mbedtls/library/ssl_srv.c

/*
 *  SSLv3/TLSv1 server-side functions
 *
 *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 *  This file is part of mbed TLS (https://tls.mbed.org)
 */

#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

#if defined(MBEDTLS_SSL_SRV_C)

#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc    calloc
#define mbedtls_free      free
#endif

#include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h"
#include "mbedtls/debug.h"
#include "mbedtls/error.h"
#include "mbedtls/platform_util.h"

#include <string.h>

#if defined(MBEDTLS_ECP_C)
#include "mbedtls/ecp.h"
#endif

#if defined(MBEDTLS_HAVE_TIME)
#include "mbedtls/platform_time.h"
#endif

#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
                                 const unsigned char *info,
                                 size_t ilen )
{
    if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER )
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );

    mbedtls_free( ssl->cli_id );

    if( ( ssl->cli_id = mbedtls_calloc( 1, ilen ) ) == NULL )
        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );

    memcpy( ssl->cli_id, info, ilen );
    ssl->cli_id_len = ilen;

    return( 0 );
}

void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
                           mbedtls_ssl_cookie_write_t *f_cookie_write,
                           mbedtls_ssl_cookie_check_t *f_cookie_check,
                           void *p_cookie )
{
    conf->f_cookie_write = f_cookie_write;
    conf->f_cookie_check = f_cookie_check;
    conf->p_cookie       = p_cookie;
}
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */

#endif /* MBEDTLS_SSL_SRV_C */
- Renamed include directory to polarssl 2009-01-03 22:22:43 +01:00			`/*`
			`* SSLv3/TLSv1 server-side functions`
			`*`
Update date in copyright line 2015-07-27 11:11:48 +02:00			`* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved`
Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00			`* SPDX-License-Identifier: Apache-2.0`
- Fixed copyright message 2010-07-18 22:36:00 +02:00			`*`
Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00			`* Licensed under the Apache License, Version 2.0 (the "License"); you may`
			`* not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
- Updated Copyright notices 2009-01-04 17:27:10 +01:00			`*`
Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00			`* http://www.apache.org/licenses/LICENSE-2.0`
- Renamed include directory to polarssl 2009-01-03 22:22:43 +01:00			`*`
Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT`
			`* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
- Renamed include directory to polarssl 2009-01-03 22:22:43 +01:00			`*`
Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00			`* This file is part of mbed TLS (https://tls.mbed.org)`
- Renamed include directory to polarssl 2009-01-03 22:22:43 +01:00			`*/`

The Great Renaming A simple execution of tmp/invoke-rename.pl 2015-04-08 12:49:31 +02:00			`#if !defined(MBEDTLS_CONFIG_FILE)`
Rename include directory to mbedtls 2015-03-09 18:05:11 +01:00			`#include "mbedtls/config.h"`
Adapt sources to configurable config.h name 2014-04-29 12:39:06 +02:00			`#else`
The Great Renaming A simple execution of tmp/invoke-rename.pl 2015-04-08 12:49:31 +02:00			`#include MBEDTLS_CONFIG_FILE`
Adapt sources to configurable config.h name 2014-04-29 12:39:06 +02:00			`#endif`
- Renamed include directory to polarssl 2009-01-03 22:22:43 +01:00
The Great Renaming A simple execution of tmp/invoke-rename.pl 2015-04-08 12:49:31 +02:00			`#if defined(MBEDTLS_SSL_SRV_C)`
- Renamed include directory to polarssl 2009-01-03 22:22:43 +01:00
Abstracts away time()/stdlib.h into platform Substitutes time() into a configurable platform interface to allow it to be easily substituted. 2016-04-26 08:43:27 +02:00			`#if defined(MBEDTLS_PLATFORM_C)`
			`#include "mbedtls/platform.h"`
			`#else`
			`#include <stdlib.h>`
			`#define mbedtls_calloc calloc`
			`#define mbedtls_free free`
			`#endif`

Rename include directory to mbedtls 2015-03-09 18:05:11 +01:00			`#include "mbedtls/ssl.h"`
Create ssl_internal.h and move some functions 2015-05-26 11:57:05 +02:00			`#include "mbedtls/ssl_internal.h"`
Put includes in alphabetical order The library style is to start with the includes corresponding to the current module and then the rest in alphabetical order. Some modules have several header files (eg. ssl_internal.h). The recently added error.h includes did not respect this convention and this commit restores it. In some cases this is not possible just by moving the error.h declarations. This commit fixes the pre-existing order in these instances too. 2019-12-18 16:07:04 +01:00			`#include "mbedtls/debug.h"`
			`#include "mbedtls/error.h"`
Remove preprocessor directives around platform_util.h include 2018-04-24 15:40:46 +02:00			`#include "mbedtls/platform_util.h"`
cleanup library and some basic tests. Includes, add guards to includes 2015-02-06 14:43:58 +01:00
			`#include <string.h>`

The Great Renaming A simple execution of tmp/invoke-rename.pl 2015-04-08 12:49:31 +02:00			`#if defined(MBEDTLS_ECP_C)`
Rename include directory to mbedtls 2015-03-09 18:05:11 +01:00			`#include "mbedtls/ecp.h"`
Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS Made all modifications to include Ephemeral Elliptic Curve Diffie Hellman ciphersuites into the existing SSL/TLS modules. All basic handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) has been included. 2013-03-20 14:39:14 +01:00			`#endif`
- Renamed include directory to polarssl 2009-01-03 22:22:43 +01:00
The Great Renaming A simple execution of tmp/invoke-rename.pl 2015-04-08 12:49:31 +02:00			`#if defined(MBEDTLS_HAVE_TIME)`
Puts platform time abstraction into its own header Separates platform time abstraction into it's own header from the general platform abstraction as both depend on different build options. (MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME) 2016-07-13 15:46:18 +02:00			`#include "mbedtls/platform_time.h"`
Also compiles / runs without time-based functions in OS Can now run without need of time() / localtime() and gettimeofday() 2013-07-03 15:31:03 +02:00			`#endif`
- Renamed include directory to polarssl 2009-01-03 22:22:43 +01:00
The Great Renaming A simple execution of tmp/invoke-rename.pl 2015-04-08 12:49:31 +02:00			`#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)`
			`int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,`
Add ssl_set_client_transport_id() 2014-07-22 17:32:01 +02:00			`const unsigned char *info,`
			`size_t ilen )`
			`{`
Move things to conf substructure A simple series of sed invocations. This is the first step, purely internal changes. The conf substructure is not ready to be shared between contexts yet. 2015-05-04 10:55:58 +02:00			`if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER )`
The Great Renaming A simple execution of tmp/invoke-rename.pl 2015-04-08 12:49:31 +02:00			`return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );`
Add ssl_set_client_transport_id() 2014-07-22 17:32:01 +02:00
The Great Renaming A simple execution of tmp/invoke-rename.pl 2015-04-08 12:49:31 +02:00			`mbedtls_free( ssl->cli_id );`
Add ssl_set_client_transport_id() 2014-07-22 17:32:01 +02:00
Replace malloc with calloc - platform layer currently broken (not adapted yet) - memmory_buffer_alloc too 2015-05-26 16:04:06 +02:00			`if( ( ssl->cli_id = mbedtls_calloc( 1, ilen ) ) == NULL )`
Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED 2015-05-28 09:33:39 +02:00			`return( MBEDTLS_ERR_SSL_ALLOC_FAILED );`
Add ssl_set_client_transport_id() 2014-07-22 17:32:01 +02:00
			`memcpy( ssl->cli_id, info, ilen );`
			`ssl->cli_id_len = ilen;`

			`return( 0 );`
			`}`
Move to a callback interface for DTLS cookies 2014-07-23 14:56:15 +02:00
Rename ssl_set_xxx() to ssl_conf_xxx() 2015-05-11 09:50:24 +02:00			`void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,`
The Great Renaming A simple execution of tmp/invoke-rename.pl 2015-04-08 12:49:31 +02:00			`mbedtls_ssl_cookie_write_t *f_cookie_write,`
			`mbedtls_ssl_cookie_check_t *f_cookie_check,`
Move to a callback interface for DTLS cookies 2014-07-23 14:56:15 +02:00			`void *p_cookie )`
			`{`
Move easy ssl_set_xxx() functions to work on conf mbedtls_ssl_set_alpn_protocols mbedtls_ssl_set_arc4_support mbedtls_ssl_set_authmode mbedtls_ssl_set_ciphersuites mbedtls_ssl_set_ciphersuites_for_version mbedtls_ssl_set_curves mbedtls_ssl_set_dbg mbedtls_ssl_set_dh_param mbedtls_ssl_set_dh_param_ctx mbedtls_ssl_set_dtls_anti_replay mbedtls_ssl_set_dtls_badmac_limit mbedtls_ssl_set_dtls_cookies mbedtls_ssl_set_encrypt_then_mac mbedtls_ssl_set_endpoint mbedtls_ssl_set_extended_master_secret mbedtls_ssl_set_handshake_timeout mbedtls_ssl_legacy_renegotiation mbedtls_ssl_set_max_version mbedtls_ssl_set_min_version mbedtls_ssl_set_psk_cb mbedtls_ssl_set_renegotiation mbedtls_ssl_set_renegotiation_enforced mbedtls_ssl_set_renegotiation_period mbedtls_ssl_set_session_cache mbedtls_ssl_set_session_ticket_lifetime mbedtls_ssl_set_sni mbedtls_ssl_set_transport mbedtls_ssl_set_truncated_hmac mbedtls_ssl_set_verify 2015-05-05 10:45:39 +02:00			`conf->f_cookie_write = f_cookie_write;`
			`conf->f_cookie_check = f_cookie_check;`
			`conf->p_cookie = p_cookie;`
Move to a callback interface for DTLS cookies 2014-07-23 14:56:15 +02:00			`}`
The Great Renaming A simple execution of tmp/invoke-rename.pl 2015-04-08 12:49:31 +02:00			`#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */`
Add ssl_set_client_transport_id() 2014-07-22 17:32:01 +02:00
The Great Renaming A simple execution of tmp/invoke-rename.pl 2015-04-08 12:49:31 +02:00			`#endif /* MBEDTLS_SSL_SRV_C */`