/* * This file is part of the openHiTLS project. * * openHiTLS is licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * * http://license.coscl.org.cn/MulanPSL2 * * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. * See the Mulan PSL v2 for more details. */ #include "securec.h" #include "hitls_build.h" #include "tls_binlog_id.h" #include "bsl_log_internal.h" #include "bsl_log.h" #include "bsl_err_internal.h" #include "bsl_bytes.h" #include "hitls.h" #include "hitls_error.h" #include "hitls_config.h" #include "tls.h" #include "hs.h" #include "hs_common.h" #include "parse_msg.h" #include "parse_common.h" #ifdef HITLS_TLS_FEATURE_INDICATOR #include "indicator.h" #endif /* HITLS_TLS_FEATURE_INDICATOR */ typedef int32_t (*CheckHsMsgTypeFunc)(TLS_Ctx *ctx, const HS_MsgType msgType); typedef struct { HS_MsgType msgType; CheckHsMsgTypeFunc checkCb; } HsMsgTypeCheck; #ifdef HITLS_TLS_PROTO_DTLS12 static int32_t CheckHelloVerifyRequestType(TLS_Ctx *ctx, const HS_MsgType msgType) { if (IS_SUPPORT_DATAGRAM(ctx->config.tlsConfig.originVersionMask) && msgType == SERVER_HELLO) { (void)HS_ChangeState(ctx, TRY_RECV_SERVER_HELLO); return HITLS_SUCCESS; } BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17022, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "Check hvr Type fail", 0, 0, 0, 0); return HITLS_MSG_HANDLE_UNEXPECTED_MESSAGE; } #endif static int32_t CheckServerHelloType(TLS_Ctx *ctx, const HS_MsgType msgType) { /* In DTLS, When client try to receive ServerHello message, it doesn't know if server enables * isSupportDtlsCookieExchange. If client receives HelloVerifyRequest message, also valid */ if (IS_SUPPORT_DATAGRAM(ctx->config.tlsConfig.originVersionMask) && msgType == HELLO_VERIFY_REQUEST) { (void)HS_ChangeState(ctx, TRY_RECV_HELLO_VERIFY_REQUEST); return HITLS_SUCCESS; } BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17331, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "CheckServerHelloType fail", 0, 0, 0, 0); return HITLS_MSG_HANDLE_UNEXPECTED_MESSAGE; } static int32_t CheckServerKeyExchangeType(TLS_Ctx *ctx, const HS_MsgType msgType) { /* When the PSK and RSA_PSK are used, whether the ServerKeyExchange message is received depends on whether the * server sends a PSK identity hint */ if (ctx->hsCtx->kxCtx->keyExchAlgo == HITLS_KEY_EXCH_PSK || ctx->hsCtx->kxCtx->keyExchAlgo == HITLS_KEY_EXCH_RSA_PSK) { if (msgType == CERTIFICATE_REQUEST) { (void)HS_ChangeState(ctx, TRY_RECV_CERTIFICATE_REQUEST); return HITLS_SUCCESS; } else if (msgType == SERVER_HELLO_DONE) { (void)HS_ChangeState(ctx, TRY_RECV_SERVER_HELLO_DONE); return HITLS_SUCCESS; } } BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17025, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "CheckServerKeyExchangeType fail", 0, 0, 0, 0); return HITLS_MSG_HANDLE_UNEXPECTED_MESSAGE; } static int32_t CheckCertificateRequestType(TLS_Ctx *ctx, const HS_MsgType msgType) { uint32_t version = HS_GetVersion(ctx); if (version == HITLS_VERSION_TLS13) { if (msgType == CERTIFICATE) { (void)HS_ChangeState(ctx, TRY_RECV_CERTIFICATE); return HITLS_SUCCESS; } } else { if (msgType == SERVER_HELLO_DONE) { (void)HS_ChangeState(ctx, TRY_RECV_SERVER_HELLO_DONE); return HITLS_SUCCESS; } } BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17026, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "Check cert reqType fail", 0, 0, 0, 0); return HITLS_MSG_HANDLE_UNEXPECTED_MESSAGE; } static const HsMsgTypeCheck g_checkHsMsgTypeList[] = { [TRY_RECV_CLIENT_HELLO] = {.msgType = CLIENT_HELLO, .checkCb = NULL}, [TRY_RECV_SERVER_HELLO] = {.msgType = SERVER_HELLO, .checkCb = CheckServerHelloType}, #ifdef HITLS_TLS_PROTO_DTLS12 [TRY_RECV_HELLO_VERIFY_REQUEST] = {.msgType = HELLO_VERIFY_REQUEST, .checkCb = CheckHelloVerifyRequestType}, #endif [TRY_RECV_ENCRYPTED_EXTENSIONS] = {.msgType = ENCRYPTED_EXTENSIONS, .checkCb = NULL}, [TRY_RECV_CERTIFICATE] = {.msgType = CERTIFICATE, .checkCb = NULL}, [TRY_RECV_SERVER_KEY_EXCHANGE] = {.msgType = SERVER_KEY_EXCHANGE, .checkCb = CheckServerKeyExchangeType}, [TRY_RECV_CERTIFICATE_REQUEST] = {.msgType = CERTIFICATE_REQUEST, .checkCb = CheckCertificateRequestType}, [TRY_RECV_SERVER_HELLO_DONE] = {.msgType = SERVER_HELLO_DONE, .checkCb = NULL}, [TRY_RECV_CLIENT_KEY_EXCHANGE] = {.msgType = CLIENT_KEY_EXCHANGE, .checkCb = NULL}, [TRY_RECV_CERTIFICATE_VERIFY] = {.msgType = CERTIFICATE_VERIFY, .checkCb = NULL}, [TRY_RECV_NEW_SESSION_TICKET] = {.msgType = NEW_SESSION_TICKET, .checkCb = NULL}, [TRY_RECV_FINISH] = {.msgType = FINISHED, .checkCb = NULL}, [TRY_RECV_KEY_UPDATE] = {.msgType = KEY_UPDATE, .checkCb = NULL}, [TRY_RECV_HELLO_REQUEST] = {.msgType = HELLO_REQUEST, .checkCb = NULL}, }; int32_t CheckHsMsgType(TLS_Ctx *ctx, HS_MsgType msgType) { if (ctx->state != CM_STATE_HANDSHAKING && ctx->state != CM_STATE_RENEGOTIATION) { return HITLS_SUCCESS; } if ((msgType == HELLO_REQUEST) && (ctx->isClient)) { /* The HelloRequest message may appear at any time during the handshake. The client should ignore this message */ return HITLS_SUCCESS; } HS_Ctx *hsCtx = ctx->hsCtx; const char *expectedMsg = NULL; if (msgType != g_checkHsMsgTypeList[hsCtx->state].msgType) { if (g_checkHsMsgTypeList[hsCtx->state].checkCb == NULL || g_checkHsMsgTypeList[hsCtx->state].checkCb(ctx, msgType) != HITLS_SUCCESS) { expectedMsg = HS_GetMsgTypeStr(g_checkHsMsgTypeList[hsCtx->state].msgType); } } if (msgType == FINISHED && HS_GetVersion(ctx) != HITLS_VERSION_TLS13 && !(ctx->state == CM_STATE_HANDSHAKING && ctx->preState == CM_STATE_TRANSPORTING)) { bool isCcsRecv = ctx->method.isRecvCCS(ctx); if (isCcsRecv != true) { BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15349, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "recv finish but haven't recv ccs", 0, 0, 0, 0); expectedMsg = HS_GetMsgTypeStr(FINISHED); } } if (expectedMsg != NULL) { BSL_LOG_BINLOG_VARLEN(BINLOG_ID16148, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "Handshake state expect %s", expectedMsg); BSL_LOG_BINLOG_VARLEN(BINLOG_ID16149, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, ", but got %s.", HS_GetMsgTypeStr(msgType)); return ParseErrorProcess(ctx, HITLS_MSG_HANDLE_UNEXPECTED_MESSAGE, 0, NULL, ALERT_UNEXPECTED_MESSAGE); } return HITLS_SUCCESS; } static int32_t CheckHsMsgLen(TLS_Ctx *ctx, HS_MsgInfo *hsMsgInfo) { int32_t ret = HITLS_SUCCESS; uint32_t hsMsgOfSpecificTypeMaxSize = HS_MaxMessageSize(ctx, hsMsgInfo->type); if (hsMsgInfo->length > hsMsgOfSpecificTypeMaxSize) { BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16161, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "(D)TLS HS msg type: %d, parsed length: %u, max length: %u.", (int)hsMsgInfo->type, hsMsgInfo->length, hsMsgOfSpecificTypeMaxSize, 0); return ParseErrorProcess(ctx, HITLS_PARSE_EXCESSIVE_MESSAGE_SIZE, 0, NULL, ALERT_ILLEGAL_PARAMETER); } uint32_t headerLen = IS_SUPPORT_DATAGRAM(ctx->config.tlsConfig.originVersionMask) ? DTLS_HS_MSG_HEADER_SIZE : HS_MSG_HEADER_SIZE; ret = HS_GrowMsgBuf(ctx, headerLen + hsMsgInfo->length, true); if (ret != HITLS_SUCCESS) { return ret; } hsMsgInfo->rawMsg = ctx->hsCtx->msgBuf; hsMsgInfo->headerAndBodyLen = headerLen + hsMsgInfo->length; return ret; } #ifdef HITLS_TLS_PROTO_DTLS12 static int32_t DtlsParseHsMsgHeader(TLS_Ctx *ctx, const uint8_t *data, uint32_t len, HS_MsgInfo *hsMsgInfo) { const char *logStr = BINGLOG_STR("parse DTLS handshake msg header failed."); if (len < DTLS_HS_MSG_HEADER_SIZE) { return ParseErrorProcess(ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15599, logStr, ALERT_DECODE_ERROR); } hsMsgInfo->type = data[0]; /* The 0 byte is the handshake message type */ if (hsMsgInfo->type >= HS_MSG_TYPE_END) { BSL_ERR_PUSH_ERROR(HITLS_PARSE_UNSUPPORT_HANDSHAKE_MSG); BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16123, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "DTLS invalid message type: %d.", hsMsgInfo->type, 0, 0, 0); ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_UNEXPECTED_MESSAGE); return HITLS_PARSE_UNSUPPORT_HANDSHAKE_MSG; } hsMsgInfo->length = BSL_ByteToUint24(&data[DTLS_HS_MSGLEN_ADDR]); hsMsgInfo->sequence = BSL_ByteToUint16(&data[DTLS_HS_MSGSEQ_ADDR]); hsMsgInfo->fragmentOffset = BSL_ByteToUint24(&data[DTLS_HS_FRAGMENT_OFFSET_ADDR]); hsMsgInfo->fragmentLength = BSL_ByteToUint24(&data[DTLS_HS_FRAGMENT_LEN_ADDR]); if (((hsMsgInfo->fragmentLength + hsMsgInfo->fragmentOffset) > hsMsgInfo->length) || ((hsMsgInfo->length != 0) && (hsMsgInfo->fragmentLength == 0))) { return ParseErrorProcess(ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15600, logStr, ALERT_DECODE_ERROR); } return CheckHsMsgLen(ctx, hsMsgInfo); } #endif /* HITLS_TLS_PROTO_DTLS12 */ #ifdef HITLS_TLS_PROTO_TLS static int32_t TlsParseHsMsgHeader(TLS_Ctx *ctx, const uint8_t *data, uint32_t len, HS_MsgInfo *hsMsgInfo) { const char *logStr = BINGLOG_STR("parse TLS handshake msg header failed."); if (len < HS_MSG_HEADER_SIZE) { return ParseErrorProcess(ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15601, logStr, ALERT_DECODE_ERROR); } hsMsgInfo->type = data[0]; if (hsMsgInfo->type >= HS_MSG_TYPE_END) { return ParseErrorProcess(ctx, HITLS_PARSE_UNSUPPORT_HANDSHAKE_MSG, BINLOG_ID16160, logStr, ALERT_UNEXPECTED_MESSAGE); } int32_t ret = CheckHsMsgType(ctx, hsMsgInfo->type); if (ret != HITLS_SUCCESS) { return ret; } hsMsgInfo->length = BSL_ByteToUint24(data + sizeof(uint8_t)); /* Parse handshake body length */ hsMsgInfo->sequence = 0; /* TLS does not have this field */ hsMsgInfo->fragmentOffset = 0; /* TLS does not have this field */ hsMsgInfo->fragmentLength = 0; /* TLS does not have this field */ return CheckHsMsgLen(ctx, hsMsgInfo); } #endif /* HITLS_TLS_PROTO_TLS */ #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12) static int32_t ParseHandShakeMsg(TLS_Ctx *ctx, const uint8_t *data, uint32_t len, HS_Msg *hsMsg) { switch (hsMsg->type) { case CLIENT_HELLO: return ParseClientHello(ctx, data, len, hsMsg); case SERVER_HELLO: return ParseServerHello(ctx, data, len, hsMsg); case HELLO_VERIFY_REQUEST: return ParseHelloVerifyRequest(ctx, data, len, hsMsg); case CERTIFICATE: return ParseCertificate(ctx, data, len, hsMsg); case SERVER_KEY_EXCHANGE: return ParseServerKeyExchange(ctx, data, len, hsMsg); case CERTIFICATE_REQUEST: return ParseCertificateRequest(ctx, data, len, hsMsg); case CLIENT_KEY_EXCHANGE: return ParseClientKeyExchange(ctx, data, len, hsMsg); case CERTIFICATE_VERIFY: return ParseCertificateVerify(ctx, data, len, hsMsg); #ifdef HITLS_TLS_FEATURE_SESSION_TICKET case NEW_SESSION_TICKET: return ParseNewSessionTicket(ctx, data, len, hsMsg); #endif /* HITLS_TLS_FEATURE_SESSION_TICKET */ case FINISHED: return ParseFinished(ctx, data, len, hsMsg); case HELLO_REQUEST: case SERVER_HELLO_DONE: if (len != 0u) { BSL_LOG_BINLOG_VARLEN(BINLOG_ID15603, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "msg %s", HS_GetMsgTypeStr(hsMsg->type)); return ParseErrorProcess(ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15611, BINGLOG_STR("length is not zero"), ALERT_ILLEGAL_PARAMETER); } return HITLS_SUCCESS; default: break; } BSL_ERR_PUSH_ERROR(HITLS_PARSE_UNSUPPORT_HANDSHAKE_MSG); BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15604, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "dtls parse handshake msg error, unsupport type[%d].", hsMsg->type, 0, 0, 0); ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_UNEXPECTED_MESSAGE); return HITLS_PARSE_UNSUPPORT_HANDSHAKE_MSG; } #endif /* HITLS_TLS_PROTO_TLS_BASIC || HITLS_TLS_PROTO_DTLS12 */ #ifdef HITLS_TLS_PROTO_TLS13 int32_t Tls13ParseHandShakeMsg(TLS_Ctx *ctx, const uint8_t *hsBodyData, uint32_t hsBodyLen, HS_Msg *hsMsg) { switch (hsMsg->type) { #ifdef HITLS_TLS_HOST_SERVER case CLIENT_HELLO: return ParseClientHello(ctx, hsBodyData, hsBodyLen, hsMsg); #endif /* HITLS_TLS_HOST_SERVER */ #ifdef HITLS_TLS_HOST_CLIENT case SERVER_HELLO: return ParseServerHello(ctx, hsBodyData, hsBodyLen, hsMsg); case ENCRYPTED_EXTENSIONS: return ParseEncryptedExtensions(ctx, hsBodyData, hsBodyLen, hsMsg); case CERTIFICATE_REQUEST: return Tls13ParseCertificateRequest(ctx, hsBodyData, hsBodyLen, hsMsg); case NEW_SESSION_TICKET: return ParseNewSessionTicket(ctx, hsBodyData, hsBodyLen, hsMsg); #endif /* HITLS_TLS_HOST_CLIENT */ case CERTIFICATE: return Tls13ParseCertificate(ctx, hsBodyData, hsBodyLen, hsMsg); case CERTIFICATE_VERIFY: return ParseCertificateVerify(ctx, hsBodyData, hsBodyLen, hsMsg); case FINISHED: return ParseFinished(ctx, hsBodyData, hsBodyLen, hsMsg); #ifdef HITLS_TLS_FEATURE_KEY_UPDATE case KEY_UPDATE: return ParseKeyUpdate(ctx, hsBodyData, hsBodyLen, hsMsg); #endif /* HITLS_TLS_FEATURE_KEY_UPDATE */ case HELLO_REQUEST: if (hsBodyLen != 0u) { return ParseErrorProcess(ctx, HITLS_PARSE_INVALID_MSG_LEN, BINLOG_ID15611, BINGLOG_STR("hello request length is not zero"), ALERT_DECODE_ERROR); } return HITLS_SUCCESS; default: break; } BSL_ERR_PUSH_ERROR(HITLS_PARSE_UNSUPPORT_HANDSHAKE_MSG); BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15605, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "recv unsupport handshake msg type[%d].", hsMsg->type, 0, 0, 0); return HITLS_PARSE_UNSUPPORT_HANDSHAKE_MSG; } #endif /* HITLS_TLS_PROTO_TLS13 */ int32_t HS_ParseMsgHeader(TLS_Ctx *ctx, const uint8_t *data, uint32_t len, HS_MsgInfo *hsMsgInfo) { if ((ctx == NULL) || (ctx->method.sendAlert == NULL) || (data == NULL) || (hsMsgInfo == NULL)) { return ParseErrorProcess(ctx, HITLS_INTERNAL_EXCEPTION, BINLOG_ID15606, BINGLOG_STR("null input parameter"), ALERT_UNKNOWN); } uint32_t version = HS_GetVersion(ctx); switch (version) { #ifdef HITLS_TLS_PROTO_TLS case HITLS_VERSION_TLS12: case HITLS_VERSION_TLS13: #ifdef HITLS_TLS_PROTO_TLCP11 case HITLS_VERSION_TLCP_DTLCP11: #if defined(HITLS_TLS_PROTO_DTLCP11) if (IS_SUPPORT_DATAGRAM(ctx->config.tlsConfig.originVersionMask)) { return DtlsParseHsMsgHeader(ctx, data, len, hsMsgInfo); } #endif #endif return TlsParseHsMsgHeader(ctx, data, len, hsMsgInfo); #endif /* HITLS_TLS_PROTO_TLS */ #ifdef HITLS_TLS_PROTO_DTLS12 case HITLS_VERSION_DTLS12: return DtlsParseHsMsgHeader(ctx, data, len, hsMsgInfo); #endif default: break; } BSL_ERR_PUSH_ERROR(HITLS_PARSE_UNSUPPORT_VERSION); BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15607, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "unsupport msg header version[0x%x].", version, 0, 0, 0); return HITLS_PARSE_UNSUPPORT_VERSION; } int32_t HS_ParseMsg(TLS_Ctx *ctx, const HS_MsgInfo *hsMsgInfo, HS_Msg *hsMsg) { if ((ctx == NULL) || (ctx->method.sendAlert == NULL) || (hsMsgInfo == NULL) || (hsMsgInfo->rawMsg == NULL) || (hsMsg == NULL)) { BSL_ERR_PUSH_ERROR(HITLS_INTERNAL_EXCEPTION); BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15608, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "the input parameter pointer is null.", 0, 0, 0, 0); return HITLS_INTERNAL_EXCEPTION; } hsMsg->type = hsMsgInfo->type; hsMsg->length = hsMsgInfo->length; hsMsg->sequence = hsMsgInfo->sequence; hsMsg->fragmentOffset = hsMsgInfo->fragmentOffset; hsMsg->fragmentLength = hsMsgInfo->fragmentLength; uint32_t version = HS_GetVersion(ctx); switch (version) { #ifdef HITLS_TLS_PROTO_TLS_BASIC case HITLS_VERSION_TLS12: #ifdef HITLS_TLS_PROTO_TLCP11 case HITLS_VERSION_TLCP_DTLCP11: #if defined(HITLS_TLS_PROTO_DTLCP11) if (IS_SUPPORT_DATAGRAM(ctx->config.tlsConfig.originVersionMask)) { return ParseHandShakeMsg(ctx, &hsMsgInfo->rawMsg[DTLS_HS_MSG_HEADER_SIZE], hsMsgInfo->length, hsMsg); } #endif #endif return ParseHandShakeMsg(ctx, &hsMsgInfo->rawMsg[HS_MSG_HEADER_SIZE], hsMsgInfo->length, hsMsg); #endif /* HITLS_TLS_PROTO_TLS_BASIC */ #ifdef HITLS_TLS_PROTO_TLS13 case HITLS_VERSION_TLS13: return Tls13ParseHandShakeMsg(ctx, &hsMsgInfo->rawMsg[HS_MSG_HEADER_SIZE], hsMsgInfo->length, hsMsg); #endif /* HITLS_TLS_PROTO_TLS13 */ #ifdef HITLS_TLS_PROTO_DTLS12 case HITLS_VERSION_DTLS12: return ParseHandShakeMsg(ctx, &hsMsgInfo->rawMsg[DTLS_HS_MSG_HEADER_SIZE], hsMsgInfo->length, hsMsg); #endif default: break; } BSL_ERR_PUSH_ERROR(HITLS_PARSE_UNSUPPORT_VERSION); BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15609, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "unsupport handshake msg version[0x%x].", version, 0, 0, 0); return HITLS_PARSE_UNSUPPORT_VERSION; } void HS_CleanMsg(HS_Msg *hsMsg) { if (hsMsg == NULL) { return; } switch (hsMsg->type) { #ifdef HITLS_TLS_HOST_SERVER case CLIENT_HELLO: return CleanClientHello(&hsMsg->body.clientHello); #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12) case CLIENT_KEY_EXCHANGE: return CleanClientKeyExchange(&hsMsg->body.clientKeyExchange); #endif /* HITLS_TLS_PROTO_TLS_BASIC || HITLS_TLS_PROTO_DTLS12 */ #endif /* HITLS_TLS_HOST_SERVER */ #ifdef HITLS_TLS_HOST_CLIENT case SERVER_HELLO: return CleanServerHello(&hsMsg->body.serverHello); case HELLO_VERIFY_REQUEST: return CleanHelloVerifyRequest(&hsMsg->body.helloVerifyReq); case CERTIFICATE_REQUEST: return CleanCertificateRequest(&hsMsg->body.certificateReq); #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12) case SERVER_KEY_EXCHANGE: return CleanServerKeyExchange(&hsMsg->body.serverKeyExchange); #endif /* HITLS_TLS_PROTO_TLS_BASIC || HITLS_TLS_PROTO_DTLS12 */ #ifdef HITLS_TLS_PROTO_TLS13 case ENCRYPTED_EXTENSIONS: return CleanEncryptedExtensions(&hsMsg->body.encryptedExtensions); #endif /* HITLS_TLS_PROTO_TLS13 */ #ifdef HITLS_TLS_FEATURE_SESSION_TICKET case NEW_SESSION_TICKET: return CleanNewSessionTicket(&hsMsg->body.newSessionTicket); #endif /* HITLS_TLS_FEATURE_SESSION_TICKET */ #endif /* HITLS_TLS_HOST_CLIENT */ case CERTIFICATE: return CleanCertificate(&hsMsg->body.certificate); case CERTIFICATE_VERIFY: return CleanCertificateVerify(&hsMsg->body.certificateVerify); case FINISHED: return CleanFinished(&hsMsg->body.finished); case KEY_UPDATE: case HELLO_REQUEST: case SERVER_HELLO_DONE: return; default: break; } BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15610, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "clean unsupport handshake msg type[%d].", hsMsg->type, 0, 0, 0); return; }