mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 12:05:38 +01:00
- Added DEFLATE compression support as per RFC3749 (requires zlib)
This commit is contained in:
parent
4f9a7bb7fd
commit
2770fbd651
@ -21,6 +21,7 @@ Features
|
|||||||
example application (programs/ssl/o_p_test) (Requires OpenSSL)
|
example application (programs/ssl/o_p_test) (Requires OpenSSL)
|
||||||
* Added X509 CA Path support
|
* Added X509 CA Path support
|
||||||
* Added Thumb assembly optimizations
|
* Added Thumb assembly optimizations
|
||||||
|
* Added DEFLATE compression support as per RFC3749 (requires zlib)
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Removed redundant POLARSSL_DEBUG_MSG define
|
* Removed redundant POLARSSL_DEBUG_MSG define
|
||||||
|
@ -248,6 +248,22 @@
|
|||||||
*
|
*
|
||||||
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def POLARSSL_ZLIB_SUPPORT
|
||||||
|
*
|
||||||
|
* If set, the SSL/TLS module uses ZLIB to support compression and
|
||||||
|
* decompression of packet data.
|
||||||
|
*
|
||||||
|
* Used in: library/ssl_tls.c
|
||||||
|
* library/ssl_cli.c
|
||||||
|
* library/ssl_srv.c
|
||||||
|
*
|
||||||
|
* This feature requires zlib library and headers to be present.
|
||||||
|
*
|
||||||
|
* Uncomment to enable use of ZLIB
|
||||||
|
#define POLARSSL_ZLIB_SUPPORT
|
||||||
|
*/
|
||||||
/* \} name */
|
/* \} name */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -75,7 +75,7 @@
|
|||||||
* RSA 4 9
|
* RSA 4 9
|
||||||
* MD 5 4
|
* MD 5 4
|
||||||
* CIPHER 6 5
|
* CIPHER 6 5
|
||||||
* SSL 6 1 (Started from top)
|
* SSL 6 2 (Started from top)
|
||||||
* SSL 7 31
|
* SSL 7 31
|
||||||
*
|
*
|
||||||
* Module dependent error code (5 bits 0x.08.-0x.F8.)
|
* Module dependent error code (5 bits 0x.08.-0x.F8.)
|
||||||
|
@ -43,6 +43,10 @@
|
|||||||
#include "pkcs11.h"
|
#include "pkcs11.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||||
|
#include "zlib.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(_MSC_VER) && !defined(inline)
|
#if defined(_MSC_VER) && !defined(inline)
|
||||||
#define inline _inline
|
#define inline _inline
|
||||||
#else
|
#else
|
||||||
@ -86,6 +90,7 @@
|
|||||||
#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Memory allocation failed */
|
#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Memory allocation failed */
|
||||||
#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */
|
#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */
|
||||||
#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */
|
#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */
|
||||||
|
#define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Processing of the compression / decompression failed */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Various constants
|
* Various constants
|
||||||
@ -99,6 +104,7 @@
|
|||||||
#define SSL_IS_CLIENT 0
|
#define SSL_IS_CLIENT 0
|
||||||
#define SSL_IS_SERVER 1
|
#define SSL_IS_SERVER 1
|
||||||
#define SSL_COMPRESS_NULL 0
|
#define SSL_COMPRESS_NULL 0
|
||||||
|
#define SSL_COMPRESS_DEFLATE 1
|
||||||
|
|
||||||
#define SSL_VERIFY_NONE 0
|
#define SSL_VERIFY_NONE 0
|
||||||
#define SSL_VERIFY_OPTIONAL 1
|
#define SSL_VERIFY_OPTIONAL 1
|
||||||
@ -108,9 +114,17 @@
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Allow an extra 512 bytes for the record header
|
* Allow an extra 512 bytes for the record header
|
||||||
* and encryption overhead (counter + MAC + padding).
|
* and encryption overhead (counter + MAC + padding)
|
||||||
|
* and allow for a maximum of 1024 of compression expansion if
|
||||||
|
* enabled.
|
||||||
*/
|
*/
|
||||||
#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
|
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||||
|
#define SSL_COMPRESSION_ADD 1024
|
||||||
|
#else
|
||||||
|
#define SSL_COMPRESSION_ADD 0
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Supported ciphersuites
|
* Supported ciphersuites
|
||||||
@ -253,6 +267,7 @@ struct _ssl_session
|
|||||||
{
|
{
|
||||||
time_t start; /*!< starting time */
|
time_t start; /*!< starting time */
|
||||||
int ciphersuite; /*!< chosen ciphersuite */
|
int ciphersuite; /*!< chosen ciphersuite */
|
||||||
|
int compression; /*!< chosen compression */
|
||||||
size_t length; /*!< session id length */
|
size_t length; /*!< session id length */
|
||||||
unsigned char id[32]; /*!< session identifier */
|
unsigned char id[32]; /*!< session identifier */
|
||||||
unsigned char master[48]; /*!< the master secret */
|
unsigned char master[48]; /*!< the master secret */
|
||||||
@ -374,6 +389,11 @@ struct _ssl_context
|
|||||||
unsigned long ctx_enc[134]; /*!< encryption context */
|
unsigned long ctx_enc[134]; /*!< encryption context */
|
||||||
unsigned long ctx_dec[134]; /*!< decryption context */
|
unsigned long ctx_dec[134]; /*!< decryption context */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||||
|
z_stream ctx_deflate; /*!< compression context */
|
||||||
|
z_stream ctx_inflate; /*!< decompression context */
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* TLS extensions
|
* TLS extensions
|
||||||
*/
|
*/
|
||||||
@ -445,8 +465,10 @@ int ssl_init( ssl_context *ssl );
|
|||||||
* pointers and data.
|
* pointers and data.
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
|
* \return 0 if successful, or POLARSSL_ERR_SSL_HW_ACCEL_FAILED or
|
||||||
|
* POLARSSL_ERR_SSL_COMPRESSION_FAILED
|
||||||
*/
|
*/
|
||||||
void ssl_session_reset( ssl_context *ssl );
|
int ssl_session_reset( ssl_context *ssl );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set the current endpoint type
|
* \brief Set the current endpoint type
|
||||||
|
@ -135,11 +135,21 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||||||
*p++ = (unsigned char)( ssl->ciphersuites[i] );
|
*p++ = (unsigned char)( ssl->ciphersuites[i] );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||||
|
SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) );
|
||||||
|
SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d",
|
||||||
|
SSL_COMPRESS_NULL, SSL_COMPRESS_DEFLATE ) );
|
||||||
|
|
||||||
|
*p++ = 2;
|
||||||
|
*p++ = SSL_COMPRESS_NULL;
|
||||||
|
*p++ = SSL_COMPRESS_DEFLATE;
|
||||||
|
#else
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) );
|
SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) );
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d", 0 ) );
|
SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d", SSL_COMPRESS_NULL ) );
|
||||||
|
|
||||||
*p++ = 1;
|
*p++ = 1;
|
||||||
*p++ = SSL_COMPRESS_NULL;
|
*p++ = SSL_COMPRESS_NULL;
|
||||||
|
#endif
|
||||||
|
|
||||||
if ( ssl->hostname != NULL )
|
if ( ssl->hostname != NULL )
|
||||||
{
|
{
|
||||||
@ -281,7 +291,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||||||
#if defined(POLARSSL_DEBUG_C)
|
#if defined(POLARSSL_DEBUG_C)
|
||||||
time_t t;
|
time_t t;
|
||||||
#endif
|
#endif
|
||||||
int ret, i;
|
int ret, i, comp;
|
||||||
size_t n;
|
size_t n;
|
||||||
int ext_len;
|
int ext_len;
|
||||||
unsigned char *buf;
|
unsigned char *buf;
|
||||||
@ -367,6 +377,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
i = ( buf[39 + n] << 8 ) | buf[40 + n];
|
i = ( buf[39 + n] << 8 ) | buf[40 + n];
|
||||||
|
comp = buf[41 + n];
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Initialize update checksum functions
|
* Initialize update checksum functions
|
||||||
@ -381,6 +392,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||||||
*/
|
*/
|
||||||
if( ssl->resume == 0 || n == 0 ||
|
if( ssl->resume == 0 || n == 0 ||
|
||||||
ssl->session->ciphersuite != i ||
|
ssl->session->ciphersuite != i ||
|
||||||
|
ssl->session->compression != comp ||
|
||||||
ssl->session->length != n ||
|
ssl->session->length != n ||
|
||||||
memcmp( ssl->session->id, buf + 39, n ) != 0 )
|
memcmp( ssl->session->id, buf + 39, n ) != 0 )
|
||||||
{
|
{
|
||||||
@ -388,6 +400,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||||||
ssl->resume = 0;
|
ssl->resume = 0;
|
||||||
ssl->session->start = time( NULL );
|
ssl->session->start = time( NULL );
|
||||||
ssl->session->ciphersuite = i;
|
ssl->session->ciphersuite = i;
|
||||||
|
ssl->session->compression = comp;
|
||||||
ssl->session->length = n;
|
ssl->session->length = n;
|
||||||
memcpy( ssl->session->id, buf + 39, n );
|
memcpy( ssl->session->id, buf + 39, n );
|
||||||
}
|
}
|
||||||
@ -421,11 +434,16 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( buf[41 + n] != SSL_COMPRESS_NULL )
|
if( comp != SSL_COMPRESS_NULL
|
||||||
|
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||||
|
&& comp != SSL_COMPRESS_DEFLATE
|
||||||
|
#endif
|
||||||
|
)
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
|
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||||
}
|
}
|
||||||
|
ssl->session->compression = comp;
|
||||||
|
|
||||||
/* TODO: Process extensions */
|
/* TODO: Process extensions */
|
||||||
|
|
||||||
|
@ -316,6 +316,18 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ssl->session->compression = SSL_COMPRESS_NULL;
|
||||||
|
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||||
|
for( i = 0; i < comp_len; ++i )
|
||||||
|
{
|
||||||
|
if( buf[41 + sess_len + ciph_len + i] == SSL_COMPRESS_DEFLATE )
|
||||||
|
{
|
||||||
|
ssl->session->compression = SSL_COMPRESS_DEFLATE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
SSL_DEBUG_BUF( 3, "client hello, random bytes",
|
SSL_DEBUG_BUF( 3, "client hello, random bytes",
|
||||||
buf + 6, 32 );
|
buf + 6, 32 );
|
||||||
SSL_DEBUG_BUF( 3, "client hello, session id",
|
SSL_DEBUG_BUF( 3, "client hello, session id",
|
||||||
@ -449,11 +461,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
|
|||||||
|
|
||||||
*p++ = (unsigned char)( ssl->session->ciphersuite >> 8 );
|
*p++ = (unsigned char)( ssl->session->ciphersuite >> 8 );
|
||||||
*p++ = (unsigned char)( ssl->session->ciphersuite );
|
*p++ = (unsigned char)( ssl->session->ciphersuite );
|
||||||
*p++ = SSL_COMPRESS_NULL;
|
*p++ = (unsigned char)( ssl->session->compression );
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d",
|
SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d",
|
||||||
ssl->session->ciphersuite ) );
|
ssl->session->ciphersuite ) );
|
||||||
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", 0 ) );
|
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
|
||||||
|
ssl->session->compression ) );
|
||||||
|
|
||||||
ssl->out_msglen = p - buf;
|
ssl->out_msglen = p - buf;
|
||||||
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
|
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
|
||||||
|
@ -639,6 +639,25 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||||||
|
|
||||||
memset( keyblk, 0, sizeof( keyblk ) );
|
memset( keyblk, 0, sizeof( keyblk ) );
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||||
|
// Initialize compression
|
||||||
|
//
|
||||||
|
if( ssl->session->compression == SSL_COMPRESS_DEFLATE )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) );
|
||||||
|
|
||||||
|
memset( &ssl->ctx_deflate, 0, sizeof( ssl->ctx_deflate ) );
|
||||||
|
memset( &ssl->ctx_inflate, 0, sizeof( ssl->ctx_inflate ) );
|
||||||
|
|
||||||
|
if( deflateInit( &ssl->ctx_deflate, Z_DEFAULT_COMPRESSION ) != Z_OK ||
|
||||||
|
inflateInit( &ssl->ctx_inflate ) != Z_OK )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_ZLIB_SUPPORT */
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
|
SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -1397,6 +1416,113 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||||
|
/*
|
||||||
|
* Compression/decompression functions
|
||||||
|
*/
|
||||||
|
static int ssl_compress_buf( ssl_context *ssl )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
unsigned char *msg_post = ssl->out_msg;
|
||||||
|
size_t len_pre = ssl->out_msglen;
|
||||||
|
unsigned char *msg_pre;
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 2, ( "=> compress buf" ) );
|
||||||
|
|
||||||
|
msg_pre = (unsigned char*) malloc( len_pre );
|
||||||
|
if( msg_pre == NULL )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len_pre ) );
|
||||||
|
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy( msg_pre, ssl->out_msg, len_pre );
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
|
||||||
|
ssl->out_msglen ) );
|
||||||
|
|
||||||
|
SSL_DEBUG_BUF( 4, "before compression: output payload",
|
||||||
|
ssl->out_msg, ssl->out_msglen );
|
||||||
|
|
||||||
|
ssl->ctx_deflate.next_in = msg_pre;
|
||||||
|
ssl->ctx_deflate.avail_in = len_pre;
|
||||||
|
ssl->ctx_deflate.next_out = msg_post;
|
||||||
|
ssl->ctx_deflate.avail_out = SSL_BUFFER_LEN;
|
||||||
|
|
||||||
|
ret = deflate( &ssl->ctx_deflate, Z_SYNC_FLUSH );
|
||||||
|
if( ret != Z_OK )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) );
|
||||||
|
return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl->out_msglen = SSL_BUFFER_LEN - ssl->ctx_deflate.avail_out;
|
||||||
|
|
||||||
|
free( msg_pre );
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
|
||||||
|
ssl->out_msglen ) );
|
||||||
|
|
||||||
|
SSL_DEBUG_BUF( 4, "after compression: output payload",
|
||||||
|
ssl->out_msg, ssl->out_msglen );
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 2, ( "<= compress buf" ) );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
static int ssl_decompress_buf( ssl_context *ssl )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
unsigned char *msg_post = ssl->in_msg;
|
||||||
|
size_t len_pre = ssl->in_msglen;
|
||||||
|
unsigned char *msg_pre;
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) );
|
||||||
|
|
||||||
|
msg_pre = (unsigned char*) malloc( len_pre );
|
||||||
|
if( msg_pre == NULL )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len_pre ) );
|
||||||
|
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy( msg_pre, ssl->in_msg, len_pre );
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
|
||||||
|
ssl->in_msglen ) );
|
||||||
|
|
||||||
|
SSL_DEBUG_BUF( 4, "before decompression: input payload",
|
||||||
|
ssl->in_msg, ssl->in_msglen );
|
||||||
|
|
||||||
|
ssl->ctx_inflate.next_in = msg_pre;
|
||||||
|
ssl->ctx_inflate.avail_in = len_pre;
|
||||||
|
ssl->ctx_inflate.next_out = msg_post;
|
||||||
|
ssl->ctx_inflate.avail_out = SSL_MAX_CONTENT_LEN;
|
||||||
|
|
||||||
|
ret = inflate( &ssl->ctx_inflate, Z_SYNC_FLUSH );
|
||||||
|
if( ret != Z_OK )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) );
|
||||||
|
return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl->in_msglen = SSL_MAX_CONTENT_LEN - ssl->ctx_inflate.avail_out;
|
||||||
|
|
||||||
|
free( msg_pre );
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
|
||||||
|
ssl->in_msglen ) );
|
||||||
|
|
||||||
|
SSL_DEBUG_BUF( 4, "after decompression: input payload",
|
||||||
|
ssl->in_msg, ssl->in_msglen );
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_ZLIB_SUPPORT */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Fill the input message buffer
|
* Fill the input message buffer
|
||||||
*/
|
*/
|
||||||
@ -1495,6 +1621,20 @@ int ssl_write_record( ssl_context *ssl )
|
|||||||
ssl->update_checksum( ssl, ssl->out_msg, len );
|
ssl->update_checksum( ssl, ssl->out_msg, len );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||||
|
if( ssl->do_crypt != 0 &&
|
||||||
|
ssl->session->compression == SSL_COMPRESS_DEFLATE )
|
||||||
|
{
|
||||||
|
if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, "ssl_compress_buf", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
len = ssl->out_msglen;
|
||||||
|
}
|
||||||
|
#endif /*POLARSSL_ZLIB_SUPPORT */
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
|
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
|
||||||
if( ssl_hw_record_write != NULL)
|
if( ssl_hw_record_write != NULL)
|
||||||
{
|
{
|
||||||
@ -1708,6 +1848,21 @@ int ssl_read_record( ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||||
|
if( ssl->do_crypt != 0 &&
|
||||||
|
ssl->session->compression == SSL_COMPRESS_DEFLATE )
|
||||||
|
{
|
||||||
|
if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
|
||||||
|
ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_ZLIB_SUPPORT */
|
||||||
|
|
||||||
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE &&
|
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE &&
|
||||||
ssl->in_msgtype != SSL_MSG_ALERT &&
|
ssl->in_msgtype != SSL_MSG_ALERT &&
|
||||||
ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC &&
|
ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC &&
|
||||||
@ -1761,12 +1916,13 @@ int ssl_read_record( ssl_context *ssl )
|
|||||||
*/
|
*/
|
||||||
if( ssl->in_msg[0] == SSL_ALERT_LEVEL_FATAL )
|
if( ssl->in_msg[0] == SSL_ALERT_LEVEL_FATAL )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "is a fatal alert message" ) );
|
SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)",
|
||||||
|
ssl->in_msg[1] ) );
|
||||||
/**
|
/**
|
||||||
* Subtract from error code as ssl->in_msg[1] is 7-bit positive
|
* Subtract from error code as ssl->in_msg[1] is 7-bit positive
|
||||||
* error identifier.
|
* error identifier.
|
||||||
*/
|
*/
|
||||||
return( POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE - ssl->in_msg[1] );
|
return( POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
|
if( ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
|
||||||
@ -2514,7 +2670,7 @@ int ssl_init( ssl_context *ssl )
|
|||||||
* Reset an initialized and used SSL context for re-use while retaining
|
* Reset an initialized and used SSL context for re-use while retaining
|
||||||
* all application-set variables, function pointers and data.
|
* all application-set variables, function pointers and data.
|
||||||
*/
|
*/
|
||||||
void ssl_session_reset( ssl_context *ssl )
|
int ssl_session_reset( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
ssl->state = SSL_HELLO_REQUEST;
|
ssl->state = SSL_HELLO_REQUEST;
|
||||||
|
|
||||||
@ -2555,9 +2711,39 @@ void ssl_session_reset( ssl_context *ssl )
|
|||||||
if( ssl_hw_record_reset != NULL)
|
if( ssl_hw_record_reset != NULL)
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_reset()" ) );
|
SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_reset()" ) );
|
||||||
ssl_hw_record_reset( ssl );
|
if( ssl_hw_record_reset( ssl ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, "ssl_hw_record_reset", ret );
|
||||||
|
return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||||
|
// Reset compression state
|
||||||
|
//
|
||||||
|
if( ssl->session->compression == SSL_COMPRESS_DEFLATE )
|
||||||
|
{
|
||||||
|
ssl->ctx_deflate.next_in = Z_NULL;
|
||||||
|
ssl->ctx_deflate.next_out = Z_NULL;
|
||||||
|
ssl->ctx_deflate.avail_in = 0;
|
||||||
|
ssl->ctx_deflate.avail_out = 0;
|
||||||
|
|
||||||
|
ssl->ctx_inflate.next_in = Z_NULL;
|
||||||
|
ssl->ctx_inflate.next_out = Z_NULL;
|
||||||
|
ssl->ctx_inflate.avail_in = 0;
|
||||||
|
ssl->ctx_inflate.avail_out = 0;
|
||||||
|
|
||||||
|
if( deflateReset( &ssl->ctx_deflate ) != Z_OK ||
|
||||||
|
inflateReset( &ssl->ctx_inflate ) != Z_OK )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "Failed to reset compression" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_COMPRESSION_FAILED );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_ZLIB_SUPPORT */
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -3265,6 +3451,11 @@ void ssl_free( ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||||
|
deflateEnd( &ssl->ctx_deflate );
|
||||||
|
inflateEnd( &ssl->ctx_inflate );
|
||||||
|
#endif
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "<= free" ) );
|
SSL_DEBUG_MSG( 2, ( "<= free" ) );
|
||||||
|
|
||||||
/* Actually free after last debug message */
|
/* Actually free after last debug message */
|
||||||
|
@ -15,6 +15,11 @@ ifdef WINDOWS
|
|||||||
LDFLAGS += -lws2_32
|
LDFLAGS += -lws2_32
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
# Zlib shared library extensions:
|
||||||
|
ifdef ZLIB
|
||||||
|
LDFLAGS += -lz
|
||||||
|
endif
|
||||||
|
|
||||||
APPS = aes/aescrypt2 aes/crypt_and_hash \
|
APPS = aes/aescrypt2 aes/crypt_and_hash \
|
||||||
hash/hello hash/generic_sum \
|
hash/hello hash/generic_sum \
|
||||||
hash/md5sum hash/sha1sum \
|
hash/md5sum hash/sha1sum \
|
||||||
|
@ -151,7 +151,7 @@ int my_ciphersuites[] =
|
|||||||
0
|
0
|
||||||
};
|
};
|
||||||
|
|
||||||
#define DEBUG_LEVEL 0
|
#define DEBUG_LEVEL 5
|
||||||
|
|
||||||
void my_debug( void *ctx, int level, const char *str )
|
void my_debug( void *ctx, int level, const char *str )
|
||||||
{
|
{
|
||||||
|
@ -17,6 +17,11 @@ ifdef WINDOWS
|
|||||||
LDFLAGS += -lws2_32
|
LDFLAGS += -lws2_32
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
# Zlib shared library extensions:
|
||||||
|
ifdef ZLIB
|
||||||
|
LDFLAGS += -lz
|
||||||
|
endif
|
||||||
|
|
||||||
APPS = test_suite_aes test_suite_arc4 \
|
APPS = test_suite_aes test_suite_arc4 \
|
||||||
test_suite_base64 test_suite_camellia \
|
test_suite_base64 test_suite_camellia \
|
||||||
test_suite_cipher.aes test_suite_cipher.camellia \
|
test_suite_cipher.aes test_suite_cipher.camellia \
|
||||||
|
Loading…
Reference in New Issue
Block a user