/* Caller has received data from the network and is notifying the SSL layer */ int32 matrixSslReceivedData(ssl_t *ssl, uint32 bytes, unsigned char **ptbuf, uint32 *ptlen) { unsigned char *buf, *prevBuf; int32 rc, decodeRet, size, sanity, decodeErr; uint32 processed, start, len, reqLen; unsigned char alertLevel, alertDesc; unsigned char *p; if (!ssl || !ptbuf || !ptlen) { return PS_ARG_FAIL; } psAssert(ssl->outsize > 0 && ssl->outbuf != NULL); psAssert(ssl->insize > 0 && ssl->inbuf != NULL); *ptbuf = NULL; *ptlen = 0; ssl->inlen += bytes; if (ssl->inlen == 0) { return PS_SUCCESS; /* Nothing to do. Basically a poll */ } /* This is outside the loop b/c we may want to parse within inbuf later */ buf = ssl->inbuf; DECODE_MORE: /* Parameterized sanity check to avoid infinite loops */ if (matrixSslHandshakeIsComplete(ssl)) { /* Minimum possible record size once negotiated */ sanity = ssl->inlen / (SSL3_HEADER_LEN + MD5_HASH_SIZE); } else { /* Even with an SSLv2 hello, the sanity check will let 1 pass through */ sanity = ssl->inlen / (SSL3_HEADER_LEN + SSL3_HANDSHAKE_HEADER_LEN); } if (sanity-- < 0) { return PS_PROTOCOL_FAIL; /* We've tried to decode too many times */ } len = ssl->inlen; size = ssl->insize - (buf - ssl->inbuf); prevBuf = buf; decodeRet = matrixSslDecode(ssl, &buf, &len, size, &start, &reqLen, &decodeErr, &alertLevel, &alertDesc); /* Convenience for the cases that expect buf to have moved - calculate the number of encoded bytes that were decoded */ processed = buf - prevBuf; rc = PS_PROTOCOL_FAIL; switch (decodeRet) { case MATRIXSSL_SUCCESS: ssl->inlen -= processed; if (ssl->inlen > 0) { psAssert(buf > ssl->inbuf); /* Pack ssl->inbuf so there is immediate maximum room for potential outgoing data that needs to be written */ memmove(ssl->inbuf, buf, ssl->inlen); buf = ssl->inbuf; goto DECODE_MORE; /* More data in buffer to process */ } /* In this case, we've parsed a finished message and no additional data is available to parse. We let the client know the handshake is complete, which can be used as a trigger to begin for example a HTTP request. */ if (!(ssl->bFlags & BFLAG_HS_COMPLETE)) { if (matrixSslHandshakeIsComplete(ssl)) { ssl->bFlags |= BFLAG_HS_COMPLETE; #ifdef USE_CLIENT_SIDE_SSL matrixSslGetSessionId(ssl, ssl->sid); #endif /* USE_CLIENT_SIDE_SSL */ rc = MATRIXSSL_HANDSHAKE_COMPLETE; } else { rc = MATRIXSSL_REQUEST_RECV; /* Need to recv more handshake data */ } } else { #ifdef USE_DTLS rc = MATRIXSSL_REQUEST_RECV; /* Got FINISHED without CCS */ #else /* This is an error - we shouldn't get here */ #endif } break; #ifdef USE_DTLS case DTLS_RETRANSMIT: /* Only request a resend if last record in buffer */ ssl->inlen -= processed; if (ssl->inlen > 0) { psAssert(buf > ssl->inbuf); /* Pack ssl->inbuf so there is immediate maximum room for potential outgoing data that needs to be written */ memmove(ssl->inbuf, buf, ssl->inlen); buf = ssl->inbuf; goto DECODE_MORE; /* More data in buffer to process */ } /* Flight will be rebuilt when matrixDtlsGetOutdata is called while outbuf is empty. This is the return case where we are actually seeing a repeat handshake message so we know something was lost in flight. */ return MATRIXSSL_REQUEST_SEND; #endif case SSL_SEND_RESPONSE: #ifdef ENABLE_FALSE_START /* If FALSE START is supported, there may be APPLICATION_DATA directly following the FINISHED message, even though we haven't sent our CHANGE_CIPHER_SPEC or FINISHED message. This is signalled by buf having been moved forward, and our response being put directly into ssl->outbuf, rather than in buf (ssl->inbuf). Return a REQUEST_SEND so that the data in outbuf is flushed before the remaining data in ssl->inbuf is parsed. */ if ((ssl->flags & SSL_FLAGS_FALSE_START) && buf != prevBuf) { ssl->inlen -= processed; psAssert(ssl->inlen > 0); psAssert((uint32)ssl->inlen == start); psAssert(buf > ssl->inbuf); memmove(ssl->inbuf, buf, ssl->inlen); /* Pack ssl->inbuf */ buf = ssl->inbuf; return MATRIXSSL_REQUEST_SEND; } #endif /* This must be handshake data (or alert) or we'd be in PROCESS_DATA so there is no way there is anything left inside inbuf to process. ...so processed isn't valid because the output params are outbuf related and we simply reset inlen */ ssl->inlen = 0; /* If alert, close connection after sending */ if (alertDesc != SSL_ALERT_NONE) { ssl->bFlags |= BFLAG_CLOSE_AFTER_SENT; } psAssert(prevBuf == buf); psAssert(ssl->insize >= (int32)len); psAssert(start == 0); psAssert(buf == ssl->inbuf); if (ssl->outlen > 0) { /* If data's in outbuf, append inbuf. This is a corner case that can happen if application data is queued but then incoming data is processed and discovered to be a re-handshake request. matrixSslDecode will have constructed the response flight but we don't want to forget about the app data we haven't sent */ if (ssl->outlen + (int32)len > ssl->outsize) { if ((p = psRealloc(ssl->outbuf, ssl->outlen + len, ssl->bufferPool)) == NULL) { return PS_MEM_FAIL; } ssl->outbuf = p; ssl->outsize = ssl->outlen + len; } memcpy(ssl->outbuf + ssl->outlen, ssl->inbuf, len); ssl->outlen += len; } else { /* otherwise, swap inbuf and outbuf */ buf = ssl->outbuf; ssl->outbuf = ssl->inbuf; ssl->inbuf = buf; ssl->outlen = len; len = ssl->outsize; ssl->outsize = ssl->insize; ssl->insize = len; buf = ssl->inbuf; len = ssl->outlen; } rc = MATRIXSSL_REQUEST_SEND; /* We queued data to send out */ break; case MATRIXSSL_ERROR: if (decodeErr >= 0) { //printf("THIS SHOULD BE A NEGATIVE VALUE?\n"); } return decodeErr; /* Will be a negative value */ case SSL_ALERT: if (alertLevel == SSL_ALERT_LEVEL_FATAL) { psTraceIntInfo("Received FATAL alert %d.\n", alertDesc); } else { /* Closure notify is the normal case */ if (alertDesc == SSL_ALERT_CLOSE_NOTIFY) { psTraceInfo("Normal SSL closure alert\n"); } else { psTraceIntInfo("Received WARNING alert %d\n", alertDesc); } } /* Let caller access the 2 data bytes (severity and description) */ #ifdef USE_TLS_1_1 /* Been ignoring the explicit IV up to this final return point. */ if ((ssl->flags & SSL_FLAGS_READ_SECURE) && (ssl->flags & SSL_FLAGS_TLS_1_1) && (ssl->enBlockSize > 1)) { prevBuf += ssl->enBlockSize; } #endif /* USE_TLS_1_1 */ psAssert(len == 2); *ptbuf = prevBuf; *ptlen = len; ssl->inlen -= processed; return MATRIXSSL_RECEIVED_ALERT; case SSL_PARTIAL: if (reqLen > SSL_MAX_BUF_SIZE) { return PS_MEM_FAIL; } if (reqLen > (uint32)ssl->insize) { if ((p = psRealloc(ssl->inbuf, reqLen, ssl->bufferPool)) == NULL) { return PS_MEM_FAIL; } ssl->inbuf = p; ssl->insize = reqLen; buf = ssl->inbuf; /* Don't need to change inlen */ } rc = MATRIXSSL_REQUEST_RECV; /* Expecting more data */ break; /* We've got outgoing data that's larger than our buffer */ case SSL_FULL: if (reqLen > SSL_MAX_BUF_SIZE) { return PS_MEM_FAIL; } /* We balk if we get a large handshake message */ if (reqLen > SSL_MAX_PLAINTEXT_LEN && !matrixSslHandshakeIsComplete(ssl)) { if (reqLen > SSL_MAX_PLAINTEXT_LEN) { return PS_MEM_FAIL; } } /* Can't envision any possible case where there is remaining data in inbuf to process and are getting SSL_FULL. */ ssl->inlen = 0; /* Grow inbuf */ if (reqLen > (uint32)ssl->insize) { len = ssl->inbuf - buf; if ((p = psRealloc(ssl->inbuf, reqLen, ssl->bufferPool)) == NULL) { return PS_MEM_FAIL; } ssl->inbuf = p; ssl->insize = reqLen; buf = ssl->inbuf + len; /* Note we leave inlen untouched here */ } else { psTraceInfo("Encoding error. Possible wrong flight messagSize\n"); return PS_PROTOCOL_FAIL; /* error in our encoding */ } goto DECODE_MORE; case SSL_PROCESS_DATA: /* Possible we received a finished message and app data in the same flight. In this case, the caller is not notified that the handshake is complete, but rather is notified that there is application data to process. */ if (!(ssl->bFlags & BFLAG_HS_COMPLETE) && matrixSslHandshakeIsComplete(ssl)) { ssl->bFlags |= BFLAG_HS_COMPLETE; #ifdef USE_CLIENT_SIDE_SSL matrixSslGetSessionId(ssl, ssl->sid); #endif /* USE_CLIENT_SIDE_SSL */ } /* . prevbuf points to start of unencrypted data . buf points to start of any remaining unencrypted data . start is length of remaining encrypted data yet to decode . len is length of unencrypted data ready for user processing */ ssl->inlen -= processed; psAssert((uint32)ssl->inlen == start); /* Call user plaintext data handler */ #ifdef USE_TLS_1_1 /* Been ignoring the explicit IV up to this final return point. */ /* NOTE: This test has been on enBlockSize for a very long time but it looks like it should be on deBlockSize since this a decryption. Changed and added an assert to see if these ever don't match */ psAssert(ssl->enBlockSize == ssl->deBlockSize); if ((ssl->flags & SSL_FLAGS_READ_SECURE) && (ssl->flags & SSL_FLAGS_TLS_1_1) && (ssl->deBlockSize > 1)) { len -= ssl->deBlockSize; prevBuf += ssl->deBlockSize; } /* END enBlockSize to deBlockSize change */ #endif /* USE_TLS_1_1 */ *ptbuf = prevBuf; *ptlen = len; #ifdef USE_DTLS /* This flag is used in conjuction with flightDone in the buffer management API set to determine whether we are still in a handshake state for attempting flight resends. If we are getting app data we know for certain we are out of the hs states. Testing HandshakeComplete is not enough because you never know if the other side got FINISHED. */ if (ssl->flags & SSL_FLAGS_DTLS) { ssl->appDataExch = 1; } #endif #ifdef USE_ZLIB_COMPRESSION if (ssl->compression > 0) { return MATRIXSSL_APP_DATA_COMPRESSED; } #endif return MATRIXSSL_APP_DATA; } /* switch decodeRet */ if (ssl->inlen > 0 && (buf != ssl->inbuf)) { psAssert(0); } /* Shrink inbuf to default size once inlen < default size, and we aren't expecting any more data in the buffer. If SSL_PARTIAL, don't shrink the buffer, since we expect to fill it up shortly. */ if (decodeRet != SSL_PARTIAL) { revertToDefaultBufsize(ssl, SSL_INBUF); } return rc; }
int main(int argc, char **argv) #endif { sslSessionId_t *sessionId; sslConn_t *conn; sslKeys_t *keys; WSADATA wsaData; SOCKET fd; short cipherSuite; unsigned char *ip, *c, *requestBuf; unsigned char buf[1024]; int iterations, requests, connectAgain, status; int quit, rc, bytes, i, j, err; time_t t0, t1; #if REUSE int anonStatus; #endif #if VXWORKS int argc; char **argv; parseCmdLineArgs(arg1, &argc, &argv); #endif /* VXWORKS */ #if WINCE int argc; char **argv; char args[256]; /* * parseCmdLineArgs expects an ASCII string and CE is unicoded, so convert * the command line. args will get hacked up, so you can't pass in a * static string. */ WideCharToMultiByte(CP_ACP, 0, lpCmdLine, -1, args, 256, NULL, NULL); /* * Parse the command line into an argv array. This allocs memory, so * we have to free argv when we're done. */ parseCmdLineArgs(args, &argc, &argv); #endif /* WINCE */ conn = NULL; /* First (optional) argument is ip address to connect to (port is hardcoded) Second (optional) argument is number of iterations to perform Third (optional) argument is number of keepalive HTTP requests Fourth (optional) argument is cipher suite number to use (0 for any) */ ip = HTTPS_IP; iterations = ITERATIONS; requests = REQUESTS; cipherSuite = 0x0000; if (argc > 1) { ip = argv[1]; if (argc > 2) { iterations = atoi(argv[2]); socketAssert(iterations > 0); if (argc > 3) { requests = atoi(argv[3]); socketAssert(requests > 0); if (argc > 4) { cipherSuite = (short)atoi(argv[4]); } } } } /* Initialize Windows sockets (no-op on other platforms) */ WSAStartup(MAKEWORD(1,1), &wsaData); /* Initialize the MatrixSSL Library, and read in the certificate file used to validate the server. */ if (matrixSslOpen() < 0) { fprintf(stderr, "matrixSslOpen failed, exiting..."); } sessionId = NULL; if (matrixSslReadKeys(&keys, NULL, NULL, NULL, CAfile) < 0) { goto promptAndExit; } /* Intialize loop control variables */ quit = 0; connectAgain = 1; i = 1; /* Just reuse the requestBuf and malloc to largest possible message size */ requestBuf = malloc(sizeof(requestAgain)); t0 = time(0); /* Main ITERATIONS loop */ while (!quit && (i < iterations)) { /* sslConnect uses port and ip address to connect to SSL server. Generates a new session */ if (connectAgain) { if ((fd = socketConnect(ip, HTTPS_PORT, &err)) == INVALID_SOCKET) { fprintf(stdout, "Error connecting to server %s:%d\n", ip, HTTPS_PORT); matrixSslFreeKeys(keys); goto promptAndExit; } if (sslConnect(&conn, fd, keys, sessionId, cipherSuite, certChecker) < 0) { quit = 1; socketShutdown(fd); fprintf(stderr, "Error connecting to %s:%d\n", ip, HTTPS_PORT); continue; } i++; connectAgain = 0; j = 1; } if (conn == NULL) { quit++; continue; } /* Copy the HTTP request header into the buffer, based of whether or not we want httpReflector to keep the socket open or not */ if (j == requests) { bytes = (int)strlen(request); memcpy(requestBuf, request, bytes); } else { bytes = (int)strlen(requestAgain); memcpy(requestBuf, requestAgain, bytes); } /* Send request. < 0 return indicates an error. 0 return indicates not all data was sent and we must retry > 0 indicates that all requested bytes were sent */ writeMore: rc = sslWrite(conn, requestBuf, bytes, &status); if (rc < 0) { fprintf(stdout, "Internal sslWrite error\n"); socketShutdown(conn->fd); sslFreeConnection(&conn); continue; } else if (rc == 0) { goto writeMore; } /* Read response < 0 return indicates an error. 0 return indicates an EOF or CLOSE_NOTIFY in this situation > 0 indicates that some bytes were read. Keep reading until we see the /r/n/r/n from the response header. There may be data following this header, but we don't try too hard to read it for this example. */ c = buf; readMore: if ((rc = sslRead(conn, c, sizeof(buf) - (int)(c - buf), &status)) > 0) { c += rc; if (c - buf < 4 || memcmp(c - 4, "\r\n\r\n", 4) != 0) { goto readMore; } } else { if (rc < 0) { fprintf(stdout, "sslRead error. dropping connection.\n"); } if (rc < 0 || status == SSLSOCKET_EOF || status == SSLSOCKET_CLOSE_NOTIFY) { socketShutdown(conn->fd); sslFreeConnection(&conn); continue; } goto readMore; } /* Determine if we want to do a pipelined HTTP request/response */ if (j++ < requests) { fprintf(stdout, "R"); continue; } else { fprintf(stdout, "C"); } /* Reuse the session. Comment out these two lines to test the entire public key renegotiation each iteration */ #if REUSE matrixSslFreeSessionId(sessionId); matrixSslGetSessionId(conn->ssl, &sessionId); /* This example shows how a user might want to limit a client to resuming handshakes only with authenticated servers. In this example, the client will force any non-authenticated (anonymous) server to go through a complete handshake each time. This is strictly an example of one policy decision an implementation might wish to make. */ matrixSslGetAnonStatus(conn->ssl, &anonStatus); if (anonStatus) { matrixSslFreeSessionId(sessionId); sessionId = NULL; } #endif /* Send a closure alert for clean shutdown of remote SSL connection This is for good form, some implementations just close the socket */ sslWriteClosureAlert(conn); /* Session done. Connect again if more iterations remaining */ socketShutdown(conn->fd); sslFreeConnection(&conn); connectAgain = 1; } t1 = time(0); free(requestBuf); matrixSslFreeSessionId(sessionId); if (conn && conn->ssl) { socketShutdown(conn->fd); sslFreeConnection(&conn); } fprintf(stdout, "\n%d connections in %d seconds (%f c/s)\n", i, (int)(t1 - t0), (double)i / (t1 - t0)); fprintf(stdout, "\n%d requests in %d seconds (%f r/s)\n", i * requests, (int)(t1 - t0), (double)(i * requests) / (t1 - t0)); /* Close listening socket, free remaining items */ matrixSslFreeKeys(keys); matrixSslClose(); WSACleanup(); promptAndExit: fprintf(stdout, "Press return to exit...\n"); getchar(); #if WINCE || VXWORKS if (argv) { free((void*) argv); } #endif /* WINCE */ return 0; }
/* Caller is indicating 'bytes' of data was written */ int32 matrixSslSentData(ssl_t *ssl, uint32 bytes) { int32 rc; if (!ssl) { return PS_ARG_FAIL; } if (bytes == 0) { if (ssl->outlen > 0) { return MATRIXSSL_REQUEST_SEND; } else { return MATRIXSSL_SUCCESS; /* Nothing to do */ } } psAssert(ssl->outsize > 0 && ssl->outbuf != NULL); ssl->outlen -= bytes; rc = MATRIXSSL_SUCCESS; if (ssl->outlen > 0) { memmove(ssl->outbuf, ssl->outbuf + bytes, ssl->outlen); /* This was changed during 3.7.1 DTLS work. The line below used to be: rc = MATRIXSSL_REQUEST_SEND; and it was possible for it to be overridden with HANDSHAKE_COMPLETE below. This was a problem if only the ChangeCipherSpec portion of the final flight was just set becuase matrixSslHandshakeIsComplete would return 1 because the state looks right. However, there would still be a FINISHED message sitting in outbuf when COMPLETE is returned. This seemed like a bigger problem than just the DTLS test case that caught it. If the transport layer of straight TLS sent off only the CCS message for some reason, this would cause the same odd combo of COMPLETE but with a FINISHED message that hasn't been sent. It seems fine to return REQUEST_SEND whenever there is data left in the outgoing buffer but it is suspecious it wasn't written this way to begin with so maybe there was another corner case the COMPLETE was solving. Hope not. In any case, it looks safe to make this a global change but if you are reading this because you are trying to track down a change in behavior in matrixSslSentData, maybe this documentation will help. */ return MATRIXSSL_REQUEST_SEND; } /* If there's nothing left to flush, reallocate the buffer smaller. */ if ((ssl->outlen == 0) && (ssl->bFlags & BFLAG_CLOSE_AFTER_SENT)) { /* We want to close the connection now */ rc = MATRIXSSL_REQUEST_CLOSE; } else { revertToDefaultBufsize(ssl, SSL_OUTBUF); } /* Indicate the handshake is complete, in this case, the finished message is being/has been just sent. Occurs in session resumption. */ if (!(ssl->bFlags & BFLAG_HS_COMPLETE) && matrixSslHandshakeIsComplete(ssl)) { ssl->bFlags |= BFLAG_HS_COMPLETE; #ifdef USE_CLIENT_SIDE_SSL matrixSslGetSessionId(ssl, ssl->sid); #endif /* USE_CLIENT_SIDE_SSL */ rc = MATRIXSSL_HANDSHAKE_COMPLETE; #ifdef USE_SSL_INFORMATIONAL_TRACE /* Client side resumed completion or server standard completion */ matrixSslPrintHSDetails(ssl); #endif } return rc; }
/* Caller is indicating 'bytes' of data was written */ int32 matrixSslSentData(ssl_t *ssl, uint32 bytes) { int32 rc; if (!ssl) { return PS_ARG_FAIL; } if (bytes == 0) { if (ssl->outlen > 0) { return MATRIXSSL_REQUEST_SEND; } else { return MATRIXSSL_SUCCESS; /* Nothing to do */ } } psAssert(ssl->outsize > 0 && ssl->outbuf != NULL); ssl->outlen -= bytes; rc = MATRIXSSL_SUCCESS; if (ssl->outlen > 0) { memmove(ssl->outbuf, ssl->outbuf + bytes, ssl->outlen); rc = MATRIXSSL_REQUEST_SEND; } /* If there's nothing left to flush, reallocate the buffer smaller. */ if ((ssl->outlen == 0) && (ssl->bFlags & BFLAG_CLOSE_AFTER_SENT)) { /* We want to close the connection now */ rc = MATRIXSSL_REQUEST_CLOSE; } else { revertToDefaultBufsize(ssl, SSL_OUTBUF); } /* Indicate the handshake is complete, in this case, the finished message is being/has been just sent. Occurs in session resumption. */ if (!(ssl->bFlags & BFLAG_HS_COMPLETE) && matrixSslHandshakeIsComplete(ssl)) { ssl->bFlags |= BFLAG_HS_COMPLETE; #ifdef USE_CLIENT_SIDE_SSL matrixSslGetSessionId(ssl, ssl->sid); #endif /* USE_CLIENT_SIDE_SSL */ rc = MATRIXSSL_HANDSHAKE_COMPLETE; #ifdef USE_SSL_INFORMATIONAL_TRACE /* Client side resumed completion or server standard completion */ matrixSslPrintHSDetails(ssl); #endif #ifdef USE_UNIFIED_PKCS11 /* Too ugly to track DTLS client/server/normal/resumed/rehandshake cases for deleting old crypto session objects for the minimum lifecycle so we're just looking for any leftover cases here when we are certain handshake is complete. NOTE: It is possible this oldCrypt will still be needed if the final flight is the CCS/FINISHED pair only and the application has built in the smarts to resend if no app data is received. This problem would manifest itself in a failed cipher init and the solution would be to hold off this free until application data is exchanged */ if (ssl->sec.oldCrypt != CK_INVALID_HANDLE && ssl->sec.oldCrypt != ssl->sec.pkcs11Ses) { pkcs11CloseSession(ssl->sec.oldCrypt); ssl->sec.oldCrypt = CK_INVALID_HANDLE; } #endif } return rc; }