/home/anal/dolphin-emu/Externals/polarssl/library/ssl

Bug Summary

File:	Externals/polarssl/library/ssl_tls.c
Location:	line 995, column 9
Description:	Value stored to 'enc_msglen' is never read

Annotated Source Code

1	/*
2	* SSLv3/TLSv1 shared functions
3	*
4	* Copyright (C) 2006-2012, Brainspark B.V.
5	*
6	* This file is part of PolarSSL (http://www.polarssl.org)
7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8	*
9	* All rights reserved.
10	*
11	* This program is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU General Public License as published by
13	* the Free Software Foundation; either version 2 of the License, or
14	* (at your option) any later version.
15	*
16	* This program is distributed in the hope that it will be useful,
17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	* GNU General Public License for more details.
20	*
21	* You should have received a copy of the GNU General Public License along
22	* with this program; if not, write to the Free Software Foundation, Inc.,
23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24	*/
25	/*
26	* The SSL 3.0 specification was drafted by Netscape in 1996,
27	* and became an IETF standard in 1999.
28	*
29	* http://wp.netscape.com/eng/ssl3/
30	* http://www.ietf.org/rfc/rfc2246.txt
31	* http://www.ietf.org/rfc/rfc4346.txt
32	*/
33
34	#include "polarssl/config.h"
35
36	#if defined(POLARSSL_SSL_TLS_C)
37
38	#include "polarssl/aes.h"
39	#include "polarssl/arc4.h"
40	#include "polarssl/camellia.h"
41	#include "polarssl/des.h"
42	#include "polarssl/debug.h"
43	#include "polarssl/ssl.h"
44	#include "polarssl/sha2.h"
45
46	#if defined(POLARSSL_GCM_C)
47	#include "polarssl/gcm.h"
48	#endif
49
50	#include <stdlib.h>
51	#include <time.h>
52
53	#if defined _MSC_VER && !defined strcasecmp
54	#define strcasecmp _stricmp
55	#endif
56
57	#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
58	int (ssl_hw_record_init)(ssl_context ssl,
59	const unsigned char key_enc, const unsigned char key_dec,
60	const unsigned char iv_enc, const unsigned char iv_dec,
61	const unsigned char mac_enc, const unsigned char mac_dec) = NULL((void*)0);
62	int (ssl_hw_record_reset)(ssl_context ssl) = NULL((void*)0);
63	int (ssl_hw_record_write)(ssl_context ssl) = NULL((void*)0);
64	int (ssl_hw_record_read)(ssl_context ssl) = NULL((void*)0);
65	int (ssl_hw_record_finish)(ssl_context ssl) = NULL((void*)0);
66	#endif
67
68	static int ssl_rsa_decrypt( void ctx, int mode, size_t olen,
69	const unsigned char input, unsigned char output,
70	size_t output_max_len )
71	{
72	return rsa_pkcs1_decrypt( (rsa_context *) ctx, mode, olen, input, output,
73	output_max_len );
74	}
75
76	static int ssl_rsa_sign( void *ctx,
77	int (f_rng)(void , unsigned char , size_t), void p_rng,
78	int mode, int hash_id, unsigned int hashlen,
79	const unsigned char hash, unsigned char sig )
80	{
81	return rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, mode, hash_id,
82	hashlen, hash, sig );
83	}
84
85	static size_t ssl_rsa_key_len( void *ctx )
86	{
87	return ( (rsa_context *) ctx )->len;
88	}
89
90	/*
91	* Key material generation
92	*/
93	static int ssl3_prf( unsigned char secret, size_t slen, char label,
94	unsigned char *random, size_t rlen,
95	unsigned char *dstbuf, size_t dlen )
96	{
97	size_t i;
98	md5_context md5;
99	sha1_context sha1;
100	unsigned char padding[16];
101	unsigned char sha1sum[20];
102	((void)label);
103
104	/*
105	* SSLv3:
106	* block =
107	* MD5( secret + SHA1( 'A' + secret + random ) ) +
108	* MD5( secret + SHA1( 'BB' + secret + random ) ) +
109	* MD5( secret + SHA1( 'CCC' + secret + random ) ) +
110	* ...
111	*/
112	for( i = 0; i < dlen / 16; i++ )
113	{
114	memset( padding, 'A' + i, 1 + i );
115
116	sha1_starts( &sha1 );
117	sha1_update( &sha1, padding, 1 + i );
118	sha1_update( &sha1, secret, slen );
119	sha1_update( &sha1, random, rlen );
120	sha1_finish( &sha1, sha1sum );
121
122	md5_starts( &md5 );
123	md5_update( &md5, secret, slen );
124	md5_update( &md5, sha1sum, 20 );
125	md5_finish( &md5, dstbuf + i * 16 );
126	}
127
128	memset( &md5, 0, sizeof( md5 ) );
129	memset( &sha1, 0, sizeof( sha1 ) );
130
131	memset( padding, 0, sizeof( padding ) );
132	memset( sha1sum, 0, sizeof( sha1sum ) );
133
134	return( 0 );
135	}
136
137	static int tls1_prf( unsigned char secret, size_t slen, char label,
138	unsigned char *random, size_t rlen,
139	unsigned char *dstbuf, size_t dlen )
140	{
141	size_t nb, hs;
142	size_t i, j, k;
143	unsigned char S1, S2;
144	unsigned char tmp[128];
145	unsigned char h_i[20];
146
147	if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
148	return( POLARSSL_ERR_SSL_BAD_INPUT_DATA-0x7100 );
149
150	hs = ( slen + 1 ) / 2;
151	S1 = secret;
152	S2 = secret + slen - hs;
153
154	nb = strlen( label );
155	memcpy( tmp + 20, label, nb );
156	memcpy( tmp + 20 + nb, random, rlen );
157	nb += rlen;
158
159	/*
160	* First compute P_md5(secret,label+random)[0..dlen]
161	*/
162	md5_hmac( S1, hs, tmp + 20, nb, 4 + tmp );
163
164	for( i = 0; i < dlen; i += 16 )
165	{
166	md5_hmac( S1, hs, 4 + tmp, 16 + nb, h_i );
167	md5_hmac( S1, hs, 4 + tmp, 16, 4 + tmp );
168
169	k = ( i + 16 > dlen ) ? dlen % 16 : 16;
170
171	for( j = 0; j < k; j++ )
172	dstbuf[i + j] = h_i[j];
173	}
174
175	/*
176	* XOR out with P_sha1(secret,label+random)[0..dlen]
177	*/
178	sha1_hmac( S2, hs, tmp + 20, nb, tmp );
179
180	for( i = 0; i < dlen; i += 20 )
181	{
182	sha1_hmac( S2, hs, tmp, 20 + nb, h_i );
183	sha1_hmac( S2, hs, tmp, 20, tmp );
184
185	k = ( i + 20 > dlen ) ? dlen % 20 : 20;
186
187	for( j = 0; j < k; j++ )
188	dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
189	}
190
191	memset( tmp, 0, sizeof( tmp ) );
192	memset( h_i, 0, sizeof( h_i ) );
193
194	return( 0 );
195	}
196
197	static int tls_prf_sha256( unsigned char secret, size_t slen, char label,
198	unsigned char *random, size_t rlen,
199	unsigned char *dstbuf, size_t dlen )
200	{
201	size_t nb;
202	size_t i, j, k;
203	unsigned char tmp[128];
204	unsigned char h_i[32];
205
206	if( sizeof( tmp ) < 32 + strlen( label ) + rlen )
207	return( POLARSSL_ERR_SSL_BAD_INPUT_DATA-0x7100 );
208
209	nb = strlen( label );
210	memcpy( tmp + 32, label, nb );
211	memcpy( tmp + 32 + nb, random, rlen );
212	nb += rlen;
213
214	/*
215	* Compute P_<hash>(secret, label + random)[0..dlen]
216	*/
217	sha2_hmac( secret, slen, tmp + 32, nb, tmp, 0 );
218
219	for( i = 0; i < dlen; i += 32 )
220	{
221	sha2_hmac( secret, slen, tmp, 32 + nb, h_i, 0 );
222	sha2_hmac( secret, slen, tmp, 32, tmp, 0 );
223
224	k = ( i + 32 > dlen ) ? dlen % 32 : 32;
225
226	for( j = 0; j < k; j++ )
227	dstbuf[i + j] = h_i[j];
228	}
229
230	memset( tmp, 0, sizeof( tmp ) );
231	memset( h_i, 0, sizeof( h_i ) );
232
233	return( 0 );
234	}
235
236	#if defined(POLARSSL_SHA4_C)
237	static int tls_prf_sha384( unsigned char secret, size_t slen, char label,
238	unsigned char *random, size_t rlen,
239	unsigned char *dstbuf, size_t dlen )
240	{
241	size_t nb;
242	size_t i, j, k;
243	unsigned char tmp[128];
244	unsigned char h_i[48];
245
246	if( sizeof( tmp ) < 48 + strlen( label ) + rlen )
247	return( POLARSSL_ERR_SSL_BAD_INPUT_DATA-0x7100 );
248
249	nb = strlen( label );
250	memcpy( tmp + 48, label, nb );
251	memcpy( tmp + 48 + nb, random, rlen );
252	nb += rlen;
253
254	/*
255	* Compute P_<hash>(secret, label + random)[0..dlen]
256	*/
257	sha4_hmac( secret, slen, tmp + 48, nb, tmp, 1 );
258
259	for( i = 0; i < dlen; i += 48 )
260	{
261	sha4_hmac( secret, slen, tmp, 48 + nb, h_i, 1 );
262	sha4_hmac( secret, slen, tmp, 48, tmp, 1 );
263
264	k = ( i + 48 > dlen ) ? dlen % 48 : 48;
265
266	for( j = 0; j < k; j++ )
267	dstbuf[i + j] = h_i[j];
268	}
269
270	memset( tmp, 0, sizeof( tmp ) );
271	memset( h_i, 0, sizeof( h_i ) );
272
273	return( 0 );
274	}
275	#endif
276
277	static void ssl_update_checksum_start(ssl_context , unsigned char , size_t);
278	static void ssl_update_checksum_md5sha1(ssl_context , unsigned char , size_t);
279	static void ssl_update_checksum_sha256(ssl_context , unsigned char , size_t);
280
281	static void ssl_calc_verify_ssl(ssl_context ,unsigned char );
282	static void ssl_calc_verify_tls(ssl_context ,unsigned char );
283	static void ssl_calc_verify_tls_sha256(ssl_context ,unsigned char );
284
285	static void ssl_calc_finished_ssl(ssl_context ,unsigned char ,int);
286	static void ssl_calc_finished_tls(ssl_context ,unsigned char ,int);
287	static void ssl_calc_finished_tls_sha256(ssl_context ,unsigned char ,int);
288
289	#if defined(POLARSSL_SHA4_C)
290	static void ssl_update_checksum_sha384(ssl_context , unsigned char , size_t);
291	static void ssl_calc_verify_tls_sha384(ssl_context ,unsigned char );
292	static void ssl_calc_finished_tls_sha384(ssl_context ,unsigned char ,int);
293	#endif
294
295	int ssl_derive_keys( ssl_context *ssl )
296	{
297	unsigned char tmp[64];
298	unsigned char keyblk[256];
299	unsigned char *key1;
300	unsigned char *key2;
301	unsigned int iv_copy_len;
302	ssl_session *session = ssl->session_negotiate;
303	ssl_transform *transform = ssl->transform_negotiate;
304	ssl_handshake_params *handshake = ssl->handshake;
305
306	SSL_DEBUG_MSG( 2, ( "=> derive keys" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 306, debug_fmt ( "=> derive keys" ) );;
307
308	/*
309	* Set appropriate PRF function and other SSL / TLS / TLS1.2 functions
310	*/
311	if( ssl->minor_ver == SSL_MINOR_VERSION_00 )
312	{
313	handshake->tls_prf = ssl3_prf;
314	handshake->calc_verify = ssl_calc_verify_ssl;
315	handshake->calc_finished = ssl_calc_finished_ssl;
316	}
317	else if( ssl->minor_ver < SSL_MINOR_VERSION_33 )
318	{
319	handshake->tls_prf = tls1_prf;
320	handshake->calc_verify = ssl_calc_verify_tls;
321	handshake->calc_finished = ssl_calc_finished_tls;
322	}
323	#if defined(POLARSSL_SHA4_C)
324	else if( session->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA3840x9D \|\|
325	session->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA3840x9F )
326	{
327	handshake->tls_prf = tls_prf_sha384;
328	handshake->calc_verify = ssl_calc_verify_tls_sha384;
329	handshake->calc_finished = ssl_calc_finished_tls_sha384;
330	}
331	#endif
332	else
333	{
334	handshake->tls_prf = tls_prf_sha256;
335	handshake->calc_verify = ssl_calc_verify_tls_sha256;
336	handshake->calc_finished = ssl_calc_finished_tls_sha256;
337	}
338
339	/*
340	* SSLv3:
341	* master =
342	* MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) +
343	* MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) +
344	* MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) )
345	*
346	* TLSv1:
347	* master = PRF( premaster, "master secret", randbytes )[0..47]
348	*/
349	if( handshake->resume == 0 )
350	{
351	SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,debug_print_buf( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 352, "premaster secret", handshake->premaster, handshake ->pmslen );
352	handshake->pmslen )debug_print_buf( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 352, "premaster secret", handshake->premaster, handshake ->pmslen );;
353
354	handshake->tls_prf( handshake->premaster, handshake->pmslen,
355	"master secret",
356	handshake->randbytes, 64, session->master, 48 );
357
358	memset( handshake->premaster, 0, sizeof( handshake->premaster ) );
359	}
360	else
361	SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 361, debug_fmt ( "no premaster (session resumed)" ) );;
362
363	/*
364	* Swap the client and server random values.
365	*/
366	memcpy( tmp, handshake->randbytes, 64 );
367	memcpy( handshake->randbytes, tmp + 32, 32 );
368	memcpy( handshake->randbytes + 32, tmp, 32 );
369	memset( tmp, 0, sizeof( tmp ) );
370
371	/*
372	* SSLv3:
373	* key block =
374	* MD5( master + SHA1( 'A' + master + randbytes ) ) +
375	* MD5( master + SHA1( 'BB' + master + randbytes ) ) +
376	* MD5( master + SHA1( 'CCC' + master + randbytes ) ) +
377	* MD5( master + SHA1( 'DDDD' + master + randbytes ) ) +
378	* ...
379	*
380	* TLSv1:
381	* key block = PRF( master, "key expansion", randbytes )
382	*/
383	handshake->tls_prf( session->master, 48, "key expansion",
384	handshake->randbytes, 64, keyblk, 256 );
385
386	SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 387, debug_fmt ( "ciphersuite = %s", ssl_get_ciphersuite_name ( session->ciphersuite ) ) );
387	ssl_get_ciphersuite_name( session->ciphersuite ) ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 387, debug_fmt ( "ciphersuite = %s", ssl_get_ciphersuite_name ( session->ciphersuite ) ) );;
388	SSL_DEBUG_BUF( 3, "master secret", session->master, 48 )debug_print_buf( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 388, "master secret", session->master, 48 );;
389	SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 389, "random bytes", handshake->randbytes, 64 );;
390	SSL_DEBUG_BUF( 4, "key block", keyblk, 256 )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 390, "key block", keyblk, 256 );;
391
392	memset( handshake->randbytes, 0, sizeof( handshake->randbytes ) );
393
394	/*
395	* Determine the appropriate key, IV and MAC length.
396	*/
397	switch( session->ciphersuite )
398	{
399	#if defined(POLARSSL_ARC4_C)
400	case TLS_RSA_WITH_RC4_128_MD50x04:
401	transform->keylen = 16; transform->minlen = 16;
402	transform->ivlen = 0; transform->maclen = 16;
403	break;
404
405	case TLS_RSA_WITH_RC4_128_SHA0x05:
406	transform->keylen = 16; transform->minlen = 20;
407	transform->ivlen = 0; transform->maclen = 20;
408	break;
409	#endif
410
411	#if defined(POLARSSL_DES_C)
412	case TLS_RSA_WITH_3DES_EDE_CBC_SHA0x0A:
413	case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA0x16:
414	transform->keylen = 24; transform->minlen = 24;
415	transform->ivlen = 8; transform->maclen = 20;
416	break;
417	#endif
418
419	#if defined(POLARSSL_AES_C)
420	case TLS_RSA_WITH_AES_128_CBC_SHA0x2F:
421	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA0x33:
422	transform->keylen = 16; transform->minlen = 32;
423	transform->ivlen = 16; transform->maclen = 20;
424	break;
425
426	case TLS_RSA_WITH_AES_256_CBC_SHA0x35:
427	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA0x39:
428	transform->keylen = 32; transform->minlen = 32;
429	transform->ivlen = 16; transform->maclen = 20;
430	break;
431
432	#if defined(POLARSSL_SHA2_C)
433	case TLS_RSA_WITH_AES_128_CBC_SHA2560x3C:
434	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA2560x67:
435	transform->keylen = 16; transform->minlen = 32;
436	transform->ivlen = 16; transform->maclen = 32;
437	break;
438
439	case TLS_RSA_WITH_AES_256_CBC_SHA2560x3D:
440	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA2560x6B:
441	transform->keylen = 32; transform->minlen = 32;
442	transform->ivlen = 16; transform->maclen = 32;
443	break;
444	#endif
445	#if defined(POLARSSL_GCM_C)
446	case TLS_RSA_WITH_AES_128_GCM_SHA2560x9C:
447	case TLS_DHE_RSA_WITH_AES_128_GCM_SHA2560x9E:
448	transform->keylen = 16; transform->minlen = 1;
449	transform->ivlen = 12; transform->maclen = 0;
450	transform->fixed_ivlen = 4;
451	break;
452
453	case TLS_RSA_WITH_AES_256_GCM_SHA3840x9D:
454	case TLS_DHE_RSA_WITH_AES_256_GCM_SHA3840x9F:
455	transform->keylen = 32; transform->minlen = 1;
456	transform->ivlen = 12; transform->maclen = 0;
457	transform->fixed_ivlen = 4;
458	break;
459	#endif
460	#endif
461
462	#if defined(POLARSSL_CAMELLIA_C)
463	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA0x41:
464	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA0x45:
465	transform->keylen = 16; transform->minlen = 32;
466	transform->ivlen = 16; transform->maclen = 20;
467	break;
468
469	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA0x84:
470	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA0x88:
471	transform->keylen = 32; transform->minlen = 32;
472	transform->ivlen = 16; transform->maclen = 20;
473	break;
474
475	#if defined(POLARSSL_SHA2_C)
476	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBA:
477	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBE:
478	transform->keylen = 16; transform->minlen = 32;
479	transform->ivlen = 16; transform->maclen = 32;
480	break;
481
482	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC0:
483	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC4:
484	transform->keylen = 32; transform->minlen = 32;
485	transform->ivlen = 16; transform->maclen = 32;
486	break;
487	#endif
488	#endif
489
490	#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
491	#if defined(POLARSSL_CIPHER_NULL_CIPHER)
492	case TLS_RSA_WITH_NULL_MD50x01:
493	transform->keylen = 0; transform->minlen = 0;
494	transform->ivlen = 0; transform->maclen = 16;
495	break;
496
497	case TLS_RSA_WITH_NULL_SHA0x02:
498	transform->keylen = 0; transform->minlen = 0;
499	transform->ivlen = 0; transform->maclen = 20;
500	break;
501
502	case TLS_RSA_WITH_NULL_SHA2560x3B:
503	transform->keylen = 0; transform->minlen = 0;
504	transform->ivlen = 0; transform->maclen = 32;
505	break;
506	#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
507
508	#if defined(POLARSSL_DES_C)
509	case TLS_RSA_WITH_DES_CBC_SHA0x09:
510	case TLS_DHE_RSA_WITH_DES_CBC_SHA0x15:
511	transform->keylen = 8; transform->minlen = 8;
512	transform->ivlen = 8; transform->maclen = 20;
513	break;
514	#endif
515	#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
516
517	default:
518	SSL_DEBUG_MSG( 1, ( "ciphersuite %s is not available",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 519, debug_fmt ( "ciphersuite %s is not available", ssl_get_ciphersuite_name ( session->ciphersuite ) ) );
519	ssl_get_ciphersuite_name( session->ciphersuite ) ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 519, debug_fmt ( "ciphersuite %s is not available", ssl_get_ciphersuite_name ( session->ciphersuite ) ) );;
520	return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE-0x7080 );
521	}
522
523	SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 525, debug_fmt ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d" , transform->keylen, transform->minlen, transform->ivlen , transform->maclen ) );
524	transform->keylen, transform->minlen, transform->ivlen,debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 525, debug_fmt ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d" , transform->keylen, transform->minlen, transform->ivlen , transform->maclen ) );
525	transform->maclen ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 525, debug_fmt ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d" , transform->keylen, transform->minlen, transform->ivlen , transform->maclen ) );;
526
527	/*
528	* Finally setup the cipher contexts, IVs and MAC secrets.
529	*/
530	if( ssl->endpoint == SSL_IS_CLIENT0 )
531	{
532	key1 = keyblk + transform->maclen * 2;
533	key2 = keyblk + transform->maclen * 2 + transform->keylen;
534
535	memcpy( transform->mac_enc, keyblk, transform->maclen );
536	memcpy( transform->mac_dec, keyblk + transform->maclen,
537	transform->maclen );
538
539	/*
540	* This is not used in TLS v1.1.
541	*/
542	iv_copy_len = ( transform->fixed_ivlen ) ?
543	transform->fixed_ivlen : transform->ivlen;
544	memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len );
545	memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
546	iv_copy_len );
547	}
548	else
549	{
550	key1 = keyblk + transform->maclen * 2 + transform->keylen;
551	key2 = keyblk + transform->maclen * 2;
552
553	memcpy( transform->mac_dec, keyblk, transform->maclen );
554	memcpy( transform->mac_enc, keyblk + transform->maclen,
555	transform->maclen );
556
557	/*
558	* This is not used in TLS v1.1.
559	*/
560	iv_copy_len = ( transform->fixed_ivlen ) ?
561	transform->fixed_ivlen : transform->ivlen;
562	memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len );
563	memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
564	iv_copy_len );
565	}
566
567	#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
568	if( ssl_hw_record_init != NULL((void*)0))
569	{
570	int ret = 0;
571
572	SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_init()" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 572, debug_fmt ( "going for ssl_hw_record_init()" ) );;
573
574	if( ( ret = ssl_hw_record_init( ssl, key1, key2, transform->iv_enc,
575	transform->iv_dec, transform->mac_enc,
576	transform->mac_dec ) ) != 0 )
577	{
578	SSL_DEBUG_RET( 1, "ssl_hw_record_init", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 578, "ssl_hw_record_init", ret );;
579	return POLARSSL_ERR_SSL_HW_ACCEL_FAILED-0x7F80;
580	}
581	}
582	#endif
583
584	switch( session->ciphersuite )
585	{
586	#if defined(POLARSSL_ARC4_C)
587	case TLS_RSA_WITH_RC4_128_MD50x04:
588	case TLS_RSA_WITH_RC4_128_SHA0x05:
589	arc4_setup( (arc4_context *) transform->ctx_enc, key1,
590	transform->keylen );
591	arc4_setup( (arc4_context *) transform->ctx_dec, key2,
592	transform->keylen );
593	break;
594	#endif
595
596	#if defined(POLARSSL_DES_C)
597	case TLS_RSA_WITH_3DES_EDE_CBC_SHA0x0A:
598	case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA0x16:
599	des3_set3key_enc( (des3_context *) transform->ctx_enc, key1 );
600	des3_set3key_dec( (des3_context *) transform->ctx_dec, key2 );
601	break;
602	#endif
603
604	#if defined(POLARSSL_AES_C)
605	case TLS_RSA_WITH_AES_128_CBC_SHA0x2F:
606	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA0x33:
607	case TLS_RSA_WITH_AES_128_CBC_SHA2560x3C:
608	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA2560x67:
609	aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 128 );
610	aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 128 );
611	break;
612
613	case TLS_RSA_WITH_AES_256_CBC_SHA0x35:
614	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA0x39:
615	case TLS_RSA_WITH_AES_256_CBC_SHA2560x3D:
616	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA2560x6B:
617	aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 256 );
618	aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 256 );
619	break;
620
621	#if defined(POLARSSL_GCM_C)
622	case TLS_RSA_WITH_AES_128_GCM_SHA2560x9C:
623	case TLS_DHE_RSA_WITH_AES_128_GCM_SHA2560x9E:
624	gcm_init( (gcm_context *) transform->ctx_enc, key1, 128 );
625	gcm_init( (gcm_context *) transform->ctx_dec, key2, 128 );
626	break;
627
628	case TLS_RSA_WITH_AES_256_GCM_SHA3840x9D:
629	case TLS_DHE_RSA_WITH_AES_256_GCM_SHA3840x9F:
630	gcm_init( (gcm_context *) transform->ctx_enc, key1, 256 );
631	gcm_init( (gcm_context *) transform->ctx_dec, key2, 256 );
632	break;
633	#endif
634	#endif
635
636	#if defined(POLARSSL_CAMELLIA_C)
637	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA0x41:
638	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA0x45:
639	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBA:
640	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBE:
641	camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 128 );
642	camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 128 );
643	break;
644
645	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA0x84:
646	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA0x88:
647	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC0:
648	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC4:
649	camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 256 );
650	camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 256 );
651	break;
652	#endif
653
654	#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
655	#if defined(POLARSSL_CIPHER_NULL_CIPHER)
656	case TLS_RSA_WITH_NULL_MD50x01:
657	case TLS_RSA_WITH_NULL_SHA0x02:
658	case TLS_RSA_WITH_NULL_SHA2560x3B:
659	break;
660	#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
661
662	#if defined(POLARSSL_DES_C)
663	case TLS_RSA_WITH_DES_CBC_SHA0x09:
664	case TLS_DHE_RSA_WITH_DES_CBC_SHA0x15:
665	des_setkey_enc( (des_context *) transform->ctx_enc, key1 );
666	des_setkey_dec( (des_context *) transform->ctx_dec, key2 );
667	break;
668	#endif
669	#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
670
671	default:
672	return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE-0x7080 );
673	}
674
675	memset( keyblk, 0, sizeof( keyblk ) );
676
677	#if defined(POLARSSL_ZLIB_SUPPORT)
678	// Initialize compression
679	//
680	if( session->compression == SSL_COMPRESS_DEFLATE1 )
681	{
682	SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 682, debug_fmt ( "Initializing zlib states" ) );;
683
684	memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) );
685	memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) );
686
687	if( deflateInit( &transform->ctx_deflate, Z_DEFAULT_COMPRESSION ) != Z_OK \|\|
688	inflateInit( &transform->ctx_inflate ) != Z_OK )
689	{
690	SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 690, debug_fmt ( "Failed to initialize compression" ) );;
691	return( POLARSSL_ERR_SSL_COMPRESSION_FAILED-0x6F00 );
692	}
693	}
694	#endif /* POLARSSL_ZLIB_SUPPORT */
695
696	SSL_DEBUG_MSG( 2, ( "<= derive keys" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 696, debug_fmt ( "<= derive keys" ) );;
697
698	return( 0 );
699	}
700
701	void ssl_calc_verify_ssl( ssl_context *ssl, unsigned char hash[36] )
702	{
703	md5_context md5;
704	sha1_context sha1;
705	unsigned char pad_1[48];
706	unsigned char pad_2[48];
707
708	SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 708, debug_fmt ( "=> calc verify ssl" ) );;
709
710	memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
711	memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
712
713	memset( pad_1, 0x36, 48 );
714	memset( pad_2, 0x5C, 48 );
715
716	md5_update( &md5, ssl->session_negotiate->master, 48 );
717	md5_update( &md5, pad_1, 48 );
718	md5_finish( &md5, hash );
719
720	md5_starts( &md5 );
721	md5_update( &md5, ssl->session_negotiate->master, 48 );
722	md5_update( &md5, pad_2, 48 );
723	md5_update( &md5, hash, 16 );
724	md5_finish( &md5, hash );
725
726	sha1_update( &sha1, ssl->session_negotiate->master, 48 );
727	sha1_update( &sha1, pad_1, 40 );
728	sha1_finish( &sha1, hash + 16 );
729
730	sha1_starts( &sha1 );
731	sha1_update( &sha1, ssl->session_negotiate->master, 48 );
732	sha1_update( &sha1, pad_2, 40 );
733	sha1_update( &sha1, hash + 16, 20 );
734	sha1_finish( &sha1, hash + 16 );
735
736	SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 )debug_print_buf( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 736, "calculated verify result", hash, 36 );;
737	SSL_DEBUG_MSG( 2, ( "<= calc verify" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 737, debug_fmt ( "<= calc verify" ) );;
738
739	return;
740	}
741
742	void ssl_calc_verify_tls( ssl_context *ssl, unsigned char hash[36] )
743	{
744	md5_context md5;
745	sha1_context sha1;
746
747	SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 747, debug_fmt ( "=> calc verify tls" ) );;
748
749	memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
750	memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
751
752	md5_finish( &md5, hash );
753	sha1_finish( &sha1, hash + 16 );
754
755	SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 )debug_print_buf( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 755, "calculated verify result", hash, 36 );;
756	SSL_DEBUG_MSG( 2, ( "<= calc verify" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 756, debug_fmt ( "<= calc verify" ) );;
757
758	return;
759	}
760
761	void ssl_calc_verify_tls_sha256( ssl_context *ssl, unsigned char hash[32] )
762	{
763	sha2_context sha2;
764
765	SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 765, debug_fmt ( "=> calc verify sha256" ) );;
766
767	memcpy( &sha2, &ssl->handshake->fin_sha2, sizeof(sha2_context) );
768	sha2_finish( &sha2, hash );
769
770	SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 )debug_print_buf( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 770, "calculated verify result", hash, 32 );;
771	SSL_DEBUG_MSG( 2, ( "<= calc verify" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 771, debug_fmt ( "<= calc verify" ) );;
772
773	return;
774	}
775
776	#if defined(POLARSSL_SHA4_C)
777	void ssl_calc_verify_tls_sha384( ssl_context *ssl, unsigned char hash[48] )
778	{
779	sha4_context sha4;
780
781	SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 781, debug_fmt ( "=> calc verify sha384" ) );;
782
783	memcpy( &sha4, &ssl->handshake->fin_sha4, sizeof(sha4_context) );
784	sha4_finish( &sha4, hash );
785
786	SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 )debug_print_buf( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 786, "calculated verify result", hash, 48 );;
787	SSL_DEBUG_MSG( 2, ( "<= calc verify" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 787, debug_fmt ( "<= calc verify" ) );;
788
789	return;
790	}
791	#endif
792
793	/*
794	* SSLv3.0 MAC functions
795	*/
796	static void ssl_mac_md5( unsigned char *secret,
797	unsigned char *buf, size_t len,
798	unsigned char *ctr, int type )
799	{
800	unsigned char header[11];
801	unsigned char padding[48];
802	md5_context md5;
803
804	memcpy( header, ctr, 8 );
805	header[ 8] = (unsigned char) type;
806	header[ 9] = (unsigned char)( len >> 8 );
807	header[10] = (unsigned char)( len );
808
809	memset( padding, 0x36, 48 );
810	md5_starts( &md5 );
811	md5_update( &md5, secret, 16 );
812	md5_update( &md5, padding, 48 );
813	md5_update( &md5, header, 11 );
814	md5_update( &md5, buf, len );
815	md5_finish( &md5, buf + len );
816
817	memset( padding, 0x5C, 48 );
818	md5_starts( &md5 );
819	md5_update( &md5, secret, 16 );
820	md5_update( &md5, padding, 48 );
821	md5_update( &md5, buf + len, 16 );
822	md5_finish( &md5, buf + len );
823	}
824
825	static void ssl_mac_sha1( unsigned char *secret,
826	unsigned char *buf, size_t len,
827	unsigned char *ctr, int type )
828	{
829	unsigned char header[11];
830	unsigned char padding[40];
831	sha1_context sha1;
832
833	memcpy( header, ctr, 8 );
834	header[ 8] = (unsigned char) type;
835	header[ 9] = (unsigned char)( len >> 8 );
836	header[10] = (unsigned char)( len );
837
838	memset( padding, 0x36, 40 );
839	sha1_starts( &sha1 );
840	sha1_update( &sha1, secret, 20 );
841	sha1_update( &sha1, padding, 40 );
842	sha1_update( &sha1, header, 11 );
843	sha1_update( &sha1, buf, len );
844	sha1_finish( &sha1, buf + len );
845
846	memset( padding, 0x5C, 40 );
847	sha1_starts( &sha1 );
848	sha1_update( &sha1, secret, 20 );
849	sha1_update( &sha1, padding, 40 );
850	sha1_update( &sha1, buf + len, 20 );
851	sha1_finish( &sha1, buf + len );
852	}
853
854	static void ssl_mac_sha2( unsigned char *secret,
855	unsigned char *buf, size_t len,
856	unsigned char *ctr, int type )
857	{
858	unsigned char header[11];
859	unsigned char padding[32];
860	sha2_context sha2;
861
862	memcpy( header, ctr, 8 );
863	header[ 8] = (unsigned char) type;
864	header[ 9] = (unsigned char)( len >> 8 );
865	header[10] = (unsigned char)( len );
866
867	memset( padding, 0x36, 32 );
868	sha2_starts( &sha2, 0 );
869	sha2_update( &sha2, secret, 32 );
870	sha2_update( &sha2, padding, 32 );
871	sha2_update( &sha2, header, 11 );
872	sha2_update( &sha2, buf, len );
873	sha2_finish( &sha2, buf + len );
874
875	memset( padding, 0x5C, 32 );
876	sha2_starts( &sha2, 0 );
877	sha2_update( &sha2, secret, 32 );
878	sha2_update( &sha2, padding, 32 );
879	sha2_update( &sha2, buf + len, 32 );
880	sha2_finish( &sha2, buf + len );
881	}
882
883	/*
884	* Encryption/decryption functions
885	*/
886	static int ssl_encrypt_buf( ssl_context *ssl )
887	{
888	size_t i, padlen;
889
890	SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 890, debug_fmt ( "=> encrypt buf" ) );;
891
892	/*
893	* Add MAC then encrypt
894	*/
895	if( ssl->minor_ver == SSL_MINOR_VERSION_00 )
896	{
897	if( ssl->transform_out->maclen == 16 )
898	ssl_mac_md5( ssl->transform_out->mac_enc,
899	ssl->out_msg, ssl->out_msglen,
900	ssl->out_ctr, ssl->out_msgtype );
901	else if( ssl->transform_out->maclen == 20 )
902	ssl_mac_sha1( ssl->transform_out->mac_enc,
903	ssl->out_msg, ssl->out_msglen,
904	ssl->out_ctr, ssl->out_msgtype );
905	else if( ssl->transform_out->maclen == 32 )
906	ssl_mac_sha2( ssl->transform_out->mac_enc,
907	ssl->out_msg, ssl->out_msglen,
908	ssl->out_ctr, ssl->out_msgtype );
909	else if( ssl->transform_out->maclen != 0 )
910	{
911	SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 912, debug_fmt ( "invalid MAC len: %d", ssl->transform_out ->maclen ) );
912	ssl->transform_out->maclen ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 912, debug_fmt ( "invalid MAC len: %d", ssl->transform_out ->maclen ) );;
913	return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE-0x7080 );
914	}
915	}
916	else
917	{
918	if( ssl->transform_out->maclen == 16 )
919	{
920	md5_context ctx;
921	md5_hmac_starts( &ctx, ssl->transform_out->mac_enc, 16 );
922	md5_hmac_update( &ctx, ssl->out_ctr, 13 );
923	md5_hmac_update( &ctx, ssl->out_msg, ssl->out_msglen );
924	md5_hmac_finish( &ctx, ssl->out_msg + ssl->out_msglen );
925	memset( &ctx, 0, sizeof(md5_context));
926	}
927	else if( ssl->transform_out->maclen == 20 )
928	{
929	sha1_context ctx;
930	sha1_hmac_starts( &ctx, ssl->transform_out->mac_enc, 20 );
931	sha1_hmac_update( &ctx, ssl->out_ctr, 13 );
932	sha1_hmac_update( &ctx, ssl->out_msg, ssl->out_msglen );
933	sha1_hmac_finish( &ctx, ssl->out_msg + ssl->out_msglen );
934	memset( &ctx, 0, sizeof(sha1_context));
935	}
936	else if( ssl->transform_out->maclen == 32 )
937	{
938	sha2_context ctx;
939	sha2_hmac_starts( &ctx, ssl->transform_out->mac_enc, 32, 0 );
940	sha2_hmac_update( &ctx, ssl->out_ctr, 13 );
941	sha2_hmac_update( &ctx, ssl->out_msg, ssl->out_msglen );
942	sha2_hmac_finish( &ctx, ssl->out_msg + ssl->out_msglen );
943	memset( &ctx, 0, sizeof(sha2_context));
944	}
945	else if( ssl->transform_out->maclen != 0 )
946	{
947	SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 948, debug_fmt ( "invalid MAC len: %d", ssl->transform_out ->maclen ) );
948	ssl->transform_out->maclen ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 948, debug_fmt ( "invalid MAC len: %d", ssl->transform_out ->maclen ) );;
949	return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE-0x7080 );
950	}
951	}
952
953	SSL_DEBUG_BUF( 4, "computed mac",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 954, "computed mac", ssl->out_msg + ssl->out_msglen, ssl ->transform_out->maclen );
954	ssl->out_msg + ssl->out_msglen, ssl->transform_out->maclen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 954, "computed mac", ssl->out_msg + ssl->out_msglen, ssl ->transform_out->maclen );;
955
956	ssl->out_msglen += ssl->transform_out->maclen;
957
958	if( ssl->transform_out->ivlen == 0 )
959	{
960	padlen = 0;
961
962	SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 964, debug_fmt ( "before encrypt: msglen = %d, " "including %d bytes of padding" , ssl->out_msglen, 0 ) );
963	"including %d bytes of padding",debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 964, debug_fmt ( "before encrypt: msglen = %d, " "including %d bytes of padding" , ssl->out_msglen, 0 ) );
964	ssl->out_msglen, 0 ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 964, debug_fmt ( "before encrypt: msglen = %d, " "including %d bytes of padding" , ssl->out_msglen, 0 ) );;
965
966	SSL_DEBUG_BUF( 4, "before encrypt: output payload",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 967, "before encrypt: output payload", ssl->out_msg, ssl ->out_msglen );
967	ssl->out_msg, ssl->out_msglen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 967, "before encrypt: output payload", ssl->out_msg, ssl ->out_msglen );;
968
969	#if defined(POLARSSL_ARC4_C)
970	if( ssl->session_out->ciphersuite == TLS_RSA_WITH_RC4_128_MD50x04 \|\|
971	ssl->session_out->ciphersuite == TLS_RSA_WITH_RC4_128_SHA0x05 )
972	{
973	arc4_crypt( (arc4_context *) ssl->transform_out->ctx_enc,
974	ssl->out_msglen, ssl->out_msg,
975	ssl->out_msg );
976	} else
977	#endif
978	#if defined(POLARSSL_CIPHER_NULL_CIPHER)
979	if( ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_MD50x01 \|\|
980	ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_SHA0x02 \|\|
981	ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_SHA2560x3B )
982	{
983	} else
984	#endif
985	return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE-0x7080 );
986	}
987	else if( ssl->transform_out->ivlen == 12 )
988	{
989	size_t enc_msglen;
990	unsigned char *enc_msg;
991	unsigned char add_data[13];
992	int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE-0x7080;
993
994	padlen = 0;
995	enc_msglen = ssl->out_msglen;
	Value stored to 'enc_msglen' is never read
996
997	memcpy( add_data, ssl->out_ctr, 8 );
998	add_data[8] = ssl->out_msgtype;
999	add_data[9] = ssl->major_ver;
1000	add_data[10] = ssl->minor_ver;
1001	add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF;
1002	add_data[12] = ssl->out_msglen & 0xFF;
1003
1004	SSL_DEBUG_BUF( 4, "additional data used for AEAD",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1005, "additional data used for AEAD", add_data, 13 );
1005	add_data, 13 )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1005, "additional data used for AEAD", add_data, 13 );;
1006
1007	#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
1008
1009	if( ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA2560x9C \|\|
1010	ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA3840x9D \|\|
1011	ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA2560x9E \|\|
1012	ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA3840x9F )
1013	{
1014	/*
1015	* Generate IV
1016	*/
1017	ret = ssl->f_rng( ssl->p_rng,
1018	ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
1019	ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
1020	if( ret != 0 )
1021	return( ret );
1022
1023	/*
1024	* Shift message for ivlen bytes and prepend IV
1025	*/
1026	memmove( ssl->out_msg + ssl->transform_out->ivlen -
1027	ssl->transform_out->fixed_ivlen,
1028	ssl->out_msg, ssl->out_msglen );
1029	memcpy( ssl->out_msg,
1030	ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
1031	ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
1032
1033	/*
1034	* Fix pointer positions and message length with added IV
1035	*/
1036	enc_msg = ssl->out_msg + ssl->transform_out->ivlen -
1037	ssl->transform_out->fixed_ivlen;
1038	enc_msglen = ssl->out_msglen;
1039	ssl->out_msglen += ssl->transform_out->ivlen -
1040	ssl->transform_out->fixed_ivlen;
1041
1042	SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1044, debug_fmt ( "before encrypt: msglen = %d, " "including %d bytes of padding" , ssl->out_msglen, 0 ) );
1043	"including %d bytes of padding",debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1044, debug_fmt ( "before encrypt: msglen = %d, " "including %d bytes of padding" , ssl->out_msglen, 0 ) );
1044	ssl->out_msglen, 0 ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1044, debug_fmt ( "before encrypt: msglen = %d, " "including %d bytes of padding" , ssl->out_msglen, 0 ) );;
1045
1046	SSL_DEBUG_BUF( 4, "before encrypt: output payload",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1047, "before encrypt: output payload", ssl->out_msg, ssl ->out_msglen );
1047	ssl->out_msg, ssl->out_msglen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1047, "before encrypt: output payload", ssl->out_msg, ssl ->out_msglen );;
1048
1049	/*
1050	* Adjust for tag
1051	*/
1052	ssl->out_msglen += 16;
1053
1054	gcm_crypt_and_tag( (gcm_context *) ssl->transform_out->ctx_enc,
1055	GCM_ENCRYPT1, enc_msglen,
1056	ssl->transform_out->iv_enc, ssl->transform_out->ivlen,
1057	add_data, 13,
1058	enc_msg, enc_msg,
1059	16, enc_msg + enc_msglen );
1060
1061	SSL_DEBUG_BUF( 4, "after encrypt: tag",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1062, "after encrypt: tag", enc_msg + enc_msglen, 16 );
1062	enc_msg + enc_msglen, 16 )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1062, "after encrypt: tag", enc_msg + enc_msglen, 16 );;
1063
1064	} else
1065	#endif
1066	return( ret );
1067	}
1068	else
1069	{
1070	unsigned char *enc_msg;
1071	size_t enc_msglen;
1072
1073	padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) %
1074	ssl->transform_out->ivlen;
1075	if( padlen == ssl->transform_out->ivlen )
1076	padlen = 0;
1077
1078	for( i = 0; i <= padlen; i++ )
1079	ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen;
1080
1081	ssl->out_msglen += padlen + 1;
1082
1083	enc_msglen = ssl->out_msglen;
1084	enc_msg = ssl->out_msg;
1085
1086	/*
1087	* Prepend per-record IV for block cipher in TLS v1.1 and up as per
1088	* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
1089	*/
1090	if( ssl->minor_ver >= SSL_MINOR_VERSION_22 )
1091	{
1092	/*
1093	* Generate IV
1094	*/
1095	int ret = ssl->f_rng( ssl->p_rng, ssl->transform_out->iv_enc,
1096	ssl->transform_out->ivlen );
1097	if( ret != 0 )
1098	return( ret );
1099
1100	/*
1101	* Shift message for ivlen bytes and prepend IV
1102	*/
1103	memmove( ssl->out_msg + ssl->transform_out->ivlen, ssl->out_msg,
1104	ssl->out_msglen );
1105	memcpy( ssl->out_msg, ssl->transform_out->iv_enc,
1106	ssl->transform_out->ivlen );
1107
1108	/*
1109	* Fix pointer positions and message length with added IV
1110	*/
1111	enc_msg = ssl->out_msg + ssl->transform_out->ivlen;
1112	enc_msglen = ssl->out_msglen;
1113	ssl->out_msglen += ssl->transform_out->ivlen;
1114	}
1115
1116	SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1118, debug_fmt ( "before encrypt: msglen = %d, " "including %d bytes of IV and %d bytes of padding" , ssl->out_msglen, ssl->transform_out->ivlen, padlen + 1 ) );
1117	"including %d bytes of IV and %d bytes of padding",debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1118, debug_fmt ( "before encrypt: msglen = %d, " "including %d bytes of IV and %d bytes of padding" , ssl->out_msglen, ssl->transform_out->ivlen, padlen + 1 ) );
1118	ssl->out_msglen, ssl->transform_out->ivlen, padlen + 1 ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1118, debug_fmt ( "before encrypt: msglen = %d, " "including %d bytes of IV and %d bytes of padding" , ssl->out_msglen, ssl->transform_out->ivlen, padlen + 1 ) );;
1119
1120	SSL_DEBUG_BUF( 4, "before encrypt: output payload",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1121, "before encrypt: output payload", ssl->out_msg, ssl ->out_msglen );
1121	ssl->out_msg, ssl->out_msglen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1121, "before encrypt: output payload", ssl->out_msg, ssl ->out_msglen );;
1122
1123	switch( ssl->transform_out->ivlen )
1124	{
1125	#if defined(POLARSSL_DES_C)
1126	case 8:
1127	#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
1128	if( ssl->session_out->ciphersuite == TLS_RSA_WITH_DES_CBC_SHA0x09 \|\|
1129	ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA0x15 )
1130	{
1131	des_crypt_cbc( (des_context *) ssl->transform_out->ctx_enc,
1132	DES_ENCRYPT1, enc_msglen,
1133	ssl->transform_out->iv_enc, enc_msg, enc_msg );
1134	}
1135	else
1136	#endif
1137	des3_crypt_cbc( (des3_context *) ssl->transform_out->ctx_enc,
1138	DES_ENCRYPT1, enc_msglen,
1139	ssl->transform_out->iv_enc, enc_msg, enc_msg );
1140	break;
1141	#endif
1142
1143	case 16:
1144	#if defined(POLARSSL_AES_C)
1145	if ( ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA0x2F \|\|
1146	ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA0x33 \|\|
1147	ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA0x35 \|\|
1148	ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA0x39 \|\|
1149	ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA2560x3C \|\|
1150	ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA2560x3D \|\|
1151	ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA2560x67 \|\|
1152	ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA2560x6B )
1153	{
1154	aes_crypt_cbc( (aes_context *) ssl->transform_out->ctx_enc,
1155	AES_ENCRYPT1, enc_msglen,
1156	ssl->transform_out->iv_enc, enc_msg, enc_msg);
1157	break;
1158	}
1159	#endif
1160
1161	#if defined(POLARSSL_CAMELLIA_C)
1162	if ( ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA0x41 \|\|
1163	ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA0x45 \|\|
1164	ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA0x84 \|\|
1165	ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA0x88 \|\|
1166	ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBA \|\|
1167	ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBE \|\|
1168	ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC0 \|\|
1169	ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC4 )
1170	{
1171	camellia_crypt_cbc( (camellia_context *) ssl->transform_out->ctx_enc,
1172	CAMELLIA_ENCRYPT1, enc_msglen,
1173	ssl->transform_out->iv_enc, enc_msg, enc_msg );
1174	break;
1175	}
1176	#endif
1177
1178	default:
1179	return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE-0x7080 );
1180	}
1181	}
1182
1183	for( i = 8; i > 0; i-- )
1184	if( ++ssl->out_ctr[i - 1] != 0 )
1185	break;
1186
1187	SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1187, debug_fmt ( "<= encrypt buf" ) );;
1188
1189	return( 0 );
1190	}
1191
1192	/*
1193	* TODO: Use digest version when integrated!
1194	*/
1195	#define POLARSSL_SSL_MAX_MAC_SIZE32 32
1196
1197	static int ssl_decrypt_buf( ssl_context *ssl )
1198	{
1199	size_t i, padlen = 0, correct = 1;
1200	unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE32];
1201
1202	SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1202, debug_fmt ( "=> decrypt buf" ) );;
1203
1204	if( ssl->in_msglen < ssl->transform_in->minlen )
1205	{
1206	SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1207, debug_fmt ( "in_msglen (%d) < minlen (%d)", ssl-> in_msglen, ssl->transform_in->minlen ) );
1207	ssl->in_msglen, ssl->transform_in->minlen ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1207, debug_fmt ( "in_msglen (%d) < minlen (%d)", ssl-> in_msglen, ssl->transform_in->minlen ) );;
1208	return( POLARSSL_ERR_SSL_INVALID_MAC-0x7180 );
1209	}
1210
1211	if( ssl->transform_in->ivlen == 0 )
1212	{
1213	#if defined(POLARSSL_ARC4_C)
1214	if( ssl->session_in->ciphersuite == TLS_RSA_WITH_RC4_128_MD50x04 \|\|
1215	ssl->session_in->ciphersuite == TLS_RSA_WITH_RC4_128_SHA0x05 )
1216	{
1217	arc4_crypt( (arc4_context *) ssl->transform_in->ctx_dec,
1218	ssl->in_msglen, ssl->in_msg,
1219	ssl->in_msg );
1220	} else
1221	#endif
1222	#if defined(POLARSSL_CIPHER_NULL_CIPHER)
1223	if( ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_MD50x01 \|\|
1224	ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_SHA0x02 \|\|
1225	ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_SHA2560x3B )
1226	{
1227	} else
1228	#endif
1229	return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE-0x7080 );
1230	}
1231	else if( ssl->transform_in->ivlen == 12 )
1232	{
1233	unsigned char *dec_msg;
1234	unsigned char *dec_msg_result;
1235	size_t dec_msglen;
1236	unsigned char add_data[13];
1237	int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE-0x7080;
1238
1239	#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
1240	if( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA2560x9C \|\|
1241	ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA3840x9D \|\|
1242	ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA2560x9E \|\|
1243	ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA3840x9F )
1244	{
1245	dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
1246	ssl->transform_in->fixed_ivlen );
1247	dec_msglen -= 16;
1248	dec_msg = ssl->in_msg + ( ssl->transform_in->ivlen -
1249	ssl->transform_in->fixed_ivlen );
1250	dec_msg_result = ssl->in_msg;
1251	ssl->in_msglen = dec_msglen;
1252
1253	memcpy( add_data, ssl->in_ctr, 8 );
1254	add_data[8] = ssl->in_msgtype;
1255	add_data[9] = ssl->major_ver;
1256	add_data[10] = ssl->minor_ver;
1257	add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF;
1258	add_data[12] = ssl->in_msglen & 0xFF;
1259
1260	SSL_DEBUG_BUF( 4, "additional data used for AEAD",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1261, "additional data used for AEAD", add_data, 13 );
1261	add_data, 13 )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1261, "additional data used for AEAD", add_data, 13 );;
1262
1263	memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
1264	ssl->in_msg,
1265	ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen );
1266
1267	SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec,debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1268, "IV used", ssl->transform_in->iv_dec, ssl->transform_in ->ivlen );
1268	ssl->transform_in->ivlen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1268, "IV used", ssl->transform_in->iv_dec, ssl->transform_in ->ivlen );;
1269	SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1269, "TAG used", dec_msg + dec_msglen, 16 );;
1270
1271	memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
1272	ssl->in_msg,
1273	ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen );
1274
1275	ret = gcm_auth_decrypt( (gcm_context *) ssl->transform_in->ctx_dec,
1276	dec_msglen,
1277	ssl->transform_in->iv_dec,
1278	ssl->transform_in->ivlen,
1279	add_data, 13,
1280	dec_msg + dec_msglen, 16,
1281	dec_msg, dec_msg_result );
1282
1283	if( ret != 0 )
1284	{
1285	SSL_DEBUG_MSG( 1, ( "AEAD decrypt failed on validation (ret = -0x%02x)",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1286, debug_fmt ( "AEAD decrypt failed on validation (ret = -0x%02x)" , -ret ) );
1286	-ret ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1286, debug_fmt ( "AEAD decrypt failed on validation (ret = -0x%02x)" , -ret ) );;
1287
1288	return( POLARSSL_ERR_SSL_INVALID_MAC-0x7180 );
1289	}
1290	} else
1291	#endif
1292	return( ret );
1293	}
1294	else
1295	{
1296	/*
1297	* Decrypt and check the padding
1298	*/
1299	unsigned char *dec_msg;
1300	unsigned char *dec_msg_result;
1301	size_t dec_msglen;
1302	size_t minlen = 0;
1303
1304	/*
1305	* Check immediate ciphertext sanity
1306	*/
1307	if( ssl->in_msglen % ssl->transform_in->ivlen != 0 )
1308	{
1309	SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1310, debug_fmt ( "msglen (%d) %% ivlen (%d) != 0", ssl-> in_msglen, ssl->transform_in->ivlen ) );
1310	ssl->in_msglen, ssl->transform_in->ivlen ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1310, debug_fmt ( "msglen (%d) %% ivlen (%d) != 0", ssl-> in_msglen, ssl->transform_in->ivlen ) );;
1311	return( POLARSSL_ERR_SSL_INVALID_MAC-0x7180 );
1312	}
1313
1314	if( ssl->minor_ver >= SSL_MINOR_VERSION_22 )
1315	minlen += ssl->transform_in->ivlen;
1316
1317	if( ssl->in_msglen < minlen + ssl->transform_in->ivlen \|\|
1318	ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 )
1319	{
1320	SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) + 1 ) ( + expl IV )",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1321, debug_fmt ( "msglen (%d) < max( ivlen(%d), maclen (%d) + 1 ) ( + expl IV )" , ssl->in_msglen, ssl->transform_in->ivlen, ssl-> transform_in->maclen ) );
1321	ssl->in_msglen, ssl->transform_in->ivlen, ssl->transform_in->maclen ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1321, debug_fmt ( "msglen (%d) < max( ivlen(%d), maclen (%d) + 1 ) ( + expl IV )" , ssl->in_msglen, ssl->transform_in->ivlen, ssl-> transform_in->maclen ) );;
1322	return( POLARSSL_ERR_SSL_INVALID_MAC-0x7180 );
1323	}
1324
1325	dec_msglen = ssl->in_msglen;
1326	dec_msg = ssl->in_msg;
1327	dec_msg_result = ssl->in_msg;
1328
1329	/*
1330	* Initialize for prepended IV for block cipher in TLS v1.1 and up
1331	*/
1332	if( ssl->minor_ver >= SSL_MINOR_VERSION_22 )
1333	{
1334	dec_msg += ssl->transform_in->ivlen;
1335	dec_msglen -= ssl->transform_in->ivlen;
1336	ssl->in_msglen -= ssl->transform_in->ivlen;
1337
1338	for( i = 0; i < ssl->transform_in->ivlen; i++ )
1339	ssl->transform_in->iv_dec[i] = ssl->in_msg[i];
1340	}
1341
1342	switch( ssl->transform_in->ivlen )
1343	{
1344	#if defined(POLARSSL_DES_C)
1345	case 8:
1346	#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
1347	if( ssl->session_in->ciphersuite == TLS_RSA_WITH_DES_CBC_SHA0x09 \|\|
1348	ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA0x15 )
1349	{
1350	des_crypt_cbc( (des_context *) ssl->transform_in->ctx_dec,
1351	DES_DECRYPT0, dec_msglen,
1352	ssl->transform_in->iv_dec, dec_msg, dec_msg_result );
1353	}
1354	else
1355	#endif
1356	des3_crypt_cbc( (des3_context *) ssl->transform_in->ctx_dec,
1357	DES_DECRYPT0, dec_msglen,
1358	ssl->transform_in->iv_dec, dec_msg, dec_msg_result );
1359	break;
1360	#endif
1361
1362	case 16:
1363	#if defined(POLARSSL_AES_C)
1364	if ( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA0x2F \|\|
1365	ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA0x33 \|\|
1366	ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA0x35 \|\|
1367	ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA0x39 \|\|
1368	ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA2560x3C \|\|
1369	ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA2560x3D \|\|
1370	ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA2560x67 \|\|
1371	ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA2560x6B )
1372	{
1373	aes_crypt_cbc( (aes_context *) ssl->transform_in->ctx_dec,
1374	AES_DECRYPT0, dec_msglen,
1375	ssl->transform_in->iv_dec, dec_msg, dec_msg_result );
1376	break;
1377	}
1378	#endif
1379
1380	#if defined(POLARSSL_CAMELLIA_C)
1381	if ( ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA0x41 \|\|
1382	ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA0x45 \|\|
1383	ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA0x84 \|\|
1384	ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA0x88 \|\|
1385	ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBA \|\|
1386	ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBE \|\|
1387	ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC0 \|\|
1388	ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC4 )
1389	{
1390	camellia_crypt_cbc( (camellia_context *) ssl->transform_in->ctx_dec,
1391	CAMELLIA_DECRYPT0, dec_msglen,
1392	ssl->transform_in->iv_dec, dec_msg, dec_msg_result );
1393	break;
1394	}
1395	#endif
1396
1397	default:
1398	return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE-0x7080 );
1399	}
1400
1401	padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
1402
1403	if( ssl->in_msglen < ssl->transform_in->maclen + padlen )
1404	{
1405	#if defined(POLARSSL_SSL_DEBUG_ALL)
1406	SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1407, debug_fmt ( "msglen (%d) < maclen (%d) + padlen (%d)" , ssl->in_msglen, ssl->transform_in->maclen, padlen ) );
1407	ssl->in_msglen, ssl->transform_in->maclen, padlen ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1407, debug_fmt ( "msglen (%d) < maclen (%d) + padlen (%d)" , ssl->in_msglen, ssl->transform_in->maclen, padlen ) );;
1408	#endif
1409	padlen = 0;
1410	correct = 0;
1411	}
1412
1413	if( ssl->minor_ver == SSL_MINOR_VERSION_00 )
1414	{
1415	if( padlen > ssl->transform_in->ivlen )
1416	{
1417	#if defined(POLARSSL_SSL_DEBUG_ALL)
1418	SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1420, debug_fmt ( "bad padding length: is %d, " "should be no more than %d" , padlen, ssl->transform_in->ivlen ) );
1419	"should be no more than %d",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1420, debug_fmt ( "bad padding length: is %d, " "should be no more than %d" , padlen, ssl->transform_in->ivlen ) );
1420	padlen, ssl->transform_in->ivlen ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1420, debug_fmt ( "bad padding length: is %d, " "should be no more than %d" , padlen, ssl->transform_in->ivlen ) );;
1421	#endif
1422	correct = 0;
1423	}
1424	}
1425	else
1426	{
1427	/*
1428	* TLSv1+: always check the padding up to the first failure
1429	* and fake check up to 256 bytes of padding
1430	*/
1431	size_t pad_count = 0, fake_pad_count = 0;
1432	size_t padding_idx = ssl->in_msglen - padlen - 1;
1433
1434	for( i = 1; i <= padlen; i++ )
1435	pad_count += ( ssl->in_msg[padding_idx + i] == padlen - 1 );
1436
1437	for( ; i <= 256; i++ )
1438	fake_pad_count += ( ssl->in_msg[padding_idx + i] == padlen - 1 );
1439
1440	correct &= ( pad_count == padlen ); /* Only 1 on correct padding */
1441	correct &= ( pad_count + fake_pad_count < 512 ); /* Always 1 */
1442
1443	#if defined(POLARSSL_SSL_DEBUG_ALL)
1444	if( padlen > 0 && correct == 0)
1445	SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1445, debug_fmt ( "bad padding byte detected" ) );;
1446	#endif
1447	padlen &= correct * 0x1FF;
1448	}
1449	}
1450
1451	SSL_DEBUG_BUF( 4, "raw buffer after decryption",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1452, "raw buffer after decryption", ssl->in_msg, ssl-> in_msglen );
1452	ssl->in_msg, ssl->in_msglen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1452, "raw buffer after decryption", ssl->in_msg, ssl-> in_msglen );;
1453
1454	/*
1455	* Always compute the MAC (RFC4346, CBCTIME).
1456	*/
1457	ssl->in_msglen -= ( ssl->transform_in->maclen + padlen );
1458
1459	ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
1460	ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
1461
1462	memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen );
1463
1464	if( ssl->minor_ver == SSL_MINOR_VERSION_00 )
1465	{
1466	if( ssl->transform_in->maclen == 16 )
1467	ssl_mac_md5( ssl->transform_in->mac_dec,
1468	ssl->in_msg, ssl->in_msglen,
1469	ssl->in_ctr, ssl->in_msgtype );
1470	else if( ssl->transform_in->maclen == 20 )
1471	ssl_mac_sha1( ssl->transform_in->mac_dec,
1472	ssl->in_msg, ssl->in_msglen,
1473	ssl->in_ctr, ssl->in_msgtype );
1474	else if( ssl->transform_in->maclen == 32 )
1475	ssl_mac_sha2( ssl->transform_in->mac_dec,
1476	ssl->in_msg, ssl->in_msglen,
1477	ssl->in_ctr, ssl->in_msgtype );
1478	else if( ssl->transform_in->maclen != 0 )
1479	{
1480	SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1481, debug_fmt ( "invalid MAC len: %d", ssl->transform_in ->maclen ) );
1481	ssl->transform_in->maclen ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1481, debug_fmt ( "invalid MAC len: %d", ssl->transform_in ->maclen ) );;
1482	return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE-0x7080 );
1483	}
1484	}
1485	else
1486	{
1487	/*
1488	* Process MAC and always update for padlen afterwards to make
1489	* total time independent of padlen
1490	*
1491	* extra_run compensates MAC check for padlen
1492	*
1493	* Known timing attacks:
1494	* - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf)
1495	*
1496	* We use ( ( Lx + 8 ) / 64 ) to handle 'negative Lx' values
1497	* correctly. (We round down instead of up, so -56 is the correct
1498	* value for our calculations instead of -55)
1499	*/
1500	int j, extra_run = 0;
1501	extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
1502	( 13 + ssl->in_msglen + 8 ) / 64;
1503
1504	extra_run &= correct * 0xFF;
1505
1506	if( ssl->transform_in->maclen == 16 )
1507	{
1508	md5_context ctx;
1509	md5_hmac_starts( &ctx, ssl->transform_in->mac_dec, 16 );
1510	md5_hmac_update( &ctx, ssl->in_ctr, ssl->in_msglen + 13 );
1511	md5_hmac_finish( &ctx, ssl->in_msg + ssl->in_msglen );
1512
1513	for( j = 0; j < extra_run; j++ )
1514	md5_process( &ctx, ssl->in_msg );
1515	}
1516	else if( ssl->transform_in->maclen == 20 )
1517	{
1518	sha1_context ctx;
1519	sha1_hmac_starts( &ctx, ssl->transform_in->mac_dec, 20 );
1520	sha1_hmac_update( &ctx, ssl->in_ctr, ssl->in_msglen + 13 );
1521	sha1_hmac_finish( &ctx, ssl->in_msg + ssl->in_msglen );
1522
1523	for( j = 0; j < extra_run; j++ )
1524	sha1_process( &ctx, ssl->in_msg );
1525	}
1526	else if( ssl->transform_in->maclen == 32 )
1527	{
1528	sha2_context ctx;
1529	sha2_hmac_starts( &ctx, ssl->transform_in->mac_dec, 32, 0 );
1530	sha2_hmac_update( &ctx, ssl->in_ctr, ssl->in_msglen + 13 );
1531	sha2_hmac_finish( &ctx, ssl->in_msg + ssl->in_msglen );
1532
1533	for( j = 0; j < extra_run; j++ )
1534	sha2_process( &ctx, ssl->in_msg );
1535	}
1536	else if( ssl->transform_in->maclen != 0 )
1537	{
1538	SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1539, debug_fmt ( "invalid MAC len: %d", ssl->transform_in ->maclen ) );
1539	ssl->transform_in->maclen ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1539, debug_fmt ( "invalid MAC len: %d", ssl->transform_in ->maclen ) );;
1540	return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE-0x7080 );
1541	}
1542	}
1543
1544	SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1544, "message mac", tmp, ssl->transform_in->maclen ) ;;
1545	SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1546, "computed mac", ssl->in_msg + ssl->in_msglen, ssl ->transform_in->maclen );
1546	ssl->transform_in->maclen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1546, "computed mac", ssl->in_msg + ssl->in_msglen, ssl ->transform_in->maclen );;
1547
1548	if( memcmp( tmp, ssl->in_msg + ssl->in_msglen,
1549	ssl->transform_in->maclen ) != 0 )
1550	{
1551	#if defined(POLARSSL_SSL_DEBUG_ALL)
1552	SSL_DEBUG_MSG( 1, ( "message mac does not match" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1552, debug_fmt ( "message mac does not match" ) );;
1553	#endif
1554	correct = 0;
1555	}
1556
1557	/*
1558	* Finally check the correct flag
1559	*/
1560	if( correct == 0 )
1561	return( POLARSSL_ERR_SSL_INVALID_MAC-0x7180 );
1562
1563	if( ssl->in_msglen == 0 )
1564	{
1565	ssl->nb_zero++;
1566
1567	/*
1568	* Three or more empty messages may be a DoS attack
1569	* (excessive CPU consumption).
1570	*/
1571	if( ssl->nb_zero > 3 )
1572	{
1573	SSL_DEBUG_MSG( 1, ( "received four consecutive empty "debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1574, debug_fmt ( "received four consecutive empty " "messages, possible DoS attack" ) );
1574	"messages, possible DoS attack" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1574, debug_fmt ( "received four consecutive empty " "messages, possible DoS attack" ) );;
1575	return( POLARSSL_ERR_SSL_INVALID_MAC-0x7180 );
1576	}
1577	}
1578	else
1579	ssl->nb_zero = 0;
1580
1581	for( i = 8; i > 0; i-- )
1582	if( ++ssl->in_ctr[i - 1] != 0 )
1583	break;
1584
1585	SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1585, debug_fmt ( "<= decrypt buf" ) );;
1586
1587	return( 0 );
1588	}
1589
1590	#if defined(POLARSSL_ZLIB_SUPPORT)
1591	/*
1592	* Compression/decompression functions
1593	*/
1594	static int ssl_compress_buf( ssl_context *ssl )
1595	{
1596	int ret;
1597	unsigned char *msg_post = ssl->out_msg;
1598	size_t len_pre = ssl->out_msglen;
1599	unsigned char *msg_pre;
1600
1601	SSL_DEBUG_MSG( 2, ( "=> compress buf" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1601, debug_fmt ( "=> compress buf" ) );;
1602
1603	msg_pre = (unsigned char*) malloc( len_pre );
1604	if( msg_pre == NULL((void*)0) )
1605	{
1606	SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len_pre ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1606, debug_fmt ( "malloc(%d bytes) failed", len_pre ) );;
1607	return( POLARSSL_ERR_SSL_MALLOC_FAILED-0x7F00 );
1608	}
1609
1610	memcpy( msg_pre, ssl->out_msg, len_pre );
1611
1612	SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1613, debug_fmt ( "before compression: msglen = %d, ", ssl-> out_msglen ) );
1613	ssl->out_msglen ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1613, debug_fmt ( "before compression: msglen = %d, ", ssl-> out_msglen ) );;
1614
1615	SSL_DEBUG_BUF( 4, "before compression: output payload",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1616, "before compression: output payload", ssl->out_msg , ssl->out_msglen );
1616	ssl->out_msg, ssl->out_msglen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1616, "before compression: output payload", ssl->out_msg , ssl->out_msglen );;
1617
1618	ssl->transform_out->ctx_deflate.next_in = msg_pre;
1619	ssl->transform_out->ctx_deflate.avail_in = len_pre;
1620	ssl->transform_out->ctx_deflate.next_out = msg_post;
1621	ssl->transform_out->ctx_deflate.avail_out = SSL_BUFFER_LEN(16384 + 0 + 512);
1622
1623	ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
1624	if( ret != Z_OK )
1625	{
1626	SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1626, debug_fmt ( "failed to perform compression (%d)", ret ) );;
1627	return( POLARSSL_ERR_SSL_COMPRESSION_FAILED-0x6F00 );
1628	}
1629
1630	ssl->out_msglen = SSL_BUFFER_LEN(16384 + 0 + 512) - ssl->transform_out->ctx_deflate.avail_out;
1631
1632	free( msg_pre );
1633
1634	SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1635, debug_fmt ( "after compression: msglen = %d, ", ssl-> out_msglen ) );
1635	ssl->out_msglen ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1635, debug_fmt ( "after compression: msglen = %d, ", ssl-> out_msglen ) );;
1636
1637	SSL_DEBUG_BUF( 4, "after compression: output payload",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1638, "after compression: output payload", ssl->out_msg, ssl->out_msglen );
1638	ssl->out_msg, ssl->out_msglen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1638, "after compression: output payload", ssl->out_msg, ssl->out_msglen );;
1639
1640	SSL_DEBUG_MSG( 2, ( "<= compress buf" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1640, debug_fmt ( "<= compress buf" ) );;
1641
1642	return( 0 );
1643	}
1644
1645	static int ssl_decompress_buf( ssl_context *ssl )
1646	{
1647	int ret;
1648	unsigned char *msg_post = ssl->in_msg;
1649	size_t len_pre = ssl->in_msglen;
1650	unsigned char *msg_pre;
1651
1652	SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1652, debug_fmt ( "=> decompress buf" ) );;
1653
1654	msg_pre = (unsigned char*) malloc( len_pre );
1655	if( msg_pre == NULL((void*)0) )
1656	{
1657	SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len_pre ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1657, debug_fmt ( "malloc(%d bytes) failed", len_pre ) );;
1658	return( POLARSSL_ERR_SSL_MALLOC_FAILED-0x7F00 );
1659	}
1660
1661	memcpy( msg_pre, ssl->in_msg, len_pre );
1662
1663	SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1664, debug_fmt ( "before decompression: msglen = %d, ", ssl ->in_msglen ) );
1664	ssl->in_msglen ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1664, debug_fmt ( "before decompression: msglen = %d, ", ssl ->in_msglen ) );;
1665
1666	SSL_DEBUG_BUF( 4, "before decompression: input payload",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1667, "before decompression: input payload", ssl->in_msg , ssl->in_msglen );
1667	ssl->in_msg, ssl->in_msglen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1667, "before decompression: input payload", ssl->in_msg , ssl->in_msglen );;
1668
1669	ssl->transform_in->ctx_inflate.next_in = msg_pre;
1670	ssl->transform_in->ctx_inflate.avail_in = len_pre;
1671	ssl->transform_in->ctx_inflate.next_out = msg_post;
1672	ssl->transform_in->ctx_inflate.avail_out = SSL_MAX_CONTENT_LEN16384;
1673
1674	ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
1675	if( ret != Z_OK )
1676	{
1677	SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1677, debug_fmt ( "failed to perform decompression (%d)", ret ) );;
1678	return( POLARSSL_ERR_SSL_COMPRESSION_FAILED-0x6F00 );
1679	}
1680
1681	ssl->in_msglen = SSL_MAX_CONTENT_LEN16384 - ssl->transform_in->ctx_inflate.avail_out;
1682
1683	free( msg_pre );
1684
1685	SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1686, debug_fmt ( "after decompression: msglen = %d, ", ssl ->in_msglen ) );
1686	ssl->in_msglen ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1686, debug_fmt ( "after decompression: msglen = %d, ", ssl ->in_msglen ) );;
1687
1688	SSL_DEBUG_BUF( 4, "after decompression: input payload",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1689, "after decompression: input payload", ssl->in_msg, ssl->in_msglen );
1689	ssl->in_msg, ssl->in_msglen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1689, "after decompression: input payload", ssl->in_msg, ssl->in_msglen );;
1690
1691	SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1691, debug_fmt ( "<= decompress buf" ) );;
1692
1693	return( 0 );
1694	}
1695	#endif /* POLARSSL_ZLIB_SUPPORT */
1696
1697	/*
1698	* Fill the input message buffer
1699	*/
1700	int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
1701	{
1702	int ret;
1703	size_t len;
1704
1705	SSL_DEBUG_MSG( 2, ( "=> fetch input" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1705, debug_fmt ( "=> fetch input" ) );;
1706
1707	while( ssl->in_left < nb_want )
1708	{
1709	len = nb_want - ssl->in_left;
1710	ret = ssl->f_recv( ssl->p_recv, ssl->in_hdr + ssl->in_left, len );
1711
1712	SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1713, debug_fmt ( "in_left: %d, nb_want: %d", ssl->in_left , nb_want ) );
1713	ssl->in_left, nb_want ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1713, debug_fmt ( "in_left: %d, nb_want: %d", ssl->in_left , nb_want ) );;
1714	SSL_DEBUG_RET( 2, "ssl->f_recv", ret )debug_print_ret( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1714, "ssl->f_recv", ret );;
1715
1716	if( ret == 0 )
1717	return( POLARSSL_ERR_SSL_CONN_EOF-0x7280 );
1718
1719	if( ret < 0 )
1720	return( ret );
1721
1722	ssl->in_left += ret;
1723	}
1724
1725	SSL_DEBUG_MSG( 2, ( "<= fetch input" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1725, debug_fmt ( "<= fetch input" ) );;
1726
1727	return( 0 );
1728	}
1729
1730	/*
1731	* Flush any data not yet written
1732	*/
1733	int ssl_flush_output( ssl_context *ssl )
1734	{
1735	int ret;
1736	unsigned char *buf;
1737
1738	SSL_DEBUG_MSG( 2, ( "=> flush output" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1738, debug_fmt ( "=> flush output" ) );;
1739
1740	while( ssl->out_left > 0 )
1741	{
1742	SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1743, debug_fmt ( "message length: %d, out_left: %d", 5 + ssl ->out_msglen, ssl->out_left ) );
1743	5 + ssl->out_msglen, ssl->out_left ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1743, debug_fmt ( "message length: %d, out_left: %d", 5 + ssl ->out_msglen, ssl->out_left ) );;
1744
1745	if( ssl->out_msglen < ssl->out_left )
1746	{
1747	size_t header_left = ssl->out_left - ssl->out_msglen;
1748
1749	buf = ssl->out_hdr + 5 - header_left;
1750	ret = ssl->f_send( ssl->p_send, buf, header_left );
1751
1752	SSL_DEBUG_RET( 2, "ssl->f_send (header)", ret )debug_print_ret( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1752, "ssl->f_send (header)", ret );;
1753
1754	if( ret <= 0 )
1755	return( ret );
1756
1757	ssl->out_left -= ret;
1758	}
1759
1760	buf = ssl->out_msg + ssl->out_msglen - ssl->out_left;
1761	ret = ssl->f_send( ssl->p_send, buf, ssl->out_left );
1762
1763	SSL_DEBUG_RET( 2, "ssl->f_send", ret )debug_print_ret( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1763, "ssl->f_send", ret );;
1764
1765	if( ret <= 0 )
1766	return( ret );
1767
1768	ssl->out_left -= ret;
1769	}
1770
1771	SSL_DEBUG_MSG( 2, ( "<= flush output" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1771, debug_fmt ( "<= flush output" ) );;
1772
1773	return( 0 );
1774	}
1775
1776	/*
1777	* Record layer functions
1778	*/
1779	int ssl_write_record( ssl_context *ssl )
1780	{
1781	int ret, done = 0;
1782	size_t len = ssl->out_msglen;
1783
1784	SSL_DEBUG_MSG( 2, ( "=> write record" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1784, debug_fmt ( "=> write record" ) );;
1785
1786	if( ssl->out_msgtype == SSL_MSG_HANDSHAKE22 )
1787	{
1788	ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 );
1789	ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 );
1790	ssl->out_msg[3] = (unsigned char)( ( len - 4 ) );
1791
1792	ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
1793	}
1794
1795	#if defined(POLARSSL_ZLIB_SUPPORT)
1796	if( ssl->transform_out != NULL((void*)0) &&
1797	ssl->session_out->compression == SSL_COMPRESS_DEFLATE1 )
1798	{
1799	if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
1800	{
1801	SSL_DEBUG_RET( 1, "ssl_compress_buf", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1801, "ssl_compress_buf", ret );;
1802	return( ret );
1803	}
1804
1805	len = ssl->out_msglen;
1806	}
1807	#endif /POLARSSL_ZLIB_SUPPORT /
1808
1809	#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
1810	if( ssl_hw_record_write != NULL((void*)0))
1811	{
1812	SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_write()" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1812, debug_fmt ( "going for ssl_hw_record_write()" ) );;
1813
1814	ret = ssl_hw_record_write( ssl );
1815	if( ret != 0 && ret != POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH-0x6F80 )
1816	{
1817	SSL_DEBUG_RET( 1, "ssl_hw_record_write", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1817, "ssl_hw_record_write", ret );;
1818	return POLARSSL_ERR_SSL_HW_ACCEL_FAILED-0x7F80;
1819	}
1820	done = 1;
1821	}
1822	#endif
1823	if( !done )
1824	{
1825	ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
1826	ssl->out_hdr[1] = (unsigned char) ssl->major_ver;
1827	ssl->out_hdr[2] = (unsigned char) ssl->minor_ver;
1828	ssl->out_hdr[3] = (unsigned char)( len >> 8 );
1829	ssl->out_hdr[4] = (unsigned char)( len );
1830
1831	if( ssl->transform_out != NULL((void*)0) )
1832	{
1833	if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
1834	{
1835	SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1835, "ssl_encrypt_buf", ret );;
1836	return( ret );
1837	}
1838
1839	len = ssl->out_msglen;
1840	ssl->out_hdr[3] = (unsigned char)( len >> 8 );
1841	ssl->out_hdr[4] = (unsigned char)( len );
1842	}
1843
1844	ssl->out_left = 5 + ssl->out_msglen;
1845
1846	SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1849, debug_fmt ( "output record: msgtype = %d, " "version = [%d:%d], msglen = %d" , ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], ( ssl->out_hdr[3] << 8 ) \| ssl->out_hdr[4] ) );
1847	"version = [%d:%d], msglen = %d",debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1849, debug_fmt ( "output record: msgtype = %d, " "version = [%d:%d], msglen = %d" , ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], ( ssl->out_hdr[3] << 8 ) \| ssl->out_hdr[4] ) );
1848	ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2],debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1849, debug_fmt ( "output record: msgtype = %d, " "version = [%d:%d], msglen = %d" , ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], ( ssl->out_hdr[3] << 8 ) \| ssl->out_hdr[4] ) );
1849	( ssl->out_hdr[3] << 8 ) \| ssl->out_hdr[4] ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1849, debug_fmt ( "output record: msgtype = %d, " "version = [%d:%d], msglen = %d" , ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], ( ssl->out_hdr[3] << 8 ) \| ssl->out_hdr[4] ) );;
1850
1851	SSL_DEBUG_BUF( 4, "output record header sent to network",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1852, "output record header sent to network", ssl->out_hdr , 5 );
1852	ssl->out_hdr, 5 )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1852, "output record header sent to network", ssl->out_hdr , 5 );;
1853	SSL_DEBUG_BUF( 4, "output record sent to network",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1854, "output record sent to network", ssl->out_hdr + 32 , ssl->out_msglen );
1854	ssl->out_hdr + 32, ssl->out_msglen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1854, "output record sent to network", ssl->out_hdr + 32 , ssl->out_msglen );;
1855	}
1856
1857	if( ( ret = ssl_flush_output( ssl ) ) != 0 )
1858	{
1859	SSL_DEBUG_RET( 1, "ssl_flush_output", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1859, "ssl_flush_output", ret );;
1860	return( ret );
1861	}
1862
1863	SSL_DEBUG_MSG( 2, ( "<= write record" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1863, debug_fmt ( "<= write record" ) );;
1864
1865	return( 0 );
1866	}
1867
1868	int ssl_read_record( ssl_context *ssl )
1869	{
1870	int ret, done = 0;
1871
1872	SSL_DEBUG_MSG( 2, ( "=> read record" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1872, debug_fmt ( "=> read record" ) );;
1873
1874	if( ssl->in_hslen != 0 &&
1875	ssl->in_hslen < ssl->in_msglen )
1876	{
1877	/*
1878	* Get next Handshake message in the current record
1879	*/
1880	ssl->in_msglen -= ssl->in_hslen;
1881
1882	memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
1883	ssl->in_msglen );
1884
1885	ssl->in_hslen = 4;
1886	ssl->in_hslen += ( ssl->in_msg[2] << 8 ) \| ssl->in_msg[3];
1887
1888	SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1890, debug_fmt ( "handshake message: msglen =" " %d, type = %d, hslen = %d" , ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
1889	" %d, type = %d, hslen = %d",debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1890, debug_fmt ( "handshake message: msglen =" " %d, type = %d, hslen = %d" , ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
1890	ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1890, debug_fmt ( "handshake message: msglen =" " %d, type = %d, hslen = %d" , ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );;
1891
1892	if( ssl->in_msglen < 4 \|\| ssl->in_msg[1] != 0 )
1893	{
1894	SSL_DEBUG_MSG( 1, ( "bad handshake length" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1894, debug_fmt ( "bad handshake length" ) );;
1895	return( POLARSSL_ERR_SSL_INVALID_RECORD-0x7200 );
1896	}
1897
1898	if( ssl->in_msglen < ssl->in_hslen )
1899	{
1900	SSL_DEBUG_MSG( 1, ( "bad handshake length" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1900, debug_fmt ( "bad handshake length" ) );;
1901	return( POLARSSL_ERR_SSL_INVALID_RECORD-0x7200 );
1902	}
1903
1904	ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
1905
1906	return( 0 );
1907	}
1908
1909	ssl->in_hslen = 0;
1910
1911	/*
1912	* Read the record header and validate it
1913	*/
1914	if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
1915	{
1916	SSL_DEBUG_RET( 1, "ssl_fetch_input", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1916, "ssl_fetch_input", ret );;
1917	return( ret );
1918	}
1919
1920	ssl->in_msgtype = ssl->in_hdr[0];
1921	ssl->in_msglen = ( ssl->in_hdr[3] << 8 ) \| ssl->in_hdr[4];
1922
1923	SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1926, debug_fmt ( "input record: msgtype = %d, " "version = [%d:%d], msglen = %d" , ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2], ( ssl ->in_hdr[3] << 8 ) \| ssl->in_hdr[4] ) );
1924	"version = [%d:%d], msglen = %d",debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1926, debug_fmt ( "input record: msgtype = %d, " "version = [%d:%d], msglen = %d" , ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2], ( ssl ->in_hdr[3] << 8 ) \| ssl->in_hdr[4] ) );
1925	ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2],debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1926, debug_fmt ( "input record: msgtype = %d, " "version = [%d:%d], msglen = %d" , ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2], ( ssl ->in_hdr[3] << 8 ) \| ssl->in_hdr[4] ) );
1926	( ssl->in_hdr[3] << 8 ) \| ssl->in_hdr[4] ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1926, debug_fmt ( "input record: msgtype = %d, " "version = [%d:%d], msglen = %d" , ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2], ( ssl ->in_hdr[3] << 8 ) \| ssl->in_hdr[4] ) );;
1927
1928	if( ssl->in_hdr[1] != ssl->major_ver )
1929	{
1930	SSL_DEBUG_MSG( 1, ( "major version mismatch" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1930, debug_fmt ( "major version mismatch" ) );;
1931	return( POLARSSL_ERR_SSL_INVALID_RECORD-0x7200 );
1932	}
1933
1934	if( ssl->in_hdr[2] > ssl->max_minor_ver )
1935	{
1936	SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1936, debug_fmt ( "minor version mismatch" ) );;
1937	return( POLARSSL_ERR_SSL_INVALID_RECORD-0x7200 );
1938	}
1939
1940	/*
1941	* Make sure the message length is acceptable
1942	*/
1943	if( ssl->transform_in == NULL((void*)0) )
1944	{
1945	if( ssl->in_msglen < 1 \|\|
1946	ssl->in_msglen > SSL_MAX_CONTENT_LEN16384 )
1947	{
1948	SSL_DEBUG_MSG( 1, ( "bad message length" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1948, debug_fmt ( "bad message length" ) );;
1949	return( POLARSSL_ERR_SSL_INVALID_RECORD-0x7200 );
1950	}
1951	}
1952	else
1953	{
1954	if( ssl->in_msglen < ssl->transform_in->minlen )
1955	{
1956	SSL_DEBUG_MSG( 1, ( "bad message length" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1956, debug_fmt ( "bad message length" ) );;
1957	return( POLARSSL_ERR_SSL_INVALID_RECORD-0x7200 );
1958	}
1959
1960	if( ssl->minor_ver == SSL_MINOR_VERSION_00 &&
1961	ssl->in_msglen > ssl->transform_in->minlen + SSL_MAX_CONTENT_LEN16384 )
1962	{
1963	SSL_DEBUG_MSG( 1, ( "bad message length" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1963, debug_fmt ( "bad message length" ) );;
1964	return( POLARSSL_ERR_SSL_INVALID_RECORD-0x7200 );
1965	}
1966
1967	/*
1968	* TLS encrypted messages can have up to 256 bytes of padding
1969	*/
1970	if( ssl->minor_ver >= SSL_MINOR_VERSION_11 &&
1971	ssl->in_msglen > ssl->transform_in->minlen + SSL_MAX_CONTENT_LEN16384 + 256 )
1972	{
1973	SSL_DEBUG_MSG( 1, ( "bad message length" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1973, debug_fmt ( "bad message length" ) );;
1974	return( POLARSSL_ERR_SSL_INVALID_RECORD-0x7200 );
1975	}
1976	}
1977
1978	/*
1979	* Read and optionally decrypt the message contents
1980	*/
1981	if( ( ret = ssl_fetch_input( ssl, 5 + ssl->in_msglen ) ) != 0 )
1982	{
1983	SSL_DEBUG_RET( 1, "ssl_fetch_input", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1983, "ssl_fetch_input", ret );;
1984	return( ret );
1985	}
1986
1987	SSL_DEBUG_BUF( 4, "input record from network",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1988, "input record from network", ssl->in_hdr, 5 + ssl-> in_msglen );
1988	ssl->in_hdr, 5 + ssl->in_msglen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1988, "input record from network", ssl->in_hdr, 5 + ssl-> in_msglen );;
1989
1990	#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
1991	if( ssl_hw_record_read != NULL((void*)0))
1992	{
1993	SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_read()" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1993, debug_fmt ( "going for ssl_hw_record_read()" ) );;
1994
1995	ret = ssl_hw_record_read( ssl );
1996	if( ret != 0 && ret != POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH-0x6F80 )
1997	{
1998	SSL_DEBUG_RET( 1, "ssl_hw_record_read", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 1998, "ssl_hw_record_read", ret );;
1999	return POLARSSL_ERR_SSL_HW_ACCEL_FAILED-0x7F80;
2000	}
2001	done = 1;
2002	}
2003	#endif
2004	if( !done && ssl->transform_in != NULL((void*)0) )
2005	{
2006	if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
2007	{
2008	#if defined(POLARSSL_SSL_ALERT_MESSAGES)
2009	if( ret == POLARSSL_ERR_SSL_INVALID_MAC-0x7180 )
2010	{
2011	ssl_send_alert_message( ssl,
2012	SSL_ALERT_LEVEL_FATAL2,
2013	SSL_ALERT_MSG_BAD_RECORD_MAC20 );
2014	}
2015	#endif
2016	SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2016, "ssl_decrypt_buf", ret );;
2017	return( ret );
2018	}
2019
2020	SSL_DEBUG_BUF( 4, "input payload after decrypt",debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2021, "input payload after decrypt", ssl->in_msg, ssl-> in_msglen );
2021	ssl->in_msg, ssl->in_msglen )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2021, "input payload after decrypt", ssl->in_msg, ssl-> in_msglen );;
2022
2023	if( ssl->in_msglen > SSL_MAX_CONTENT_LEN16384 )
2024	{
2025	SSL_DEBUG_MSG( 1, ( "bad message length" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2025, debug_fmt ( "bad message length" ) );;
2026	return( POLARSSL_ERR_SSL_INVALID_RECORD-0x7200 );
2027	}
2028	}
2029
2030	#if defined(POLARSSL_ZLIB_SUPPORT)
2031	if( ssl->transform_in != NULL((void*)0) &&
2032	ssl->session_in->compression == SSL_COMPRESS_DEFLATE1 )
2033	{
2034	if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
2035	{
2036	SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2036, "ssl_decompress_buf", ret );;
2037	return( ret );
2038	}
2039
2040	ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
2041	ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
2042	}
2043	#endif /* POLARSSL_ZLIB_SUPPORT */
2044
2045	if( ssl->in_msgtype != SSL_MSG_HANDSHAKE22 &&
2046	ssl->in_msgtype != SSL_MSG_ALERT21 &&
2047	ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC20 &&
2048	ssl->in_msgtype != SSL_MSG_APPLICATION_DATA23 )
2049	{
2050	SSL_DEBUG_MSG( 1, ( "unknown record type" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2050, debug_fmt ( "unknown record type" ) );;
2051
2052	if( ( ret = ssl_send_alert_message( ssl,
2053	SSL_ALERT_LEVEL_FATAL2,
2054	SSL_ALERT_MSG_UNEXPECTED_MESSAGE10 ) ) != 0 )
2055	{
2056	return( ret );
2057	}
2058
2059	return( POLARSSL_ERR_SSL_INVALID_RECORD-0x7200 );
2060	}
2061
2062	if( ssl->in_msgtype == SSL_MSG_HANDSHAKE22 )
2063	{
2064	ssl->in_hslen = 4;
2065	ssl->in_hslen += ( ssl->in_msg[2] << 8 ) \| ssl->in_msg[3];
2066
2067	SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2069, debug_fmt ( "handshake message: msglen =" " %d, type = %d, hslen = %d" , ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
2068	" %d, type = %d, hslen = %d",debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2069, debug_fmt ( "handshake message: msglen =" " %d, type = %d, hslen = %d" , ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
2069	ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2069, debug_fmt ( "handshake message: msglen =" " %d, type = %d, hslen = %d" , ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );;
2070
2071	/*
2072	* Additional checks to validate the handshake header
2073	*/
2074	if( ssl->in_msglen < 4 \|\| ssl->in_msg[1] != 0 )
2075	{
2076	SSL_DEBUG_MSG( 1, ( "bad handshake length" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2076, debug_fmt ( "bad handshake length" ) );;
2077	return( POLARSSL_ERR_SSL_INVALID_RECORD-0x7200 );
2078	}
2079
2080	if( ssl->in_msglen < ssl->in_hslen )
2081	{
2082	SSL_DEBUG_MSG( 1, ( "bad handshake length" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2082, debug_fmt ( "bad handshake length" ) );;
2083	return( POLARSSL_ERR_SSL_INVALID_RECORD-0x7200 );
2084	}
2085
2086	if( ssl->state != SSL_HANDSHAKE_OVER )
2087	ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
2088	}
2089
2090	if( ssl->in_msgtype == SSL_MSG_ALERT21 )
2091	{
2092	SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2093, debug_fmt ( "got an alert message, type: [%d:%d]", ssl ->in_msg[0], ssl->in_msg[1] ) );
2093	ssl->in_msg[0], ssl->in_msg[1] ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2093, debug_fmt ( "got an alert message, type: [%d:%d]", ssl ->in_msg[0], ssl->in_msg[1] ) );;
2094
2095	/*
2096	* Ignore non-fatal alerts, except close_notify
2097	*/
2098	if( ssl->in_msg[0] == SSL_ALERT_LEVEL_FATAL2 )
2099	{
2100	SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2101, debug_fmt ( "is a fatal alert message (msg %d)", ssl-> in_msg[1] ) );
2101	ssl->in_msg[1] ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2101, debug_fmt ( "is a fatal alert message (msg %d)", ssl-> in_msg[1] ) );;
2102	/**
2103	* Subtract from error code as ssl->in_msg[1] is 7-bit positive
2104	* error identifier.
2105	*/
2106	return( POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE-0x7780 );
2107	}
2108
2109	if( ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING1 &&
2110	ssl->in_msg[1] == SSL_ALERT_MSG_CLOSE_NOTIFY0 )
2111	{
2112	SSL_DEBUG_MSG( 2, ( "is a close notify message" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2112, debug_fmt ( "is a close notify message" ) );;
2113	return( POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY-0x7880 );
2114	}
2115	}
2116
2117	ssl->in_left = 0;
2118
2119	SSL_DEBUG_MSG( 2, ( "<= read record" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2119, debug_fmt ( "<= read record" ) );;
2120
2121	return( 0 );
2122	}
2123
2124	int ssl_send_fatal_handshake_failure( ssl_context *ssl )
2125	{
2126	int ret;
2127
2128	if( ( ret = ssl_send_alert_message( ssl,
2129	SSL_ALERT_LEVEL_FATAL2,
2130	SSL_ALERT_MSG_HANDSHAKE_FAILURE40 ) ) != 0 )
2131	{
2132	return( ret );
2133	}
2134
2135	return( 0 );
2136	}
2137
2138	int ssl_send_alert_message( ssl_context *ssl,
2139	unsigned char level,
2140	unsigned char message )
2141	{
2142	int ret;
2143
2144	SSL_DEBUG_MSG( 2, ( "=> send alert message" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2144, debug_fmt ( "=> send alert message" ) );;
2145
2146	ssl->out_msgtype = SSL_MSG_ALERT21;
2147	ssl->out_msglen = 2;
2148	ssl->out_msg[0] = level;
2149	ssl->out_msg[1] = message;
2150
2151	if( ( ret = ssl_write_record( ssl ) ) != 0 )
2152	{
2153	SSL_DEBUG_RET( 1, "ssl_write_record", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2153, "ssl_write_record", ret );;
2154	return( ret );
2155	}
2156
2157	SSL_DEBUG_MSG( 2, ( "<= send alert message" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2157, debug_fmt ( "<= send alert message" ) );;
2158
2159	return( 0 );
2160	}
2161
2162	/*
2163	* Handshake functions
2164	*/
2165	int ssl_write_certificate( ssl_context *ssl )
2166	{
2167	int ret;
2168	size_t i, n;
2169	const x509_cert *crt;
2170
2171	SSL_DEBUG_MSG( 2, ( "=> write certificate" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2171, debug_fmt ( "=> write certificate" ) );;
2172
2173	if( ssl->endpoint == SSL_IS_CLIENT0 )
2174	{
2175	if( ssl->client_auth == 0 )
2176	{
2177	SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2177, debug_fmt ( "<= skip write certificate" ) );;
2178	ssl->state++;
2179	return( 0 );
2180	}
2181
2182	/*
2183	* If using SSLv3 and got no cert, send an Alert message
2184	* (otherwise an empty Certificate message will be sent).
2185	*/
2186	if( ssl->own_cert == NULL((void*)0) &&
2187	ssl->minor_ver == SSL_MINOR_VERSION_00 )
2188	{
2189	ssl->out_msglen = 2;
2190	ssl->out_msgtype = SSL_MSG_ALERT21;
2191	ssl->out_msg[0] = SSL_ALERT_LEVEL_WARNING1;
2192	ssl->out_msg[1] = SSL_ALERT_MSG_NO_CERT41;
2193
2194	SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2194, debug_fmt ( "got no certificate to send" ) );;
2195	goto write_msg;
2196	}
2197	}
2198	else /* SSL_IS_SERVER */
2199	{
2200	if( ssl->own_cert == NULL((void*)0) )
2201	{
2202	SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2202, debug_fmt ( "got no certificate to send" ) );;
2203	return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED-0x7580 );
2204	}
2205	}
2206
2207	SSL_DEBUG_CRT( 3, "own certificate", ssl->own_cert )debug_print_crt( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2207, "own certificate", ssl->own_cert );;
2208
2209	/*
2210	* 0 . 0 handshake type
2211	* 1 . 3 handshake length
2212	* 4 . 6 length of all certs
2213	* 7 . 9 length of cert. 1
2214	* 10 . n-1 peer certificate
2215	* n . n+2 length of cert. 2
2216	* n+3 . ... upper level cert, etc.
2217	*/
2218	i = 7;
2219	crt = ssl->own_cert;
2220
2221	while( crt != NULL((void*)0) )
2222	{
2223	n = crt->raw.len;
2224	if( i + 3 + n > SSL_MAX_CONTENT_LEN16384 )
2225	{
2226	SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2227, debug_fmt ( "certificate too large, %d > %d", i + 3 + n, 16384 ) );
2227	i + 3 + n, SSL_MAX_CONTENT_LEN ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2227, debug_fmt ( "certificate too large, %d > %d", i + 3 + n, 16384 ) );;
2228	return( POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE-0x7500 );
2229	}
2230
2231	ssl->out_msg[i ] = (unsigned char)( n >> 16 );
2232	ssl->out_msg[i + 1] = (unsigned char)( n >> 8 );
2233	ssl->out_msg[i + 2] = (unsigned char)( n );
2234
2235	i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
2236	i += n; crt = crt->next;
2237	}
2238
2239	ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 );
2240	ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 );
2241	ssl->out_msg[6] = (unsigned char)( ( i - 7 ) );
2242
2243	ssl->out_msglen = i;
2244	ssl->out_msgtype = SSL_MSG_HANDSHAKE22;
2245	ssl->out_msg[0] = SSL_HS_CERTIFICATE11;
2246
2247	write_msg:
2248
2249	ssl->state++;
2250
2251	if( ( ret = ssl_write_record( ssl ) ) != 0 )
2252	{
2253	SSL_DEBUG_RET( 1, "ssl_write_record", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2253, "ssl_write_record", ret );;
2254	return( ret );
2255	}
2256
2257	SSL_DEBUG_MSG( 2, ( "<= write certificate" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2257, debug_fmt ( "<= write certificate" ) );;
2258
2259	return( 0 );
2260	}
2261
2262	int ssl_parse_certificate( ssl_context *ssl )
2263	{
2264	int ret;
2265	size_t i, n;
2266
2267	SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2267, debug_fmt ( "=> parse certificate" ) );;
2268
2269	if( ssl->endpoint == SSL_IS_SERVER1 &&
2270	ssl->authmode == SSL_VERIFY_NONE0 )
2271	{
2272	ssl->verify_result = BADCERT_SKIP_VERIFY0x80;
2273	SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2273, debug_fmt ( "<= skip parse certificate" ) );;
2274	ssl->state++;
2275	return( 0 );
2276	}
2277
2278	if( ( ret = ssl_read_record( ssl ) ) != 0 )
2279	{
2280	SSL_DEBUG_RET( 1, "ssl_read_record", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2280, "ssl_read_record", ret );;
2281	return( ret );
2282	}
2283
2284	ssl->state++;
2285
2286	/*
2287	* Check if the client sent an empty certificate
2288	*/
2289	if( ssl->endpoint == SSL_IS_SERVER1 &&
2290	ssl->minor_ver == SSL_MINOR_VERSION_00 )
2291	{
2292	if( ssl->in_msglen == 2 &&
2293	ssl->in_msgtype == SSL_MSG_ALERT21 &&
2294	ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING1 &&
2295	ssl->in_msg[1] == SSL_ALERT_MSG_NO_CERT41 )
2296	{
2297	SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2297, debug_fmt ( "SSLv3 client has no certificate" ) );;
2298
2299	ssl->verify_result = BADCERT_MISSING0x40;
2300	if( ssl->authmode == SSL_VERIFY_OPTIONAL1 )
2301	return( 0 );
2302	else
2303	return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE-0x7480 );
2304	}
2305	}
2306
2307	if( ssl->endpoint == SSL_IS_SERVER1 &&
2308	ssl->minor_ver != SSL_MINOR_VERSION_00 )
2309	{
2310	if( ssl->in_hslen == 7 &&
2311	ssl->in_msgtype == SSL_MSG_HANDSHAKE22 &&
2312	ssl->in_msg[0] == SSL_HS_CERTIFICATE11 &&
2313	memcmp( ssl->in_msg + 4, "\0\0\0", 3 ) == 0 )
2314	{
2315	SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2315, debug_fmt ( "TLSv1 client has no certificate" ) );;
2316
2317	ssl->verify_result = BADCERT_MISSING0x40;
2318	if( ssl->authmode == SSL_VERIFY_REQUIRED2 )
2319	return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE-0x7480 );
2320	else
2321	return( 0 );
2322	}
2323	}
2324
2325	if( ssl->in_msgtype != SSL_MSG_HANDSHAKE22 )
2326	{
2327	SSL_DEBUG_MSG( 1, ( "bad certificate message" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2327, debug_fmt ( "bad certificate message" ) );;
2328	return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE-0x7700 );
2329	}
2330
2331	if( ssl->in_msg[0] != SSL_HS_CERTIFICATE11 \|\| ssl->in_hslen < 10 )
2332	{
2333	SSL_DEBUG_MSG( 1, ( "bad certificate message" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2333, debug_fmt ( "bad certificate message" ) );;
2334	return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE-0x7A00 );
2335	}
2336
2337	/*
2338	* Same message structure as in ssl_write_certificate()
2339	*/
2340	n = ( ssl->in_msg[5] << 8 ) \| ssl->in_msg[6];
2341
2342	if( ssl->in_msg[4] != 0 \|\| ssl->in_hslen != 7 + n )
2343	{
2344	SSL_DEBUG_MSG( 1, ( "bad certificate message" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2344, debug_fmt ( "bad certificate message" ) );;
2345	return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE-0x7A00 );
2346	}
2347
2348	if( ( ssl->session_negotiate->peer_cert = (x509_cert *) malloc(
2349	sizeof( x509_cert ) ) ) == NULL((void*)0) )
2350	{
2351	SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2352, debug_fmt ( "malloc(%d bytes) failed", sizeof( x509_cert ) ) );
2352	sizeof( x509_cert ) ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2352, debug_fmt ( "malloc(%d bytes) failed", sizeof( x509_cert ) ) );;
2353	return( POLARSSL_ERR_SSL_MALLOC_FAILED-0x7F00 );
2354	}
2355
2356	memset( ssl->session_negotiate->peer_cert, 0, sizeof( x509_cert ) );
2357
2358	i = 7;
2359
2360	while( i < ssl->in_hslen )
2361	{
2362	if( ssl->in_msg[i] != 0 )
2363	{
2364	SSL_DEBUG_MSG( 1, ( "bad certificate message" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2364, debug_fmt ( "bad certificate message" ) );;
2365	return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE-0x7A00 );
2366	}
2367
2368	n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
2369	\| (unsigned int) ssl->in_msg[i + 2];
2370	i += 3;
2371
2372	if( n < 128 \|\| i + n > ssl->in_hslen )
2373	{
2374	SSL_DEBUG_MSG( 1, ( "bad certificate message" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2374, debug_fmt ( "bad certificate message" ) );;
2375	return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE-0x7A00 );
2376	}
2377
2378	ret = x509parse_crt_der( ssl->session_negotiate->peer_cert,
2379	ssl->in_msg + i, n );
2380	if( ret != 0 )
2381	{
2382	SSL_DEBUG_RET( 1, " x509parse_crt", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2382, " x509parse_crt", ret );;
2383	return( ret );
2384	}
2385
2386	i += n;
2387	}
2388
2389	SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert )debug_print_crt( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2389, "peer certificate", ssl->session_negotiate->peer_cert );;
2390
2391	if( ssl->authmode != SSL_VERIFY_NONE0 )
2392	{
2393	if( ssl->ca_chain == NULL((void*)0) )
2394	{
2395	SSL_DEBUG_MSG( 1, ( "got no CA chain" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2395, debug_fmt ( "got no CA chain" ) );;
2396	return( POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED-0x7680 );
2397	}
2398
2399	ret = x509parse_verify( ssl->session_negotiate->peer_cert,
2400	ssl->ca_chain, ssl->ca_crl,
2401	ssl->peer_cn, &ssl->verify_result,
2402	ssl->f_vrfy, ssl->p_vrfy );
2403
2404	if( ret != 0 )
2405	SSL_DEBUG_RET( 1, "x509_verify_cert", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2405, "x509_verify_cert", ret );;
2406
2407	if( ssl->authmode != SSL_VERIFY_REQUIRED2 )
2408	ret = 0;
2409	}
2410
2411	SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2411, debug_fmt ( "<= parse certificate" ) );;
2412
2413	return( ret );
2414	}
2415
2416	int ssl_write_change_cipher_spec( ssl_context *ssl )
2417	{
2418	int ret;
2419
2420	SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2420, debug_fmt ( "=> write change cipher spec" ) );;
2421
2422	ssl->out_msgtype = SSL_MSG_CHANGE_CIPHER_SPEC20;
2423	ssl->out_msglen = 1;
2424	ssl->out_msg[0] = 1;
2425
2426	ssl->state++;
2427
2428	if( ( ret = ssl_write_record( ssl ) ) != 0 )
2429	{
2430	SSL_DEBUG_RET( 1, "ssl_write_record", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2430, "ssl_write_record", ret );;
2431	return( ret );
2432	}
2433
2434	SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2434, debug_fmt ( "<= write change cipher spec" ) );;
2435
2436	return( 0 );
2437	}
2438
2439	int ssl_parse_change_cipher_spec( ssl_context *ssl )
2440	{
2441	int ret;
2442
2443	SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2443, debug_fmt ( "=> parse change cipher spec" ) );;
2444
2445	if( ( ret = ssl_read_record( ssl ) ) != 0 )
2446	{
2447	SSL_DEBUG_RET( 1, "ssl_read_record", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2447, "ssl_read_record", ret );;
2448	return( ret );
2449	}
2450
2451	if( ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC20 )
2452	{
2453	SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2453, debug_fmt ( "bad change cipher spec message" ) );;
2454	return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE-0x7700 );
2455	}
2456
2457	if( ssl->in_msglen != 1 \|\| ssl->in_msg[0] != 1 )
2458	{
2459	SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2459, debug_fmt ( "bad change cipher spec message" ) );;
2460	return( POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC-0x7E00 );
2461	}
2462
2463	ssl->state++;
2464
2465	SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2465, debug_fmt ( "<= parse change cipher spec" ) );;
2466
2467	return( 0 );
2468	}
2469
2470	void ssl_optimize_checksum( ssl_context *ssl, int ciphersuite )
2471	{
2472	#if !defined(POLARSSL_SHA4_C)
2473	((void) ciphersuite);
2474	#endif
2475
2476	if( ssl->minor_ver < SSL_MINOR_VERSION_33 )
2477	ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
2478	#if defined(POLARSSL_SHA4_C)
2479	else if ( ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA3840x9D \|\|
2480	ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA3840x9F )
2481	{
2482	ssl->handshake->update_checksum = ssl_update_checksum_sha384;
2483	}
2484	#endif
2485	else
2486	ssl->handshake->update_checksum = ssl_update_checksum_sha256;
2487	}
2488
2489	static void ssl_update_checksum_start( ssl_context ssl, unsigned char buf,
2490	size_t len )
2491	{
2492	md5_update( &ssl->handshake->fin_md5 , buf, len );
2493	sha1_update( &ssl->handshake->fin_sha1, buf, len );
2494	sha2_update( &ssl->handshake->fin_sha2, buf, len );
2495	#if defined(POLARSSL_SHA4_C)
2496	sha4_update( &ssl->handshake->fin_sha4, buf, len );
2497	#endif
2498	}
2499
2500	static void ssl_update_checksum_md5sha1( ssl_context ssl, unsigned char buf,
2501	size_t len )
2502	{
2503	md5_update( &ssl->handshake->fin_md5 , buf, len );
2504	sha1_update( &ssl->handshake->fin_sha1, buf, len );
2505	}
2506
2507	static void ssl_update_checksum_sha256( ssl_context ssl, unsigned char buf,
2508	size_t len )
2509	{
2510	sha2_update( &ssl->handshake->fin_sha2, buf, len );
2511	}
2512
2513	#if defined(POLARSSL_SHA4_C)
2514	static void ssl_update_checksum_sha384( ssl_context ssl, unsigned char buf,
2515	size_t len )
2516	{
2517	sha4_update( &ssl->handshake->fin_sha4, buf, len );
2518	}
2519	#endif
2520
2521	static void ssl_calc_finished_ssl(
2522	ssl_context ssl, unsigned char buf, int from )
2523	{
2524	const char *sender;
2525	md5_context md5;
2526	sha1_context sha1;
2527
2528	unsigned char padbuf[48];
2529	unsigned char md5sum[16];
2530	unsigned char sha1sum[20];
2531
2532	ssl_session *session = ssl->session_negotiate;
2533	if( !session )
2534	session = ssl->session;
2535
2536	SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2536, debug_fmt ( "=> calc finished ssl" ) );;
2537
2538	memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
2539	memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
2540
2541	/*
2542	* SSLv3:
2543	* hash =
2544	* MD5( master + pad2 +
2545	* MD5( handshake + sender + master + pad1 ) )
2546	* + SHA1( master + pad2 +
2547	* SHA1( handshake + sender + master + pad1 ) )
2548	*/
2549
2550	#if !defined(POLARSSL_MD5_ALT)
2551	SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2552, "finished md5 state", (unsigned char ) md5.state, sizeof ( md5.state ) );
2552	md5.state, sizeof( md5.state ) )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2552, "finished md5 state", (unsigned char *) md5.state, sizeof ( md5.state ) );;
2553	#endif
2554
2555	#if !defined(POLARSSL_SHA1_ALT)
2556	SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2557, "finished sha1 state", (unsigned char ) sha1.state, sizeof ( sha1.state ) );
2557	sha1.state, sizeof( sha1.state ) )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2557, "finished sha1 state", (unsigned char *) sha1.state, sizeof ( sha1.state ) );;
2558	#endif
2559
2560	sender = ( from == SSL_IS_CLIENT0 ) ? "CLNT"
2561	: "SRVR";
2562
2563	memset( padbuf, 0x36, 48 );
2564
2565	md5_update( &md5, (const unsigned char *) sender, 4 );
2566	md5_update( &md5, session->master, 48 );
2567	md5_update( &md5, padbuf, 48 );
2568	md5_finish( &md5, md5sum );
2569
2570	sha1_update( &sha1, (const unsigned char *) sender, 4 );
2571	sha1_update( &sha1, session->master, 48 );
2572	sha1_update( &sha1, padbuf, 40 );
2573	sha1_finish( &sha1, sha1sum );
2574
2575	memset( padbuf, 0x5C, 48 );
2576
2577	md5_starts( &md5 );
2578	md5_update( &md5, session->master, 48 );
2579	md5_update( &md5, padbuf, 48 );
2580	md5_update( &md5, md5sum, 16 );
2581	md5_finish( &md5, buf );
2582
2583	sha1_starts( &sha1 );
2584	sha1_update( &sha1, session->master, 48 );
2585	sha1_update( &sha1, padbuf , 40 );
2586	sha1_update( &sha1, sha1sum, 20 );
2587	sha1_finish( &sha1, buf + 16 );
2588
2589	SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 )debug_print_buf( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2589, "calc finished result", buf, 36 );;
2590
2591	memset( &md5, 0, sizeof( md5_context ) );
2592	memset( &sha1, 0, sizeof( sha1_context ) );
2593
2594	memset( padbuf, 0, sizeof( padbuf ) );
2595	memset( md5sum, 0, sizeof( md5sum ) );
2596	memset( sha1sum, 0, sizeof( sha1sum ) );
2597
2598	SSL_DEBUG_MSG( 2, ( "<= calc finished" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2598, debug_fmt ( "<= calc finished" ) );;
2599	}
2600
2601	static void ssl_calc_finished_tls(
2602	ssl_context ssl, unsigned char buf, int from )
2603	{
2604	int len = 12;
2605	const char *sender;
2606	md5_context md5;
2607	sha1_context sha1;
2608	unsigned char padbuf[36];
2609
2610	ssl_session *session = ssl->session_negotiate;
2611	if( !session )
2612	session = ssl->session;
2613
2614	SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2614, debug_fmt ( "=> calc finished tls" ) );;
2615
2616	memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) );
2617	memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) );
2618
2619	/*
2620	* TLSv1:
2621	* hash = PRF( master, finished_label,
2622	* MD5( handshake ) + SHA1( handshake ) )[0..11]
2623	*/
2624
2625	#if !defined(POLARSSL_MD5_ALT)
2626	SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2627, "finished md5 state", (unsigned char ) md5.state, sizeof ( md5.state ) );
2627	md5.state, sizeof( md5.state ) )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2627, "finished md5 state", (unsigned char *) md5.state, sizeof ( md5.state ) );;
2628	#endif
2629
2630	#if !defined(POLARSSL_SHA1_ALT)
2631	SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2632, "finished sha1 state", (unsigned char ) sha1.state, sizeof ( sha1.state ) );
2632	sha1.state, sizeof( sha1.state ) )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2632, "finished sha1 state", (unsigned char *) sha1.state, sizeof ( sha1.state ) );;
2633	#endif
2634
2635	sender = ( from == SSL_IS_CLIENT0 )
2636	? "client finished"
2637	: "server finished";
2638
2639	md5_finish( &md5, padbuf );
2640	sha1_finish( &sha1, padbuf + 16 );
2641
2642	ssl->handshake->tls_prf( session->master, 48, (char *) sender,
2643	padbuf, 36, buf, len );
2644
2645	SSL_DEBUG_BUF( 3, "calc finished result", buf, len )debug_print_buf( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2645, "calc finished result", buf, len );;
2646
2647	memset( &md5, 0, sizeof( md5_context ) );
2648	memset( &sha1, 0, sizeof( sha1_context ) );
2649
2650	memset( padbuf, 0, sizeof( padbuf ) );
2651
2652	SSL_DEBUG_MSG( 2, ( "<= calc finished" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2652, debug_fmt ( "<= calc finished" ) );;
2653	}
2654
2655	static void ssl_calc_finished_tls_sha256(
2656	ssl_context ssl, unsigned char buf, int from )
2657	{
2658	int len = 12;
2659	const char *sender;
2660	sha2_context sha2;
2661	unsigned char padbuf[32];
2662
2663	ssl_session *session = ssl->session_negotiate;
2664	if( !session )
2665	session = ssl->session;
2666
2667	SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2667, debug_fmt ( "=> calc finished tls sha256" ) );;
2668
2669	memcpy( &sha2, &ssl->handshake->fin_sha2, sizeof(sha2_context) );
2670
2671	/*
2672	* TLSv1.2:
2673	* hash = PRF( master, finished_label,
2674	* Hash( handshake ) )[0.11]
2675	*/
2676
2677	#if !defined(POLARSSL_SHA2_ALT)
2678	SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2679, "finished sha2 state", (unsigned char ) sha2.state, sizeof ( sha2.state ) );
2679	sha2.state, sizeof( sha2.state ) )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2679, "finished sha2 state", (unsigned char *) sha2.state, sizeof ( sha2.state ) );;
2680	#endif
2681
2682	sender = ( from == SSL_IS_CLIENT0 )
2683	? "client finished"
2684	: "server finished";
2685
2686	sha2_finish( &sha2, padbuf );
2687
2688	ssl->handshake->tls_prf( session->master, 48, (char *) sender,
2689	padbuf, 32, buf, len );
2690
2691	SSL_DEBUG_BUF( 3, "calc finished result", buf, len )debug_print_buf( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2691, "calc finished result", buf, len );;
2692
2693	memset( &sha2, 0, sizeof( sha2_context ) );
2694
2695	memset( padbuf, 0, sizeof( padbuf ) );
2696
2697	SSL_DEBUG_MSG( 2, ( "<= calc finished" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2697, debug_fmt ( "<= calc finished" ) );;
2698	}
2699
2700	#if defined(POLARSSL_SHA4_C)
2701	static void ssl_calc_finished_tls_sha384(
2702	ssl_context ssl, unsigned char buf, int from )
2703	{
2704	int len = 12;
2705	const char *sender;
2706	sha4_context sha4;
2707	unsigned char padbuf[48];
2708
2709	ssl_session *session = ssl->session_negotiate;
2710	if( !session )
2711	session = ssl->session;
2712
2713	SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2713, debug_fmt ( "=> calc finished tls sha384" ) );;
2714
2715	memcpy( &sha4, &ssl->handshake->fin_sha4, sizeof(sha4_context) );
2716
2717	/*
2718	* TLSv1.2:
2719	* hash = PRF( master, finished_label,
2720	* Hash( handshake ) )[0.11]
2721	*/
2722
2723	#if !defined(POLARSSL_SHA4_ALT)
2724	SSL_DEBUG_BUF( 4, "finished sha4 state", (unsigned char )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2725, "finished sha4 state", (unsigned char ) sha4.state, sizeof ( sha4.state ) );
2725	sha4.state, sizeof( sha4.state ) )debug_print_buf( ssl, 4, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2725, "finished sha4 state", (unsigned char *) sha4.state, sizeof ( sha4.state ) );;
2726	#endif
2727
2728	sender = ( from == SSL_IS_CLIENT0 )
2729	? "client finished"
2730	: "server finished";
2731
2732	sha4_finish( &sha4, padbuf );
2733
2734	ssl->handshake->tls_prf( session->master, 48, (char *) sender,
2735	padbuf, 48, buf, len );
2736
2737	SSL_DEBUG_BUF( 3, "calc finished result", buf, len )debug_print_buf( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2737, "calc finished result", buf, len );;
2738
2739	memset( &sha4, 0, sizeof( sha4_context ) );
2740
2741	memset( padbuf, 0, sizeof( padbuf ) );
2742
2743	SSL_DEBUG_MSG( 2, ( "<= calc finished" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2743, debug_fmt ( "<= calc finished" ) );;
2744	}
2745	#endif
2746
2747	void ssl_handshake_wrapup( ssl_context *ssl )
2748	{
2749	SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2749, debug_fmt ( "=> handshake wrapup" ) );;
2750
2751	/*
2752	* Free our handshake params
2753	*/
2754	ssl_handshake_free( ssl->handshake );
2755	free( ssl->handshake );
2756	ssl->handshake = NULL((void*)0);
2757
2758	/*
2759	* Switch in our now active transform context
2760	*/
2761	if( ssl->transform )
2762	{
2763	ssl_transform_free( ssl->transform );
2764	free( ssl->transform );
2765	}
2766	ssl->transform = ssl->transform_negotiate;
2767	ssl->transform_negotiate = NULL((void*)0);
2768
2769	if( ssl->session )
2770	{
2771	ssl_session_free( ssl->session );
2772	free( ssl->session );
2773	}
2774	ssl->session = ssl->session_negotiate;
2775	ssl->session_negotiate = NULL((void*)0);
2776
2777	/*
2778	* Add cache entry
2779	*/
2780	if( ssl->f_set_cache != NULL((void*)0) )
2781	if( ssl->f_set_cache( ssl->p_set_cache, ssl->session ) != 0 )
2782	SSL_DEBUG_MSG( 1, ( "cache did not store session" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2782, debug_fmt ( "cache did not store session" ) );;
2783
2784	ssl->state++;
2785
2786	SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2786, debug_fmt ( "<= handshake wrapup" ) );;
2787	}
2788
2789	int ssl_write_finished( ssl_context *ssl )
2790	{
2791	int ret, hash_len;
2792
2793	SSL_DEBUG_MSG( 2, ( "=> write finished" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2793, debug_fmt ( "=> write finished" ) );;
2794
2795	ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->endpoint );
2796
2797	// TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
2798	hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_00 ) ? 36 : 12;
2799
2800	ssl->verify_data_len = hash_len;
2801	memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
2802
2803	ssl->out_msglen = 4 + hash_len;
2804	ssl->out_msgtype = SSL_MSG_HANDSHAKE22;
2805	ssl->out_msg[0] = SSL_HS_FINISHED20;
2806
2807	/*
2808	* In case of session resuming, invert the client and server
2809	* ChangeCipherSpec messages order.
2810	*/
2811	if( ssl->handshake->resume != 0 )
2812	{
2813	if( ssl->endpoint == SSL_IS_CLIENT0 )
2814	ssl->state = SSL_HANDSHAKE_WRAPUP;
2815	else
2816	ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
2817	}
2818	else
2819	ssl->state++;
2820
2821	/*
2822	* Switch to our negotiated transform and session parameters for outbound data.
2823	*/
2824	SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2824, debug_fmt ( "switching to new transform spec for outbound data" ) );;
2825	ssl->transform_out = ssl->transform_negotiate;
2826	ssl->session_out = ssl->session_negotiate;
2827	memset( ssl->out_ctr, 0, 8 );
2828
2829	if( ( ret = ssl_write_record( ssl ) ) != 0 )
2830	{
2831	SSL_DEBUG_RET( 1, "ssl_write_record", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2831, "ssl_write_record", ret );;
2832	return( ret );
2833	}
2834
2835	SSL_DEBUG_MSG( 2, ( "<= write finished" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2835, debug_fmt ( "<= write finished" ) );;
2836
2837	return( 0 );
2838	}
2839
2840	int ssl_parse_finished( ssl_context *ssl )
2841	{
2842	int ret;
2843	unsigned int hash_len;
2844	unsigned char buf[36];
2845
2846	SSL_DEBUG_MSG( 2, ( "=> parse finished" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2846, debug_fmt ( "=> parse finished" ) );;
2847
2848	ssl->handshake->calc_finished( ssl, buf, ssl->endpoint ^ 1 );
2849
2850	/*
2851	* Switch to our negotiated transform and session parameters for inbound data.
2852	*/
2853	SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2853, debug_fmt ( "switching to new transform spec for inbound data" ) );;
2854	ssl->transform_in = ssl->transform_negotiate;
2855	ssl->session_in = ssl->session_negotiate;
2856	memset( ssl->in_ctr, 0, 8 );
2857
2858	if( ( ret = ssl_read_record( ssl ) ) != 0 )
2859	{
2860	SSL_DEBUG_RET( 1, "ssl_read_record", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2860, "ssl_read_record", ret );;
2861	return( ret );
2862	}
2863
2864	if( ssl->in_msgtype != SSL_MSG_HANDSHAKE22 )
2865	{
2866	SSL_DEBUG_MSG( 1, ( "bad finished message" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2866, debug_fmt ( "bad finished message" ) );;
2867	return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE-0x7700 );
2868	}
2869
2870	// TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
2871	hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_00 ) ? 36 : 12;
2872
2873	if( ssl->in_msg[0] != SSL_HS_FINISHED20 \|\|
2874	ssl->in_hslen != 4 + hash_len )
2875	{
2876	SSL_DEBUG_MSG( 1, ( "bad finished message" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2876, debug_fmt ( "bad finished message" ) );;
2877	return( POLARSSL_ERR_SSL_BAD_HS_FINISHED-0x7E80 );
2878	}
2879
2880	if( memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
2881	{
2882	SSL_DEBUG_MSG( 1, ( "bad finished message" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2882, debug_fmt ( "bad finished message" ) );;
2883	return( POLARSSL_ERR_SSL_BAD_HS_FINISHED-0x7E80 );
2884	}
2885
2886	ssl->verify_data_len = hash_len;
2887	memcpy( ssl->peer_verify_data, buf, hash_len );
2888
2889	if( ssl->handshake->resume != 0 )
2890	{
2891	if( ssl->endpoint == SSL_IS_CLIENT0 )
2892	ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
2893
2894	if( ssl->endpoint == SSL_IS_SERVER1 )
2895	ssl->state = SSL_HANDSHAKE_WRAPUP;
2896	}
2897	else
2898	ssl->state++;
2899
2900	SSL_DEBUG_MSG( 2, ( "<= parse finished" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2900, debug_fmt ( "<= parse finished" ) );;
2901
2902	return( 0 );
2903	}
2904
2905	int ssl_handshake_init( ssl_context *ssl )
2906	{
2907	if( ssl->transform_negotiate )
2908	ssl_transform_free( ssl->transform_negotiate );
2909	else
2910	ssl->transform_negotiate = malloc( sizeof(ssl_transform) );
2911
2912	if( ssl->session_negotiate )
2913	ssl_session_free( ssl->session_negotiate );
2914	else
2915	ssl->session_negotiate = malloc( sizeof(ssl_session) );
2916
2917	if( ssl->handshake )
2918	ssl_handshake_free( ssl->handshake );
2919	else
2920	ssl->handshake = malloc( sizeof(ssl_handshake_params) );
2921
2922	if( ssl->handshake == NULL((void*)0) \|\|
2923	ssl->transform_negotiate == NULL((void*)0) \|\|
2924	ssl->session_negotiate == NULL((void*)0) )
2925	{
2926	SSL_DEBUG_MSG( 1, ( "malloc() of ssl sub-contexts failed" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2926, debug_fmt ( "malloc() of ssl sub-contexts failed" ) ) ;;
2927	return( POLARSSL_ERR_SSL_MALLOC_FAILED-0x7F00 );
2928	}
2929
2930	memset( ssl->handshake, 0, sizeof(ssl_handshake_params) );
2931	memset( ssl->transform_negotiate, 0, sizeof(ssl_transform) );
2932	memset( ssl->session_negotiate, 0, sizeof(ssl_session) );
2933
2934	md5_starts( &ssl->handshake->fin_md5 );
2935	sha1_starts( &ssl->handshake->fin_sha1 );
2936	sha2_starts( &ssl->handshake->fin_sha2, 0 );
2937	#if defined(POLARSSL_SHA4_C)
2938	sha4_starts( &ssl->handshake->fin_sha4, 1 );
2939	#endif
2940
2941	ssl->handshake->update_checksum = ssl_update_checksum_start;
2942	ssl->handshake->sig_alg = SSL_HASH_SHA12;
2943
2944	return( 0 );
2945	}
2946
2947	/*
2948	* Initialize an SSL context
2949	*/
2950	int ssl_init( ssl_context *ssl )
2951	{
2952	int ret;
2953	int len = SSL_BUFFER_LEN(16384 + 0 + 512);
2954
2955	memset( ssl, 0, sizeof( ssl_context ) );
2956
2957	/*
2958	* Sane defaults
2959	*/
2960	ssl->rsa_decrypt = ssl_rsa_decrypt;
2961	ssl->rsa_sign = ssl_rsa_sign;
2962	ssl->rsa_key_len = ssl_rsa_key_len;
2963
2964	ssl->min_major_ver = SSL_MAJOR_VERSION_33;
2965	ssl->min_minor_ver = SSL_MINOR_VERSION_00;
2966
2967	ssl->ciphersuites = malloc( sizeof(int ) 4 );
2968	ssl_set_ciphersuites( ssl, ssl_default_ciphersuites );
2969
2970	#if defined(POLARSSL_DHM_C)
2971	if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
2972	POLARSSL_DHM_RFC5114_MODP_1024_P"B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6" "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0" "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70" "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0" "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371") ) != 0 \|\|
2973	( ret = mpi_read_string( &ssl->dhm_G, 16,
2974	POLARSSL_DHM_RFC5114_MODP_1024_G"A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F" "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213" "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1" "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A" "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5") ) != 0 )
2975	{
2976	SSL_DEBUG_RET( 1, "mpi_read_string", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2976, "mpi_read_string", ret );;
2977	return( ret );
2978	}
2979	#endif
2980
2981	/*
2982	* Prepare base structures
2983	*/
2984	ssl->in_ctr = (unsigned char *) malloc( len );
2985	ssl->in_hdr = ssl->in_ctr + 8;
2986	ssl->in_msg = ssl->in_ctr + 13;
2987
2988	if( ssl->in_ctr == NULL((void*)0) )
2989	{
2990	SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 2990, debug_fmt ( "malloc(%d bytes) failed", len ) );;
2991	return( POLARSSL_ERR_SSL_MALLOC_FAILED-0x7F00 );
2992	}
2993
2994	ssl->out_ctr = (unsigned char *) malloc( len );
2995	ssl->out_hdr = ssl->out_ctr + 8;
2996	ssl->out_msg = ssl->out_ctr + 40;
2997
2998	if( ssl->out_ctr == NULL((void*)0) )
2999	{
3000	SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3000, debug_fmt ( "malloc(%d bytes) failed", len ) );;
3001	free( ssl-> in_ctr );
3002	return( POLARSSL_ERR_SSL_MALLOC_FAILED-0x7F00 );
3003	}
3004
3005	memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN(16384 + 0 + 512) );
3006	memset( ssl->out_ctr, 0, SSL_BUFFER_LEN(16384 + 0 + 512) );
3007
3008	ssl->hostname = NULL((void*)0);
3009	ssl->hostname_len = 0;
3010
3011	if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
3012	return( ret );
3013
3014	return( 0 );
3015	}
3016
3017	/*
3018	* Reset an initialized and used SSL context for re-use while retaining
3019	* all application-set variables, function pointers and data.
3020	*/
3021	int ssl_session_reset( ssl_context *ssl )
3022	{
3023	int ret;
3024
3025	ssl->state = SSL_HELLO_REQUEST;
3026	ssl->renegotiation = SSL_INITIAL_HANDSHAKE0;
3027	ssl->secure_renegotiation = SSL_LEGACY_RENEGOTIATION0;
3028
3029	ssl->verify_data_len = 0;
3030	memset( ssl->own_verify_data, 0, 36 );
3031	memset( ssl->peer_verify_data, 0, 36 );
3032
3033	ssl->in_offt = NULL((void*)0);
3034
3035	ssl->in_msgtype = 0;
3036	ssl->in_msglen = 0;
3037	ssl->in_left = 0;
3038
3039	ssl->in_hslen = 0;
3040	ssl->nb_zero = 0;
3041
3042	ssl->out_msgtype = 0;
3043	ssl->out_msglen = 0;
3044	ssl->out_left = 0;
3045
3046	ssl->transform_in = NULL((void*)0);
3047	ssl->transform_out = NULL((void*)0);
3048
3049	memset( ssl->out_ctr, 0, SSL_BUFFER_LEN(16384 + 0 + 512) );
3050	memset( ssl->in_ctr, 0, SSL_BUFFER_LEN(16384 + 0 + 512) );
3051
3052	#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
3053	if( ssl_hw_record_reset != NULL((void*)0))
3054	{
3055	SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_reset()" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3055, debug_fmt ( "going for ssl_hw_record_reset()" ) );;
3056	if( ssl_hw_record_reset( ssl ) != 0 )
3057	{
3058	SSL_DEBUG_RET( 1, "ssl_hw_record_reset", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3058, "ssl_hw_record_reset", ret );;
3059	return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED-0x7F80 );
3060	}
3061	}
3062	#endif
3063
3064	if( ssl->transform )
3065	{
3066	ssl_transform_free( ssl->transform );
3067	free( ssl->transform );
3068	ssl->transform = NULL((void*)0);
3069	}
3070
3071	if( ssl->session )
3072	{
3073	ssl_session_free( ssl->session );
3074	free( ssl->session );
3075	ssl->session = NULL((void*)0);
3076	}
3077
3078	if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
3079	return( ret );
3080
3081	return( 0 );
3082	}
3083
3084	/*
3085	* SSL set accessors
3086	*/
3087	void ssl_set_endpoint( ssl_context *ssl, int endpoint )
3088	{
3089	ssl->endpoint = endpoint;
3090	}
3091
3092	void ssl_set_authmode( ssl_context *ssl, int authmode )
3093	{
3094	ssl->authmode = authmode;
3095	}
3096
3097	void ssl_set_verify( ssl_context *ssl,
3098	int (f_vrfy)(void , x509_cert , int, int ),
3099	void *p_vrfy )
3100	{
3101	ssl->f_vrfy = f_vrfy;
3102	ssl->p_vrfy = p_vrfy;
3103	}
3104
3105	void ssl_set_rng( ssl_context *ssl,
3106	int (f_rng)(void , unsigned char *, size_t),
3107	void *p_rng )
3108	{
3109	ssl->f_rng = f_rng;
3110	ssl->p_rng = p_rng;
3111	}
3112
3113	void ssl_set_dbg( ssl_context *ssl,
3114	void (f_dbg)(void , int, const char *),
3115	void *p_dbg )
3116	{
3117	ssl->f_dbg = f_dbg;
3118	ssl->p_dbg = p_dbg;
3119	}
3120
3121	void ssl_set_bio( ssl_context *ssl,
3122	int (f_recv)(void , unsigned char , size_t), void p_recv,
3123	int (f_send)(void , const unsigned char , size_t), void p_send )
3124	{
3125	ssl->f_recv = f_recv;
3126	ssl->f_send = f_send;
3127	ssl->p_recv = p_recv;
3128	ssl->p_send = p_send;
3129	}
3130
3131	void ssl_set_session_cache( ssl_context *ssl,
3132	int (f_get_cache)(void , ssl_session ), void p_get_cache,
3133	int (f_set_cache)(void , const ssl_session ), void p_set_cache )
3134	{
3135	ssl->f_get_cache = f_get_cache;
3136	ssl->p_get_cache = p_get_cache;
3137	ssl->f_set_cache = f_set_cache;
3138	ssl->p_set_cache = p_set_cache;
3139	}
3140
3141	void ssl_set_session( ssl_context ssl, const ssl_session session )
3142	{
3143	memcpy( ssl->session_negotiate, session, sizeof(ssl_session) );
3144	ssl->handshake->resume = 1;
3145	}
3146
3147	void ssl_set_ciphersuites( ssl_context ssl, const int ciphersuites )
3148	{
3149	ssl->ciphersuites[SSL_MINOR_VERSION_00] = ciphersuites;
3150	ssl->ciphersuites[SSL_MINOR_VERSION_11] = ciphersuites;
3151	ssl->ciphersuites[SSL_MINOR_VERSION_22] = ciphersuites;
3152	ssl->ciphersuites[SSL_MINOR_VERSION_33] = ciphersuites;
3153	}
3154
3155	void ssl_set_ciphersuites_for_version( ssl_context ssl, const int ciphersuites,
3156	int major, int minor )
3157	{
3158	if( major != SSL_MAJOR_VERSION_33 )
3159	return;
3160
3161	if( minor < SSL_MINOR_VERSION_00 \|\| minor > SSL_MINOR_VERSION_33 )
3162	return;
3163
3164	ssl->ciphersuites[minor] = ciphersuites;
3165	}
3166
3167	void ssl_set_ca_chain( ssl_context ssl, x509_cert ca_chain,
3168	x509_crl ca_crl, const char peer_cn )
3169	{
3170	ssl->ca_chain = ca_chain;
3171	ssl->ca_crl = ca_crl;
3172	ssl->peer_cn = peer_cn;
3173	}
3174
3175	void ssl_set_own_cert( ssl_context ssl, x509_cert own_cert,
3176	rsa_context *rsa_key )
3177	{
3178	ssl->own_cert = own_cert;
3179	ssl->rsa_key = rsa_key;
3180	}
3181
3182	void ssl_set_own_cert_alt( ssl_context ssl, x509_cert own_cert,
3183	void *rsa_key,
3184	rsa_decrypt_func rsa_decrypt,
3185	rsa_sign_func rsa_sign,
3186	rsa_key_len_func rsa_key_len )
3187	{
3188	ssl->own_cert = own_cert;
3189	ssl->rsa_key = rsa_key;
3190	ssl->rsa_decrypt = rsa_decrypt;
3191	ssl->rsa_sign = rsa_sign;
3192	ssl->rsa_key_len = rsa_key_len;
3193	}
3194
3195
3196	#if defined(POLARSSL_DHM_C)
3197	int ssl_set_dh_param( ssl_context ssl, const char dhm_P, const char *dhm_G )
3198	{
3199	int ret;
3200
3201	if( ( ret = mpi_read_string( &ssl->dhm_P, 16, dhm_P ) ) != 0 )
3202	{
3203	SSL_DEBUG_RET( 1, "mpi_read_string", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3203, "mpi_read_string", ret );;
3204	return( ret );
3205	}
3206
3207	if( ( ret = mpi_read_string( &ssl->dhm_G, 16, dhm_G ) ) != 0 )
3208	{
3209	SSL_DEBUG_RET( 1, "mpi_read_string", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3209, "mpi_read_string", ret );;
3210	return( ret );
3211	}
3212
3213	return( 0 );
3214	}
3215
3216	int ssl_set_dh_param_ctx( ssl_context ssl, dhm_context dhm_ctx )
3217	{
3218	int ret;
3219
3220	if( ( ret = mpi_copy(&ssl->dhm_P, &dhm_ctx->P) ) != 0 )
3221	{
3222	SSL_DEBUG_RET( 1, "mpi_copy", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3222, "mpi_copy", ret );;
3223	return( ret );
3224	}
3225
3226	if( ( ret = mpi_copy(&ssl->dhm_G, &dhm_ctx->G) ) != 0 )
3227	{
3228	SSL_DEBUG_RET( 1, "mpi_copy", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3228, "mpi_copy", ret );;
3229	return( ret );
3230	}
3231
3232	return( 0 );
3233	}
3234	#endif /* POLARSSL_DHM_C */
3235
3236	int ssl_set_hostname( ssl_context ssl, const char hostname )
3237	{
3238	if( hostname == NULL((void*)0) )
3239	return( POLARSSL_ERR_SSL_BAD_INPUT_DATA-0x7100 );
3240
3241	ssl->hostname_len = strlen( hostname );
3242	ssl->hostname = (unsigned char *) malloc( ssl->hostname_len + 1 );
3243
3244	if( ssl->hostname == NULL((void*)0) )
3245	return( POLARSSL_ERR_SSL_MALLOC_FAILED-0x7F00 );
3246
3247	memcpy( ssl->hostname, (const unsigned char *) hostname,
3248	ssl->hostname_len );
3249
3250	ssl->hostname[ssl->hostname_len] = '\0';
3251
3252	return( 0 );
3253	}
3254
3255	void ssl_set_sni( ssl_context *ssl,
3256	int (f_sni)(void , ssl_context *,
3257	const unsigned char *, size_t),
3258	void *p_sni )
3259	{
3260	ssl->f_sni = f_sni;
3261	ssl->p_sni = p_sni;
3262	}
3263
3264	void ssl_set_max_version( ssl_context *ssl, int major, int minor )
3265	{
3266	ssl->max_major_ver = major;
3267	ssl->max_minor_ver = minor;
3268	}
3269
3270	void ssl_set_min_version( ssl_context *ssl, int major, int minor )
3271	{
3272	ssl->min_major_ver = major;
3273	ssl->min_minor_ver = minor;
3274	}
3275
3276	void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
3277	{
3278	ssl->disable_renegotiation = renegotiation;
3279	}
3280
3281	void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy )
3282	{
3283	ssl->allow_legacy_renegotiation = allow_legacy;
3284	}
3285
3286	/*
3287	* SSL get accessors
3288	*/
3289	size_t ssl_get_bytes_avail( const ssl_context *ssl )
3290	{
3291	return( ssl->in_offt == NULL((void*)0) ? 0 : ssl->in_msglen );
3292	}
3293
3294	int ssl_get_verify_result( const ssl_context *ssl )
3295	{
3296	return( ssl->verify_result );
3297	}
3298
3299	const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
3300	{
3301	switch( ciphersuite_id )
3302	{
3303	#if defined(POLARSSL_ARC4_C)
3304	case TLS_RSA_WITH_RC4_128_MD50x04:
3305	return( "TLS-RSA-WITH-RC4-128-MD5" );
3306
3307	case TLS_RSA_WITH_RC4_128_SHA0x05:
3308	return( "TLS-RSA-WITH-RC4-128-SHA" );
3309	#endif
3310
3311	#if defined(POLARSSL_DES_C)
3312	case TLS_RSA_WITH_3DES_EDE_CBC_SHA0x0A:
3313	return( "TLS-RSA-WITH-3DES-EDE-CBC-SHA" );
3314
3315	case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA0x16:
3316	return( "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA" );
3317	#endif
3318
3319	#if defined(POLARSSL_AES_C)
3320	case TLS_RSA_WITH_AES_128_CBC_SHA0x2F:
3321	return( "TLS-RSA-WITH-AES-128-CBC-SHA" );
3322
3323	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA0x33:
3324	return( "TLS-DHE-RSA-WITH-AES-128-CBC-SHA" );
3325
3326	case TLS_RSA_WITH_AES_256_CBC_SHA0x35:
3327	return( "TLS-RSA-WITH-AES-256-CBC-SHA" );
3328
3329	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA0x39:
3330	return( "TLS-DHE-RSA-WITH-AES-256-CBC-SHA" );
3331
3332	#if defined(POLARSSL_SHA2_C)
3333	case TLS_RSA_WITH_AES_128_CBC_SHA2560x3C:
3334	return( "TLS-RSA-WITH-AES-128-CBC-SHA256" );
3335
3336	case TLS_RSA_WITH_AES_256_CBC_SHA2560x3D:
3337	return( "TLS-RSA-WITH-AES-256-CBC-SHA256" );
3338
3339	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA2560x67:
3340	return( "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256" );
3341
3342	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA2560x6B:
3343	return( "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" );
3344	#endif
3345
3346	#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
3347	case TLS_RSA_WITH_AES_128_GCM_SHA2560x9C:
3348	return( "TLS-RSA-WITH-AES-128-GCM-SHA256" );
3349
3350	case TLS_RSA_WITH_AES_256_GCM_SHA3840x9D:
3351	return( "TLS-RSA-WITH-AES-256-GCM-SHA384" );
3352	#endif
3353
3354	#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
3355	case TLS_DHE_RSA_WITH_AES_128_GCM_SHA2560x9E:
3356	return( "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256" );
3357
3358	case TLS_DHE_RSA_WITH_AES_256_GCM_SHA3840x9F:
3359	return( "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" );
3360	#endif
3361	#endif /* POLARSSL_AES_C */
3362
3363	#if defined(POLARSSL_CAMELLIA_C)
3364	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA0x41:
3365	return( "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" );
3366
3367	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA0x45:
3368	return( "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA" );
3369
3370	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA0x84:
3371	return( "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA" );
3372
3373	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA0x88:
3374	return( "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA" );
3375
3376	#if defined(POLARSSL_SHA2_C)
3377	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBA:
3378	return( "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256" );
3379
3380	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBE:
3381	return( "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256" );
3382
3383	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC0:
3384	return( "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256" );
3385
3386	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC4:
3387	return( "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256" );
3388	#endif
3389	#endif
3390
3391	#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
3392	#if defined(POLARSSL_CIPHER_NULL_CIPHER)
3393	case TLS_RSA_WITH_NULL_MD50x01:
3394	return( "TLS-RSA-WITH-NULL-MD5" );
3395	case TLS_RSA_WITH_NULL_SHA0x02:
3396	return( "TLS-RSA-WITH-NULL-SHA" );
3397	case TLS_RSA_WITH_NULL_SHA2560x3B:
3398	return( "TLS-RSA-WITH-NULL-SHA256" );
3399	#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
3400
3401	#if defined(POLARSSL_DES_C)
3402	case TLS_RSA_WITH_DES_CBC_SHA0x09:
3403	return( "TLS-RSA-WITH-DES-CBC-SHA" );
3404	case TLS_DHE_RSA_WITH_DES_CBC_SHA0x15:
3405	return( "TLS-DHE-RSA-WITH-DES-CBC-SHA" );
3406	#endif
3407	#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
3408
3409	default:
3410	break;
3411	}
3412
3413	return( "unknown" );
3414	}
3415
3416	int ssl_get_ciphersuite_id( const char *ciphersuite_name )
3417	{
3418	#if defined(POLARSSL_ARC4_C)
3419	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-RC4-128-MD5"))
3420	return( TLS_RSA_WITH_RC4_128_MD50x04 );
3421	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-RC4-128-SHA"))
3422	return( TLS_RSA_WITH_RC4_128_SHA0x05 );
3423	#endif
3424
3425	#if defined(POLARSSL_DES_C)
3426	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-3DES-EDE-CBC-SHA"))
3427	return( TLS_RSA_WITH_3DES_EDE_CBC_SHA0x0A );
3428	if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"))
3429	return( TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA0x16 );
3430	#endif
3431
3432	#if defined(POLARSSL_AES_C)
3433	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-CBC-SHA"))
3434	return( TLS_RSA_WITH_AES_128_CBC_SHA0x2F );
3435	if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA"))
3436	return( TLS_DHE_RSA_WITH_AES_128_CBC_SHA0x33 );
3437	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-CBC-SHA"))
3438	return( TLS_RSA_WITH_AES_256_CBC_SHA0x35 );
3439	if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA"))
3440	return( TLS_DHE_RSA_WITH_AES_256_CBC_SHA0x39 );
3441
3442	#if defined(POLARSSL_SHA2_C)
3443	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-CBC-SHA256"))
3444	return( TLS_RSA_WITH_AES_128_CBC_SHA2560x3C );
3445	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-CBC-SHA256"))
3446	return( TLS_RSA_WITH_AES_256_CBC_SHA2560x3D );
3447	if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256"))
3448	return( TLS_DHE_RSA_WITH_AES_128_CBC_SHA2560x67 );
3449	if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"))
3450	return( TLS_DHE_RSA_WITH_AES_256_CBC_SHA2560x6B );
3451	#endif
3452
3453	#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
3454	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-GCM-SHA256"))
3455	return( TLS_RSA_WITH_AES_128_GCM_SHA2560x9C );
3456	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-GCM-SHA384"))
3457	return( TLS_RSA_WITH_AES_256_GCM_SHA3840x9D );
3458	#endif
3459
3460	#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
3461	if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256"))
3462	return( TLS_DHE_RSA_WITH_AES_128_GCM_SHA2560x9E );
3463	if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384"))
3464	return( TLS_DHE_RSA_WITH_AES_256_GCM_SHA3840x9F );
3465	#endif
3466	#endif
3467
3468	#if defined(POLARSSL_CAMELLIA_C)
3469	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"))
3470	return( TLS_RSA_WITH_CAMELLIA_128_CBC_SHA0x41 );
3471	if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA"))
3472	return( TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA0x45 );
3473	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA"))
3474	return( TLS_RSA_WITH_CAMELLIA_256_CBC_SHA0x84 );
3475	if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA"))
3476	return( TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA0x88 );
3477
3478	#if defined(POLARSSL_SHA2_C)
3479	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256"))
3480	return( TLS_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBA );
3481	if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"))
3482	return( TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBE );
3483	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256"))
3484	return( TLS_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC0 );
3485	if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256"))
3486	return( TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC4 );
3487	#endif
3488	#endif
3489
3490	#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
3491	#if defined(POLARSSL_CIPHER_NULL_CIPHER)
3492	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-MD5"))
3493	return( TLS_RSA_WITH_NULL_MD50x01 );
3494	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-SHA"))
3495	return( TLS_RSA_WITH_NULL_SHA0x02 );
3496	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-SHA256"))
3497	return( TLS_RSA_WITH_NULL_SHA2560x3B );
3498	#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
3499
3500	#if defined(POLARSSL_DES_C)
3501	if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-DES-CBC-SHA"))
3502	return( TLS_RSA_WITH_DES_CBC_SHA0x09 );
3503	if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-DES-CBC-SHA"))
3504	return( TLS_DHE_RSA_WITH_DES_CBC_SHA0x15 );
3505	#endif
3506	#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
3507
3508	return( 0 );
3509	}
3510
3511	const char ssl_get_ciphersuite( const ssl_context ssl )
3512	{
3513	if( ssl == NULL((void)0) \|\| ssl->session == NULL((void)0) )
3514	return NULL((void*)0);
3515
3516	return ssl_get_ciphersuite_name( ssl->session->ciphersuite );
3517	}
3518
3519	const char ssl_get_version( const ssl_context ssl )
3520	{
3521	switch( ssl->minor_ver )
3522	{
3523	case SSL_MINOR_VERSION_00:
3524	return( "SSLv3.0" );
3525
3526	case SSL_MINOR_VERSION_11:
3527	return( "TLSv1.0" );
3528
3529	case SSL_MINOR_VERSION_22:
3530	return( "TLSv1.1" );
3531
3532	case SSL_MINOR_VERSION_33:
3533	return( "TLSv1.2" );
3534
3535	default:
3536	break;
3537	}
3538	return( "unknown" );
3539	}
3540
3541	const x509_cert ssl_get_peer_cert( const ssl_context ssl )
3542	{
3543	if( ssl == NULL((void)0) \|\| ssl->session == NULL((void)0) )
3544	return NULL((void*)0);
3545
3546	return ssl->session->peer_cert;
3547	}
3548
3549	const int ssl_default_ciphersuites[] =
3550	{
3551	#if defined(POLARSSL_DHM_C)
3552	#if defined(POLARSSL_AES_C)
3553	#if defined(POLARSSL_SHA2_C)
3554	TLS_DHE_RSA_WITH_AES_256_CBC_SHA2560x6B,
3555	#endif /* POLARSSL_SHA2_C */
3556	#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
3557	TLS_DHE_RSA_WITH_AES_256_GCM_SHA3840x9F,
3558	#endif
3559	TLS_DHE_RSA_WITH_AES_256_CBC_SHA0x39,
3560	#if defined(POLARSSL_SHA2_C)
3561	TLS_DHE_RSA_WITH_AES_128_CBC_SHA2560x67,
3562	#endif
3563	#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
3564	TLS_DHE_RSA_WITH_AES_128_GCM_SHA2560x9E,
3565	#endif
3566	TLS_DHE_RSA_WITH_AES_128_CBC_SHA0x33,
3567	#endif
3568	#if defined(POLARSSL_CAMELLIA_C)
3569	#if defined(POLARSSL_SHA2_C)
3570	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC4,
3571	#endif /* POLARSSL_SHA2_C */
3572	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA0x88,
3573	#if defined(POLARSSL_SHA2_C)
3574	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBE,
3575	#endif /* POLARSSL_SHA2_C */
3576	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA0x45,
3577	#endif
3578	#if defined(POLARSSL_DES_C)
3579	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA0x16,
3580	#endif
3581	#endif
3582
3583	#if defined(POLARSSL_AES_C)
3584	#if defined(POLARSSL_SHA2_C)
3585	TLS_RSA_WITH_AES_256_CBC_SHA2560x3D,
3586	#endif /* POLARSSL_SHA2_C */
3587	#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
3588	TLS_RSA_WITH_AES_256_GCM_SHA3840x9D,
3589	#endif /* POLARSSL_SHA2_C */
3590	TLS_RSA_WITH_AES_256_CBC_SHA0x35,
3591	#endif
3592	#if defined(POLARSSL_CAMELLIA_C)
3593	#if defined(POLARSSL_SHA2_C)
3594	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA2560xC0,
3595	#endif /* POLARSSL_SHA2_C */
3596	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA0x84,
3597	#endif
3598	#if defined(POLARSSL_AES_C)
3599	#if defined(POLARSSL_SHA2_C)
3600	TLS_RSA_WITH_AES_128_CBC_SHA2560x3C,
3601	#endif /* POLARSSL_SHA2_C */
3602	#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
3603	TLS_RSA_WITH_AES_128_GCM_SHA2560x9C,
3604	#endif /* POLARSSL_SHA2_C */
3605	TLS_RSA_WITH_AES_128_CBC_SHA0x2F,
3606	#endif
3607	#if defined(POLARSSL_CAMELLIA_C)
3608	#if defined(POLARSSL_SHA2_C)
3609	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA2560xBA,
3610	#endif /* POLARSSL_SHA2_C */
3611	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA0x41,
3612	#endif
3613	#if defined(POLARSSL_DES_C)
3614	TLS_RSA_WITH_3DES_EDE_CBC_SHA0x0A,
3615	#endif
3616	#if defined(POLARSSL_ARC4_C)
3617	TLS_RSA_WITH_RC4_128_SHA0x05,
3618	TLS_RSA_WITH_RC4_128_MD50x04,
3619	#endif
3620	0
3621	};
3622
3623	/*
3624	* Perform a single step of the SSL handshake
3625	*/
3626	int ssl_handshake_step( ssl_context *ssl )
3627	{
3628	int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE-0x7080;
3629
3630	#if defined(POLARSSL_SSL_CLI_C)
3631	if( ssl->endpoint == SSL_IS_CLIENT0 )
3632	ret = ssl_handshake_client_step( ssl );
3633	#endif
3634
3635	#if defined(POLARSSL_SSL_SRV_C)
3636	if( ssl->endpoint == SSL_IS_SERVER1 )
3637	ret = ssl_handshake_server_step( ssl );
3638	#endif
3639
3640	return( ret );
3641	}
3642
3643	/*
3644	* Perform the SSL handshake
3645	*/
3646	int ssl_handshake( ssl_context *ssl )
3647	{
3648	int ret = 0;
3649
3650	SSL_DEBUG_MSG( 2, ( "=> handshake" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3650, debug_fmt ( "=> handshake" ) );;
3651
3652	while( ssl->state != SSL_HANDSHAKE_OVER )
3653	{
3654	ret = ssl_handshake_step( ssl );
3655
3656	if( ret != 0 )
3657	break;
3658	}
3659
3660	SSL_DEBUG_MSG( 2, ( "<= handshake" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3660, debug_fmt ( "<= handshake" ) );;
3661
3662	return( ret );
3663	}
3664
3665	/*
3666	* Renegotiate current connection
3667	*/
3668	int ssl_renegotiate( ssl_context *ssl )
3669	{
3670	int ret;
3671
3672	SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3672, debug_fmt ( "=> renegotiate" ) );;
3673
3674	if( ssl->state != SSL_HANDSHAKE_OVER )
3675	return( POLARSSL_ERR_SSL_BAD_INPUT_DATA-0x7100 );
3676
3677	ssl->state = SSL_HELLO_REQUEST;
3678	ssl->renegotiation = SSL_RENEGOTIATION1;
3679
3680	if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
3681	return( ret );
3682
3683	if( ( ret = ssl_handshake( ssl ) ) != 0 )
3684	{
3685	SSL_DEBUG_RET( 1, "ssl_handshake", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3685, "ssl_handshake", ret );;
3686	return( ret );
3687	}
3688
3689	SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3689, debug_fmt ( "<= renegotiate" ) );;
3690
3691	return( 0 );
3692	}
3693
3694	/*
3695	* Receive application data decrypted from the SSL layer
3696	*/
3697	int ssl_read( ssl_context ssl, unsigned char buf, size_t len )
3698	{
3699	int ret;
3700	size_t n;
3701
3702	SSL_DEBUG_MSG( 2, ( "=> read" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3702, debug_fmt ( "=> read" ) );;
3703
3704	if( ssl->state != SSL_HANDSHAKE_OVER )
3705	{
3706	if( ( ret = ssl_handshake( ssl ) ) != 0 )
3707	{
3708	SSL_DEBUG_RET( 1, "ssl_handshake", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3708, "ssl_handshake", ret );;
3709	return( ret );
3710	}
3711	}
3712
3713	if( ssl->in_offt == NULL((void*)0) )
3714	{
3715	if( ( ret = ssl_read_record( ssl ) ) != 0 )
3716	{
3717	if( ret == POLARSSL_ERR_SSL_CONN_EOF-0x7280 )
3718	return( 0 );
3719
3720	SSL_DEBUG_RET( 1, "ssl_read_record", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3720, "ssl_read_record", ret );;
3721	return( ret );
3722	}
3723
3724	if( ssl->in_msglen == 0 &&
3725	ssl->in_msgtype == SSL_MSG_APPLICATION_DATA23 )
3726	{
3727	/*
3728	* OpenSSL sends empty messages to randomize the IV
3729	*/
3730	if( ( ret = ssl_read_record( ssl ) ) != 0 )
3731	{
3732	if( ret == POLARSSL_ERR_SSL_CONN_EOF-0x7280 )
3733	return( 0 );
3734
3735	SSL_DEBUG_RET( 1, "ssl_read_record", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3735, "ssl_read_record", ret );;
3736	return( ret );
3737	}
3738	}
3739
3740	if( ssl->in_msgtype == SSL_MSG_HANDSHAKE22 )
3741	{
3742	SSL_DEBUG_MSG( 1, ( "received handshake message" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3742, debug_fmt ( "received handshake message" ) );;
3743
3744	if( ssl->endpoint == SSL_IS_CLIENT0 &&
3745	( ssl->in_msg[0] != SSL_HS_HELLO_REQUEST0 \|\|
3746	ssl->in_hslen != 4 ) )
3747	{
3748	SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3748, debug_fmt ( "handshake received (not HelloRequest)" ) );;
3749	return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE-0x7700 );
3750	}
3751
3752	if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED0 \|\|
3753	( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION0 &&
3754	ssl->allow_legacy_renegotiation == SSL_LEGACY_NO_RENEGOTIATION0 ) )
3755	{
3756	SSL_DEBUG_MSG( 3, ( "ignoring renegotiation, sending alert" ) )debug_print_msg( ssl, 3, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3756, debug_fmt ( "ignoring renegotiation, sending alert" ) );;
3757
3758	if( ssl->minor_ver == SSL_MINOR_VERSION_00 )
3759	{
3760	/*
3761	* SSLv3 does not have a "no_renegotiation" alert
3762	*/
3763	if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
3764	return( ret );
3765	}
3766	else
3767	{
3768	if( ( ret = ssl_send_alert_message( ssl,
3769	SSL_ALERT_LEVEL_WARNING1,
3770	SSL_ALERT_MSG_NO_RENEGOTIATION100 ) ) != 0 )
3771	{
3772	return( ret );
3773	}
3774	}
3775	}
3776	else
3777	{
3778	if( ( ret = ssl_renegotiate( ssl ) ) != 0 )
3779	{
3780	SSL_DEBUG_RET( 1, "ssl_renegotiate", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3780, "ssl_renegotiate", ret );;
3781	return( ret );
3782	}
3783
3784	return( POLARSSL_ERR_NET_WANT_READ-0x0052 );
3785	}
3786	}
3787	else if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA23 )
3788	{
3789	SSL_DEBUG_MSG( 1, ( "bad application data message" ) )debug_print_msg( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3789, debug_fmt ( "bad application data message" ) );;
3790	return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE-0x7700 );
3791	}
3792
3793	ssl->in_offt = ssl->in_msg;
3794	}
3795
3796	n = ( len < ssl->in_msglen )
3797	? len : ssl->in_msglen;
3798
3799	memcpy( buf, ssl->in_offt, n );
3800	ssl->in_msglen -= n;
3801
3802	if( ssl->in_msglen == 0 )
3803	/* all bytes consumed */
3804	ssl->in_offt = NULL((void*)0);
3805	else
3806	/* more data available */
3807	ssl->in_offt += n;
3808
3809	SSL_DEBUG_MSG( 2, ( "<= read" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3809, debug_fmt ( "<= read" ) );;
3810
3811	return( (int) n );
3812	}
3813
3814	/*
3815	* Send application data to be encrypted by the SSL layer
3816	*/
3817	int ssl_write( ssl_context ssl, const unsigned char buf, size_t len )
3818	{
3819	int ret;
3820	size_t n;
3821
3822	SSL_DEBUG_MSG( 2, ( "=> write" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3822, debug_fmt ( "=> write" ) );;
3823
3824	if( ssl->state != SSL_HANDSHAKE_OVER )
3825	{
3826	if( ( ret = ssl_handshake( ssl ) ) != 0 )
3827	{
3828	SSL_DEBUG_RET( 1, "ssl_handshake", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3828, "ssl_handshake", ret );;
3829	return( ret );
3830	}
3831	}
3832
3833	n = ( len < SSL_MAX_CONTENT_LEN16384 )
3834	? len : SSL_MAX_CONTENT_LEN16384;
3835
3836	if( ssl->out_left != 0 )
3837	{
3838	if( ( ret = ssl_flush_output( ssl ) ) != 0 )
3839	{
3840	SSL_DEBUG_RET( 1, "ssl_flush_output", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3840, "ssl_flush_output", ret );;
3841	return( ret );
3842	}
3843	}
3844	else
3845	{
3846	ssl->out_msglen = n;
3847	ssl->out_msgtype = SSL_MSG_APPLICATION_DATA23;
3848	memcpy( ssl->out_msg, buf, n );
3849
3850	if( ( ret = ssl_write_record( ssl ) ) != 0 )
3851	{
3852	SSL_DEBUG_RET( 1, "ssl_write_record", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3852, "ssl_write_record", ret );;
3853	return( ret );
3854	}
3855	}
3856
3857	SSL_DEBUG_MSG( 2, ( "<= write" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3857, debug_fmt ( "<= write" ) );;
3858
3859	return( (int) n );
3860	}
3861
3862	/*
3863	* Notify the peer that the connection is being closed
3864	*/
3865	int ssl_close_notify( ssl_context *ssl )
3866	{
3867	int ret;
3868
3869	SSL_DEBUG_MSG( 2, ( "=> write close notify" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3869, debug_fmt ( "=> write close notify" ) );;
3870
3871	if( ( ret = ssl_flush_output( ssl ) ) != 0 )
3872	{
3873	SSL_DEBUG_RET( 1, "ssl_flush_output", ret )debug_print_ret( ssl, 1, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3873, "ssl_flush_output", ret );;
3874	return( ret );
3875	}
3876
3877	if( ssl->state == SSL_HANDSHAKE_OVER )
3878	{
3879	if( ( ret = ssl_send_alert_message( ssl,
3880	SSL_ALERT_LEVEL_WARNING1,
3881	SSL_ALERT_MSG_CLOSE_NOTIFY0 ) ) != 0 )
3882	{
3883	return( ret );
3884	}
3885	}
3886
3887	SSL_DEBUG_MSG( 2, ( "<= write close notify" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3887, debug_fmt ( "<= write close notify" ) );;
3888
3889	return( ret );
3890	}
3891
3892	void ssl_transform_free( ssl_transform *transform )
3893	{
3894	#if defined(POLARSSL_ZLIB_SUPPORT)
3895	deflateEnd( &transform->ctx_deflate );
3896	inflateEnd( &transform->ctx_inflate );
3897	#endif
3898
3899	memset( transform, 0, sizeof( ssl_transform ) );
3900	}
3901
3902	void ssl_handshake_free( ssl_handshake_params *handshake )
3903	{
3904	#if defined(POLARSSL_DHM_C)
3905	dhm_free( &handshake->dhm_ctx );
3906	#endif
3907	memset( handshake, 0, sizeof( ssl_handshake_params ) );
3908	}
3909
3910	void ssl_session_free( ssl_session *session )
3911	{
3912	if( session->peer_cert != NULL((void*)0) )
3913	{
3914	x509_free( session->peer_cert );
3915	free( session->peer_cert );
3916	}
3917
3918	memset( session, 0, sizeof( ssl_session ) );
3919	}
3920
3921	/*
3922	* Free an SSL context
3923	*/
3924	void ssl_free( ssl_context *ssl )
3925	{
3926	SSL_DEBUG_MSG( 2, ( "=> free" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3926, debug_fmt ( "=> free" ) );;
3927
3928	free( ssl->ciphersuites );
3929
3930	if( ssl->out_ctr != NULL((void*)0) )
3931	{
3932	memset( ssl->out_ctr, 0, SSL_BUFFER_LEN(16384 + 0 + 512) );
3933	free( ssl->out_ctr );
3934	}
3935
3936	if( ssl->in_ctr != NULL((void*)0) )
3937	{
3938	memset( ssl->in_ctr, 0, SSL_BUFFER_LEN(16384 + 0 + 512) );
3939	free( ssl->in_ctr );
3940	}
3941
3942	#if defined(POLARSSL_DHM_C)
3943	mpi_free( &ssl->dhm_P );
3944	mpi_free( &ssl->dhm_G );
3945	#endif
3946
3947	if( ssl->transform )
3948	{
3949	ssl_transform_free( ssl->transform );
3950	free( ssl->transform );
3951	}
3952
3953	if( ssl->handshake )
3954	{
3955	ssl_handshake_free( ssl->handshake );
3956	ssl_transform_free( ssl->transform_negotiate );
3957	ssl_session_free( ssl->session_negotiate );
3958
3959	free( ssl->handshake );
3960	free( ssl->transform_negotiate );
3961	free( ssl->session_negotiate );
3962	}
3963
3964	if( ssl->session )
3965	{
3966	ssl_session_free( ssl->session );
3967	free( ssl->session );
3968	}
3969
3970	if ( ssl->hostname != NULL((void*)0))
3971	{
3972	memset( ssl->hostname, 0, ssl->hostname_len );
3973	free( ssl->hostname );
3974	ssl->hostname_len = 0;
3975	}
3976
3977	#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
3978	if( ssl_hw_record_finish != NULL((void*)0) )
3979	{
3980	SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_finish()" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3980, debug_fmt ( "going for ssl_hw_record_finish()" ) );;
3981	ssl_hw_record_finish( ssl );
3982	}
3983	#endif
3984
3985	SSL_DEBUG_MSG( 2, ( "<= free" ) )debug_print_msg( ssl, 2, "/home/anal/dolphin-emu/Externals/polarssl/library/ssl_tls.c" , 3985, debug_fmt ( "<= free" ) );;
3986
3987	/* Actually clear after last debug message */
3988	memset( ssl, 0, sizeof( ssl_context ) );
3989	}
3990
3991	#endif