Lines Matching refs:ctx
59 SSLEncodeHandshakeHeader(SSLContext *ctx, SSLRecord *rec, SSLHandshakeType type, size_t msglen)
68 charPtr = SSLEncodeInt(charPtr, ctx->hdskMessageSeq, 2);
78 static OSStatus SSLProcessHandshakeMessage(SSLHandshakeMsg message, SSLContext *ctx);
81 SSLUpdateHandshakeMacs(const SSLBuffer *messageData, SSLContext *ctx)
91 if(ctx->negProtocolVersion == SSL_Version_Undetermined)
94 assert(ctx->protocolSide==kSSLClientSide);
96 if(ctx->isDTLS
97 ? ctx->maxProtocolVersion < DTLS_Version_1_0
98 : ctx->maxProtocolVersion >= TLS_Version_1_2)
105 if(sslVersionIsLikeTls12(ctx)) {
113 (err = SSLHashMD5.update(&ctx->md5State, messageData)) != 0)
116 (err = SSLHashSHA1.update(&ctx->shaState, messageData)) != 0)
119 (err = SSLHashSHA256.update(&ctx->sha256State, messageData)) != 0)
122 (err = SSLHashSHA384.update(&ctx->sha512State, messageData)) != 0)
126 ctx->protocolSide == kSSLClientSide ? "client" : "server",
127 ctx->negProtocolVersion,
128 ctx->maxProtocolVersion,
129 ctx->selectedCipher,
139 SSLProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx)
147 if (ctx->fragmentedMessageCache.data != 0)
149 size_t origLen = ctx->fragmentedMessageCache.length;
150 if ((err = SSLReallocBuffer(&ctx->fragmentedMessageCache,
151 ctx->fragmentedMessageCache.length + rec.contents.length)) != 0)
152 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
155 memcpy(ctx->fragmentedMessageCache.data + origLen,
157 remaining = ctx->fragmentedMessageCache.length;
158 p = ctx->fragmentedMessageCache.data;
190 if ((err = SSLProcessHandshakeMessage(message, ctx)) != 0)
195 { if ((err = SSLUpdateHandshakeMacs(&messageData, ctx)) != 0)
196 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
201 if ((err = SSLAdvanceHandshake(message.type, ctx)) != 0)
207 if (ctx->fragmentedMessageCache.data == 0)
208 { if ((err = SSLAllocBuffer(&ctx->fragmentedMessageCache, remaining)))
209 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
213 if (startingP != ctx->fragmentedMessageCache.data)
214 { memcpy(ctx->fragmentedMessageCache.data, startingP, remaining);
215 ctx->fragmentedMessageCache.length = remaining;
218 else if (ctx->fragmentedMessageCache.data != 0)
219 { if ((err = SSLFreeBuffer(&ctx->fragmentedMessageCache)))
220 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
229 DTLSProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx)
237 assert(ctx->isDTLS);
270 msgtype, (int)msglen, (int)msgseq, (int)ctx->hdskMessageSeqNext, (int)fragofs, (int)fraglen, (int)remaining);
275 || (msgseq!=ctx->hdskMessageSeqNext)
276 || (fragofs!=ctx->hdskMessageCurrentOfs)
277 || (fragofs && (msgtype!=ctx->hdskMessageCurrent.type))
278 || (fragofs && (msglen != ctx->hdskMessageCurrent.contents.length))
292 assert(ctx->hdskMessageCurrent.contents.data==NULL);
293 assert(ctx->hdskMessageCurrent.contents.length==0);
294 if((err=SSLAllocBuffer(&(ctx->hdskMessageCurrent.contents), msglen))) {
295 SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
298 ctx->hdskMessageCurrent.type = msgtype;
302 memcpy(ctx->hdskMessageCurrent.contents.data + ctx->hdskMessageCurrentOfs, p, fraglen);
303 ctx->hdskMessageCurrentOfs+=fraglen;
308 if(ctx->hdskMessageCurrentOfs == ctx->hdskMessageCurrent.contents.length) {
309 err = SSLProcessHandshakeMessage(ctx->hdskMessageCurrent, ctx);
327 if ((err = SSLHashSHA1.update(&ctx->shaState, &header)) != 0 ||
328 (err = SSLHashMD5.update(&ctx->md5State, &header)) != 0)
330 SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
334 SSLBuffer *messageData=&ctx->hdskMessageCurrent.contents;
335 if ((err = SSLHashSHA1.update(&ctx->shaState, messageData)) != 0 ||
336 (err = SSLHashMD5.update(&ctx->md5State, messageData)) != 0)
338 SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
347 if ((err = SSLAdvanceHandshake(msgtype, ctx)) != 0)
354 SSLFreeBuffer(&(ctx->hdskMessageCurrent.contents));
355 ctx->hdskMessageCurrentOfs=0;
358 ctx->hdskMessageSeqNext++;
371 SSLFreeBuffer(&(ctx->hdskMessageCurrent.contents));
372 ctx->hdskMessageCurrentOfs=0;
378 DTLSRetransmit(SSLContext *ctx)
381 hdskStateToStr(ctx->state), ctx->hdskMessageSeq, ctx->hdskMessageSeqNext, ctx->timeout_duration);
384 if(ctx->hdskMessageRetryCount>10)
388 if(ctx->messageQueueContainsChangeCipherSpec) {
390 err = ctx->recFuncs->rollbackWriteCipher(ctx->recCtx);
396 ctx->hdskMessageRetryCount++;
397 ctx->timeout_deadline = CFAbsoluteTimeGetCurrent()+((1<<ctx->hdskMessageRetryCount)*ctx->timeout_duration);
400 return SSLSendFlight(ctx);
404 SSLProcessHandshakeMessage(SSLHandshakeMsg message, SSLContext *ctx)
411 if (ctx->protocolSide != kSSLClientSide)
417 if (ctx->state != SSL_HdskStateServerUninit)
419 err = SSLProcessClientHello(message.contents, ctx);
422 if (ctx->state != SSL_HdskStateServerHello)
424 err = SSLProcessServerHello(message.contents, ctx);
428 if (ctx->protocolSide != kSSLClientSide)
430 if(ctx->state != SSL_HdskStateServerHello)
433 err = SSLProcessServerHelloVerifyRequest(message.contents, ctx);
437 if (ctx->state != SSL_HdskStateCert &&
438 ctx->state != SSL_HdskStateClientCert)
440 err = SSLProcessCertificate(message.contents, ctx);
447 if (((ctx->state != SSL_HdskStateHelloDone) &&
448 (ctx->state != SSL_HdskStateKeyExchange))
449 || ctx->certRequested)
451 err = SSLProcessCertificateRequest(message.contents, ctx);
452 if (ctx->breakOnCertRequest)
453 ctx->signalCertRequest = true;
461 switch(ctx->state) {
468 err = SSLProcessServerKeyExchange(message.contents, ctx);
471 if (ctx->state != SSL_HdskStateHelloDone)
473 err = SSLProcessServerHelloDone(message.contents, ctx);
476 if (ctx->state != SSL_HdskStateClientCertVerify)
478 err = SSLProcessCertificateVerify(message.contents, ctx);
479 assert(ctx->protocolSide == kSSLServerSide);
481 ctx->clientCertState = kSSLClientCertRejected;
485 if (ctx->state != SSL_HdskStateClientKeyExchange)
487 err = SSLProcessKeyExchange(message.contents, ctx);
490 if (ctx->state != SSL_HdskStateFinished)
492 err = SSLProcessFinished(message.contents, ctx);
499 if (err && !ctx->sentFatalAlert)
501 SSLFatalSessionAlert(SSL_AlertIllegalParam, ctx);
503 SSLFatalSessionAlert(SSL_AlertHandshakeFail, ctx);
507 SSLFatalSessionAlert(SSL_AlertCloseNotify, ctx);
512 SSLFatalSessionAlert(SSL_AlertUnexpectedMsg, ctx);
522 SSLContext *ctx)
525 if ((err = SSLPrepareAndQueueMessage(SSLEncodeServerHello, ctx)) != 0)
527 if ((err = SSLInitPendingCiphers(ctx)) != 0)
528 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
532 ctx)) != 0)
536 ctx)) != 0)
539 SSLChangeHdskState(ctx, SSL_HdskStateChangeCipherSpec);
546 SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx)
550 SSLResetFlight(ctx);
563 ctx->certRequested = 0;
564 ctx->certSent = 0;
565 ctx->certReceived = 0;
566 ctx->x509Requested = 0;
567 ctx->clientCertState = kSSLClientCertNone;
568 ctx->readCipher_ready = 0;
569 ctx->writeCipher_ready = 0;
570 if ((err = SSLPrepareAndQueueMessage(SSLEncodeClientHello, ctx)) != 0)
572 SSLChangeHdskState(ctx, SSL_HdskStateServerHello);
575 assert(ctx->protocolSide == kSSLServerSide);
576 ctx->sessionMatch = 0;
578 if((ctx->negProtocolVersion==DTLS_Version_1_0) && (ctx->cookieVerified==false))
580 if((err=SSLPrepareAndQueueMessage(SSLEncodeServerHelloVerifyRequest, ctx)) !=0 )
586 if((ctx->sessionTicket.data != NULL) &&
587 (ctx->masterSecretCallback != NULL)) {
596 if ((err = SSLEncodeRandom(ctx->serverRandom, ctx)) != 0)
598 ctx->serverRandomValid = 1;
600 ctx->masterSecretCallback(ctx, ctx->masterSecretArg,
601 ctx->masterSecret, &secretLen);
602 ctx->sessionMatch = 1;
604 if ((err = FindCipherSpec(ctx)) != 0) {
608 if((err = SSLResumeServerSide(ctx)) != 0)
613 if (ctx->sessionID.data != 0)
615 { if (ctx->resumableSession.data != 0)
618 if ((err = SSLRetrieveSessionID(ctx->resumableSession,
619 &sessionIdentifier, ctx)) != 0)
621 if ((err = SSLRetrieveSessionProtocolVersion(ctx->resumableSession,
622 &sessionProt, ctx)) != 0)
623 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
626 if ((sessionIdentifier.length == ctx->sessionID.length) &&
627 (memcmp(sessionIdentifier.data, ctx->sessionID.data,
628 ctx->sessionID.length) == 0) &&
629 (sessionProt == ctx->negProtocolVersion))
632 if ((err = SSLInstallSessionFromData(ctx->resumableSession,
633 ctx)) != 0)
634 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
637 ctx->sessionMatch = 1;
641 if((err = SSLResumeServerSide(ctx)) != 0)
650 (err = SSLDeleteSessionData(ctx)) != 0)
651 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
655 if ((err = SSLFreeBuffer(&ctx->sessionID)) != 0)
656 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
665 if (ctx->peerID.data != 0)
667 assert(ctx->sessionID.data == 0);
668 err = SSLAllocBuffer(&ctx->sessionID, SSL_SESSION_ID_LEN);
671 if((err = sslRand(&ctx->sessionID)) != 0)
672 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
678 if ((err = SSLPrepareAndQueueMessage(SSLEncodeServerHello, ctx)) != 0)
680 switch (ctx->selectedCipherSpecParams.keyExchangeMethod)
685 if(ctx->clientAuth == kAlwaysAuthenticate) {
687 SSLFatalSessionAlert(SSL_AlertHandshakeFail, ctx);
690 ctx->tryClientAuth = false;
707 if(ctx->localCert == NULL) {
714 ctx)) != 0)
731 switch(ctx->selectedCipherSpecParams.keyExchangeMethod) {
733 if(ctx->encryptPrivKeyRef != NULL) {
746 err = SSLPrepareAndQueueMessage(SSLEncodeServerKeyExchange, ctx);
752 if (ctx->tryClientAuth)
754 ctx)) != 0)
756 ctx->certRequested = 1;
757 ctx->clientCertState = kSSLClientCertRequested;
759 if ((err = SSLPrepareAndQueueMessage(SSLEncodeServerHelloDone, ctx)) != 0)
761 if (ctx->certRequested) {
762 SSLChangeHdskState(ctx, SSL_HdskStateClientCert);
765 SSLChangeHdskState(ctx, SSL_HdskStateClientKeyExchange);
769 ctx->sessionMatch = 0;
770 if (ctx->resumableSession.data != 0 && ctx->sessionID.data != 0)
773 if ((err = SSLRetrieveSessionID(ctx->resumableSession,
774 &sessionIdentifier, ctx)) != 0)
775 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
778 if ((err = SSLRetrieveSessionProtocolVersion(ctx->resumableSession,
779 &sessionProt, ctx)) != 0)
780 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
783 if ((sessionIdentifier.length == ctx->sessionID.length) &&
784 (memcmp(sessionIdentifier.data, ctx->sessionID.data,
785 ctx->sessionID.length) == 0) &&
786 (sessionProt == ctx->negProtocolVersion))
789 if ((err = SSLInstallSessionFromData(ctx->resumableSession,
790 ctx)) != 0 ||
791 (err = SSLInitPendingCiphers(ctx)) != 0 ||
793 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
796 ctx->sessionMatch = 1;
797 SSLChangeHdskState(ctx, SSL_HdskStateChangeCipherSpec);
805 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
809 switch (ctx->selectedCipherSpecParams.keyExchangeMethod)
814 SSLChangeHdskState(ctx, SSL_HdskStateKeyExchange);
827 SSLChangeHdskState(ctx, SSL_HdskStateCert);
830 SSLChangeHdskState(ctx, SSL_HdskStateHelloDone);
838 if (ctx->state == SSL_HdskStateCert)
839 switch (ctx->selectedCipherSpecParams.keyExchangeMethod)
852 SSLChangeHdskState(ctx, SSL_HdskStateHelloDone);
859 SSLChangeHdskState(ctx, SSL_HdskStateKeyExchange);
865 else if (ctx->state == SSL_HdskStateClientCert)
866 { SSLChangeHdskState(ctx, SSL_HdskStateClientKeyExchange);
867 if (ctx->peerCert != 0)
868 ctx->certReceived = 1;
873 * ctx->certRequested */
874 if (ctx->peerCert == 0)
875 { SSLFatalSessionAlert(SSL_AlertHandshakeFail, ctx);
878 assert(ctx->protocolSide == kSSLClientSide);
879 ctx->certRequested = 1;
880 ctx->clientCertState = kSSLClientCertRequested;
883 SSLChangeHdskState(ctx, SSL_HdskStateHelloDone);
891 if (ctx->state != SSL_HdskStateClientCert) {
892 if (ctx->signalServerAuth) {
893 ctx->signalServerAuth = false;
894 SSLChangeHdskState(ctx, SSL_HdskStateClientCert);
896 } else if (ctx->signalCertRequest) {
897 ctx->signalCertRequest = false;
898 SSLChangeHdskState(ctx, SSL_HdskStateClientCert);
900 } else if (ctx->signalClientAuth) {
901 ctx->signalClientAuth = false;
906 if (ctx->clientCertState == kSSLClientCertRequested) {
911 if (ctx->localCert != 0 && ctx->x509Requested) {
913 ctx)) != 0) {
919 if(ctx->negProtocolVersion >= TLS_Version_1_0) {
922 ctx)) != 0) {
929 ctx)) != 0) {
935 if ((err = SSLPrepareAndQueueMessage(SSLEncodeKeyExchange, ctx)) != 0)
937 assert(ctx->sslTslCalls != NULL);
938 if ((err = ctx->sslTslCalls->generateMasterSecret(ctx)) != 0 ||
939 (err = SSLInitPendingCiphers(ctx)) != 0)
940 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
943 memset(ctx->preMasterSecret.data, 0, ctx->preMasterSecret.length);
944 if ((err = SSLFreeBuffer(&ctx->preMasterSecret))) {
947 if (ctx->certSent) {
949 switch(ctx->negAuthType) {
953 ctx)) != 0) {
962 ctx)) != 0) {
965 if ((err = SSLPrepareAndQueueMessage(SSLEncodeFinishedMessage, ctx)) != 0)
967 SSLChangeHdskState(ctx, SSL_HdskStateChangeCipherSpec);
970 SSLChangeHdskState(ctx, SSL_HdskStateChangeCipherSpec);
973 assert(ctx->sslTslCalls != NULL);
974 if ((err = ctx->sslTslCalls->generateMasterSecret(ctx)) != 0 ||
975 (err = SSLInitPendingCiphers(ctx)) != 0)
976 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
979 memset(ctx->preMasterSecret.data, 0, ctx->preMasterSecret.length);
980 if ((err = SSLFreeBuffer(&ctx->preMasterSecret)))
982 if (ctx->certReceived) {
983 SSLChangeHdskState(ctx, SSL_HdskStateClientCertVerify);
986 SSLChangeHdskState(ctx, SSL_HdskStateChangeCipherSpec);
991 ctx->readCipher_ready = 1;
995 if (ctx->writePending_ready != 0)
997 ctx)) != 0)
1000 ctx)) != 0)
1003 if (ctx->protocolSide == kSSLServerSide) {
1004 SSLChangeHdskState(ctx, SSL_HdskStateServerReady);
1007 SSLChangeHdskState(ctx, SSL_HdskStateClientReady);
1009 if ((ctx->peerID.data != 0) && (ctx->sessionTicket.data == NULL)) {
1011 SSLAddSessionData(ctx);
1020 ctx->hdskMessageRetryCount = 0;
1021 ctx->timeout_deadline = CFAbsoluteTimeGetCurrent() + ctx->timeout_duration;
1022 return SSLSendFlight(ctx);
1026 SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, SSLContext *ctx)
1032 if ((err = msgFunc(&rec, ctx)) != 0)
1033 { SSLFatalSessionAlert(SSL_AlertCloseNotify, ctx);
1039 if ((err = SSLUpdateHandshakeMacs(&rec.contents, ctx)) != 0)
1040 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
1044 ctx->hdskMessageSeq++;
1054 queue=ctx->messageWriteQueue;
1057 ctx->messageWriteQueue = out;
1075 OSStatus SSLSendMessage(SSLRecord rec, SSLContext *ctx)
1080 if ((err = SSLWriteRecord(rec, ctx)) != 0)
1085 ctx->writeCipher_ready = 0;
1086 ctx->wroteAppData = 0;
1088 if ((err = ctx->recFuncs->advanceWriteCipher(ctx->recCtx)) != 0)
1089 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
1095 ctx->writePending_ready = 0;
1098 ctx->writeCipher_ready = 1;
1105 OSStatus DTLSSendMessage(SSLRecord rec, SSLContext *ctx)
1111 if ((err = SSLWriteRecord(rec, ctx)) != 0)
1115 ctx->writeCipher_ready = 0;
1116 ctx->wroteAppData = 0;
1119 if ((err = ctx->recFuncs->advanceWriteCipher(ctx->recCtx)) != 0)
1120 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
1126 ctx->writePending_ready = 0;
1129 ctx->writeCipher_ready = 1;
1147 SSLGetDatagramWriteSize(ctx, &fraglen);
1167 if ((err = SSLWriteRecord(fragrec, ctx)) != 0)
1182 err = SSLWriteRecord(fragrec, ctx);
1194 OSStatus SSLResetFlight(SSLContext *ctx)
1201 queue=ctx->messageWriteQueue;
1202 ctx->messageQueueContainsChangeCipherSpec=false;
1214 ctx->messageWriteQueue=NULL;
1222 OSStatus SSLSendFlight(SSLContext *ctx)
1228 queue=ctx->messageWriteQueue;
1231 if (ctx->isDTLS) {
1232 err=DTLSSendMessage(queue->rec, ctx);
1234 err=SSLSendMessage(queue->rec, ctx);
1249 SSL3ReceiveSSL2ClientHello(SSLRecord rec, SSLContext *ctx)
1252 if ((err = SSLInitMessageHashes(ctx)) != 0)
1255 if ((err = SSLHashSHA1.update(&ctx->shaState, &rec.contents)) != 0 ||
1256 (err = SSLHashMD5.update(&ctx->md5State, &rec.contents)) != 0)
1257 { SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
1261 if ((err = SSLAdvanceHandshake(SSL_HdskClientHello, ctx)) != 0)
1273 SSLContext *ctx,
1277 if (ctx->maxProtocolVersion == SSL_Version_Undetermined)
1280 *version = ctx->maxProtocolVersion;
1335 void SSLChangeHdskState(SSLContext *ctx, SSLHandshakeState newState)
1338 ctx->state = newState;