int ssl3_alert_decoder( void* decoder_stack, NM_PacketDir dir,
u_char* data, uint32_t len, uint32_t* processed )
{
dssl_decoder_stack* stack = (dssl_decoder_stack*) decoder_stack;
UNUSED_PARAM(dir);
if( len != 2 ) return NM_ERROR( NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ) );
if( data[0] == 2 )
{
stack->state = SS_FatalAlert;
}
/* Close notify? */
if( data[1] == 0 )
{
stack->state = SS_SeenCloseNotify;
}
#ifdef NM_TRACE_SSL_RECORD
DEBUG_TRACE2( "\nAlert received: %s (%d)",
( (stack->state == SS_FatalAlert) ? "fatal alert" :
((stack->state == SS_SeenCloseNotify) ? "close_notify alert" : "unknown alert")),
(int) MAKE_UINT16( data[0], data[1] ) );
#endif
(*processed) = len;
return DSSL_RC_OK;
}
void A025DL02_Driver::WriteFormattedChar( unsigned char c )
{
NATIVE_PROFILE_HAL_DRIVERS_DISPLAY();
if(c < 32)
{
switch(c)
{
case '\b': /* backspace, clear previous char and move cursor back */
if((g_A025DL02_Driver.m_cursor % TextColumns()) > 0)
{
g_A025DL02_Driver.m_cursor--;
WriteChar( ' ', g_A025DL02_Driver.m_cursor / TextColumns(), g_A025DL02_Driver.m_cursor % TextColumns() );
}
break;
case '\f': /* formfeed, clear screen and home cursor */
//Clear();
g_A025DL02_Driver.m_cursor = 0;
break;
case '\n': /* newline */
g_A025DL02_Driver.m_cursor += TextColumns();
g_A025DL02_Driver.m_cursor -= (g_A025DL02_Driver.m_cursor % TextColumns());
break;
case '\r': /* carriage return */
g_A025DL02_Driver.m_cursor -= (g_A025DL02_Driver.m_cursor % TextColumns());
break;
case '\t': /* horizontal tab */
g_A025DL02_Driver.m_cursor += (Font_TabWidth() - ((g_A025DL02_Driver.m_cursor % TextColumns()) % Font_TabWidth()));
// deal with line wrap scenario
if((g_A025DL02_Driver.m_cursor % TextColumns()) < Font_TabWidth())
{
// bring the cursor to start of line
g_A025DL02_Driver.m_cursor -= (g_A025DL02_Driver.m_cursor % TextColumns());
}
break;
case '\v': /* vertical tab */
g_A025DL02_Driver.m_cursor += TextColumns();
break;
default:
DEBUG_TRACE2(TRACE_ALWAYS, "Unrecognized control character in LCD_WriteChar: %2u (0x%02x)\r\n", (unsigned int) c, (unsigned int) c);
break;
}
}
else
{
WriteChar( c, g_A025DL02_Driver.m_cursor / TextColumns(), g_A025DL02_Driver.m_cursor % TextColumns() );
g_A025DL02_Driver.m_cursor++;
}
if(g_A025DL02_Driver.m_cursor >= (TextColumns() * TextRows()))
{
g_A025DL02_Driver.m_cursor = 0;
}
}
int DSSL_SessionProcessData( DSSL_Session* sess, NM_PacketDir dir, u_char* data, uint32_t len )
{
int rc = DSSL_RC_OK;
dssl_decoder_stack* dec = NULL;
if( dir == ePacketDirInvalid ) return NM_ERROR( DSSL_E_INVALID_PARAMETER );
dec = (dir == ePacketDirFromClient) ? &sess->c_dec : &sess->s_dec;
if( !sslc_is_decoder_stack_set( dec ) )
{
uint16_t ver = 0;
int is_client = (dir == ePacketDirFromClient);
if( is_client )
{
rc = ssl_detect_client_hello_version( data, len, &ver );
}
else
{
rc = ssl_detect_server_hello_version( data, len, &ver );
/* update the client decoder after the server have declared the actual version
of the session */
DEBUG_TRACE2("DSSL_SessionProcessData - sess->version: 0x%02X, ver is: 0x%02X\n", sess->version, ver);
if( rc == DSSL_RC_OK && sess->version != ver )
{
sess->c_dec.version = ver;
rc = dssl_decoder_stack_set( &sess->c_dec, sess, ver, 1 );
}
ssls_set_session_version( sess, ver );
}
if( rc == DSSL_RC_OK )
{
dec->version = ver;
rc = dssl_decoder_stack_set( dec, sess, ver, is_client );
}
}
if( rc == DSSL_RC_OK ) rc = dssl_decoder_stack_process( dec, dir, data, len );
/* check if a session with a first-time automapped key failed */
if( NM_IS_FAILED( rc ) && sess->flags & SSF_TEST_SSL_KEY )
{
if(sess->event_callback)
{
(*sess->event_callback)( sess->user_data, eSslMappedKeyFailed, sess->ssl_si );
}
DSSL_MoveServerToMissingKeyList( sess->env, sess->ssl_si );
sess->ssl_si = NULL;
}
if( NM_IS_FAILED( rc ) && sess->error_callback && rc != DSSL_E_SSL_SERVER_KEY_UNKNOWN )
{
sess->error_callback( sess->user_data, rc );
}
return rc;
}
BOOL PolyphonicPiezo_Driver::Tone( const PIEZO_POLY_TONE& ToneRef )
{
ASSERT(!SystemState_Query(SYSTEM_STATE_ISR));
GLOBAL_LOCK(irq);
// special to clear queue
if(ToneRef.Period[0] == TONE_CLEAR_BUFFER)
{
// let active note to finish on it's own
EmptyQueue();
}
else
{
// 0 length tone isn't wrong persay, but if a NULL op, so drop it gracefully, as a success
if(ToneRef.Duration_MicroSeconds > 0)
{
PIEZO_POLY_TONE* Tone = g_PolyphonicPiezo_Driver.m_ToneToRelease.ExtractFirstNode();
if(Tone == NULL)
{
//
// Re-enable interrupts when allocating memory.
//
irq.Release();
Tone = (PIEZO_POLY_TONE*)private_malloc( sizeof(PIEZO_POLY_TONE) );
irq.Acquire();
}
if(Tone == NULL)
{
// No memory, just drop this tone and fail the call
ASSERT(0);
return FALSE;
}
*Tone = ToneRef;
Tone->Initialize();
DEBUG_TRACE2( 0, "Tone(%4d)=%d\r\n", ToneRef.Duration_MicroSeconds, g_PolyphonicPiezo_Driver.m_ToneToPlay.NumOfNodes() );
g_PolyphonicPiezo_Driver.m_ToneToPlay.LinkAtBack( Tone );
if(g_PolyphonicPiezo_Driver.m_TonePlaying == NULL)
{
StartNext();
}
}
}
return TRUE;
}
BOOL HAL_CONFIG_BLOCK::IsGoodBlock() const
{
if(Signature != c_Version_V2)
{
return FALSE;
}
DEBUG_TRACE2( TRACE_CONFIG, "read header CRC=0x%08x at %08x\r\n", HeaderCRC, (size_t)this );
// what is the header's CRC
UINT32 CRC = SUPPORT_ComputeCRC( ((UINT8*)&DataCRC), sizeof(*this) - offsetof(HAL_CONFIG_BLOCK,DataCRC), c_Seed );
DEBUG_TRACE1(TRACE_CONFIG, "calc header CRC=0x%08x\r\n", CRC);
if(CRC != HeaderCRC)
{
DEBUG_TRACE3( TRACE_ALWAYS, "FAILED HEADER CRC at %08x: 0x%08x != 0x%08x\r\n", (size_t)this, CRC, HeaderCRC );
return FALSE;
}
return TRUE;
}
int ssl3_record_layer_decoder( void* decoder_stack, NM_PacketDir dir,
u_char* data, uint32_t len, uint32_t* processed )
{
int rc = DSSL_E_UNSPECIFIED_ERROR;
uint32_t recLen = 0, totalRecLen = 0;
uint8_t record_type = 0;
dssl_decoder_stack* stack = (dssl_decoder_stack*) decoder_stack;
dssl_decoder* next_decoder = NULL;
int decrypt_buffer_aquired = 0;
int decompress_buffer_aquired = 0;
int i = 0;
char * data2 = NULL;
uint32_t recLen2 = 0;
int block_size = 0;
DEBUG_TRACE1("ssl_record_layer_decoder - start. len: %d\n", len);
_ASSERT( stack );
_ASSERT( processed );
_ASSERT( stack->sess );
/*
for (i=0; i < len; i++)
{
printf("0x%02X ", data[i]);
}
*/
if( stack->state > SS_Established )
{
#ifdef NM_TRACE_SSL_RECORD
DEBUG_TRACE1( "[!]Unexpected SSL record after %s",
( (stack->state == SS_FatalAlert) ? "fatal alert" : "close_notify alert") );
#endif
return NM_ERROR( DSSL_E_SSL_UNEXPECTED_TRANSMISSION );
}
/* special case for a first client hello */
DEBUG_TRACE1("ssl_record_layer_decoder - version: 0x%02X\n", stack->sess->version);
if( stack->sess->version == 0 )
{
_ASSERT( dir == ePacketDirFromClient );
rc = ssl_decode_first_client_hello( stack->sess, data, len, processed );
return rc;
}
if( len < SSL3_HEADER_LEN ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
if( data[1] != 3) return NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR );
/* Decode record type */
record_type = data[0];
totalRecLen = recLen = MAKE_UINT16( data[3], data[4] );
DEBUG_TRACE1("ssl_record_layer_decoder - record_type: %d\n", record_type);
DEBUG_TRACE1("ssl_record_layer_decoder - recLen: %d\n", recLen);
/*
for (i = 0; i < 128; i++)
{
printf("ssl_tls_record_layer_decoder - data before skip header size [%d]: %d\n", i, data[i]);
}
*/
data += SSL3_HEADER_LEN;
len -= SSL3_HEADER_LEN;
DEBUG_TRACE1("ssl_record_layer_decoder - len after header adjustments: %d\n", len);
/*
for (i=0; i < len; i++)
{
printf("0x%02X ", data[i]);
}
*/
#ifdef NM_TRACE_SSL_RECORD
DEBUG_TRACE2( "\n==>Decoding SSL v3 Record, type: %d, len: %d\n{\n", (int) record_type, (int) recLen );
#endif
rc = DSSL_RC_OK;
if( len < recLen )
{
rc = DSSL_RC_WOULD_BLOCK;
DEBUG_TRACE0("ssl_tls_record_layer_decoder - rc is DSSL_RC_WOULD_BLOCK\n");
}
if( rc == DSSL_RC_OK && stack->cipher )
{
rc = ssl_decrypt_record( stack, data, recLen, &data, &recLen, &decrypt_buffer_aquired,&block_size );
DEBUG_TRACE1("ssl_record_layer_decoder - ssl_decrypt_record ret: %d\n", rc);
}
/* check if the record length is still within bounds (failed decryption, etc) */
if( rc == DSSL_RC_OK && (recLen > RFC_2246_MAX_COMPRESSED_LENGTH ||
recLen > len || (stack->md && recLen < EVP_MD_size(stack->md))) )
{
rc = NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH);
}
if( rc == DSSL_RC_OK && stack->md )
{
u_char mac[EVP_MAX_MD_SIZE];
u_char* rec_mac = NULL;
DEBUG_TRACE1("ssl_record_layer_decoder - data using len: %d\n", len);
/*
for (i=0; i < len; i++)
{
printf("0x%02X ", data[i]);
}
*/
recLen -= EVP_MD_size( stack->md );
rec_mac = data+recLen;
memset(mac, 0, sizeof(mac) );
// Fix - skip iv for TLS 1.1
DEBUG_TRACE1("ssl_record_layer_decoder - stack->version: 0x%02X\n", stack->version);
DEBUG_TRACE1("ssl_record_layer_decoder - block_size: %d\n", block_size);
if (stack->version > TLS1_VERSION && block_size > 1)
{
DEBUG_TRACE0("ssl_record_layer_decoder - activated fix for TLS 1.1 (skip 16 bytes)\n");
data2 = data + block_size;
recLen2 = recLen - block_size;
rc = stack->sess->caclulate_mac_proc( stack, record_type, data2, recLen2, mac );
}
else
{
rc = stack->sess->caclulate_mac_proc( stack, record_type, data, recLen, mac );
}
DEBUG_TRACE1("ssl_record_layer_decoder - caclulate_mac_proc result: %d\n", rc);
if( rc == DSSL_RC_OK )
{
DEBUG_TRACE1("ssl_record_layer_decoder - caclulate_mac_proc memcmp size(i.e. EVP_MD_size(stack->md)): %d\n", EVP_MD_size(stack->md));
DEBUG_TRACE0("ssl_record_layer_decoder - mac vs. rec_mac:\n");
if (IsDebugEnabled())
{
for (i=0; i < EVP_MD_size(stack->md); i++)
{
DEBUG_TRACE2("0x%02X vs. 0x%02X\n", mac[i], rec_mac[i]);
}
}
rc = memcmp( mac, rec_mac, EVP_MD_size(stack->md) ) == 0 ? DSSL_RC_OK : NM_ERROR( DSSL_E_SSL_INVALID_MAC );
}
}
if( rc == DSSL_RC_OK && stack->compression_method != 0 )
{
rc = ssl_decompress_record( stack, data, recLen, &data, &recLen, &decompress_buffer_aquired );
DEBUG_TRACE1("ssl_record_layer_decoder - ssl_decompress_record call ended. rc: %d\n", rc);
}
if( rc == DSSL_RC_OK )
{
DEBUG_TRACE1("ssl_record_layer_decoder - record_type: %d\n", record_type);
switch( record_type )
{
case SSL3_RT_HANDSHAKE:
DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_HANDSHAKE\n");
next_decoder = &stack->dhandshake;
break;
case SSL3_RT_CHANGE_CIPHER_SPEC:
DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_CHANGE_CIPHER_SPEC\n");
next_decoder = &stack->dcss;
break;
case SSL3_RT_APPLICATION_DATA:
DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_APPLICATION_DATA\n");
next_decoder = &stack->dappdata;
break;
case SSL3_RT_ALERT:
DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_ALERT\n");
next_decoder = &stack->dalert;
break;
default:
DEBUG_TRACE0("ssl_record_layer_decoder - record_type not found\n");
rc = NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR );
}
}
if( rc == DSSL_RC_OK )
{
_ASSERT( next_decoder != NULL );
DEBUG_TRACE1("ssl_record_layer_decoder - calling dssl_decoder_process. handler is: %x\n", next_decoder->handler);
// Fix - for TLS 1.1 continue
if (data2 == NULL)
rc = dssl_decoder_process( next_decoder, dir, data, recLen );
else
rc = dssl_decoder_process( next_decoder, dir, data2, recLen2 );
DEBUG_TRACE1("ssl_record_layer_decoder - dssl_decoder_process ret: %d\n", rc);
}
if( rc == DSSL_RC_OK )
{
*processed = totalRecLen + SSL3_HEADER_LEN;
}
if( decrypt_buffer_aquired )
{
ssls_release_decrypt_buffer( stack->sess );
}
if( decompress_buffer_aquired )
{
ssls_release_decompress_buffer( stack->sess );
}
#ifdef NM_TRACE_SSL_RECORD
DEBUG_TRACE1( "\n} rc: %d\n", (int) rc);
#endif
if( stack->state == SS_SeenCloseNotify )
{
stack->sess->flags |= SSF_CLOSE_NOTIFY_RECEIVED;
} else if ( stack->state == SS_FatalAlert )
{
stack->sess->flags |= SSF_FATAL_ALERT_RECEIVED;
}
DEBUG_TRACE1("ssl_record_layer_decoder - end. rc = %d\n", rc);
return rc;
}
static int ssl3_decode_client_hello( DSSL_Session* sess, u_char* data, uint32_t len )
{
u_char* org_data = data;
int t_len = 0;
/* record the handshake start time */
sess->handshake_start = sess->last_packet->pcap_header.ts;
if( data[0] != 3 || data[1] > 3) return NM_ERROR( DSSL_E_SSL_UNKNOWN_VERSION );
/* 2 bytes client version */
sess->client_version = MAKE_UINT16( data[0], data[1] );
ssls_set_session_version( sess, MAKE_UINT16( data[0], data[1] ) );
data+= 2;
/* make sure */
if( data + 32 > org_data + len ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
/* 32 bytes ClientRandom */
memcpy( sess->client_random, data, 32 );
data+= 32;
DEBUG_TRACE_BUF("client_random", sess->client_random, 32);
/* check session ID length */
if( data[0] > 32 ) return NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR );
if( data[0] > 0 )
{
/* Session ID set */
if( data + data[0] > org_data + len )
return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
memcpy( sess->session_id, data+1, data[0] );
sess->flags |= SSF_CLIENT_SESSION_ID_SET;
data += data[0] + 1;
}
else
{
/* no Session ID */
sess->flags &= ~SSF_CLIENT_SESSION_ID_SET;
++data;
}
/* Cypher Suites */
if(data + 1 >= org_data + len) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
t_len = MAKE_UINT16(data[0], data[1]) + 2; /* cypher suites + cypher sute length size */
data += t_len; /* skip cypher suites */
/* Compression Method */
if(data >= org_data + len) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
if(data + data[0] + 1 > org_data + len) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
t_len = data[0] + 1;
data += t_len; /* skip compression methods */
/* Extensions */
/* clear all previous extension fields */
ssls_free_extension_data(sess);
if(data >= org_data + len) return DSSL_RC_OK;
if(data + 2 > org_data + len) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
t_len = MAKE_UINT16(data[0], data[1]);
data += 2; /* positon at the beginning of the first extension record, if any*/
while(t_len >= 4)
{
int ext_type = MAKE_UINT16(data[0], data[1]); /* extension type */
int ext_len = MAKE_UINT16(data[2], data[3]);
#ifdef NM_TRACE_SSL_HANDSHAKE
DEBUG_TRACE2( "\nSSL extension: %s len: %d", SSL3_ExtensionTypeToString( ext_type ), ext_len );
#endif
/* TLS Session Ticket */
if( ext_type == 0x0023)
{
/* non empty ticket passed, store it */
if(ext_len > 0)
{
sess->flags |= SSF_TLS_SESSION_TICKET_SET;
sess->session_ticket = (u_char*) malloc(ext_len);
if(sess->session_ticket == NULL) return NM_ERROR(DSSL_E_OUT_OF_MEMORY);
memcpy(sess->session_ticket, data+4, ext_len);
sess->session_ticket_len = ext_len;
}
}
data += ext_len + 4;
if(data > org_data + len) return NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH);
t_len -= ext_len + 4;
}
return DSSL_RC_OK;
}
/* ========== Handshake decoding function ========== */
int ssl3_decode_handshake_record( dssl_decoder_stack* stack, NM_PacketDir dir,
u_char* data, uint32_t len, uint32_t* processed )
{
int rc = DSSL_E_UNSPECIFIED_ERROR;
uint32_t recLen = 0;
u_char hs_type = 0;
u_char* org_data = data;
DSSL_Session* sess = stack->sess;
_ASSERT( processed != NULL );
_ASSERT((sess->flags & SSF_SSLV2_CHALLENGE) == 0);
if( sess->version == 0 )
{
return ssl_decode_first_client_hello( sess, data, len, processed );
}
if( len < SSL3_HANDSHAKE_HEADER_LEN ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
DEBUG_TRACE_BUF("handshake", data, len);
recLen = (((int32_t)data[1]) << 16) | (((int32_t)data[2]) << 8) | data[3];
hs_type = data[0];
data += SSL3_HANDSHAKE_HEADER_LEN;
len -= SSL3_HANDSHAKE_HEADER_LEN;
if( len < recLen )return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
#ifdef NM_TRACE_SSL_HANDSHAKE
DEBUG_TRACE2( "===>Decoding SSL v3 handshake: %s len: %d...", SSL3_HandshakeTypeToString( hs_type ), (int) recLen );
#endif
switch( hs_type )
{
case SSL3_MT_HELLO_REQUEST:
rc = ssl3_decode_dummy( sess, data, recLen );
break;
case SSL3_MT_CLIENT_HELLO:
rc = ssl3_decode_client_hello( sess, data, recLen );
break;
case SSL3_MT_SERVER_HELLO:
stack->state = SS_SeenServerHello;
rc = ssl3_decode_server_hello( sess, data, recLen );
break;
case SSL3_MT_CERTIFICATE:
if( dir == ePacketDirFromServer )
{
rc = ssl3_decode_server_certificate( sess, data, recLen );
}
else
{
rc = ssl3_decode_dummy( sess, data, recLen );
}
break;
case SSL3_MT_SERVER_DONE:
rc = ssl3_decode_dummy( sess, data, recLen );
break;
case SSL3_MT_CLIENT_KEY_EXCHANGE:
rc = ssl3_decode_client_key_exchange( sess, data, recLen );
break;
case SSL3_MT_FINISHED:
rc = (*sess->decode_finished_proc)( sess, dir, data, recLen );
if( rc == DSSL_RC_OK ) {
stack->state = SS_Established;
ssls_handshake_done( sess );
}
break;
case SSL3_MT_CERTIFICATE_STATUS:
rc = ssl3_decode_dummy( sess, data, recLen );
break;
case SSL3_MT_SERVER_KEY_EXCHANGE:
/*at this point it is clear that the session is not decryptable due to ephemeral keys usage.*/
rc = NM_ERROR( DSSL_E_SSL_CANNOT_DECRYPT_EPHEMERAL );
break;
case SSL3_MT_CERTIFICATE_REQUEST:
/* TODO: track CertificateRequest- client certificate / certificate verify */
rc = ssl3_decode_dummy( sess, data, recLen );
break;
case SSL3_MT_CERTIFICATE_VERIFY:
/* TODO: track CertificateRequest- client certificate / certificate verify */
rc = ssl3_decode_dummy( sess, data, recLen );
break;
case SSL3_MT_NEWSESSION_TICKET:
rc = ssl3_decode_new_session_ticket( sess, data, recLen );
break;
default:
rc = NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR );
break;
}
if( rc == DSSL_RC_OK )
{
*processed = recLen + SSL3_HANDSHAKE_HEADER_LEN;
if( hs_type == SSL3_MT_CLIENT_HELLO )
{
ssl3_init_handshake_digests( sess );
}
if( hs_type != SSL3_MT_HELLO_REQUEST )
{
ssl3_update_handshake_digests( sess, org_data, *processed );
}
}
#ifdef NM_TRACE_SSL_HANDSHAKE
if( rc == DSSL_RC_OK )
{
DEBUG_TRACE0( "OK\n" );
}
else
{
DEBUG_TRACE1( "Error! (%d)\n", (int)rc );
}
#endif
return rc;
}
static int ssl3_decode_server_hello( DSSL_Session* sess, u_char* data, uint32_t len )
{
uint16_t server_version = 0;
u_char* org_data = data;
uint16_t session_id_len = 0;
int session_id_match = 0;
if( data[0] != 3 || data[1] > 3) return NM_ERROR( DSSL_E_SSL_UNKNOWN_VERSION );
if( len < SSL3_SERVER_HELLO_MIN_LEN ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
/* Server Version */
server_version = MAKE_UINT16( data[0], data[1] );
if( sess->version == 0 || server_version < sess->version )
{
ssls_set_session_version( sess, server_version );
}
data+= 2;
/* ServerRandom */
_ASSERT_STATIC( sizeof(sess->server_random) == 32 );
memcpy( sess->server_random, data, sizeof( sess->server_random ) );
data+= 32;
DEBUG_TRACE_BUF("server_random", sess->server_random, 32);
/* session ID */
_ASSERT_STATIC( sizeof(sess->session_id) == 32 );
session_id_len = data[0];
data++;
if( session_id_len > 0 )
{
if ( session_id_len > 32 ) return NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR );
if( !IS_ENOUGH_LENGTH( org_data, len, data, session_id_len ) )
{
return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
}
if( sess->flags & SSF_CLIENT_SESSION_ID_SET
&& memcmp( sess->session_id, data, session_id_len ) == 0 )
{
session_id_match = 1;
}
else
{
sess->flags &= ~SSF_CLIENT_SESSION_ID_SET;
memcpy( sess->session_id, data, session_id_len );
}
data += session_id_len;
}
/* Cipher Suite and Compression */
if( !IS_ENOUGH_LENGTH( org_data, len, data, 3 ) )
{
return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
}
sess->cipher_suite = MAKE_UINT16( data[0], data[1] );
sess->compression_method = data[2];
data += 3;
sess->flags &= ~SSF_TLS_SERVER_SESSION_TICKET; /* clear server side TLS Session Ticket flag */
/* Process SSL Extensions, if present */
if(IS_ENOUGH_LENGTH( org_data, len, data, 2 ))
{
int t_len = MAKE_UINT16(data[0], data[1]);
data += 2;
if(!IS_ENOUGH_LENGTH( org_data, len, data, t_len))
return NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH);
/* cycle through extension records */
while(t_len >= 4)
{
int ext_type = MAKE_UINT16(data[0], data[1]); /* extension type */
int ext_len = MAKE_UINT16(data[2], data[3]);
#ifdef NM_TRACE_SSL_HANDSHAKE
DEBUG_TRACE2( "\nSSL extension: %s len: %d", SSL3_ExtensionTypeToString( ext_type ), ext_len );
#endif
/* TLS Session Ticket extension found, set the flag */
if( ext_type == 0x0023)
{
sess->flags |= SSF_TLS_SERVER_SESSION_TICKET;
}
data += ext_len + 4;
if(data > org_data + len) return NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH);
t_len -= ext_len + 4;
}
}
if( session_id_match )
{
if( sess->flags & SSF_TLS_SESSION_TICKET_SET)
{
int rc = ssls_init_from_tls_ticket( sess );
if( NM_IS_FAILED( rc ) )
return rc;
}
else
{
/* lookup session from the cache for stateful SSL renegotiation */
int rc = ssls_lookup_session( sess );
if( NM_IS_FAILED( rc ) )
return rc;
}
}
if( sess->flags & SSF_CLIENT_SESSION_ID_SET )
{
int rc = ssls_generate_keys( sess );
if( NM_IS_FAILED( rc ) ) return rc;
}
return DSSL_RC_OK;
}
