39 destroyHandshakeCryptInfo( handshakeInfo );
54 initSSLserverProcessing( handshakeInfo );
56 initSSLclientProcessing( handshakeInfo );
57 handshakeInfo->originalVersion = sessionInfoPtr->version;
58 return( initHandshakeCryptInfo( handshakeInfo,
75 status = sgetc( stream );
80 return( readUint16( stream ) );
92 return( writeUint16( stream, length ) );
111 assert(
isWritePtr( valueLen,
sizeof(
int ) ) );
116 memset( value, 0,
min( 16, valueMaxLen ) );
121 status = length = sgetc( stream );
131 return( sread( stream, value, length ) );
161 #ifdef CONFIG_SUITEB_TESTS
162 if( suiteBTestValue == SUITEB_TEST_SVRINVALIDCURVE && \
176 if( ( ( sessionInfoPtr->protocolFlags & \
188 #ifdef CONFIG_SUITEB_TESTS
195 SUITEB_TEST_VALUE suiteBTestValue = SUITEB_TEST_NONE;
198 int sslSuiteBTestConfig(
const int magicValue )
200 REQUIRES( ( magicValue >= SUITEB_TEST_NONE && \
201 magicValue < SUITEB_TEST_LAST ) || \
202 magicValue == 1000 );
205 if( magicValue == 1000 )
207 suiteBTestClientCert =
TRUE;
212 suiteBTestValue = magicValue;
213 if( magicValue == 0 )
217 suiteBTestClientCert =
FALSE;
248 findSessionInfo( sessionInfoPtr->attributeList,
253 const char *peerTypeName = isServer ?
"Client" :
"Server";
256 const char *requiredLengthString = NULL;
258 int certAlgo, certFingerprintLength, chainLength,
length,
status;
269 status = checkHSPacketHeader( sessionInfoPtr, stream, &length,
274 if( isServer && ( length == 0 || length ==
LENGTH_SIZE ) )
294 "Received TLS alert message: No certificate" ) );
296 status = chainLength = readUint24( stream );
301 "Invalid certificate chain" ) );
307 "Invalid certificate chain length %d, should be %d",
314 status = importCertFromStream( stream, &iLocalCertChain,
316 CRYPT_ICERTTYPE_SSL_CERTCHAIN,
328 "%s provided a broken/invalid certificate, try again "
329 "with a reduced level of certificate compliance "
330 "checking", peerTypeName ) );
345 if( fingerprintPtr != NULL )
351 CRYPT_CERTINFO_FINGERPRINT_SHA2 : \
352 CRYPT_CERTINFO_FINGERPRINT_SHA1;
358 &msgData, fingerprintAttribute );
371 certFingerprintLength = msgData.
length;
372 if( !isServer && certAlgo != handshakeInfo->authAlgo )
377 "Server key algorithm %d doesn't match negotiated "
378 "algorithm %d", certAlgo, handshakeInfo->authAlgo ) );
383 if( fingerprintPtr != NULL )
388 if( fingerprintPtr->
valueLength != certFingerprintLength || \
389 memcmp( fingerprintPtr->value, certFingerprint,
390 certFingerprintLength ) )
395 "%s key didn't match key fingerprint", peerTypeName ) );
403 ( void ) addSessionInfoS( &sessionInfoPtr->attributeList,
405 certFingerprint, certFingerprintLength );
426 "%s provided a key incapable of being used for %s",
428 isServer ?
"client authentication" : \
429 isKeyxAlgo( certAlgo ) ?
"key exchange authentication" : \
451 requiredLengthString =
"256- or 384";
457 requiredLengthString =
"384";
463 if( requiredLengthString != NULL )
468 "%s provided a %d-bit Suite B key, should have been a "
470 requiredLengthString ) );
474 *iCertChain = iLocalCertChain;
496 status = writeUint24( stream, 0 );
499 return( completeHSPacketStream( stream, packetOffset ) );
503 status = writeUint24( stream, 0 );
506 certListOffset = stell( stream );
507 status = exportCertToStream( stream, sessionInfoPtr->privateKey,
508 CRYPT_ICERTFORMAT_SSL_CERTCHAIN );
512 certListEndPos = stell( stream );
516 status = writeUint24( stream, certListEndPos - certListOffset );
517 sseek( stream, certListEndPos );
520 return( completeHSPacketStream( stream, packetOffset ) );
536 sendCloseAlert( sessionInfoPtr,
FALSE );
537 sNetDisconnect( &sessionInfoPtr->stream );
545 const BOOLEAN cleanupSecurityContexts,
549 assert( handshakeInfo == NULL || \
554 sendHandshakeFailAlert( sessionInfoPtr );
555 if( cleanupSecurityContexts )
556 destroySecurityContextsSSL( sessionInfoPtr );
557 if( handshakeInfo != NULL )
558 destroyHandshakeInfo( handshakeInfo );
559 sNetDisconnect( &sessionInfoPtr->stream );
581 "TLS 1.2 and newer require the SHA-2 hash algorithms which "
582 "aren't available in this build of cryptlib" ) );
586 status = initHandshakeInfo( sessionInfoPtr, &handshakeInfo, isServer );
588 status = handshakeInfo.beginHandshake( sessionInfoPtr,
593 resumedSession =
TRUE;
596 return( abortStartup( sessionInfoPtr, &handshakeInfo,
FALSE,
602 if( !resumedSession )
604 status = handshakeInfo.exchangeKeys( sessionInfoPtr,
607 return( abortStartup( sessionInfoPtr, &handshakeInfo,
TRUE,
612 status = completeHandshakeSSL( sessionInfoPtr, &handshakeInfo, !isServer,
614 destroyHandshakeInfo( &handshakeInfo );
616 return( abortStartup( sessionInfoPtr, NULL,
TRUE, status ) );
627 return( commonStartup( sessionInfoPtr,
FALSE ) );
636 return( commonStartup( sessionInfoPtr,
TRUE ) );
652 sessionInfoPtr->iKeyexAuthContext : sessionInfoPtr->iKeyexCryptContext;
687 SSL_INFO *sslInfo = sessionInfoPtr->sessionSSL;
688 const int value = *( (
int * ) data );
691 CRYPT_SSLOPTION_SUITEB_256 );
731 CRYPT_SSLOPTION_MINVER_TLS11 | \
732 CRYPT_SSLOPTION_MINVER_TLS12 );
747 assert(
isReadPtr( data,
sizeof(
int ) ) );
790 return( checkSuiteBKey( sessionInfoPtr, cryptContext, pkcAlgo ) );
814 SSL_INFO *sslInfo = sessionInfoPtr->sessionSSL;
825 status = readFixedHeader( sessionInfoPtr, sslInfo->headerBuffer,
826 sessionInfoPtr->receiveBufStartOfs );
832 return( ( status ==
OK_SPECIAL ) ? 0 : status );
841 return( processAlert( sessionInfoPtr, sslInfo->headerBuffer,
842 sessionInfoPtr->receiveBufStartOfs ) );
845 sMemConnect( &stream, sslInfo->headerBuffer,
846 sessionInfoPtr->receiveBufStartOfs );
847 status = checkPacketHeaderSSL( sessionInfoPtr, &stream, &packetLength );
848 sMemDisconnect( &stream );
853 sessionInfoPtr->pendingPacketLength =
\
882 status = unwrapPacketSSL( sessionInfoPtr,
883 sessionInfoPtr->receiveBuffer + \
884 sessionInfoPtr->receiveBufPos,
885 sessionInfoPtr->pendingPacketLength,
891 sessionInfoPtr->receiveBufEnd = sessionInfoPtr->receiveBufPos;
892 sessionInfoPtr->pendingPacketLength = 0;
898 status = unwrapPacketSSL( sessionInfoPtr,
899 sessionInfoPtr->receiveBuffer + \
900 sessionInfoPtr->receiveBufPos,
901 sessionInfoPtr->pendingPacketLength,
932 status = openPacketStreamSSL( &stream, sessionInfoPtr, 0,
936 sMemDisconnect( &stream );
937 sMemConnect( &stream, sessionInfoPtr->sendBuffer,
938 sessionInfoPtr->sendBufSize );
939 status = sSkip( &stream, sessionInfoPtr->sendBufPos );
941 status = wrapPacketSSL( sessionInfoPtr, &stream, 0 );
943 status = stell( &stream );
944 sMemDisconnect( &stream );
979 SESSION_NEEDS_KEYORPASSWORD,
1013 sessionInfoPtr->shutdownFunction = shutdownFunction;
1014 sessionInfoPtr->transactFunction =
isServer( sessionInfoPtr ) ? \
1015 serverStartup : clientStartup;
1016 sessionInfoPtr->getAttributeFunction = getAttributeFunction;
1017 sessionInfoPtr->setAttributeFunction = setAttributeFunction;
1018 sessionInfoPtr->checkAttributeFunction = checkAttributeFunction;
1019 sessionInfoPtr->readHeaderFunction = readHeaderFunction;
1020 sessionInfoPtr->processBodyFunction = processBodyFunction;
1021 sessionInfoPtr->preparePacketFunction = preparePacketFunction;