mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 20:11:06 +00:00
Moved writing of client extensions to separate functions in ssl_cli.c
This commit is contained in:
parent
a54e493bc0
commit
d3edc86720
|
@ -38,19 +38,223 @@
|
||||||
#include "polarssl/sha4.h"
|
#include "polarssl/sha4.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
static void ssl_write_hostname_ext( ssl_context *ssl,
|
||||||
|
unsigned char *buf,
|
||||||
|
size_t *olen )
|
||||||
|
{
|
||||||
|
unsigned char *p = buf;
|
||||||
|
|
||||||
|
*olen = 0;
|
||||||
|
|
||||||
|
if ( ssl->hostname == NULL )
|
||||||
|
return;
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
|
||||||
|
ssl->hostname ) );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* struct {
|
||||||
|
* NameType name_type;
|
||||||
|
* select (name_type) {
|
||||||
|
* case host_name: HostName;
|
||||||
|
* } name;
|
||||||
|
* } ServerName;
|
||||||
|
*
|
||||||
|
* enum {
|
||||||
|
* host_name(0), (255)
|
||||||
|
* } NameType;
|
||||||
|
*
|
||||||
|
* opaque HostName<1..2^16-1>;
|
||||||
|
*
|
||||||
|
* struct {
|
||||||
|
* ServerName server_name_list<1..2^16-1>
|
||||||
|
* } ServerNameList;
|
||||||
|
*/
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_SERVERNAME ) & 0xFF );
|
||||||
|
|
||||||
|
*p++ = (unsigned char)( ( (ssl->hostname_len + 5) >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( (ssl->hostname_len + 5) ) & 0xFF );
|
||||||
|
|
||||||
|
*p++ = (unsigned char)( ( (ssl->hostname_len + 3) >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( (ssl->hostname_len + 3) ) & 0xFF );
|
||||||
|
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( ssl->hostname_len >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( ssl->hostname_len ) & 0xFF );
|
||||||
|
|
||||||
|
memcpy( p, ssl->hostname, ssl->hostname_len );
|
||||||
|
|
||||||
|
*olen = ssl->hostname_len + 9;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void ssl_write_renegotiation_ext( ssl_context *ssl,
|
||||||
|
unsigned char *buf,
|
||||||
|
size_t *olen )
|
||||||
|
{
|
||||||
|
unsigned char *p = buf;
|
||||||
|
|
||||||
|
*olen = 0;
|
||||||
|
|
||||||
|
if( ssl->renegotiation != SSL_RENEGOTIATION )
|
||||||
|
return;
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Secure renegotiation
|
||||||
|
*/
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
|
||||||
|
|
||||||
|
*p++ = 0x00;
|
||||||
|
*p++ = ( ssl->verify_data_len + 1 ) & 0xFF;
|
||||||
|
*p++ = ssl->verify_data_len & 0xFF;
|
||||||
|
|
||||||
|
memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
|
||||||
|
|
||||||
|
*olen = 5 + ssl->verify_data_len;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
|
||||||
|
unsigned char *buf,
|
||||||
|
size_t *olen )
|
||||||
|
{
|
||||||
|
unsigned char *p = buf;
|
||||||
|
unsigned char sig_alg_list[20];
|
||||||
|
size_t sig_alg_len = 0;
|
||||||
|
|
||||||
|
*olen = 0;
|
||||||
|
|
||||||
|
if( ssl->max_minor_ver != SSL_MINOR_VERSION_3 )
|
||||||
|
return;
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Prepare signature_algorithms extension (TLS 1.2)
|
||||||
|
*/
|
||||||
|
#if defined(POLARSSL_SHA4_C)
|
||||||
|
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512;
|
||||||
|
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
||||||
|
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA384;
|
||||||
|
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_SHA2_C)
|
||||||
|
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA256;
|
||||||
|
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
||||||
|
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA224;
|
||||||
|
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
|
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1;
|
||||||
|
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_MD5_C)
|
||||||
|
sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
|
||||||
|
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* enum {
|
||||||
|
* none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
|
||||||
|
* sha512(6), (255)
|
||||||
|
* } HashAlgorithm;
|
||||||
|
*
|
||||||
|
* enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
|
||||||
|
* SignatureAlgorithm;
|
||||||
|
*
|
||||||
|
* struct {
|
||||||
|
* HashAlgorithm hash;
|
||||||
|
* SignatureAlgorithm signature;
|
||||||
|
* } SignatureAndHashAlgorithm;
|
||||||
|
*
|
||||||
|
* SignatureAndHashAlgorithm
|
||||||
|
* supported_signature_algorithms<2..2^16-2>;
|
||||||
|
*/
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_SIG_ALG >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_SIG_ALG ) & 0xFF );
|
||||||
|
|
||||||
|
*p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( ( sig_alg_len + 2 ) ) & 0xFF );
|
||||||
|
|
||||||
|
*p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( sig_alg_len ) & 0xFF );
|
||||||
|
|
||||||
|
memcpy( p, sig_alg_list, sig_alg_len );
|
||||||
|
|
||||||
|
*olen = 6 + sig_alg_len;
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ECDH_C)
|
||||||
|
static void ssl_write_supported_elliptic_curves_ext( ssl_context *ssl,
|
||||||
|
unsigned char *buf,
|
||||||
|
size_t *olen )
|
||||||
|
{
|
||||||
|
unsigned char *p = buf;
|
||||||
|
unsigned char elliptic_curve_list[20];
|
||||||
|
size_t elliptic_curve_len = 0;
|
||||||
|
|
||||||
|
*olen = 0;
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
|
||||||
|
|
||||||
|
elliptic_curve_list[elliptic_curve_len++] = 0x00;
|
||||||
|
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP521R1;
|
||||||
|
elliptic_curve_list[elliptic_curve_len++] = 0x00;
|
||||||
|
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP384R1;
|
||||||
|
elliptic_curve_list[elliptic_curve_len++] = 0x00;
|
||||||
|
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP256R1;
|
||||||
|
elliptic_curve_list[elliptic_curve_len++] = 0x00;
|
||||||
|
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP224R1;
|
||||||
|
elliptic_curve_list[elliptic_curve_len++] = 0x00;
|
||||||
|
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP192R1;
|
||||||
|
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF );
|
||||||
|
|
||||||
|
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF );
|
||||||
|
|
||||||
|
*p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF );
|
||||||
|
|
||||||
|
memcpy( p, elliptic_curve_list, elliptic_curve_len );
|
||||||
|
|
||||||
|
*olen = 6 + elliptic_curve_len;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void ssl_write_supported_point_formats_ext( ssl_context *ssl,
|
||||||
|
unsigned char *buf,
|
||||||
|
size_t *olen )
|
||||||
|
{
|
||||||
|
unsigned char *p = buf;
|
||||||
|
|
||||||
|
*olen = 0;
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) );
|
||||||
|
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF );
|
||||||
|
|
||||||
|
*p++ = 0x00;
|
||||||
|
*p++ = 3;
|
||||||
|
|
||||||
|
*p++ = 2;
|
||||||
|
*p++ = POLARSSL_ECP_PF_COMPRESSED;
|
||||||
|
*p++ = POLARSSL_ECP_PF_UNCOMPRESSED;
|
||||||
|
|
||||||
|
*olen = 7;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static int ssl_write_client_hello( ssl_context *ssl )
|
static int ssl_write_client_hello( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t i, n, ext_len = 0;
|
size_t i, n, olen, ext_len = 0;
|
||||||
unsigned char *buf;
|
unsigned char *buf;
|
||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
time_t t;
|
time_t t;
|
||||||
unsigned char sig_alg_list[20];
|
|
||||||
size_t sig_alg_len = 0;
|
|
||||||
#if defined(POLARSSL_ECDH_C)
|
|
||||||
unsigned char elliptic_curve_list[20];
|
|
||||||
size_t elliptic_curve_len = 0;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
|
||||||
|
|
||||||
|
@ -165,66 +369,23 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
||||||
*p++ = SSL_COMPRESS_NULL;
|
*p++ = SSL_COMPRESS_NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if ( ssl->hostname != NULL )
|
// First write extensions, then the total length
|
||||||
{
|
//
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, prepping for server name extension: %s",
|
ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
ssl->hostname ) );
|
ext_len += olen;
|
||||||
|
|
||||||
ext_len += ssl->hostname_len + 9;
|
ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
}
|
ext_len += olen;
|
||||||
|
|
||||||
if( ssl->renegotiation == SSL_RENEGOTIATION )
|
ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
{
|
ext_len += olen;
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, prepping for renegotiation extension" ) );
|
|
||||||
ext_len += 5 + ssl->verify_data_len;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Prepare signature_algorithms extension (TLS 1.2)
|
|
||||||
*/
|
|
||||||
if( ssl->max_minor_ver == SSL_MINOR_VERSION_3 )
|
|
||||||
{
|
|
||||||
#if defined(POLARSSL_SHA4_C)
|
|
||||||
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512;
|
|
||||||
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
|
||||||
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA384;
|
|
||||||
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_SHA2_C)
|
|
||||||
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA256;
|
|
||||||
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
|
||||||
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA224;
|
|
||||||
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_SHA1_C)
|
|
||||||
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1;
|
|
||||||
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_MD5_C)
|
|
||||||
sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
|
|
||||||
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
|
||||||
#endif
|
|
||||||
ext_len += 6 + sig_alg_len;
|
|
||||||
}
|
|
||||||
|
|
||||||
#if defined(POLARSSL_ECDH_C)
|
#if defined(POLARSSL_ECDH_C)
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, prepping for supported elliptic curves extension" ) );
|
ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
|
ext_len += olen;
|
||||||
|
|
||||||
elliptic_curve_list[elliptic_curve_len++] = 0x00;
|
ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP521R1;
|
ext_len += olen;
|
||||||
elliptic_curve_list[elliptic_curve_len++] = 0x00;
|
|
||||||
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP384R1;
|
|
||||||
elliptic_curve_list[elliptic_curve_len++] = 0x00;
|
|
||||||
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP256R1;
|
|
||||||
elliptic_curve_list[elliptic_curve_len++] = 0x00;
|
|
||||||
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP224R1;
|
|
||||||
elliptic_curve_list[elliptic_curve_len++] = 0x00;
|
|
||||||
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP192R1;
|
|
||||||
|
|
||||||
ext_len += 6 + elliptic_curve_len;
|
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, prepping for supported point formats extension" ) );
|
|
||||||
ext_len += 7;
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
|
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
|
||||||
|
@ -232,128 +393,7 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
||||||
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
|
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
|
||||||
|
p += ext_len;
|
||||||
if ( ssl->hostname != NULL )
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* struct {
|
|
||||||
* NameType name_type;
|
|
||||||
* select (name_type) {
|
|
||||||
* case host_name: HostName;
|
|
||||||
* } name;
|
|
||||||
* } ServerName;
|
|
||||||
*
|
|
||||||
* enum {
|
|
||||||
* host_name(0), (255)
|
|
||||||
* } NameType;
|
|
||||||
*
|
|
||||||
* opaque HostName<1..2^16-1>;
|
|
||||||
*
|
|
||||||
* struct {
|
|
||||||
* ServerName server_name_list<1..2^16-1>
|
|
||||||
* } ServerNameList;
|
|
||||||
*/
|
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
|
|
||||||
ssl->hostname ) );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( TLS_EXT_SERVERNAME ) & 0xFF );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( (ssl->hostname_len + 5) >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( (ssl->hostname_len + 5) ) & 0xFF );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( (ssl->hostname_len + 3) >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( (ssl->hostname_len + 3) ) & 0xFF );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ssl->hostname_len >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ssl->hostname_len ) & 0xFF );
|
|
||||||
|
|
||||||
memcpy( p, ssl->hostname, ssl->hostname_len );
|
|
||||||
p += ssl->hostname_len;
|
|
||||||
}
|
|
||||||
|
|
||||||
if( ssl->renegotiation == SSL_RENEGOTIATION )
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* Secure renegotiation
|
|
||||||
*/
|
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, renegotiation info extension" ) );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
|
|
||||||
|
|
||||||
*p++ = 0x00;
|
|
||||||
*p++ = ( ssl->verify_data_len + 1 ) & 0xFF;
|
|
||||||
*p++ = ssl->verify_data_len & 0xFF;
|
|
||||||
|
|
||||||
memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
|
|
||||||
p += ssl->verify_data_len;
|
|
||||||
}
|
|
||||||
|
|
||||||
if( ssl->max_minor_ver == SSL_MINOR_VERSION_3 )
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* enum {
|
|
||||||
* none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
|
|
||||||
* sha512(6), (255)
|
|
||||||
* } HashAlgorithm;
|
|
||||||
*
|
|
||||||
* enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
|
|
||||||
* SignatureAlgorithm;
|
|
||||||
*
|
|
||||||
* struct {
|
|
||||||
* HashAlgorithm hash;
|
|
||||||
* SignatureAlgorithm signature;
|
|
||||||
* } SignatureAndHashAlgorithm;
|
|
||||||
*
|
|
||||||
* SignatureAndHashAlgorithm
|
|
||||||
* supported_signature_algorithms<2..2^16-2>;
|
|
||||||
*/
|
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( TLS_EXT_SIG_ALG >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( TLS_EXT_SIG_ALG ) & 0xFF );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ( sig_alg_len + 2 ) ) & 0xFF );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( sig_alg_len ) & 0xFF );
|
|
||||||
|
|
||||||
memcpy( p, sig_alg_list, sig_alg_len );
|
|
||||||
|
|
||||||
p += sig_alg_len;
|
|
||||||
}
|
|
||||||
|
|
||||||
#if defined(POLARSSL_ECDH_C)
|
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF );
|
|
||||||
|
|
||||||
memcpy( p, elliptic_curve_list, elliptic_curve_len );
|
|
||||||
|
|
||||||
p+= elliptic_curve_len;
|
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF );
|
|
||||||
|
|
||||||
*p++ = 0x00;
|
|
||||||
*p++ = 3;
|
|
||||||
|
|
||||||
*p++ = 2;
|
|
||||||
*p++ = POLARSSL_ECP_PF_COMPRESSED;
|
|
||||||
*p++ = POLARSSL_ECP_PF_UNCOMPRESSED;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
ssl->out_msglen = p - buf;
|
ssl->out_msglen = p - buf;
|
||||||
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
|
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
|
||||||
|
|
Loading…
Reference in a new issue