int ssl3_alert_decoder( void* decoder_stack, NM_PacketDir dir, u_char* data, uint32_t len, uint32_t* processed ) { dssl_decoder_stack* stack = (dssl_decoder_stack*) decoder_stack; UNUSED_PARAM(dir); if( len != 2 ) return NM_ERROR( NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ) ); if( data[0] == 2 ) { stack->state = SS_FatalAlert; } /* Close notify? */ if( data[1] == 0 ) { stack->state = SS_SeenCloseNotify; } #ifdef NM_TRACE_SSL_RECORD DEBUG_TRACE2( "\nAlert received: %s (%d)", ( (stack->state == SS_FatalAlert) ? "fatal alert" : ((stack->state == SS_SeenCloseNotify) ? "close_notify alert" : "unknown alert")), (int) MAKE_UINT16( data[0], data[1] ) ); #endif (*processed) = len; return DSSL_RC_OK; }
void A025DL02_Driver::WriteFormattedChar( unsigned char c ) { NATIVE_PROFILE_HAL_DRIVERS_DISPLAY(); if(c < 32) { switch(c) { case '\b': /* backspace, clear previous char and move cursor back */ if((g_A025DL02_Driver.m_cursor % TextColumns()) > 0) { g_A025DL02_Driver.m_cursor--; WriteChar( ' ', g_A025DL02_Driver.m_cursor / TextColumns(), g_A025DL02_Driver.m_cursor % TextColumns() ); } break; case '\f': /* formfeed, clear screen and home cursor */ //Clear(); g_A025DL02_Driver.m_cursor = 0; break; case '\n': /* newline */ g_A025DL02_Driver.m_cursor += TextColumns(); g_A025DL02_Driver.m_cursor -= (g_A025DL02_Driver.m_cursor % TextColumns()); break; case '\r': /* carriage return */ g_A025DL02_Driver.m_cursor -= (g_A025DL02_Driver.m_cursor % TextColumns()); break; case '\t': /* horizontal tab */ g_A025DL02_Driver.m_cursor += (Font_TabWidth() - ((g_A025DL02_Driver.m_cursor % TextColumns()) % Font_TabWidth())); // deal with line wrap scenario if((g_A025DL02_Driver.m_cursor % TextColumns()) < Font_TabWidth()) { // bring the cursor to start of line g_A025DL02_Driver.m_cursor -= (g_A025DL02_Driver.m_cursor % TextColumns()); } break; case '\v': /* vertical tab */ g_A025DL02_Driver.m_cursor += TextColumns(); break; default: DEBUG_TRACE2(TRACE_ALWAYS, "Unrecognized control character in LCD_WriteChar: %2u (0x%02x)\r\n", (unsigned int) c, (unsigned int) c); break; } } else { WriteChar( c, g_A025DL02_Driver.m_cursor / TextColumns(), g_A025DL02_Driver.m_cursor % TextColumns() ); g_A025DL02_Driver.m_cursor++; } if(g_A025DL02_Driver.m_cursor >= (TextColumns() * TextRows())) { g_A025DL02_Driver.m_cursor = 0; } }
int DSSL_SessionProcessData( DSSL_Session* sess, NM_PacketDir dir, u_char* data, uint32_t len ) { int rc = DSSL_RC_OK; dssl_decoder_stack* dec = NULL; if( dir == ePacketDirInvalid ) return NM_ERROR( DSSL_E_INVALID_PARAMETER ); dec = (dir == ePacketDirFromClient) ? &sess->c_dec : &sess->s_dec; if( !sslc_is_decoder_stack_set( dec ) ) { uint16_t ver = 0; int is_client = (dir == ePacketDirFromClient); if( is_client ) { rc = ssl_detect_client_hello_version( data, len, &ver ); } else { rc = ssl_detect_server_hello_version( data, len, &ver ); /* update the client decoder after the server have declared the actual version of the session */ DEBUG_TRACE2("DSSL_SessionProcessData - sess->version: 0x%02X, ver is: 0x%02X\n", sess->version, ver); if( rc == DSSL_RC_OK && sess->version != ver ) { sess->c_dec.version = ver; rc = dssl_decoder_stack_set( &sess->c_dec, sess, ver, 1 ); } ssls_set_session_version( sess, ver ); } if( rc == DSSL_RC_OK ) { dec->version = ver; rc = dssl_decoder_stack_set( dec, sess, ver, is_client ); } } if( rc == DSSL_RC_OK ) rc = dssl_decoder_stack_process( dec, dir, data, len ); /* check if a session with a first-time automapped key failed */ if( NM_IS_FAILED( rc ) && sess->flags & SSF_TEST_SSL_KEY ) { if(sess->event_callback) { (*sess->event_callback)( sess->user_data, eSslMappedKeyFailed, sess->ssl_si ); } DSSL_MoveServerToMissingKeyList( sess->env, sess->ssl_si ); sess->ssl_si = NULL; } if( NM_IS_FAILED( rc ) && sess->error_callback && rc != DSSL_E_SSL_SERVER_KEY_UNKNOWN ) { sess->error_callback( sess->user_data, rc ); } return rc; }
BOOL PolyphonicPiezo_Driver::Tone( const PIEZO_POLY_TONE& ToneRef ) { ASSERT(!SystemState_Query(SYSTEM_STATE_ISR)); GLOBAL_LOCK(irq); // special to clear queue if(ToneRef.Period[0] == TONE_CLEAR_BUFFER) { // let active note to finish on it's own EmptyQueue(); } else { // 0 length tone isn't wrong persay, but if a NULL op, so drop it gracefully, as a success if(ToneRef.Duration_MicroSeconds > 0) { PIEZO_POLY_TONE* Tone = g_PolyphonicPiezo_Driver.m_ToneToRelease.ExtractFirstNode(); if(Tone == NULL) { // // Re-enable interrupts when allocating memory. // irq.Release(); Tone = (PIEZO_POLY_TONE*)private_malloc( sizeof(PIEZO_POLY_TONE) ); irq.Acquire(); } if(Tone == NULL) { // No memory, just drop this tone and fail the call ASSERT(0); return FALSE; } *Tone = ToneRef; Tone->Initialize(); DEBUG_TRACE2( 0, "Tone(%4d)=%d\r\n", ToneRef.Duration_MicroSeconds, g_PolyphonicPiezo_Driver.m_ToneToPlay.NumOfNodes() ); g_PolyphonicPiezo_Driver.m_ToneToPlay.LinkAtBack( Tone ); if(g_PolyphonicPiezo_Driver.m_TonePlaying == NULL) { StartNext(); } } } return TRUE; }
BOOL HAL_CONFIG_BLOCK::IsGoodBlock() const { if(Signature != c_Version_V2) { return FALSE; } DEBUG_TRACE2( TRACE_CONFIG, "read header CRC=0x%08x at %08x\r\n", HeaderCRC, (size_t)this ); // what is the header's CRC UINT32 CRC = SUPPORT_ComputeCRC( ((UINT8*)&DataCRC), sizeof(*this) - offsetof(HAL_CONFIG_BLOCK,DataCRC), c_Seed ); DEBUG_TRACE1(TRACE_CONFIG, "calc header CRC=0x%08x\r\n", CRC); if(CRC != HeaderCRC) { DEBUG_TRACE3( TRACE_ALWAYS, "FAILED HEADER CRC at %08x: 0x%08x != 0x%08x\r\n", (size_t)this, CRC, HeaderCRC ); return FALSE; } return TRUE; }
int ssl3_record_layer_decoder( void* decoder_stack, NM_PacketDir dir, u_char* data, uint32_t len, uint32_t* processed ) { int rc = DSSL_E_UNSPECIFIED_ERROR; uint32_t recLen = 0, totalRecLen = 0; uint8_t record_type = 0; dssl_decoder_stack* stack = (dssl_decoder_stack*) decoder_stack; dssl_decoder* next_decoder = NULL; int decrypt_buffer_aquired = 0; int decompress_buffer_aquired = 0; int i = 0; char * data2 = NULL; uint32_t recLen2 = 0; int block_size = 0; DEBUG_TRACE1("ssl_record_layer_decoder - start. len: %d\n", len); _ASSERT( stack ); _ASSERT( processed ); _ASSERT( stack->sess ); /* for (i=0; i < len; i++) { printf("0x%02X ", data[i]); } */ if( stack->state > SS_Established ) { #ifdef NM_TRACE_SSL_RECORD DEBUG_TRACE1( "[!]Unexpected SSL record after %s", ( (stack->state == SS_FatalAlert) ? "fatal alert" : "close_notify alert") ); #endif return NM_ERROR( DSSL_E_SSL_UNEXPECTED_TRANSMISSION ); } /* special case for a first client hello */ DEBUG_TRACE1("ssl_record_layer_decoder - version: 0x%02X\n", stack->sess->version); if( stack->sess->version == 0 ) { _ASSERT( dir == ePacketDirFromClient ); rc = ssl_decode_first_client_hello( stack->sess, data, len, processed ); return rc; } if( len < SSL3_HEADER_LEN ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); if( data[1] != 3) return NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR ); /* Decode record type */ record_type = data[0]; totalRecLen = recLen = MAKE_UINT16( data[3], data[4] ); DEBUG_TRACE1("ssl_record_layer_decoder - record_type: %d\n", record_type); DEBUG_TRACE1("ssl_record_layer_decoder - recLen: %d\n", recLen); /* for (i = 0; i < 128; i++) { printf("ssl_tls_record_layer_decoder - data before skip header size [%d]: %d\n", i, data[i]); } */ data += SSL3_HEADER_LEN; len -= SSL3_HEADER_LEN; DEBUG_TRACE1("ssl_record_layer_decoder - len after header adjustments: %d\n", len); /* for (i=0; i < len; i++) { printf("0x%02X ", data[i]); } */ #ifdef NM_TRACE_SSL_RECORD DEBUG_TRACE2( "\n==>Decoding SSL v3 Record, type: %d, len: %d\n{\n", (int) record_type, (int) recLen ); #endif rc = DSSL_RC_OK; if( len < recLen ) { rc = DSSL_RC_WOULD_BLOCK; DEBUG_TRACE0("ssl_tls_record_layer_decoder - rc is DSSL_RC_WOULD_BLOCK\n"); } if( rc == DSSL_RC_OK && stack->cipher ) { rc = ssl_decrypt_record( stack, data, recLen, &data, &recLen, &decrypt_buffer_aquired,&block_size ); DEBUG_TRACE1("ssl_record_layer_decoder - ssl_decrypt_record ret: %d\n", rc); } /* check if the record length is still within bounds (failed decryption, etc) */ if( rc == DSSL_RC_OK && (recLen > RFC_2246_MAX_COMPRESSED_LENGTH || recLen > len || (stack->md && recLen < EVP_MD_size(stack->md))) ) { rc = NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH); } if( rc == DSSL_RC_OK && stack->md ) { u_char mac[EVP_MAX_MD_SIZE]; u_char* rec_mac = NULL; DEBUG_TRACE1("ssl_record_layer_decoder - data using len: %d\n", len); /* for (i=0; i < len; i++) { printf("0x%02X ", data[i]); } */ recLen -= EVP_MD_size( stack->md ); rec_mac = data+recLen; memset(mac, 0, sizeof(mac) ); // Fix - skip iv for TLS 1.1 DEBUG_TRACE1("ssl_record_layer_decoder - stack->version: 0x%02X\n", stack->version); DEBUG_TRACE1("ssl_record_layer_decoder - block_size: %d\n", block_size); if (stack->version > TLS1_VERSION && block_size > 1) { DEBUG_TRACE0("ssl_record_layer_decoder - activated fix for TLS 1.1 (skip 16 bytes)\n"); data2 = data + block_size; recLen2 = recLen - block_size; rc = stack->sess->caclulate_mac_proc( stack, record_type, data2, recLen2, mac ); } else { rc = stack->sess->caclulate_mac_proc( stack, record_type, data, recLen, mac ); } DEBUG_TRACE1("ssl_record_layer_decoder - caclulate_mac_proc result: %d\n", rc); if( rc == DSSL_RC_OK ) { DEBUG_TRACE1("ssl_record_layer_decoder - caclulate_mac_proc memcmp size(i.e. EVP_MD_size(stack->md)): %d\n", EVP_MD_size(stack->md)); DEBUG_TRACE0("ssl_record_layer_decoder - mac vs. rec_mac:\n"); if (IsDebugEnabled()) { for (i=0; i < EVP_MD_size(stack->md); i++) { DEBUG_TRACE2("0x%02X vs. 0x%02X\n", mac[i], rec_mac[i]); } } rc = memcmp( mac, rec_mac, EVP_MD_size(stack->md) ) == 0 ? DSSL_RC_OK : NM_ERROR( DSSL_E_SSL_INVALID_MAC ); } } if( rc == DSSL_RC_OK && stack->compression_method != 0 ) { rc = ssl_decompress_record( stack, data, recLen, &data, &recLen, &decompress_buffer_aquired ); DEBUG_TRACE1("ssl_record_layer_decoder - ssl_decompress_record call ended. rc: %d\n", rc); } if( rc == DSSL_RC_OK ) { DEBUG_TRACE1("ssl_record_layer_decoder - record_type: %d\n", record_type); switch( record_type ) { case SSL3_RT_HANDSHAKE: DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_HANDSHAKE\n"); next_decoder = &stack->dhandshake; break; case SSL3_RT_CHANGE_CIPHER_SPEC: DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_CHANGE_CIPHER_SPEC\n"); next_decoder = &stack->dcss; break; case SSL3_RT_APPLICATION_DATA: DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_APPLICATION_DATA\n"); next_decoder = &stack->dappdata; break; case SSL3_RT_ALERT: DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_ALERT\n"); next_decoder = &stack->dalert; break; default: DEBUG_TRACE0("ssl_record_layer_decoder - record_type not found\n"); rc = NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR ); } } if( rc == DSSL_RC_OK ) { _ASSERT( next_decoder != NULL ); DEBUG_TRACE1("ssl_record_layer_decoder - calling dssl_decoder_process. handler is: %x\n", next_decoder->handler); // Fix - for TLS 1.1 continue if (data2 == NULL) rc = dssl_decoder_process( next_decoder, dir, data, recLen ); else rc = dssl_decoder_process( next_decoder, dir, data2, recLen2 ); DEBUG_TRACE1("ssl_record_layer_decoder - dssl_decoder_process ret: %d\n", rc); } if( rc == DSSL_RC_OK ) { *processed = totalRecLen + SSL3_HEADER_LEN; } if( decrypt_buffer_aquired ) { ssls_release_decrypt_buffer( stack->sess ); } if( decompress_buffer_aquired ) { ssls_release_decompress_buffer( stack->sess ); } #ifdef NM_TRACE_SSL_RECORD DEBUG_TRACE1( "\n} rc: %d\n", (int) rc); #endif if( stack->state == SS_SeenCloseNotify ) { stack->sess->flags |= SSF_CLOSE_NOTIFY_RECEIVED; } else if ( stack->state == SS_FatalAlert ) { stack->sess->flags |= SSF_FATAL_ALERT_RECEIVED; } DEBUG_TRACE1("ssl_record_layer_decoder - end. rc = %d\n", rc); return rc; }
static int ssl3_decode_client_hello( DSSL_Session* sess, u_char* data, uint32_t len ) { u_char* org_data = data; int t_len = 0; /* record the handshake start time */ sess->handshake_start = sess->last_packet->pcap_header.ts; if( data[0] != 3 || data[1] > 3) return NM_ERROR( DSSL_E_SSL_UNKNOWN_VERSION ); /* 2 bytes client version */ sess->client_version = MAKE_UINT16( data[0], data[1] ); ssls_set_session_version( sess, MAKE_UINT16( data[0], data[1] ) ); data+= 2; /* make sure */ if( data + 32 > org_data + len ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); /* 32 bytes ClientRandom */ memcpy( sess->client_random, data, 32 ); data+= 32; DEBUG_TRACE_BUF("client_random", sess->client_random, 32); /* check session ID length */ if( data[0] > 32 ) return NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR ); if( data[0] > 0 ) { /* Session ID set */ if( data + data[0] > org_data + len ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); memcpy( sess->session_id, data+1, data[0] ); sess->flags |= SSF_CLIENT_SESSION_ID_SET; data += data[0] + 1; } else { /* no Session ID */ sess->flags &= ~SSF_CLIENT_SESSION_ID_SET; ++data; } /* Cypher Suites */ if(data + 1 >= org_data + len) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); t_len = MAKE_UINT16(data[0], data[1]) + 2; /* cypher suites + cypher sute length size */ data += t_len; /* skip cypher suites */ /* Compression Method */ if(data >= org_data + len) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); if(data + data[0] + 1 > org_data + len) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); t_len = data[0] + 1; data += t_len; /* skip compression methods */ /* Extensions */ /* clear all previous extension fields */ ssls_free_extension_data(sess); if(data >= org_data + len) return DSSL_RC_OK; if(data + 2 > org_data + len) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); t_len = MAKE_UINT16(data[0], data[1]); data += 2; /* positon at the beginning of the first extension record, if any*/ while(t_len >= 4) { int ext_type = MAKE_UINT16(data[0], data[1]); /* extension type */ int ext_len = MAKE_UINT16(data[2], data[3]); #ifdef NM_TRACE_SSL_HANDSHAKE DEBUG_TRACE2( "\nSSL extension: %s len: %d", SSL3_ExtensionTypeToString( ext_type ), ext_len ); #endif /* TLS Session Ticket */ if( ext_type == 0x0023) { /* non empty ticket passed, store it */ if(ext_len > 0) { sess->flags |= SSF_TLS_SESSION_TICKET_SET; sess->session_ticket = (u_char*) malloc(ext_len); if(sess->session_ticket == NULL) return NM_ERROR(DSSL_E_OUT_OF_MEMORY); memcpy(sess->session_ticket, data+4, ext_len); sess->session_ticket_len = ext_len; } } data += ext_len + 4; if(data > org_data + len) return NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH); t_len -= ext_len + 4; } return DSSL_RC_OK; }
/* ========== Handshake decoding function ========== */ int ssl3_decode_handshake_record( dssl_decoder_stack* stack, NM_PacketDir dir, u_char* data, uint32_t len, uint32_t* processed ) { int rc = DSSL_E_UNSPECIFIED_ERROR; uint32_t recLen = 0; u_char hs_type = 0; u_char* org_data = data; DSSL_Session* sess = stack->sess; _ASSERT( processed != NULL ); _ASSERT((sess->flags & SSF_SSLV2_CHALLENGE) == 0); if( sess->version == 0 ) { return ssl_decode_first_client_hello( sess, data, len, processed ); } if( len < SSL3_HANDSHAKE_HEADER_LEN ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); DEBUG_TRACE_BUF("handshake", data, len); recLen = (((int32_t)data[1]) << 16) | (((int32_t)data[2]) << 8) | data[3]; hs_type = data[0]; data += SSL3_HANDSHAKE_HEADER_LEN; len -= SSL3_HANDSHAKE_HEADER_LEN; if( len < recLen )return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); #ifdef NM_TRACE_SSL_HANDSHAKE DEBUG_TRACE2( "===>Decoding SSL v3 handshake: %s len: %d...", SSL3_HandshakeTypeToString( hs_type ), (int) recLen ); #endif switch( hs_type ) { case SSL3_MT_HELLO_REQUEST: rc = ssl3_decode_dummy( sess, data, recLen ); break; case SSL3_MT_CLIENT_HELLO: rc = ssl3_decode_client_hello( sess, data, recLen ); break; case SSL3_MT_SERVER_HELLO: stack->state = SS_SeenServerHello; rc = ssl3_decode_server_hello( sess, data, recLen ); break; case SSL3_MT_CERTIFICATE: if( dir == ePacketDirFromServer ) { rc = ssl3_decode_server_certificate( sess, data, recLen ); } else { rc = ssl3_decode_dummy( sess, data, recLen ); } break; case SSL3_MT_SERVER_DONE: rc = ssl3_decode_dummy( sess, data, recLen ); break; case SSL3_MT_CLIENT_KEY_EXCHANGE: rc = ssl3_decode_client_key_exchange( sess, data, recLen ); break; case SSL3_MT_FINISHED: rc = (*sess->decode_finished_proc)( sess, dir, data, recLen ); if( rc == DSSL_RC_OK ) { stack->state = SS_Established; ssls_handshake_done( sess ); } break; case SSL3_MT_CERTIFICATE_STATUS: rc = ssl3_decode_dummy( sess, data, recLen ); break; case SSL3_MT_SERVER_KEY_EXCHANGE: /*at this point it is clear that the session is not decryptable due to ephemeral keys usage.*/ rc = NM_ERROR( DSSL_E_SSL_CANNOT_DECRYPT_EPHEMERAL ); break; case SSL3_MT_CERTIFICATE_REQUEST: /* TODO: track CertificateRequest- client certificate / certificate verify */ rc = ssl3_decode_dummy( sess, data, recLen ); break; case SSL3_MT_CERTIFICATE_VERIFY: /* TODO: track CertificateRequest- client certificate / certificate verify */ rc = ssl3_decode_dummy( sess, data, recLen ); break; case SSL3_MT_NEWSESSION_TICKET: rc = ssl3_decode_new_session_ticket( sess, data, recLen ); break; default: rc = NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR ); break; } if( rc == DSSL_RC_OK ) { *processed = recLen + SSL3_HANDSHAKE_HEADER_LEN; if( hs_type == SSL3_MT_CLIENT_HELLO ) { ssl3_init_handshake_digests( sess ); } if( hs_type != SSL3_MT_HELLO_REQUEST ) { ssl3_update_handshake_digests( sess, org_data, *processed ); } } #ifdef NM_TRACE_SSL_HANDSHAKE if( rc == DSSL_RC_OK ) { DEBUG_TRACE0( "OK\n" ); } else { DEBUG_TRACE1( "Error! (%d)\n", (int)rc ); } #endif return rc; }
static int ssl3_decode_server_hello( DSSL_Session* sess, u_char* data, uint32_t len ) { uint16_t server_version = 0; u_char* org_data = data; uint16_t session_id_len = 0; int session_id_match = 0; if( data[0] != 3 || data[1] > 3) return NM_ERROR( DSSL_E_SSL_UNKNOWN_VERSION ); if( len < SSL3_SERVER_HELLO_MIN_LEN ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); /* Server Version */ server_version = MAKE_UINT16( data[0], data[1] ); if( sess->version == 0 || server_version < sess->version ) { ssls_set_session_version( sess, server_version ); } data+= 2; /* ServerRandom */ _ASSERT_STATIC( sizeof(sess->server_random) == 32 ); memcpy( sess->server_random, data, sizeof( sess->server_random ) ); data+= 32; DEBUG_TRACE_BUF("server_random", sess->server_random, 32); /* session ID */ _ASSERT_STATIC( sizeof(sess->session_id) == 32 ); session_id_len = data[0]; data++; if( session_id_len > 0 ) { if ( session_id_len > 32 ) return NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR ); if( !IS_ENOUGH_LENGTH( org_data, len, data, session_id_len ) ) { return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); } if( sess->flags & SSF_CLIENT_SESSION_ID_SET && memcmp( sess->session_id, data, session_id_len ) == 0 ) { session_id_match = 1; } else { sess->flags &= ~SSF_CLIENT_SESSION_ID_SET; memcpy( sess->session_id, data, session_id_len ); } data += session_id_len; } /* Cipher Suite and Compression */ if( !IS_ENOUGH_LENGTH( org_data, len, data, 3 ) ) { return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); } sess->cipher_suite = MAKE_UINT16( data[0], data[1] ); sess->compression_method = data[2]; data += 3; sess->flags &= ~SSF_TLS_SERVER_SESSION_TICKET; /* clear server side TLS Session Ticket flag */ /* Process SSL Extensions, if present */ if(IS_ENOUGH_LENGTH( org_data, len, data, 2 )) { int t_len = MAKE_UINT16(data[0], data[1]); data += 2; if(!IS_ENOUGH_LENGTH( org_data, len, data, t_len)) return NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH); /* cycle through extension records */ while(t_len >= 4) { int ext_type = MAKE_UINT16(data[0], data[1]); /* extension type */ int ext_len = MAKE_UINT16(data[2], data[3]); #ifdef NM_TRACE_SSL_HANDSHAKE DEBUG_TRACE2( "\nSSL extension: %s len: %d", SSL3_ExtensionTypeToString( ext_type ), ext_len ); #endif /* TLS Session Ticket extension found, set the flag */ if( ext_type == 0x0023) { sess->flags |= SSF_TLS_SERVER_SESSION_TICKET; } data += ext_len + 4; if(data > org_data + len) return NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH); t_len -= ext_len + 4; } } if( session_id_match ) { if( sess->flags & SSF_TLS_SESSION_TICKET_SET) { int rc = ssls_init_from_tls_ticket( sess ); if( NM_IS_FAILED( rc ) ) return rc; } else { /* lookup session from the cache for stateful SSL renegotiation */ int rc = ssls_lookup_session( sess ); if( NM_IS_FAILED( rc ) ) return rc; } } if( sess->flags & SSF_CLIENT_SESSION_ID_SET ) { int rc = ssls_generate_keys( sess ); if( NM_IS_FAILED( rc ) ) return rc; } return DSSL_RC_OK; }