274 | offset += host_len; |
| 275 | ext_len += host_len + 9; |
| 276 | } |
| 277 | |
| 278 | if (ssl->extensions->max_fragment_size) |
| 279 | { |
| 280 | buf[offset++] = 0; |
| 281 | buf[offset++] = SSL_EXT_MAX_FRAGMENT_SIZE; |
| 282 | |
| 283 | buf[offset++] = 0; // size of data |
| 284 | buf[offset++] = 2; |
| 285 | |
| 286 | buf[offset++] = (uint8_t) |
| 287 | ((ssl->extensions->max_fragment_size >> 8) & 0xff); |
| 288 | buf[offset++] = (uint8_t) |
| 289 | (ssl->extensions->max_fragment_size & 0xff); |
| 290 | ext_len += 6; |
| 291 | } |
| 292 | } |
| 293 | |
| 294 | if (ext_len > 0) |
| 295 | { |
| 296 | // update the extensions length value |
| 297 | buf[ext_offset] = (uint8_t) ((ext_len >> 8) & 0xff); |
| 298 | buf[ext_offset + 1] = (uint8_t) (ext_len & 0xff); |
| 299 | } |
| 300 | |
| 301 | buf[3] = offset - 4; /* handshake size */ |
| 302 | return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset); |
| 303 | } |
| 304 | |
| 305 | /* |
| 306 | * Process the server hello. |
| 307 | */ |
| 308 | static int process_server_hello(SSL *ssl) |
| 309 | { |
| 310 | uint8_t *buf = ssl->bm_data; |
| 311 | int pkt_size = ssl->bm_index; |
| 312 | #ifndef CONFIG_SSL_SKELETON_MODE |
| 313 | int num_sessions = ssl->ssl_ctx->num_sessions; |
| 314 | #endif |
| 315 | uint8_t sess_id_size; |
| 316 | int offset, ret = SSL_OK; |
| 317 | |
| 318 | /* check that we are talking to a TLSv1 server */ |
| 319 | uint8_t version = (buf[4] << 4) + buf[5]; |
| 320 | if (version > SSL_PROTOCOL_VERSION_MAX) |
| 321 | { |
| 322 | version = SSL_PROTOCOL_VERSION_MAX; |
| 323 | } |
| 324 | else if (ssl->version < SSL_PROTOCOL_MIN_VERSION) |
| 325 | { |
| 326 | ret = SSL_ERROR_INVALID_VERSION; |
| 327 | #ifdef CONFIG_SSL_DIAGNOSTICS |
| 328 | ssl_display_error(ret); |
| 329 | #endif |
| 330 | goto error; |
| 331 | } |
| 332 | |
| 333 | ssl->version = version; |
| 334 | |
| 335 | /* get the server random value */ |
| 336 | memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE); |
| 337 | offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */ |
| 338 | sess_id_size = buf[offset++]; |
| 339 | |
| 340 | if (sess_id_size > SSL_SESSION_ID_SIZE) |
| 341 | { |
| 342 | ret = SSL_ERROR_INVALID_SESSION; |
| 343 | goto error; |
| 344 | } |
| 345 | |
| 346 | #ifndef CONFIG_SSL_SKELETON_MODE |
| 347 | if (num_sessions) |
| 348 | { |
| 349 | ssl->session = ssl_session_update(num_sessions, |
| 350 | ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]); |
| 351 | memcpy(ssl->session->session_id, &buf[offset], sess_id_size); |
| 352 | |
| 353 | /* pad the rest with 0's */ |
| 354 | if (sess_id_size < SSL_SESSION_ID_SIZE) |
| 355 | { |
| 356 | memset(&ssl->session->session_id[sess_id_size], 0, |
| 357 | SSL_SESSION_ID_SIZE-sess_id_size); |
| 358 | } |
| 359 | } |
| 360 | #endif |
| 361 | |
| 362 | memcpy(ssl->session_id, &buf[offset], sess_id_size); |
| 363 | ssl->sess_id_size = sess_id_size; |
| 364 | offset += sess_id_size; |
| 365 | |
| 366 | /* get the real cipher we are using - ignore MSB */ |
| 367 | ssl->cipher = buf[++offset]; |
| 368 | ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ? |
| 369 | HS_FINISHED : HS_CERTIFICATE; |
| 370 | |
| 371 | offset += 2; // ignore compression |
| 372 | PARANOIA_CHECK(pkt_size, offset); |
| 373 | |
| 374 | ssl->dc->bm_proc_index = offset; |
| 375 | PARANOIA_CHECK(pkt_size, offset); |
| 376 | |
| 377 | // no extensions |
| 378 | error: |
| 379 | return ret; |
| 380 | } |
| 381 | |
| 382 | /** |
| 383 | * Process the server hello done message. |
| 384 | */ |
| 385 | static int process_server_hello_done(SSL *ssl) |
| 386 | { |
| 387 | ssl->next_state = HS_FINISHED; |
| 388 | return SSL_OK; |
| 389 | } |
| 390 | |
| 391 | /* |
| 392 | * Send a client key exchange message. |
| 393 | */ |
| 394 | static int send_client_key_xchg(SSL *ssl) |
| 395 | { |
| 396 | uint8_t *buf = ssl->bm_data; |
| 397 | uint8_t premaster_secret[SSL_SECRET_SIZE]; |
| 398 | int enc_secret_size = -1; |
| 399 | |
| 400 | buf[0] = HS_CLIENT_KEY_XCHG; |
| 401 | buf[1] = 0; |
| 402 | |
| 403 | // spec says client must use the what is initially negotiated - |
| 404 | // and this is our current version |
| 405 | premaster_secret[0] = 0x03; |
| 406 | premaster_secret[1] = SSL_PROTOCOL_VERSION_MAX & 0x0f; |
| 407 | if (get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]) < 0) |
| 408 | return SSL_NOT_OK; |
| 409 | |
| 410 | DISPLAY_RSA(ssl, ssl->x509_ctx->rsa_ctx); |
| 411 | |
| 412 | /* rsa_ctx->bi_ctx is not thread-safe */ |
| 413 | SSL_CTX_LOCK(ssl->ssl_ctx->mutex); |
| 414 | enc_secret_size = RSA_encrypt(ssl->x509_ctx->rsa_ctx, premaster_secret, |
| 415 | SSL_SECRET_SIZE, &buf[6], 0); |
| 416 | SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex); |
| 417 | |
| 418 | buf[2] = (enc_secret_size + 2) >> 8; |
| 419 | buf[3] = (enc_secret_size + 2) & 0xff; |
| 420 | buf[4] = enc_secret_size >> 8; |
| 421 | buf[5] = enc_secret_size & 0xff; |
| 422 | |
| 423 | generate_master_secret(ssl, premaster_secret); |
| 424 | return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, enc_secret_size+6); |
| 425 | } |
| 426 | |
| 427 | /* |
| 428 | * Process the certificate request. |
| 429 | */ |
| 430 | static int process_cert_req(SSL *ssl) |
| 431 | { |
| 432 | uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index]; |
| 433 | int ret = SSL_OK; |
| 434 | int cert_req_size = (buf[2]<<8) + buf[3]; |
| 435 | int offset = 4; |
| 436 | int pkt_size = ssl->bm_index; |
| 437 | uint8_t cert_type_len, sig_alg_len; |
| 438 | |
| 439 | PARANOIA_CHECK(pkt_size, offset + cert_req_size); |
| 440 | ssl->dc->bm_proc_index = cert_req_size; |
| 441 | |
| 442 | /* don't do any processing - we will send back an RSA certificate anyway */ |
| 443 | ssl->next_state = HS_SERVER_HELLO_DONE; |
| 444 | SET_SSL_FLAG(SSL_HAS_CERT_REQ); |
| 445 | |
| 446 | if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+ |
| 447 | { |
| 448 | // supported certificate types |
| 449 | cert_type_len = buf[offset++]; |
| 450 | PARANOIA_CHECK(pkt_size, offset + cert_type_len); |
| 451 | offset += cert_type_len; |
| 452 | |
| 453 | // supported signature algorithms |
| 454 | sig_alg_len = buf[offset++] << 8; |
| 455 | sig_alg_len += buf[offset++]; |
| 456 | PARANOIA_CHECK(pkt_size, offset + sig_alg_len); |
| 457 | |
| 458 | while (sig_alg_len > 0) |
| 459 | { |
| 460 | uint8_t hash_alg = buf[offset++]; |
| 461 | uint8_t sig_alg = buf[offset++]; |
| 462 | sig_alg_len -= 2; |
| 463 | |
| 464 | if (sig_alg == SIG_ALG_RSA && |
| 465 | (hash_alg == SIG_ALG_SHA1 || |
| 466 | hash_alg == SIG_ALG_SHA256 || |
| 467 | hash_alg == SIG_ALG_SHA384 || |
| 468 | hash_alg == SIG_ALG_SHA512)) |
| 469 | { |
| 470 | ssl->sig_algs[ssl->num_sig_algs++] = hash_alg; |
| 471 | } |
| 472 | } |
| 473 | } |
| 474 | |
| 475 | error: |
| 476 | return ret; |
| 477 | } |
| 478 | |
| 479 | /* |
| 480 | * Send a certificate verify message. |
| 481 | */ |
| 482 | static int send_cert_verify(SSL *ssl) |
| 483 | { |
| 484 | uint8_t *buf = ssl->bm_data; |
| 485 | uint8_t dgst[SHA1_SIZE+MD5_SIZE+15]; |
| 486 | RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx; |
| 487 | int n = 0, ret; |
| 488 | int offset = 0; |
| 489 | int dgst_len; |
| 490 | |
| 491 | if (rsa_ctx == NULL) |
| 492 | return SSL_OK; |
| 493 | |
| 494 | DISPLAY_RSA(ssl, rsa_ctx); |
| 495 | |
| 496 | buf[0] = HS_CERT_VERIFY; |
| 497 | buf[1] = 0; |
| 498 | |
| 499 | if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+ |
| 500 | { |
| 501 | buf[4] = SIG_ALG_SHA256; |
| 502 | buf[5] = SIG_ALG_RSA; |
| 503 | offset = 6; |
| 504 | memcpy(dgst, g_asn1_sha256, sizeof(g_asn1_sha256)); |
| 505 | dgst_len = finished_digest(ssl, NULL, &dgst[sizeof(g_asn1_sha256)]) + |
| 506 | sizeof(g_asn1_sha256); |
| 507 | } |
| 508 | else |
| 509 | { |
| 510 | offset = 4; |
| 511 | dgst_len = finished_digest(ssl, NULL, dgst); |
| 512 | } |
| 513 | |
| 514 | /* rsa_ctx->bi_ctx is not thread-safe */ |
| 515 | if (rsa_ctx) |
| 516 | { |
| 517 | SSL_CTX_LOCK(ssl->ssl_ctx->mutex); |
| 518 | n = RSA_encrypt(rsa_ctx, dgst, dgst_len, &buf[offset + 2], 1); |
| 519 | SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex); |
| 520 | |
| 521 | if (n == 0) |
| 522 | { |
| 523 | ret = SSL_ERROR_INVALID_KEY; |
| 524 | goto error; |
| 525 | } |
| 526 | } |
| 527 | |
| 528 | buf[offset] = n >> 8; /* add the RSA size */ |
| 529 | buf[offset+1] = n & 0xff; |
| 530 | n += 2; |
| 531 | |
| 532 | if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+ |
| 533 | { |
| 534 | n += 2; // sig/alg |
| 535 | offset -= 2; |
| 536 | } |
| 537 | |
| 538 | buf[2] = n >> 8; |
| 539 | buf[3] = n & 0xff; |
| 540 | ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n + offset); |
| 541 | |
| 542 | error: |
| 543 | return ret; |
| 544 | } |
| 545 | |
| 546 | #endif /* CONFIG_SSL_ENABLE_CLIENT */ |
| 547 |
Generated on 2021-Apr-16 from project MicroPython revision 1.15a
Powered by 
Code Browser 2.1
Generator usage only permitted with license.