static DSSL_SessionKeyData* CreateSessionKeyData( DSSL_Session* sess ) { DSSL_SessionKeyData* new_data; _ASSERT( sess ); new_data = (DSSL_SessionKeyData*) malloc( sizeof(DSSL_SessionKeyData) ); if(!new_data) return NULL; _ASSERT_STATIC( sizeof(new_data->id) == sizeof(sess->session_id ) ); memcpy( new_data->id, sess->session_id, sizeof(new_data->id) ); _ASSERT_STATIC( sizeof(new_data->master_secret) == sizeof(sess->master_secret ) ); memcpy( new_data->master_secret, sess->master_secret, sizeof(new_data->master_secret) ); new_data->refcount = 1; new_data->next = NULL; new_data->released_time = 0; return new_data; }
static int ssl3_decode_server_hello( DSSL_Session* sess, u_char* data, uint32_t len ) { uint16_t server_version = 0; u_char* org_data = data; uint16_t session_id_len = 0; int session_id_match = 0; if( data[0] != 3 || data[1] > 3) return NM_ERROR( DSSL_E_SSL_UNKNOWN_VERSION ); if( len < SSL3_SERVER_HELLO_MIN_LEN ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); /* Server Version */ server_version = MAKE_UINT16( data[0], data[1] ); if( sess->version == 0 || server_version < sess->version ) { ssls_set_session_version( sess, server_version ); } data+= 2; /* ServerRandom */ _ASSERT_STATIC( sizeof(sess->server_random) == 32 ); memcpy( sess->server_random, data, sizeof( sess->server_random ) ); data+= 32; DEBUG_TRACE_BUF("server_random", sess->server_random, 32); /* session ID */ _ASSERT_STATIC( sizeof(sess->session_id) == 32 ); session_id_len = data[0]; data++; if( session_id_len > 0 ) { if ( session_id_len > 32 ) return NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR ); if( !IS_ENOUGH_LENGTH( org_data, len, data, session_id_len ) ) { return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); } if( sess->flags & SSF_CLIENT_SESSION_ID_SET && memcmp( sess->session_id, data, session_id_len ) == 0 ) { session_id_match = 1; } else { sess->flags &= ~SSF_CLIENT_SESSION_ID_SET; memcpy( sess->session_id, data, session_id_len ); } data += session_id_len; } /* Cipher Suite and Compression */ if( !IS_ENOUGH_LENGTH( org_data, len, data, 3 ) ) { return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); } sess->cipher_suite = MAKE_UINT16( data[0], data[1] ); sess->compression_method = data[2]; data += 3; sess->flags &= ~SSF_TLS_SERVER_SESSION_TICKET; /* clear server side TLS Session Ticket flag */ /* Process SSL Extensions, if present */ if(IS_ENOUGH_LENGTH( org_data, len, data, 2 )) { int t_len = MAKE_UINT16(data[0], data[1]); data += 2; if(!IS_ENOUGH_LENGTH( org_data, len, data, t_len)) return NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH); /* cycle through extension records */ while(t_len >= 4) { int ext_type = MAKE_UINT16(data[0], data[1]); /* extension type */ int ext_len = MAKE_UINT16(data[2], data[3]); #ifdef NM_TRACE_SSL_HANDSHAKE DEBUG_TRACE2( "\nSSL extension: %s len: %d", SSL3_ExtensionTypeToString( ext_type ), ext_len ); #endif /* TLS Session Ticket extension found, set the flag */ if( ext_type == 0x0023) { sess->flags |= SSF_TLS_SERVER_SESSION_TICKET; } data += ext_len + 4; if(data > org_data + len) return NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH); t_len -= ext_len + 4; } } if( session_id_match ) { if( sess->flags & SSF_TLS_SESSION_TICKET_SET) { int rc = ssls_init_from_tls_ticket( sess ); if( NM_IS_FAILED( rc ) ) return rc; } else { /* lookup session from the cache for stateful SSL renegotiation */ int rc = ssls_lookup_session( sess ); if( NM_IS_FAILED( rc ) ) return rc; } } if( sess->flags & SSF_CLIENT_SESSION_ID_SET ) { int rc = ssls_generate_keys( sess ); if( NM_IS_FAILED( rc ) ) return rc; } return DSSL_RC_OK; }