/* * Some browsers use a hybrid SSLv2 "client hello" */ int process_sslv23_client_hello(SSL *ssl) { uint8_t *buf = ssl->bm_data; int bytes_needed = ((buf[0] & 0x7f) << 8) + buf[1]; int ret = SSL_OK; /* we have already read 3 extra bytes so far */ // int read_len = SOCKET_READ(ssl->client_fd, buf, bytes_needed-3); int read_len = pbuf_copy_partial(ssl->ssl_pbuf, buf, bytes_needed - 3, 0); int cs_len = buf[1]; int id_len = buf[3]; int ch_len = buf[5]; int i, j, offset = 8; /* start at first cipher */ int random_offset = 0; DISPLAY_BYTES(ssl, "received %d bytes", buf, read_len, read_len); add_packet(ssl, buf, read_len); /* connection has gone, so die */ if (bytes_needed < 0) { return SSL_ERROR_CONN_LOST; } /* now work out what cipher suite we are going to use */ for (j = 0; j < NUM_PROTOCOLS; j++) { for (i = 0; i < cs_len; i += 3) { if (ssl_prot_prefs[j] == buf[offset + i]) { ssl->cipher = ssl_prot_prefs[j]; goto server_hello; } } } /* ouch! protocol is not supported */ ret = SSL_ERROR_NO_CIPHER; goto error; server_hello: /* get the session id */ offset += cs_len - 2; /* we've gone 2 bytes past the end */ #ifndef CONFIG_SSL_SKELETON_MODE ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions, ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL); #endif /* get the client random data */ offset += id_len; /* random can be anywhere between 16 and 32 bytes long - so it is padded * with 0's to the left */ if (ch_len == 0x10) { random_offset += 0x10; } memcpy(&ssl->dc->client_random[random_offset], &buf[offset], ch_len); ret = send_server_hello_sequence(ssl); error: return ret; }
/* * Process a client hello message. */ static int process_client_hello(SSL *ssl) { uint8_t *buf = ssl->bm_data; uint8_t *record_buf = ssl->hmac_header; int pkt_size = ssl->bm_index; int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE; int version = (record_buf[1] << 4) + record_buf[2]; int ret = SSL_OK; /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */ if (version < 0x31) { ret = SSL_ERROR_INVALID_VERSION; ssl_display_error(ret); goto error; } memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE); /* process the session id */ id_len = buf[offset++]; if (id_len > SSL_SESSION_ID_SIZE) { return SSL_ERROR_INVALID_SESSION; } #ifndef CONFIG_SSL_SKELETON_MODE ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions, ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL); #endif offset += id_len; cs_len = (buf[offset]<<8) + buf[offset+1]; offset += 3; /* add 1 due to all cipher suites being 8 bit */ PARANOIA_CHECK(pkt_size, offset); /* work out what cipher suite we are going to use */ for (j = 0; j < NUM_PROTOCOLS; j++) { for (i = 0; i < cs_len; i += 2) { if (ssl_prot_prefs[j] == buf[offset+i]) /* got a match? */ { ssl->cipher = ssl_prot_prefs[j]; goto do_state; } } } /* ouch! protocol is not supported */ ret = SSL_ERROR_NO_CIPHER; do_state: error: return ret; }
/* * Process a client hello message. */ static int ICACHE_FLASH_ATTR process_client_hello(SSL *ssl) { uint8_t *buf = ssl->bm_data; uint8_t *record_buf = ssl->hmac_header; int pkt_size = ssl->bm_index; int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE; int ret = SSL_OK; uint8_t version = (buf[4] << 4) + buf[5]; ssl->version = ssl->client_version = version; if (version > SSL_PROTOCOL_VERSION_MAX) { /* use client's version instead */ ssl->version = SSL_PROTOCOL_VERSION_MAX; } else if (version < SSL_PROTOCOL_MIN_VERSION) { /* old version supported? */ ret = SSL_ERROR_INVALID_VERSION; //ssl_display_error(ret); goto error; } os_memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE); /* process the session id */ id_len = buf[offset++]; if (id_len > SSL_SESSION_ID_SIZE) { return SSL_ERROR_INVALID_SESSION; } #ifndef CONFIG_SSL_SKELETON_MODE ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions, ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL); #endif offset += id_len; cs_len = (buf[offset] << 8) + buf[offset + 1]; offset += 2; /* add 1 due to all cipher suites being 8 bit */ PARANOIA_CHECK(pkt_size, offset); /* work out what cipher suite we are going to use - client defines the preference */ for (i = 0; i < cs_len; i += 2) { for (j = 0; j < NUM_PROTOCOLS; j++) { if (ssl_prot_prefs[j] == ((buf[offset + i] << 8) + buf[offset + i + 1])) { /* got a match? */ ssl->cipher = ssl_prot_prefs[j]; goto do_state; } } } /* ouch! protocol is not supported */ ret = SSL_ERROR_NO_CIPHER; do_state: error: return ret; }
/* * Process the server hello. */ static int ICACHE_FLASH_ATTR process_server_hello(SSL *ssl) { uint8_t *buf = ssl->bm_data; int pkt_size = ssl->bm_index; int num_sessions = ssl->ssl_ctx->num_sessions; uint8_t sess_id_size; int offset, ret = SSL_OK; /* check that we are talking to a TLSv1 server */ uint8_t version = (buf[4] << 4) + buf[5]; if (version > SSL_PROTOCOL_VERSION_MAX) { version = SSL_PROTOCOL_VERSION_MAX; } else if (ssl->version < SSL_PROTOCOL_MIN_VERSION) { ret = SSL_ERROR_INVALID_VERSION; //ssl_display_error(ret); goto error; } ssl->version = version; /* get the server random value */ memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE); offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */ sess_id_size = buf[offset++]; if (sess_id_size > SSL_SESSION_ID_SIZE) { ret = SSL_ERROR_INVALID_SESSION; goto error; } if (num_sessions) { ssl->session = ssl_session_update(num_sessions, ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]); memcpy(ssl->session->session_id, &buf[offset], sess_id_size); /* pad the rest with 0's */ if (sess_id_size < SSL_SESSION_ID_SIZE) { memset(&ssl->session->session_id[sess_id_size], 0, SSL_SESSION_ID_SIZE-sess_id_size); } } memcpy(ssl->session_id, &buf[offset], sess_id_size); ssl->sess_id_size = sess_id_size; offset += sess_id_size; /* get the real cipher we are using */ ssl->cipher = buf[++offset]; ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ? HS_FINISHED : HS_CERTIFICATE; offset++; // skip the compr PARANOIA_CHECK(pkt_size, offset); ssl->dc->bm_proc_index = offset+1; error: return ret; }
/* * Process a client hello message. */ static int process_client_hello(SSL *ssl) { uint8_t *buf = ssl->bm_data; int pkt_size = ssl->bm_index; int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE; int ret = SSL_OK; uint8_t version = (buf[4] << 4) + buf[5]; ssl->version = ssl->client_version = version; if (version > SSL_PROTOCOL_VERSION_MAX) { /* use client's version instead */ ssl->version = SSL_PROTOCOL_VERSION_MAX; } else if (version < SSL_PROTOCOL_MIN_VERSION) /* old version supported? */ { ret = SSL_ERROR_INVALID_VERSION; #ifdef CONFIG_SSL_DIAGNOSTICS ssl_display_error(ret); #endif goto error; } memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE); /* process the session id */ id_len = buf[offset++]; if (id_len > SSL_SESSION_ID_SIZE) { return SSL_ERROR_INVALID_SESSION; } #ifndef CONFIG_SSL_SKELETON_MODE ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions, ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL); #endif offset += id_len; cs_len = (buf[offset]<<8) + buf[offset+1]; offset += 3; /* add 1 due to all cipher suites being 8 bit */ PARANOIA_CHECK(pkt_size, offset + cs_len); /* work out what cipher suite we are going to use - client defines the preference */ for (i = 0; i < cs_len; i += 2) { for (j = 0; j < NUM_PROTOCOLS; j++) { if (ssl_prot_prefs[j] == buf[offset+i]) /* got a match? */ { ssl->cipher = ssl_prot_prefs[j]; goto do_compression; } } } /* ouch! protocol is not supported */ return SSL_ERROR_NO_CIPHER; /* completely ignore compression */ do_compression: offset += cs_len; id_len = buf[offset++]; offset += id_len; PARANOIA_CHECK(pkt_size, offset + id_len); if (offset == pkt_size) { /* no extensions */ goto error; } /* extension size */ id_len = buf[offset++] << 8; id_len += buf[offset++]; PARANOIA_CHECK(pkt_size, offset + id_len); // Check for extensions from the client - only the signature algorithm // is supported while (offset < pkt_size) { int ext = buf[offset++] << 8; ext += buf[offset++]; int ext_len = buf[offset++] << 8; ext_len += buf[offset++]; PARANOIA_CHECK(pkt_size, offset + ext_len); if (ext == SSL_EXT_SIG_ALG) { while (ext_len > 0) { uint8_t hash_alg = buf[offset++]; uint8_t sig_alg = buf[offset++]; ext_len -= 2; if (sig_alg == SIG_ALG_RSA && (hash_alg == SIG_ALG_SHA1 || hash_alg == SIG_ALG_SHA256 || hash_alg == SIG_ALG_SHA384 || hash_alg == SIG_ALG_SHA512)) { ssl->sig_algs[ssl->num_sig_algs++] = hash_alg; } } } else { offset += ext_len; } } /* default is RSA/SHA1 */ if (ssl->num_sig_algs == 0) { ssl->sig_algs[ssl->num_sig_algs++] = SIG_ALG_SHA1; } error: return ret; }