Lines Matching refs:conn
23 static int tls_process_client_key_exchange(struct tlsv1_server *conn, u8 ct,
25 static int tls_process_change_cipher_spec(struct tlsv1_server *conn,
30 static int testing_cipher_suite_filter(struct tlsv1_server *conn, u16 suite) in testing_cipher_suite_filter() argument
33 if ((conn->test_flags & in testing_cipher_suite_filter()
49 static void tls_process_status_request_item(struct tlsv1_server *conn, in tls_process_status_request_item() argument
86 conn->status_request_multi = 1; in tls_process_status_request_item()
90 static void tls_process_status_request_v2(struct tlsv1_server *conn, in tls_process_status_request_v2() argument
95 conn->status_request_v2 = 1; in tls_process_status_request_v2()
115 tls_process_status_request_item(conn, pos, len); in tls_process_status_request_v2()
121 static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct, in tls_process_client_hello() argument
132 tlsv1_server_log(conn, "Expected Handshake; received content type 0x%x", in tls_process_client_hello()
134 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_hello()
143 tlsv1_server_log(conn, in tls_process_client_hello()
150 tlsv1_server_log(conn, "Received unexpected handshake message %d (expected ClientHello)", in tls_process_client_hello()
152 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_hello()
156 tlsv1_server_log(conn, "Received ClientHello"); in tls_process_client_hello()
164 tlsv1_server_log(conn, in tls_process_client_hello()
177 tlsv1_server_log(conn, "Truncated ClientHello/client_version"); in tls_process_client_hello()
180 conn->client_version = WPA_GET_BE16(pos); in tls_process_client_hello()
181 tlsv1_server_log(conn, "Client version %d.%d", in tls_process_client_hello()
182 conn->client_version >> 8, in tls_process_client_hello()
183 conn->client_version & 0xff); in tls_process_client_hello()
184 if (conn->client_version < TLS_VERSION_1) { in tls_process_client_hello()
185 tlsv1_server_log(conn, "Unexpected protocol version in ClientHello %u.%u", in tls_process_client_hello()
186 conn->client_version >> 8, in tls_process_client_hello()
187 conn->client_version & 0xff); in tls_process_client_hello()
188 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_hello()
195 conn->rl.tls_version = TLS_VERSION_1; in tls_process_client_hello()
197 else if (conn->client_version >= TLS_VERSION_1_2) in tls_process_client_hello()
198 conn->rl.tls_version = TLS_VERSION_1_2; in tls_process_client_hello()
200 else if (conn->client_version > TLS_VERSION_1_1) in tls_process_client_hello()
201 conn->rl.tls_version = TLS_VERSION_1_1; in tls_process_client_hello()
203 conn->rl.tls_version = conn->client_version; in tls_process_client_hello()
204 tlsv1_server_log(conn, "Using TLS v%s", in tls_process_client_hello()
205 tls_version_str(conn->rl.tls_version)); in tls_process_client_hello()
209 tlsv1_server_log(conn, "Truncated ClientHello/client_random"); in tls_process_client_hello()
213 os_memcpy(conn->client_random, pos, TLS_RANDOM_LEN); in tls_process_client_hello()
216 conn->client_random, TLS_RANDOM_LEN); in tls_process_client_hello()
220 tlsv1_server_log(conn, "Truncated ClientHello/session_id len"); in tls_process_client_hello()
224 tlsv1_server_log(conn, "Truncated ClientHello/session_id"); in tls_process_client_hello()
233 tlsv1_server_log(conn, in tls_process_client_hello()
240 tlsv1_server_log(conn, "Truncated ClientHello/cipher_suites"); in tls_process_client_hello()
246 tlsv1_server_log(conn, "Odd len ClientHello/cipher_suites"); in tls_process_client_hello()
252 for (i = 0; !cipher_suite && i < conn->num_cipher_suites; i++) { in tls_process_client_hello()
253 if (testing_cipher_suite_filter(conn, conn->cipher_suites[i])) in tls_process_client_hello()
259 if (!cipher_suite && tmp == conn->cipher_suites[i]) { in tls_process_client_hello()
267 tlsv1_server_log(conn, "No supported cipher suite available"); in tls_process_client_hello()
268 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_hello()
273 if (tlsv1_record_set_cipher_suite(&conn->rl, cipher_suite) < 0) { in tls_process_client_hello()
276 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_hello()
281 conn->cipher_suite = cipher_suite; in tls_process_client_hello()
285 tlsv1_server_log(conn, in tls_process_client_hello()
291 tlsv1_server_log(conn, in tls_process_client_hello()
303 tlsv1_server_log(conn, "Client does not accept NULL compression"); in tls_process_client_hello()
304 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_hello()
310 tlsv1_server_log(conn, "Unexpected extra octet in the end of ClientHello: 0x%02x", in tls_process_client_hello()
320 tlsv1_server_log(conn, "%u bytes of ClientHello extensions", in tls_process_client_hello()
323 tlsv1_server_log(conn, "Invalid ClientHello extension list length %u (expected %u)", in tls_process_client_hello()
337 tlsv1_server_log(conn, "Invalid extension_type field"); in tls_process_client_hello()
345 tlsv1_server_log(conn, "Invalid extension_data length field"); in tls_process_client_hello()
353 tlsv1_server_log(conn, "Invalid extension_data field"); in tls_process_client_hello()
357 tlsv1_server_log(conn, "ClientHello Extension type %u", in tls_process_client_hello()
363 os_free(conn->session_ticket); in tls_process_client_hello()
364 conn->session_ticket = os_malloc(ext_len); in tls_process_client_hello()
365 if (conn->session_ticket) { in tls_process_client_hello()
366 os_memcpy(conn->session_ticket, pos, in tls_process_client_hello()
368 conn->session_ticket_len = ext_len; in tls_process_client_hello()
371 conn->status_request = 1; in tls_process_client_hello()
373 tls_process_status_request_v2(conn, pos, in tls_process_client_hello()
383 tlsv1_server_log(conn, "ClientHello OK - proceed to ServerHello"); in tls_process_client_hello()
384 conn->state = SERVER_HELLO; in tls_process_client_hello()
389 tlsv1_server_log(conn, "Failed to decode ClientHello"); in tls_process_client_hello()
390 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_hello()
396 static int tls_process_certificate(struct tlsv1_server *conn, u8 ct, in tls_process_certificate() argument
406 tlsv1_server_log(conn, "Expected Handshake; received content type 0x%x", in tls_process_certificate()
408 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate()
417 tlsv1_server_log(conn, "Too short Certificate message (len=%lu)", in tls_process_certificate()
419 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate()
430 tlsv1_server_log(conn, "Unexpected Certificate message length (len=%lu != left=%lu)", in tls_process_certificate()
432 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate()
438 if (conn->verify_peer) { in tls_process_certificate()
439 tlsv1_server_log(conn, "Client did not include Certificate"); in tls_process_certificate()
440 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate()
445 return tls_process_client_key_exchange(conn, ct, in_data, in tls_process_certificate()
449 …tlsv1_server_log(conn, "Received unexpected handshake message %d (expected Certificate/ClientKeyEx… in tls_process_certificate()
451 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate()
456 tlsv1_server_log(conn, "Received Certificate (certificate_list len %lu)", in tls_process_certificate()
470 tlsv1_server_log(conn, "Too short Certificate (left=%lu)", in tls_process_certificate()
472 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate()
481 tlsv1_server_log(conn, "Unexpected certificate_list length (len=%lu left=%lu)", in tls_process_certificate()
484 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate()
492 tlsv1_server_log(conn, "Failed to parse certificate_list"); in tls_process_certificate()
493 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate()
503 tlsv1_server_log(conn, "Unexpected certificate length (len=%lu left=%lu)", in tls_process_certificate()
506 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate()
512 tlsv1_server_log(conn, "Certificate %lu (len %lu)", in tls_process_certificate()
516 crypto_public_key_free(conn->client_rsa_key); in tls_process_certificate()
518 &conn->client_rsa_key)) { in tls_process_certificate()
519 tlsv1_server_log(conn, "Failed to parse the certificate"); in tls_process_certificate()
520 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate()
529 tlsv1_server_log(conn, "Failed to parse the certificate"); in tls_process_certificate()
530 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate()
546 if (x509_certificate_chain_validate(conn->cred->trusted_certs, chain, in tls_process_certificate()
549 tlsv1_server_log(conn, "Server certificate chain validation failed (reason=%d)", in tls_process_certificate()
574 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, tls_reason); in tls_process_certificate()
582 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate()
592 conn->state = CLIENT_KEY_EXCHANGE; in tls_process_certificate()
599 struct tlsv1_server *conn, const u8 *pos, const u8 *end) in tls_process_client_key_exchange_rsa() argument
608 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange_rsa()
616 tlsv1_server_log(conn, "Invalid ClientKeyExchange format: encr_len=%u left=%u", in tls_process_client_key_exchange_rsa()
618 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange_rsa()
627 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange_rsa()
650 if (crypto_private_key_decrypt_pkcs1_v15(conn->cred->key, in tls_process_client_key_exchange_rsa()
660 tlsv1_server_log(conn, "Unexpected PreMasterSecret length %lu", in tls_process_client_key_exchange_rsa()
665 if (!use_random && WPA_GET_BE16(out) != conn->client_version) { in tls_process_client_key_exchange_rsa()
666 …tlsv1_server_log(conn, "Client version in ClientKeyExchange does not match with version in ClientH… in tls_process_client_key_exchange_rsa()
677 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange_rsa()
684 res = tlsv1_server_derive_keys(conn, out, outlen); in tls_process_client_key_exchange_rsa()
692 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange_rsa()
702 struct tlsv1_server *conn, const u8 *pos, const u8 *end) in tls_process_client_key_exchange_dh() argument
721 tlsv1_server_log(conn, "ClientDiffieHellmanPublic received"); in tls_process_client_key_exchange_dh()
728 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange_dh()
734 tlsv1_server_log(conn, "Invalid client public value length"); in tls_process_client_key_exchange_dh()
735 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange_dh()
744 tlsv1_server_log(conn, "Client public value overflow (length %d)", in tls_process_client_key_exchange_dh()
746 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange_dh()
754 if (conn->cred == NULL || conn->cred->dh_p == NULL || in tls_process_client_key_exchange_dh()
755 conn->dh_secret == NULL) { in tls_process_client_key_exchange_dh()
757 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange_dh()
762 tlsv1_server_get_dh_p(conn, &dh_p, &dh_p_len); in tls_process_client_key_exchange_dh()
769 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange_dh()
775 if (crypto_mod_exp(dh_yc, dh_yc_len, conn->dh_secret, in tls_process_client_key_exchange_dh()
776 conn->dh_secret_len, dh_p, dh_p_len, in tls_process_client_key_exchange_dh()
779 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange_dh()
786 os_memset(conn->dh_secret, 0, conn->dh_secret_len); in tls_process_client_key_exchange_dh()
787 os_free(conn->dh_secret); in tls_process_client_key_exchange_dh()
788 conn->dh_secret = NULL; in tls_process_client_key_exchange_dh()
790 res = tlsv1_server_derive_keys(conn, shared, shared_len); in tls_process_client_key_exchange_dh()
798 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange_dh()
807 static int tls_process_client_key_exchange(struct tlsv1_server *conn, u8 ct, in tls_process_client_key_exchange() argument
817 tlsv1_server_log(conn, "Expected Handshake; received content type 0x%x", in tls_process_client_key_exchange()
819 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange()
828 tlsv1_server_log(conn, "Too short ClientKeyExchange (Left=%lu)", in tls_process_client_key_exchange()
830 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange()
841 tlsv1_server_log(conn, "Mismatch in ClientKeyExchange length (len=%lu != left=%lu)", in tls_process_client_key_exchange()
843 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange()
851 tlsv1_server_log(conn, "Received unexpected handshake message %d (expected ClientKeyExchange)", in tls_process_client_key_exchange()
853 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_key_exchange()
858 tlsv1_server_log(conn, "Received ClientKeyExchange"); in tls_process_client_key_exchange()
862 suite = tls_get_cipher_suite(conn->rl.cipher_suite); in tls_process_client_key_exchange()
869 tls_process_client_key_exchange_dh(conn, pos, end) < 0) in tls_process_client_key_exchange()
873 tls_process_client_key_exchange_rsa(conn, pos, end) < 0) in tls_process_client_key_exchange()
878 conn->state = CERTIFICATE_VERIFY; in tls_process_client_key_exchange()
884 static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct, in tls_process_certificate_verify() argument
895 if (conn->verify_peer) { in tls_process_certificate_verify()
896 tlsv1_server_log(conn, "Client did not include CertificateVerify"); in tls_process_certificate_verify()
897 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate_verify()
902 return tls_process_change_cipher_spec(conn, ct, in_data, in tls_process_certificate_verify()
907 tlsv1_server_log(conn, "Expected Handshake; received content type 0x%x", in tls_process_certificate_verify()
909 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate_verify()
918 tlsv1_server_log(conn, "Too short CertificateVerify message (len=%lu)", in tls_process_certificate_verify()
920 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate_verify()
931 tlsv1_server_log(conn, "Unexpected CertificateVerify message length (len=%lu != left=%lu)", in tls_process_certificate_verify()
933 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate_verify()
941 tlsv1_server_log(conn, "Received unexpected handshake message %d (expected CertificateVerify)", in tls_process_certificate_verify()
943 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate_verify()
948 tlsv1_server_log(conn, "Received CertificateVerify"); in tls_process_certificate_verify()
959 if (conn->rl.tls_version == TLS_VERSION_1_2) { in tls_process_certificate_verify()
971 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate_verify()
980 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate_verify()
987 if (conn->verify.sha256_cert == NULL || in tls_process_certificate_verify()
988 crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) < in tls_process_certificate_verify()
990 conn->verify.sha256_cert = NULL; in tls_process_certificate_verify()
991 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate_verify()
995 conn->verify.sha256_cert = NULL; in tls_process_certificate_verify()
1000 if (conn->verify.md5_cert == NULL || in tls_process_certificate_verify()
1001 crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) { in tls_process_certificate_verify()
1002 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate_verify()
1004 conn->verify.md5_cert = NULL; in tls_process_certificate_verify()
1005 crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL); in tls_process_certificate_verify()
1006 conn->verify.sha1_cert = NULL; in tls_process_certificate_verify()
1011 conn->verify.md5_cert = NULL; in tls_process_certificate_verify()
1013 if (conn->verify.sha1_cert == NULL || in tls_process_certificate_verify()
1014 crypto_hash_finish(conn->verify.sha1_cert, hpos, &hlen) < 0) { in tls_process_certificate_verify()
1015 conn->verify.sha1_cert = NULL; in tls_process_certificate_verify()
1016 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_certificate_verify()
1020 conn->verify.sha1_cert = NULL; in tls_process_certificate_verify()
1030 if (tls_verify_signature(conn->rl.tls_version, conn->client_rsa_key, in tls_process_certificate_verify()
1032 tlsv1_server_log(conn, "Invalid Signature in CertificateVerify"); in tls_process_certificate_verify()
1033 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, alert); in tls_process_certificate_verify()
1039 conn->state = CHANGE_CIPHER_SPEC; in tls_process_certificate_verify()
1045 static int tls_process_change_cipher_spec(struct tlsv1_server *conn, in tls_process_change_cipher_spec() argument
1053 tlsv1_server_log(conn, "Expected ChangeCipherSpec; received content type 0x%x", in tls_process_change_cipher_spec()
1055 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_change_cipher_spec()
1064 tlsv1_server_log(conn, "Too short ChangeCipherSpec"); in tls_process_change_cipher_spec()
1065 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_change_cipher_spec()
1071 tlsv1_server_log(conn, "Expected ChangeCipherSpec; received data 0x%x", in tls_process_change_cipher_spec()
1073 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_change_cipher_spec()
1078 tlsv1_server_log(conn, "Received ChangeCipherSpec"); in tls_process_change_cipher_spec()
1079 if (tlsv1_record_change_read_cipher(&conn->rl) < 0) { in tls_process_change_cipher_spec()
1082 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_change_cipher_spec()
1089 conn->state = CLIENT_FINISHED; in tls_process_change_cipher_spec()
1095 static int tls_process_client_finished(struct tlsv1_server *conn, u8 ct, in tls_process_client_finished() argument
1104 if ((conn->test_flags & in tls_process_client_finished()
1106 !conn->test_failure_reported) { in tls_process_client_finished()
1107 tlsv1_server_log(conn, "TEST-FAILURE: Client Finished received after invalid ServerKeyExchange"); in tls_process_client_finished()
1108 conn->test_failure_reported = 1; in tls_process_client_finished()
1111 if ((conn->test_flags & TLS_DHE_PRIME_15) && in tls_process_client_finished()
1112 !conn->test_failure_reported) { in tls_process_client_finished()
1113 tlsv1_server_log(conn, "TEST-FAILURE: Client Finished received after bogus DHE \"prime\" 15"); in tls_process_client_finished()
1114 conn->test_failure_reported = 1; in tls_process_client_finished()
1117 if ((conn->test_flags & TLS_DHE_PRIME_58B) && in tls_process_client_finished()
1118 !conn->test_failure_reported) { in tls_process_client_finished()
1119 …tlsv1_server_log(conn, "TEST-FAILURE: Client Finished received after short 58-bit DHE prime in lon… in tls_process_client_finished()
1120 conn->test_failure_reported = 1; in tls_process_client_finished()
1123 if ((conn->test_flags & TLS_DHE_PRIME_511B) && in tls_process_client_finished()
1124 !conn->test_failure_reported) { in tls_process_client_finished()
1125 …tlsv1_server_log(conn, "TEST-WARNING: Client Finished received after short 511-bit DHE prime (inse… in tls_process_client_finished()
1126 conn->test_failure_reported = 1; in tls_process_client_finished()
1129 if ((conn->test_flags & TLS_DHE_PRIME_767B) && in tls_process_client_finished()
1130 !conn->test_failure_reported) { in tls_process_client_finished()
1131 …tlsv1_server_log(conn, "TEST-NOTE: Client Finished received after 767-bit DHE prime (relatively in… in tls_process_client_finished()
1132 conn->test_failure_reported = 1; in tls_process_client_finished()
1135 if ((conn->test_flags & TLS_DHE_NON_PRIME) && in tls_process_client_finished()
1136 !conn->test_failure_reported) { in tls_process_client_finished()
1137 …tlsv1_server_log(conn, "TEST-NOTE: Client Finished received after non-prime claimed as DHE prime"); in tls_process_client_finished()
1138 conn->test_failure_reported = 1; in tls_process_client_finished()
1143 tlsv1_server_log(conn, "Expected Finished; received content type 0x%x", in tls_process_client_finished()
1145 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_finished()
1154 tlsv1_server_log(conn, "Too short record (left=%lu) forFinished", in tls_process_client_finished()
1156 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_finished()
1164 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_finished()
1175 tlsv1_server_log(conn, "Too short buffer for Finished (len=%lu > left=%lu)", in tls_process_client_finished()
1177 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_finished()
1183 tlsv1_server_log(conn, "Unexpected verify_data length in Finished: %lu (expected %d)", in tls_process_client_finished()
1185 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_finished()
1193 if (conn->rl.tls_version >= TLS_VERSION_1_2) { in tls_process_client_finished()
1195 if (conn->verify.sha256_client == NULL || in tls_process_client_finished()
1196 crypto_hash_finish(conn->verify.sha256_client, hash, &hlen) in tls_process_client_finished()
1198 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_finished()
1200 conn->verify.sha256_client = NULL; in tls_process_client_finished()
1203 conn->verify.sha256_client = NULL; in tls_process_client_finished()
1208 if (conn->verify.md5_client == NULL || in tls_process_client_finished()
1209 crypto_hash_finish(conn->verify.md5_client, hash, &hlen) < 0) { in tls_process_client_finished()
1210 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_finished()
1212 conn->verify.md5_client = NULL; in tls_process_client_finished()
1213 crypto_hash_finish(conn->verify.sha1_client, NULL, NULL); in tls_process_client_finished()
1214 conn->verify.sha1_client = NULL; in tls_process_client_finished()
1217 conn->verify.md5_client = NULL; in tls_process_client_finished()
1219 if (conn->verify.sha1_client == NULL || in tls_process_client_finished()
1220 crypto_hash_finish(conn->verify.sha1_client, hash + MD5_MAC_LEN, in tls_process_client_finished()
1222 conn->verify.sha1_client = NULL; in tls_process_client_finished()
1223 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_finished()
1227 conn->verify.sha1_client = NULL; in tls_process_client_finished()
1234 if (tls_prf(conn->rl.tls_version, in tls_process_client_finished()
1235 conn->master_secret, TLS_MASTER_SECRET_LEN, in tls_process_client_finished()
1239 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tls_process_client_finished()
1247 tlsv1_server_log(conn, "Mismatch in verify_data"); in tls_process_client_finished()
1248 conn->state = FAILED; in tls_process_client_finished()
1252 tlsv1_server_log(conn, "Received Finished"); in tls_process_client_finished()
1256 if (conn->use_session_ticket) { in tls_process_client_finished()
1258 tlsv1_server_log(conn, "Abbreviated handshake completed successfully"); in tls_process_client_finished()
1259 conn->state = ESTABLISHED; in tls_process_client_finished()
1262 conn->state = SERVER_CHANGE_CIPHER_SPEC; in tls_process_client_finished()
1269 int tlsv1_server_process_handshake(struct tlsv1_server *conn, u8 ct, in tlsv1_server_process_handshake() argument
1274 tlsv1_server_log(conn, "Alert underflow"); in tlsv1_server_process_handshake()
1275 tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, in tlsv1_server_process_handshake()
1279 tlsv1_server_log(conn, "Received alert %d:%d", buf[0], buf[1]); in tlsv1_server_process_handshake()
1281 conn->state = FAILED; in tlsv1_server_process_handshake()
1285 switch (conn->state) { in tlsv1_server_process_handshake()
1287 if (tls_process_client_hello(conn, ct, buf, len)) in tlsv1_server_process_handshake()
1291 if (tls_process_certificate(conn, ct, buf, len)) in tlsv1_server_process_handshake()
1295 if (tls_process_client_key_exchange(conn, ct, buf, len)) in tlsv1_server_process_handshake()
1299 if (tls_process_certificate_verify(conn, ct, buf, len)) in tlsv1_server_process_handshake()
1303 if (tls_process_change_cipher_spec(conn, ct, buf, len)) in tlsv1_server_process_handshake()
1307 if (tls_process_client_finished(conn, ct, buf, len)) in tlsv1_server_process_handshake()
1311 tlsv1_server_log(conn, "Unexpected state %d while processing received message", in tlsv1_server_process_handshake()
1312 conn->state); in tlsv1_server_process_handshake()
1317 tls_verify_hash_add(&conn->verify, buf, *len); in tlsv1_server_process_handshake()