mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-10 06:25:36 +00:00
Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
This commit is contained in:
parent
ea29d152c7
commit
d16d1cb96a
|
@ -1024,6 +1024,7 @@ void ssl_set_bio( ssl_context *ssl,
|
||||||
int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
|
int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
|
||||||
int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
|
int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SRV_C)
|
||||||
/**
|
/**
|
||||||
* \brief Set the session cache callbacks (server-side only)
|
* \brief Set the session cache callbacks (server-side only)
|
||||||
* If not set, no session resuming is done.
|
* If not set, no session resuming is done.
|
||||||
|
@ -1064,7 +1065,9 @@ void ssl_set_bio( ssl_context *ssl,
|
||||||
void ssl_set_session_cache( ssl_context *ssl,
|
void ssl_set_session_cache( ssl_context *ssl,
|
||||||
int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
|
int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
|
||||||
int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
|
int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
|
||||||
|
#endif /* POLARSSL_SSL_SRV_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_CLI_C)
|
||||||
/**
|
/**
|
||||||
* \brief Request resumption of session (client-side only)
|
* \brief Request resumption of session (client-side only)
|
||||||
* Session data is copied from presented session structure.
|
* Session data is copied from presented session structure.
|
||||||
|
@ -1080,6 +1083,7 @@ void ssl_set_session_cache( ssl_context *ssl,
|
||||||
* \sa ssl_get_session()
|
* \sa ssl_get_session()
|
||||||
*/
|
*/
|
||||||
int ssl_set_session( ssl_context *ssl, const ssl_session *session );
|
int ssl_set_session( ssl_context *ssl, const ssl_session *session );
|
||||||
|
#endif /* POLARSSL_SSL_CLI_C */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set the list of allowed ciphersuites and the preference
|
* \brief Set the list of allowed ciphersuites and the preference
|
||||||
|
@ -1578,6 +1582,7 @@ const char *ssl_get_version( const ssl_context *ssl );
|
||||||
const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
|
const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
|
||||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_CLI_C)
|
||||||
/**
|
/**
|
||||||
* \brief Save session in order to resume it later (client-side only)
|
* \brief Save session in order to resume it later (client-side only)
|
||||||
* Session data is copied to presented session structure.
|
* Session data is copied to presented session structure.
|
||||||
|
@ -1595,6 +1600,7 @@ const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
|
||||||
* \sa ssl_set_session()
|
* \sa ssl_set_session()
|
||||||
*/
|
*/
|
||||||
int ssl_get_session( const ssl_context *ssl, ssl_session *session );
|
int ssl_get_session( const ssl_context *ssl, ssl_session *session );
|
||||||
|
#endif /* POLARSSL_SSL_CLI_C */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Perform the SSL handshake
|
* \brief Perform the SSL handshake
|
||||||
|
|
|
@ -599,6 +599,7 @@ int ssl_derive_keys( ssl_context *ssl )
|
||||||
/*
|
/*
|
||||||
* Finally setup the cipher contexts, IVs and MAC secrets.
|
* Finally setup the cipher contexts, IVs and MAC secrets.
|
||||||
*/
|
*/
|
||||||
|
#if defined(POLARSSL_SSL_CLI_C)
|
||||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||||
{
|
{
|
||||||
key1 = keyblk + transform->maclen * 2;
|
key1 = keyblk + transform->maclen * 2;
|
||||||
|
@ -617,6 +618,9 @@ int ssl_derive_keys( ssl_context *ssl )
|
||||||
iv_copy_len );
|
iv_copy_len );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
#endif /* POLARSSL_SSL_CLI_C */
|
||||||
|
#if defined(POLARSSL_SSL_SRV_C)
|
||||||
|
if( ssl->endpoint == SSL_IS_SERVER )
|
||||||
{
|
{
|
||||||
key1 = keyblk + transform->maclen * 2 + transform->keylen;
|
key1 = keyblk + transform->maclen * 2 + transform->keylen;
|
||||||
key2 = keyblk + transform->maclen * 2;
|
key2 = keyblk + transform->maclen * 2;
|
||||||
|
@ -633,6 +637,12 @@ int ssl_derive_keys( ssl_context *ssl )
|
||||||
memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
|
memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
|
||||||
iv_copy_len );
|
iv_copy_len );
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
#endif /* POLARSSL_SSL_SRV_C */
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
||||||
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
|
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
|
||||||
|
@ -2362,6 +2372,7 @@ int ssl_write_certificate( ssl_context *ssl )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_CLI_C)
|
||||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||||
{
|
{
|
||||||
if( ssl->client_auth == 0 )
|
if( ssl->client_auth == 0 )
|
||||||
|
@ -2389,7 +2400,9 @@ int ssl_write_certificate( ssl_context *ssl )
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_SSL_PROTO_SSL3 */
|
#endif /* POLARSSL_SSL_PROTO_SSL3 */
|
||||||
}
|
}
|
||||||
else /* SSL_IS_SERVER */
|
#endif /* POLARSSL_SSL_CLI_C */
|
||||||
|
#if defined(POLARSSL_SSL_SRV_C)
|
||||||
|
if( ssl->endpoint == SSL_IS_SERVER )
|
||||||
{
|
{
|
||||||
if( ssl_own_cert( ssl ) == NULL )
|
if( ssl_own_cert( ssl ) == NULL )
|
||||||
{
|
{
|
||||||
|
@ -2397,6 +2410,7 @@ int ssl_write_certificate( ssl_context *ssl )
|
||||||
return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED );
|
return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
SSL_DEBUG_CRT( 3, "own certificate", ssl_own_cert( ssl ) );
|
SSL_DEBUG_CRT( 3, "own certificate", ssl_own_cert( ssl ) );
|
||||||
|
|
||||||
|
@ -2472,6 +2486,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SRV_C)
|
||||||
if( ssl->endpoint == SSL_IS_SERVER &&
|
if( ssl->endpoint == SSL_IS_SERVER &&
|
||||||
( ssl->authmode == SSL_VERIFY_NONE ||
|
( ssl->authmode == SSL_VERIFY_NONE ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ) )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ) )
|
||||||
|
@ -2481,6 +2496,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if( ( ret = ssl_read_record( ssl ) ) != 0 )
|
if( ( ret = ssl_read_record( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
|
@ -2490,6 +2506,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||||
|
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SRV_C)
|
||||||
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
||||||
/*
|
/*
|
||||||
* Check if the client sent an empty certificate
|
* Check if the client sent an empty certificate
|
||||||
|
@ -2534,6 +2551,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
|
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
|
||||||
POLARSSL_SSL_PROTO_TLS1_2 */
|
POLARSSL_SSL_PROTO_TLS1_2 */
|
||||||
|
#endif /* POLARSSL_SSL_SRV_C */
|
||||||
|
|
||||||
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
|
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
|
||||||
{
|
{
|
||||||
|
@ -2612,6 +2630,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||||
* On client, make sure the server cert doesn't change during renego to
|
* On client, make sure the server cert doesn't change during renego to
|
||||||
* avoid "triple handshake" attack: https://secure-resumption.com/
|
* avoid "triple handshake" attack: https://secure-resumption.com/
|
||||||
*/
|
*/
|
||||||
|
#if defined(POLARSSL_SSL_CLI_C)
|
||||||
if( ssl->endpoint == SSL_IS_CLIENT &&
|
if( ssl->endpoint == SSL_IS_CLIENT &&
|
||||||
ssl->renegotiation == SSL_RENEGOTIATION )
|
ssl->renegotiation == SSL_RENEGOTIATION )
|
||||||
{
|
{
|
||||||
|
@ -2631,6 +2650,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
|
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* POLARSSL_SSL_CLI_C */
|
||||||
|
|
||||||
if( ssl->authmode != SSL_VERIFY_NONE )
|
if( ssl->authmode != SSL_VERIFY_NONE )
|
||||||
{
|
{
|
||||||
|
@ -3149,10 +3169,14 @@ int ssl_write_finished( ssl_context *ssl )
|
||||||
*/
|
*/
|
||||||
if( ssl->handshake->resume != 0 )
|
if( ssl->handshake->resume != 0 )
|
||||||
{
|
{
|
||||||
|
#if defined(POLARSSL_SSL_CLI_C)
|
||||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||||
ssl->state = SSL_HANDSHAKE_WRAPUP;
|
ssl->state = SSL_HANDSHAKE_WRAPUP;
|
||||||
else
|
#endif
|
||||||
|
#if defined(POLARSSL_SSL_SRV_C)
|
||||||
|
if( ssl->endpoint == SSL_IS_SERVER )
|
||||||
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
|
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
@ -3262,11 +3286,14 @@ int ssl_parse_finished( ssl_context *ssl )
|
||||||
|
|
||||||
if( ssl->handshake->resume != 0 )
|
if( ssl->handshake->resume != 0 )
|
||||||
{
|
{
|
||||||
|
#if defined(POLARSSL_SSL_CLI_C)
|
||||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||||
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
|
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_SSL_SRV_C)
|
||||||
if( ssl->endpoint == SSL_IS_SERVER )
|
if( ssl->endpoint == SSL_IS_SERVER )
|
||||||
ssl->state = SSL_HANDSHAKE_WRAPUP;
|
ssl->state = SSL_HANDSHAKE_WRAPUP;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
@ -3604,7 +3631,8 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint )
|
||||||
{
|
{
|
||||||
ssl->endpoint = endpoint;
|
ssl->endpoint = endpoint;
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
#if defined(POLARSSL_SSL_SESSION_TICKETS) && \
|
||||||
|
defined(POLARSSL_SSL_CLI_C)
|
||||||
if( endpoint == SSL_IS_CLIENT )
|
if( endpoint == SSL_IS_CLIENT )
|
||||||
ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
|
ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
|
||||||
#endif
|
#endif
|
||||||
|
@ -3651,6 +3679,7 @@ void ssl_set_bio( ssl_context *ssl,
|
||||||
ssl->p_send = p_send;
|
ssl->p_send = p_send;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_SRV_C)
|
||||||
void ssl_set_session_cache( ssl_context *ssl,
|
void ssl_set_session_cache( ssl_context *ssl,
|
||||||
int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
|
int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
|
||||||
int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache )
|
int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache )
|
||||||
|
@ -3660,7 +3689,9 @@ void ssl_set_session_cache( ssl_context *ssl,
|
||||||
ssl->f_set_cache = f_set_cache;
|
ssl->f_set_cache = f_set_cache;
|
||||||
ssl->p_set_cache = p_set_cache;
|
ssl->p_set_cache = p_set_cache;
|
||||||
}
|
}
|
||||||
|
#endif /* POLARSSL_SSL_SRV_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_CLI_C)
|
||||||
int ssl_set_session( ssl_context *ssl, const ssl_session *session )
|
int ssl_set_session( ssl_context *ssl, const ssl_session *session )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
@ -3680,6 +3711,7 @@ int ssl_set_session( ssl_context *ssl, const ssl_session *session )
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
#endif /* POLARSSL_SSL_CLI_C */
|
||||||
|
|
||||||
void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites )
|
void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites )
|
||||||
{
|
{
|
||||||
|
@ -4037,8 +4069,10 @@ int ssl_set_session_tickets( ssl_context *ssl, int use_tickets )
|
||||||
{
|
{
|
||||||
ssl->session_tickets = use_tickets;
|
ssl->session_tickets = use_tickets;
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_CLI_C)
|
||||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
#endif
|
||||||
|
|
||||||
if( ssl->f_rng == NULL )
|
if( ssl->f_rng == NULL )
|
||||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
@ -4105,6 +4139,7 @@ const x509_crt *ssl_get_peer_cert( const ssl_context *ssl )
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_CLI_C)
|
||||||
int ssl_get_session( const ssl_context *ssl, ssl_session *dst )
|
int ssl_get_session( const ssl_context *ssl, ssl_session *dst )
|
||||||
{
|
{
|
||||||
if( ssl == NULL ||
|
if( ssl == NULL ||
|
||||||
|
@ -4117,6 +4152,7 @@ int ssl_get_session( const ssl_context *ssl, ssl_session *dst )
|
||||||
|
|
||||||
return( ssl_session_copy( dst, ssl->session ) );
|
return( ssl_session_copy( dst, ssl->session ) );
|
||||||
}
|
}
|
||||||
|
#endif /* POLARSSL_SSL_CLI_C */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Perform a single step of the SSL handshake
|
* Perform a single step of the SSL handshake
|
||||||
|
@ -4129,7 +4165,6 @@ int ssl_handshake_step( ssl_context *ssl )
|
||||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||||
ret = ssl_handshake_client_step( ssl );
|
ret = ssl_handshake_client_step( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_SRV_C)
|
#if defined(POLARSSL_SSL_SRV_C)
|
||||||
if( ssl->endpoint == SSL_IS_SERVER )
|
if( ssl->endpoint == SSL_IS_SERVER )
|
||||||
ret = ssl_handshake_server_step( ssl );
|
ret = ssl_handshake_server_step( ssl );
|
||||||
|
@ -4330,6 +4365,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
|
SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_CLI_C)
|
||||||
if( ssl->endpoint == SSL_IS_CLIENT &&
|
if( ssl->endpoint == SSL_IS_CLIENT &&
|
||||||
( ssl->in_msg[0] != SSL_HS_HELLO_REQUEST ||
|
( ssl->in_msg[0] != SSL_HS_HELLO_REQUEST ||
|
||||||
ssl->in_hslen != 4 ) )
|
ssl->in_hslen != 4 ) )
|
||||||
|
@ -4337,6 +4373,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
|
SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
|
||||||
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
|
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED ||
|
if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED ||
|
||||||
( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
|
( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
|
||||||
|
|
Loading…
Reference in a new issue