ssl_srv.c File Reference

#include "mbedtls/config.h"
#include "mbedtls/platform.h"
#include "mbedtls/debug.h"
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h"
#include <string.h>
#include "mbedtls/ecp.h"
#include "mbedtls/platform_time.h"
#include "arc4_alt.h"
#include "ssl_parse_renegotiation_info.h"
#include "ssl_parse_max_fragment_length_ext.h"

Include dependency graph for ssl_srv.c:

Functions
int	mbedtls_ssl_set_client_transport_id (mbedtls_ssl_context *ssl, const unsigned char *info, size_t ilen)
	Set client's transport-level identification info. (Server only. DTLS only.) More...
void	mbedtls_ssl_conf_dtls_cookies (mbedtls_ssl_config *conf, mbedtls_ssl_cookie_write_t *f_cookie_write, mbedtls_ssl_cookie_check_t *f_cookie_check, void *p_cookie)
	Register callbacks for DTLS cookies (Server only. DTLS only.) More...
static int	ssl_parse_servername_ext (mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
static int	ssl_parse_signature_algorithms_ext (mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
static int	ssl_parse_supported_elliptic_curves (mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
static int	ssl_parse_supported_point_formats (mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
static int	ssl_srv_parse_truncated_hmac_ext (mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
static int	ssl_srv_parse_encrypt_then_mac_ext (mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
static int	ssl_srv_parse_extended_ms_ext (mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
static int	ssl_srv_parse_session_ticket_ext (mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
static int	ssl_srv_parse_alpn_ext (mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
static int	ssl_check_key_curve (mbedtls_pk_context *pk, const mbedtls_ecp_curve_info **curves)
static int	ssl_pick_cert (mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
static int	ssl_ciphersuite_match (mbedtls_ssl_context *ssl, int suite_id, const mbedtls_ssl_ciphersuite_t **ciphersuite_info)
static int	ssl_parse_client_hello (mbedtls_ssl_context *ssl)
static void	ssl_srv_write_truncated_hmac_ext (mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen)
static void	ssl_srv_write_encrypt_then_mac_ext (mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen)
static void	ssl_srv_write_extended_ms_ext (mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen)
static void	ssl_srv_write_session_ticket_ext (mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen)
static void	ssl_srv_write_renegotiation_ext (mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen)
static void	ssl_srv_write_max_fragment_length_ext (mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen)
static void	ssl_srv_write_supported_point_formats_ext (mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen)
static void	ssl_srv_write_alpn_ext (mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen)
static int	ssl_write_hello_verify_request (mbedtls_ssl_context *ssl)
static int	ssl_write_server_hello (mbedtls_ssl_context *ssl)
static int	ssl_write_certificate_request (mbedtls_ssl_context *ssl)
static int	ssl_srv_get_ecdh_params_from_cert (mbedtls_ssl_context *ssl)
static int	ssl_write_server_key_exchange (mbedtls_ssl_context *ssl)
static int	ssl_write_server_hello_done (mbedtls_ssl_context *ssl)
static int	ssl_parse_client_dh_public (mbedtls_ssl_context *ssl, unsigned char **p, const unsigned char *end)
static int	ssl_parse_encrypted_pms (mbedtls_ssl_context *ssl, const unsigned char *p, const unsigned char *end, size_t pms_offset)
static int	ssl_parse_client_psk_identity (mbedtls_ssl_context *ssl, unsigned char **p, const unsigned char *end)
static int	ssl_parse_client_key_exchange (mbedtls_ssl_context *ssl)
static int	ssl_parse_certificate_verify (mbedtls_ssl_context *ssl)
static int	ssl_write_new_session_ticket (mbedtls_ssl_context *ssl)
int	mbedtls_ssl_handshake_server_step (mbedtls_ssl_context *ssl)

Function Documentation

mbedtls_ssl_conf_dtls_cookies()

void mbedtls_ssl_conf_dtls_cookies	(	mbedtls_ssl_config *	conf,
		mbedtls_ssl_cookie_write_t *	f_cookie_write,
		mbedtls_ssl_cookie_check_t *	f_cookie_check,
		void *	p_cookie
	)

Register callbacks for DTLS cookies (Server only. DTLS only.)

Default: dummy callbacks that fail, in order to force you to register working callbacks (and initialize their context).

To disable HelloVerifyRequest, register NULL callbacks.

Warning

Disabling hello verification allows your server to be used for amplification in DoS attacks against other hosts. Only disable if you known this can't happen in your particular environment.

Note

See comments on mbedtls_ssl_handshake() about handling the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected on the first handshake attempt when this is enabled.

This is also necessary to handle client reconnection from the same port as described in RFC 6347 section 4.2.8 (only the variant with cookies is supported currently). See comments on mbedtls_ssl_read() for details.

Parameters

conf	SSL configuration
f_cookie_write	Cookie write callback
f_cookie_check	Cookie check callback
p_cookie	Context for both callbacks

mbedtls_ssl_handshake_server_step()

int mbedtls_ssl_handshake_server_step

(

mbedtls_ssl_context *

ssl

)

Here is the call graph for this function:

Here is the caller graph for this function:

mbedtls_ssl_set_client_transport_id()

int mbedtls_ssl_set_client_transport_id	(	mbedtls_ssl_context *	ssl,
		const unsigned char *	info,
		size_t	ilen
	)

Set client's transport-level identification info. (Server only. DTLS only.)

This is usually the IP address (and port), but could be anything identify the client depending on the underlying network stack. Used for HelloVerifyRequest with DTLS. This is not used to route the actual packets.

Parameters

ssl	SSL context
info	Transport-level info identifying the client (eg IP + port)
ilen	Length of info in bytes

Note

An internal copy is made, so the info buffer can be reused.

Returns

0 on success, MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client, MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.

Here is the call graph for this function:

ssl_check_key_curve()

static int ssl_check_key_curve ( mbedtls_pk_context *  pk, const mbedtls_ecp_curve_info **  curves  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_ciphersuite_match()

static int ssl_ciphersuite_match ( mbedtls_ssl_context *  ssl, int  suite_id, const mbedtls_ssl_ciphersuite_t **  ciphersuite_info  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_parse_certificate_verify()

static int ssl_parse_certificate_verify ( mbedtls_ssl_context *  ssl )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_parse_client_dh_public()

static int ssl_parse_client_dh_public ( mbedtls_ssl_context *  ssl, unsigned char **  p, const unsigned char *  end  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_parse_client_hello()

static int ssl_parse_client_hello ( mbedtls_ssl_context *  ssl )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_parse_client_key_exchange()

static int ssl_parse_client_key_exchange ( mbedtls_ssl_context *  ssl )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_parse_client_psk_identity()

static int ssl_parse_client_psk_identity ( mbedtls_ssl_context *  ssl, unsigned char **  p, const unsigned char *  end  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_parse_encrypted_pms()

static int ssl_parse_encrypted_pms ( mbedtls_ssl_context *  ssl, const unsigned char *  p, const unsigned char *  end, size_t  pms_offset  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_parse_servername_ext()

static int ssl_parse_servername_ext ( mbedtls_ssl_context *  ssl, const unsigned char *  buf, size_t  len  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_parse_signature_algorithms_ext()

static int ssl_parse_signature_algorithms_ext ( mbedtls_ssl_context *  ssl, const unsigned char *  buf, size_t  len  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_parse_supported_elliptic_curves()

static int ssl_parse_supported_elliptic_curves ( mbedtls_ssl_context *  ssl, const unsigned char *  buf, size_t  len  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_parse_supported_point_formats()

static int ssl_parse_supported_point_formats ( mbedtls_ssl_context *  ssl, const unsigned char *  buf, size_t  len  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_pick_cert()

static int ssl_pick_cert ( mbedtls_ssl_context *  ssl, const mbedtls_ssl_ciphersuite_t *  ciphersuite_info  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_srv_get_ecdh_params_from_cert()

static int ssl_srv_get_ecdh_params_from_cert ( mbedtls_ssl_context *  ssl )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_srv_parse_alpn_ext()

static int ssl_srv_parse_alpn_ext ( mbedtls_ssl_context *  ssl, const unsigned char *  buf, size_t  len  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_srv_parse_encrypt_then_mac_ext()

static int ssl_srv_parse_encrypt_then_mac_ext ( mbedtls_ssl_context *  ssl, const unsigned char *  buf, size_t  len  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_srv_parse_extended_ms_ext()

static int ssl_srv_parse_extended_ms_ext ( mbedtls_ssl_context *  ssl, const unsigned char *  buf, size_t  len  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_srv_parse_session_ticket_ext()

static int ssl_srv_parse_session_ticket_ext ( mbedtls_ssl_context *  ssl, unsigned char *  buf, size_t  len  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_srv_parse_truncated_hmac_ext()

static int ssl_srv_parse_truncated_hmac_ext ( mbedtls_ssl_context *  ssl, const unsigned char *  buf, size_t  len  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_srv_write_alpn_ext()

static void ssl_srv_write_alpn_ext ( mbedtls_ssl_context *  ssl, unsigned char *  buf, size_t *  olen  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_srv_write_encrypt_then_mac_ext()

static void ssl_srv_write_encrypt_then_mac_ext ( mbedtls_ssl_context *  ssl, unsigned char *  buf, size_t *  olen  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_srv_write_extended_ms_ext()

static void ssl_srv_write_extended_ms_ext ( mbedtls_ssl_context *  ssl, unsigned char *  buf, size_t *  olen  )

static

Here is the caller graph for this function:

ssl_srv_write_max_fragment_length_ext()

static void ssl_srv_write_max_fragment_length_ext ( mbedtls_ssl_context *  ssl, unsigned char *  buf, size_t *  olen  )

static

Here is the caller graph for this function:

ssl_srv_write_renegotiation_ext()

static void ssl_srv_write_renegotiation_ext ( mbedtls_ssl_context *  ssl, unsigned char *  buf, size_t *  olen  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_srv_write_session_ticket_ext()

static void ssl_srv_write_session_ticket_ext ( mbedtls_ssl_context *  ssl, unsigned char *  buf, size_t *  olen  )

static

Here is the caller graph for this function:

ssl_srv_write_supported_point_formats_ext()

static void ssl_srv_write_supported_point_formats_ext ( mbedtls_ssl_context *  ssl, unsigned char *  buf, size_t *  olen  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_srv_write_truncated_hmac_ext()

static void ssl_srv_write_truncated_hmac_ext ( mbedtls_ssl_context *  ssl, unsigned char *  buf, size_t *  olen  )

static

Here is the caller graph for this function:

ssl_write_certificate_request()

static int ssl_write_certificate_request ( mbedtls_ssl_context *  ssl )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_write_hello_verify_request()

static int ssl_write_hello_verify_request ( mbedtls_ssl_context *  ssl )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_write_new_session_ticket()

static int ssl_write_new_session_ticket ( mbedtls_ssl_context *  ssl )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_write_server_hello()

static int ssl_write_server_hello ( mbedtls_ssl_context *  ssl )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_write_server_hello_done()

static int ssl_write_server_hello_done ( mbedtls_ssl_context *  ssl )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ssl_write_server_key_exchange()

static int ssl_write_server_key_exchange ( mbedtls_ssl_context *  ssl )

static

Here is the call graph for this function:

Here is the caller graph for this function: