36 int sessionIDlength,
status;
43 status = sessionIDlength = sgetc( stream );
48 "Invalid session ID information" ) );
50 if( sessionIDlength <= 0 )
59 "Invalid session ID length %d, should be 1...%d",
60 sessionIDlength, MAX_SESSIONID_SIZE ) );
62 status = sread( stream, sessionID, sessionIDlength );
67 "Invalid session ID data" ) );
77 memcpy( handshakeInfo->sessionID, sessionID, sessionIDlength );
78 handshakeInfo->sessionIDlength = sessionIDlength;
95 const int cipherSuite,
100 const char *precedenceString = isFirstSuite ?
"First" :
"Second";
101 const char *suiteName = NULL;
115 suiteName =
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
120 suiteName =
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
133 suiteName =
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
144 if( suiteName != NULL )
148 "%s cipher suite for Suite B at the %d-bit security "
149 "level must be %s", precedenceString,
163 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite "
164 "can't be offered at the 256-bit security level" ) );
191 handshakeInfo->cipherSuite = cipherSuiteInfoPtr->
cipherSuite;
192 handshakeInfo->keyexAlgo = cipherSuiteInfoPtr->
keyexAlgo;
193 handshakeInfo->authAlgo = cipherSuiteInfoPtr->
authAlgo;
194 handshakeInfo->cryptKeysize = cipherSuiteInfoPtr->
cryptKeySize;
195 sessionInfoPtr->cryptAlgo = cipherSuiteInfoPtr->
cryptAlgo;
196 sessionInfoPtr->integrityAlgo = cipherSuiteInfoPtr->
macAlgo;
197 handshakeInfo->integrityAlgoParam = cipherSuiteInfoPtr->
macParam;
202 sessionInfoPtr->integrityAlgo = \
206 sessionInfoPtr->authBlocksize = cipherSuiteInfoPtr->
macBlockSize;
210 sessionInfoPtr->cryptBlocksize = 1;
218 sessionInfoPtr->cryptAlgo );
221 sessionInfoPtr->cryptBlocksize = queryInfo.
blockSize;
247 int cipherSuiteInfoSize, suiteIndex = 999, altSuiteIndex = 999;
264 if( isServer && sessionInfoPtr->privateKey !=
CRYPT_ERROR )
274 allowDH = allowECC =
FALSE;
282 allowECC = allowRSA =
FALSE;
292 for( i = 0; i < noSuites; i++ )
295 int newSuite, newSuiteIndex;
297 #ifdef ALLOW_SSLV2_HELLO
302 if( handshakeInfo->isSSLv2 )
304 newSuite = sgetc( stream );
309 "Invalid cipher suite information" ) );
313 readUint16( stream );
320 status = newSuite = readUint16( stream );
325 "Invalid cipher suite information" ) );
332 if( !isServer && suiteIndex >= cipherSuiteInfoSize && \
337 "Server rejected attempt to connect using "
338 "non-crippled encryption" ) );
344 if( newSuite < SSL_FIRST_VALID_SUITE || newSuite >=
SSL_LAST_SUITE )
356 for( newSuiteIndex = 0;
357 newSuiteIndex < cipherSuiteInfoSize && \
361 if( cipherSuiteInfo[ newSuiteIndex ]->cipherSuite == newSuite )
363 cipherSuiteInfoPtr = cipherSuiteInfo[ newSuiteIndex ];
367 ENSURES( newSuiteIndex < cipherSuiteInfoSize );
370 ( i == 0 || i == 1 ) )
372 status = checkSuiteBSuiteSelection( \
373 ( cipherSuiteInfoPtr == NULL ) ? \
382 if( cipherSuiteInfoPtr == NULL )
391 if( newSuiteIndex > altSuiteIndex )
396 if( newSuiteIndex > suiteIndex )
434 if( isServer && sessionInfoPtr->privateKey ==
CRYPT_ERROR && \
450 if( newSuiteIndex < altSuiteIndex )
451 altSuiteIndex = newSuiteIndex;
455 if( newSuiteIndex < suiteIndex )
456 suiteIndex = newSuiteIndex;
463 if( suiteIndex >= cipherSuiteInfoSize )
465 suiteIndex = altSuiteIndex;
473 if( suiteIndex >= cipherSuiteInfoSize && \
474 altSuiteIndex >= cipherSuiteInfoSize )
478 "No encryption mechanism compatible with the remote "
479 "system could be found" ) );
483 status = setSuiteInfo( sessionInfoPtr, handshakeInfo,
484 cipherSuiteInfo[ suiteIndex ] );
491 if( altSuiteIndex < cipherSuiteInfoSize )
495 handshakeInfo->eccSuiteInfoPtr = cipherSuiteInfo[ altSuiteIndex ];
541 status = checkHSPacketHeader( sessionInfoPtr, stream, &length,
548 status = checkHSPacketHeader( sessionInfoPtr, stream, &length,
555 endPos = stell( stream ) +
length;
556 status = processVersionInfo( sessionInfoPtr, stream,
558 &handshakeInfo->clientOfferedVersion : \
596 status = sread( stream, isServer ? \
597 handshakeInfo->clientNonce : \
600 status = processSessionID( sessionInfoPtr, handshakeInfo, stream );
604 potentiallyResumedSession =
TRUE;
614 status = suiteLength = readUint16( stream );
619 "Invalid cipher suite information" ) );
627 "Invalid cipher suite length %d",
632 status = processCipherSuite( sessionInfoPtr, handshakeInfo, stream,
644 status = suiteLength = sgetc( stream );
649 "Invalid compression suite information" ) );
651 if( suiteLength < 1 || suiteLength > 20 )
655 "Invalid compression suite length %d, should be "
656 "1...20", suiteLength ) );
659 status = sSkip( stream, suiteLength );
664 "Invalid compression algorithm information" ) );
669 if( endPos - stell( stream ) > 0 )
673 if( extensionLength < UINT16_SIZE || \
678 "TLS hello contains %d bytes extraneous data",
681 status = readExtensions( sessionInfoPtr, handshakeInfo, stream,
685 handshakeInfo->hasExtensions =
TRUE;
694 if( handshakeInfo->disableECC )
699 if(
isEccAlgo( handshakeInfo->keyexAlgo ) )
703 "Client specified use of an ECC cipher suite but "
704 "didn't provide any compatible ECC parameters" ) );
714 if( handshakeInfo->eccSuiteInfoPtr != NULL )
716 status = setSuiteInfo( sessionInfoPtr, handshakeInfo,
717 handshakeInfo->eccSuiteInfoPtr );
726 if(
isEccAlgo( handshakeInfo->keyexAlgo ) && \
738 handshakeInfo->integrityAlgoParam ==
bitsToBytes( 384 ) )
742 handshakeInfo->sha2context = handshakeInfo->sha384context;