X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5dd5f9ec28f304ca377c42fd7f711d6cf12b90e1..5c19dc3ae3bd8e40a9c028b0deddd50ff337692c:/Security/libsecurity_ssl/lib/tlsCallbacks.c diff --git a/Security/libsecurity_ssl/lib/tlsCallbacks.c b/Security/libsecurity_ssl/lib/tlsCallbacks.c deleted file mode 100644 index a8c09103..00000000 --- a/Security/libsecurity_ssl/lib/tlsCallbacks.c +++ /dev/null @@ -1,231 +0,0 @@ -/* - * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - - -#include -#include "tlsCallbacks.h" -#include "sslContext.h" -#include "sslCrypto.h" -#include "sslDebug.h" -#include "appleSession.h" -#include -#include -#include "utilities/SecCFRelease.h" - - -static -int tls_handshake_write_callback(tls_handshake_ctx_t ctx, const SSLBuffer data, uint8_t content_type) -{ - SSLContext *myCtx = (SSLContext *)ctx; - sslDebugLog("%p (rec.len=%zd, ct=%d, d[0]=%d)\n", myCtx, data.length, content_type, data.data[0]); - - SSLRecord rec; - - rec.contents=data; - rec.contentType=content_type; - - return myCtx->recFuncs->write(myCtx->recCtx,rec); -} - - -static int -tls_handshake_message_callback(tls_handshake_ctx_t ctx, tls_handshake_message_t event) -{ - SSLContext *myCtx = (SSLContext *)ctx; - const tls_buffer *npn_data; - - sslDebugLog("%p, message = %d\n", ctx, event); - - switch(event) { - case tls_handshake_message_certificate_request: - assert(myCtx->protocolSide == kSSLClientSide); - // Need to call this here, in case SetCertificate was already called. - myCtx->clientCertState = kSSLClientCertRequested; - myCtx->clientAuthTypes = tls_handshake_get_peer_acceptable_client_auth_type(myCtx->hdsk, &myCtx->numAuthTypes); - SSLUpdateNegotiatedClientAuthType(myCtx); - if (myCtx->breakOnCertRequest && (myCtx->localCert==NULL)) - { - myCtx->signalCertRequest = true; - return errSSLClientCertRequested; - } - break; - case tls_handshake_message_client_hello: - myCtx->peerSigAlgs = tls_handshake_get_peer_signature_algorithms(myCtx->hdsk, &myCtx->numPeerSigAlgs); - break; - case tls_handshake_message_server_hello: - npn_data = tls_handshake_get_peer_npn_data(myCtx->hdsk); - if(npn_data) - myCtx->npnFunc(myCtx, myCtx->npnFuncInfo, npn_data->data, npn_data->length); - myCtx->peerSigAlgs = tls_handshake_get_peer_signature_algorithms(myCtx->hdsk, &myCtx->numPeerSigAlgs); - break; - case tls_handshake_message_certificate: - return tls_verify_peer_cert(myCtx); - case tls_handshake_message_NPN_encrypted_extension: - npn_data = tls_handshake_get_peer_npn_data(myCtx->hdsk); - if(npn_data) - myCtx->npnFunc(myCtx, myCtx->npnFuncInfo, npn_data->data, npn_data->length); - break; - default: - break; - } - - return 0; -} - -static void -tls_handshake_ready_callback(tls_handshake_ctx_t ctx, bool write, bool ready) -{ - SSLContext *myCtx = (SSLContext *)ctx; - - sslDebugLog("%p %s ready=%d\n", myCtx, write?"write":"read", ready); - - if(write) { - myCtx->writeCipher_ready=ready?1:0; - } else { - myCtx->readCipher_ready=ready?1:0; - if(ready) { - SSLChangeHdskState(myCtx, SSL_HdskStateReady); - } else { - SSLChangeHdskState(myCtx, SSL_HdskStatePending); - } - } -} - -static int -tls_handshake_set_retransmit_timer_callback(tls_handshake_ctx_t ctx, int attempt) -{ - SSLContext *myCtx = (SSLContext *)ctx; - - sslDebugLog("%p attempt=%d\n", ctx, attempt); - - if(attempt) { - myCtx->timeout_deadline = CFAbsoluteTimeGetCurrent()+((1<<(attempt-1))*myCtx->timeout_duration); - } else { - myCtx->timeout_deadline = 0; // cancel the timeout - } - return 0; -} - -static int -tls_handshake_init_pending_cipher_callback(tls_handshake_ctx_t ctx, - uint16_t selectedCipher, - bool server, - SSLBuffer key) -{ - sslDebugLog("%p, cipher=%04x, server=%d\n", ctx, selectedCipher, server); - SSLContext *myCtx = (SSLContext *)ctx; - return myCtx->recFuncs->initPendingCiphers(myCtx->recCtx, selectedCipher, server, key); -} - -static int -tls_handshake_advance_write_callback(tls_handshake_ctx_t ctx) -{ - SSLContext *myCtx = (SSLContext *)ctx; - sslDebugLog("%p\n", myCtx); - //FIXME: need to filter on cipher too - require missing coretls ciphersuite header */ - bool split = (myCtx->oneByteRecordEnable && (myCtx->negProtocolVersion<=TLS_Version_1_0)); - myCtx->recFuncs->setOption(myCtx->recCtx, kSSLRecordOptionSendOneByteRecord, split); - return myCtx->recFuncs->advanceWriteCipher(myCtx->recCtx); -} - -static -int tls_handshake_rollback_write_callback(tls_handshake_ctx_t ctx) -{ - SSLContext *myCtx = (SSLContext *)ctx; - sslDebugLog("%p\n", myCtx); - return myCtx->recFuncs->rollbackWriteCipher(myCtx->recCtx); -} - -static -int tls_handshake_advance_read_cipher_callback(tls_handshake_ctx_t ctx) -{ - SSLContext *myCtx = (SSLContext *)ctx; - sslDebugLog("%p\n", myCtx); - return myCtx->recFuncs->advanceReadCipher(myCtx->recCtx); -} - -static -int tls_handshake_set_protocol_version_callback(tls_handshake_ctx_t ctx, - tls_protocol_version protocolVersion) -{ - SSLContext *myCtx = (SSLContext *)ctx; - //printf("%s: %p, pv=%04x\n", __FUNCTION__, ctx, protocolVersion); - myCtx->negProtocolVersion = protocolVersion; - return myCtx->recFuncs->setProtocolVersion(myCtx->recCtx, protocolVersion); -} - -static int -tls_handshake_save_session_data_callback(tls_handshake_ctx_t ctx, SSLBuffer sessionKey, SSLBuffer sessionData) -{ - sslDebugLog("%s: %p, key len=%zd, k[0]=%02x, data len=%zd\n", __FUNCTION__, (SSLContext *)ctx, sessionKey.length, sessionKey.data[0], sessionData.length); - return sslAddSession(sessionKey, sessionData, 0); -} - -static int -tls_handshake_load_session_data_callback(tls_handshake_ctx_t ctx, SSLBuffer sessionKey, SSLBuffer *sessionData) -{ - SSLContext *myCtx = (SSLContext *)ctx; - int err; - - SSLFreeBuffer(&myCtx->resumableSession); - err = sslCopySession(sessionKey, &myCtx->resumableSession); - - sslDebugLog("%p, key len=%zd, data len=%zd, err=%d\n", ctx, sessionKey.length, sessionData->length, err); - - *sessionData = myCtx->resumableSession; - - return err; -} - -static int -tls_handshake_delete_session_data_callback(tls_handshake_ctx_t ctx, SSLBuffer sessionKey) -{ - sslDebugLog("%p, key len=%zd k[0]=%02x\n", ctx, sessionKey.length, sessionKey.data[0]); - return sslDeleteSession(sessionKey); -} - -static int -tls_handshake_delete_all_sessions_callback(tls_handshake_ctx_t ctx) -{ - sslDebugLog("%p\n", ctx); - - return sslCleanupSession(); -} - -tls_handshake_callbacks_t tls_handshake_callbacks = { - .write = tls_handshake_write_callback, - .message = tls_handshake_message_callback, - .ready = tls_handshake_ready_callback, - .set_retransmit_timer = tls_handshake_set_retransmit_timer_callback, - .save_session_data = tls_handshake_save_session_data_callback, - .load_session_data = tls_handshake_load_session_data_callback, - .delete_session_data = tls_handshake_delete_session_data_callback, - .delete_all_sessions = tls_handshake_delete_all_sessions_callback, - .init_pending_cipher = tls_handshake_init_pending_cipher_callback, - .advance_write_cipher = tls_handshake_advance_write_callback, - .rollback_write_cipher = tls_handshake_rollback_write_callback, - .advance_read_cipher = tls_handshake_advance_read_cipher_callback, - .set_protocol_version = tls_handshake_set_protocol_version_callback, -}; - -