Crypt-MatrixSSL
view release on metacpan or search on metacpan
matrixssl-1-8-6-open/src/matrixSsl.c view on Meta::CPAN
return (ssl->hsState == SSL_HS_DONE) ? 1 : 0;
}
#ifdef USE_CLIENT_SIDE_SSL
/******************************************************************************/
/*
Set a custom callback to receive the certificate being presented to the
session to perform custom authentication if needed
*/
void matrixSslSetCertValidator(ssl_t *ssl,
int32 (*certValidator)(sslCertInfo_t *t, void *arg), void *arg)
{
if (certValidator) {
ssl->sec.validateCert = certValidator;
ssl->sec.validateCertArg = arg;
}
}
#else /* Public API, so should always be linkable */
void matrixSslSetCertValidator(ssl_t *ssl,
int32 (*certValidator)(sslCertInfo_t *t, void *arg), void *arg)
{
matrixStrDebugMsg("matrixSslSetCertValidator is not available\n", NULL);
matrixStrDebugMsg("Library not built for cert validation support\n", NULL);
}
#endif /* USE_CLIENT_SIDE_SSL */
/******************************************************************************/
/*
Initialize the SHA1 and MD5 hash contexts for the handshake messages
*/
int32 sslInitHSHash(ssl_t *ssl)
{
matrixSha1Init(&ssl->sec.msgHashSha1);
matrixMd5Init(&ssl->sec.msgHashMd5);
return 0;
}
/******************************************************************************/
/*
Add the given data to the running hash of the handshake messages
*/
int32 sslUpdateHSHash(ssl_t *ssl, unsigned char *in, int32 len)
{
matrixMd5Update(&ssl->sec.msgHashMd5, in, len);
matrixSha1Update(&ssl->sec.msgHashSha1, in, len);
return 0;
}
/******************************************************************************/
/*
Snapshot is called by the receiver of the finished message to produce
a hash of the preceeding handshake messages for comparison to incoming
message.
*/
int32 sslSnapshotHSHash(ssl_t *ssl, unsigned char *out, int32 senderFlag)
{
sslMd5Context_t md5;
sslSha1Context_t sha1;
/*
Use a backup of the message hash-to-date because we don't want
to destroy the state of the handshaking until truly complete
*/
md5 = ssl->sec.msgHashMd5;
sha1 = ssl->sec.msgHashSha1;
return sslGenerateFinishedHash(&md5, &sha1, ssl->sec.masterSecret,
out, senderFlag);
}
/******************************************************************************/
/*
Cipher suites are chosen before they are activated with the
ChangeCipherSuite message. Additionally, the read and write cipher suites
are activated at different times in the handshake process. The following
APIs activate the selected cipher suite callback functions.
*/
int32 sslActivateReadCipher(ssl_t *ssl)
{
ssl->decrypt = ssl->cipher->decrypt;
ssl->verifyMac = ssl->cipher->verifyMac;
ssl->deMacSize = ssl->cipher->macSize;
ssl->deBlockSize = ssl->cipher->blockSize;
ssl->deIvSize = ssl->cipher->ivSize;
/*
Reset the expected incoming sequence number for the new suite
*/
memset(ssl->sec.remSeq, 0x0, sizeof(ssl->sec.remSeq));
if (ssl->cipher->id != SSL_NULL_WITH_NULL_NULL) {
ssl->flags |= SSL_FLAGS_READ_SECURE;
/*
Copy the newly activated read keys into the live buffers
*/
memcpy(ssl->sec.readMAC, ssl->sec.rMACptr, ssl->cipher->macSize);
memcpy(ssl->sec.readKey, ssl->sec.rKeyptr, ssl->cipher->keySize);
memcpy(ssl->sec.readIV, ssl->sec.rIVptr, ssl->cipher->ivSize);
/*
set up decrypt contexts
*/
if (ssl->cipher->init(&(ssl->sec), INIT_DECRYPT_CIPHER) < 0) {
matrixStrDebugMsg("Unable to initialize read cipher suite\n", NULL);
return -1;
}
}
return 0;
}
int32 sslActivateWriteCipher(ssl_t *ssl)
{
ssl->encrypt = ssl->cipher->encrypt;
ssl->generateMac = ssl->cipher->generateMac;
ssl->enMacSize = ssl->cipher->macSize;
ssl->enBlockSize = ssl->cipher->blockSize;
ssl->enIvSize = ssl->cipher->ivSize;
/*
Reset the outgoing sequence number for the new suite
*/
memset(ssl->sec.seq, 0x0, sizeof(ssl->sec.seq));
if (ssl->cipher->id != SSL_NULL_WITH_NULL_NULL) {
( run in 2.474 seconds using v1.01-cache-2.11-cpan-df04353d9ac )