#include "sslUtils.h"
#include "sslDebug.h"
#include "sslCrypto.h"
-
+#include "sslRand.h"
#include "sslDigests.h"
+#include "sslCipherSpecs.h"
#include "cipherSpecs.h"
+#include <utilities/SecIOFormat.h>
+
+#include <AssertMacros.h>
#include <string.h>
#include <assert.h>
#include <inttypes.h>
#define PRIstatus "ld"
#endif
+
+uint8_t *
+SSLEncodeHandshakeHeader(SSLContext *ctx, SSLRecord *rec, SSLHandshakeType type, size_t msglen)
+{
+ uint8_t *charPtr;
+
+ charPtr = rec->contents.data;
+ *charPtr++ = type;
+ charPtr = SSLEncodeSize(charPtr, msglen, 3);
+
+ if(rec->protocolVersion == DTLS_Version_1_0) {
+ charPtr = SSLEncodeInt(charPtr, ctx->hdskMessageSeq, 2);
+ /* fragmentation -- we encode header as if unfragmented,
+ actual fragmentation happens at lower layer. */
+ charPtr = SSLEncodeInt(charPtr, 0, 3);
+ charPtr = SSLEncodeSize(charPtr, msglen, 3);
+ }
+
+ return charPtr;
+}
+
static OSStatus SSLProcessHandshakeMessage(SSLHandshakeMsg message, SSLContext *ctx);
static OSStatus
SSLUpdateHandshakeMacs(const SSLBuffer *messageData, SSLContext *ctx)
{
- OSStatus err = errSecParam;
+ OSStatus err = errSSLInternal;
bool do_md5 = false;
bool do_sha1 = false;
bool do_sha256 = false;
(err = SSLHashSHA384.update(&ctx->sha512State, messageData)) != 0)
goto done;
- sslLogNegotiateDebug("%s protocol: %02X max: %02X cipher: %02X%s%s",
+ sslLogNegotiateDebug("%s protocol: %02X max: %02X cipher: %02X%s%s%s%s",
ctx->protocolSide == kSSLClientSide ? "client" : "server",
ctx->negProtocolVersion,
ctx->maxProtocolVersion,
{
size_t origLen = ctx->fragmentedMessageCache.length;
if ((err = SSLReallocBuffer(&ctx->fragmentedMessageCache,
- ctx->fragmentedMessageCache.length + rec.contents.length,
- ctx)) != 0)
+ ctx->fragmentedMessageCache.length + rec.contents.length)) != 0)
{ SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
return err;
}
if (remaining > 0) /* Fragmented handshake message */
{ /* If there isn't a cache, allocate one */
if (ctx->fragmentedMessageCache.data == 0)
- { if ((err = SSLAllocBuffer(&ctx->fragmentedMessageCache, remaining, ctx)) != 0)
+ { if ((err = SSLAllocBuffer(&ctx->fragmentedMessageCache, remaining)))
{ SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
return err;
}
}
}
else if (ctx->fragmentedMessageCache.data != 0)
- { if ((err = SSLFreeBuffer(&ctx->fragmentedMessageCache, ctx)) != 0)
+ { if ((err = SSLFreeBuffer(&ctx->fragmentedMessageCache)))
{ SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
return err;
}
}
- return noErr;
+ return errSecSuccess;
}
OSStatus
/* flush it - record is too small */
sslErrorLog("DTLSProcessHandshakeRecord: remaining too small (%lu out of %lu)\n", remaining, rec.contents.length);
assert(0); // keep this assert until we find a test case that triggers it
+ err = errSSLProtocol;
goto flushit;
}
remaining -= head;
SSLLogHdskMsg(msgtype, 0);
- sslHdskMsgDebug("DTLS Hdsk Record: type=%lu, len=%lu, seq=%lu (%lu), f_ofs=%lu, f_len=%lu, remaining=%lu",
- msgtype, msglen, msgseq, ctx->hdskMessageSeqNext, fragofs, fraglen, remaining);
+ sslHdskMsgDebug("DTLS Hdsk Record: type=%u, len=%u, seq=%u (%u), f_ofs=%u, f_len=%u, remaining=%u",
+ msgtype, (int)msglen, (int)msgseq, (int)ctx->hdskMessageSeqNext, (int)fragofs, (int)fraglen, (int)remaining);
if(
((fraglen+fragofs) > msglen)
// assert(0); // keep this assert until we find a test case that triggers it
// This is a recoverable error, we just drop this fragment.
// TODO: this should probably trigger a retransmit
- err = noErr;
+ err = errSecSuccess;
goto flushit;
}
sslHdskMsgDebug("Allocating hdsk buf for msg type %d", msgtype);
assert(ctx->hdskMessageCurrent.contents.data==NULL);
assert(ctx->hdskMessageCurrent.contents.length==0);
- if((err=SSLAllocBuffer(&(ctx->hdskMessageCurrent.contents), msglen, ctx))!=0) {
+ if((err=SSLAllocBuffer(&(ctx->hdskMessageCurrent.contents), msglen))) {
SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
return err;
}
goto flushit;
}
- sslHdskMsgDebug("Hashing %d bytes of msg seq %ld\n", messageData->length, msgseq);
+ sslHdskMsgDebug("Hashing %d bytes of msg seq %d\n", (int)messageData->length, (int)msgseq);
}
sslHdskMsgDebug("processed message of type %d", msgtype);
if ((err = SSLAdvanceHandshake(msgtype, ctx)) != 0)
{
- sslErrorLog("AdvanceHandshake error: %"PRIstatus"\n", err);
+ sslErrorLog("AdvanceHandshake error: %" PRIdOSStatus "\n", err);
goto flushit;
}
/* Free the buffer for current message, and reset offset */
- SSLFreeBuffer(&(ctx->hdskMessageCurrent.contents), ctx);
+ SSLFreeBuffer(&(ctx->hdskMessageCurrent.contents));
ctx->hdskMessageCurrentOfs=0;
/* If we successfully processed a message, we wait for the next one */
sslHdskMsgDebug("remaining = %ld", remaining);
}
- return noErr;
+ return errSecSuccess;
flushit:
sslErrorLog("DTLSProcessHandshakeRecord: flusing record (err=%"PRIstatus")\n", err);
/* This will flush the current handshake message */
- SSLFreeBuffer(&(ctx->hdskMessageCurrent.contents), ctx);
+ SSLFreeBuffer(&(ctx->hdskMessageCurrent.contents));
ctx->hdskMessageCurrentOfs=0;
return err;
/* go back to previous cipher if retransmitting a flight including changecipherspec */
if(ctx->messageQueueContainsChangeCipherSpec) {
- ctx->writePending = ctx->writeCipher;
- ctx->writeCipher = ctx->prevCipher;
+ OSStatus err;
+ err = ctx->recFuncs->rollbackWriteCipher(ctx->recCtx);
+ if(err)
+ return err;
}
/* set timeout deadline */
SSLProcessHandshakeMessage(SSLHandshakeMsg message, SSLContext *ctx)
{ OSStatus err;
- err = noErr;
+ err = errSecSuccess;
SSLLogHdskMsg(message.type, 0);
switch (message.type)
{ case SSL_HdskHelloRequest:
err = SSLProcessClientHello(message.contents, ctx);
break;
case SSL_HdskServerHello:
- if (ctx->state != SSL_HdskStateServerHello &&
- ctx->state != SSL_HdskStateServerHelloUnknownVersion)
+ if (ctx->state != SSL_HdskStateServerHello)
goto wrongMessage;
err = SSLProcessServerHello(message.contents, ctx);
break;
SSLChangeHdskState(ctx, SSL_HdskStateChangeCipherSpec);
- return noErr;
+ return errSecSuccess;
}
ctx->certReceived = 0;
ctx->x509Requested = 0;
ctx->clientCertState = kSSLClientCertNone;
- ctx->readCipher.ready = 0;
- ctx->writeCipher.ready = 0;
- ctx->wroteAppData = 0;
+ ctx->readCipher_ready = 0;
+ ctx->writeCipher_ready = 0;
if ((err = SSLPrepareAndQueueMessage(SSLEncodeClientHello, ctx)) != 0)
return err;
SSLChangeHdskState(ctx, SSL_HdskStateServerHello);
return err;
}
ctx->sessionMatch = 1;
- SSLFreeBuffer(&sessionIdentifier, ctx);
+ SSLFreeBuffer(&sessionIdentifier);
/* queue up remaining messages to finish handshake */
if((err = SSLResumeServerSide(ctx)) != 0)
sslLogResumSessDebug(
"===FAILED TO RESUME SSL3 server-side session");
}
- if ((err = SSLFreeBuffer(&sessionIdentifier, ctx)) != 0 ||
+ if ((err = SSLFreeBuffer(&sessionIdentifier)) != 0 ||
(err = SSLDeleteSessionData(ctx)) != 0)
{ SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
return err;
}
}
- if ((err = SSLFreeBuffer(&ctx->sessionID, ctx)) != 0)
+ if ((err = SSLFreeBuffer(&ctx->sessionID)) != 0)
{ SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
return err;
}
if (ctx->peerID.data != 0)
{ /* Ignore errors; just treat as uncached session */
assert(ctx->sessionID.data == 0);
- err = SSLAllocBuffer(&ctx->sessionID, SSL_SESSION_ID_LEN, ctx);
+ err = SSLAllocBuffer(&ctx->sessionID, SSL_SESSION_ID_LEN);
if (err == 0)
- {
- if((err = sslRand(ctx, &ctx->sessionID)) != 0)
+ {
+ if((err = sslRand(&ctx->sessionID)) != 0)
{ SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
return err;
}
if ((err = SSLPrepareAndQueueMessage(SSLEncodeServerHello, ctx)) != 0)
return err;
- switch (ctx->selectedCipherSpec.keyExchangeMethod)
+ switch (ctx->selectedCipherSpecParams.keyExchangeMethod)
{ case SSL_NULL_auth:
#if APPLE_DH
case SSL_DH_anon:
- case SSL_DH_anon_EXPORT:
+ case SSL_ECDH_anon:
if(ctx->clientAuth == kAlwaysAuthenticate) {
/* app requires this; abort */
SSLFatalSessionAlert(SSL_AlertHandshakeFail, ctx);
/* DH server side needs work */
break;
#endif /* APPLE_DH */
- default: /* everything else */
+ case TLS_PSK:
+ /* skip the cert */
+ break;
+
+ case SSL_RSA:
+ case SSL_DH_DSS:
+ case SSL_DH_RSA:
+ case SSL_DHE_DSS:
+ case SSL_DHE_RSA:
+ case SSL_ECDH_ECDSA:
+ case SSL_ECDHE_ECDSA:
+ case SSL_ECDH_RSA:
+ case SSL_ECDHE_RSA:
if(ctx->localCert == NULL) {
/* no cert but configured for, and negotiated, a
* ciphersuite which requires one */
ctx)) != 0)
return err;
break;
+
+ default: /* everything else */
+ sslErrorLog("SSLAdvanceHandshake: Unsupported KEM!\n");
+ return errSSLInternal;
}
/*
* At this point we decide whether to send a server key exchange
*/
{
bool doServerKeyExch = false;
- switch(ctx->selectedCipherSpec.keyExchangeMethod) {
- case SSL_RSA_EXPORT:
- #if !SSL_SERVER_KEYEXCH_HACK
- /* the "proper" way - app decides. */
+ switch(ctx->selectedCipherSpecParams.keyExchangeMethod) {
case SSL_RSA:
- #endif
if(ctx->encryptPrivKeyRef != NULL) {
doServerKeyExch = true;
}
break;
case SSL_DH_anon:
- case SSL_DH_anon_EXPORT:
case SSL_DHE_RSA:
- case SSL_DHE_RSA_EXPORT:
case SSL_DHE_DSS:
- case SSL_DHE_DSS_EXPORT:
doServerKeyExch = true;
break;
- default:
+ default: /* In all other cases, we don't send a ServerkeyExchange message */
break;
}
if(doServerKeyExch) {
if ((err = SSLInstallSessionFromData(ctx->resumableSession,
ctx)) != 0 ||
(err = SSLInitPendingCiphers(ctx)) != 0 ||
- (err = SSLFreeBuffer(&sessionIdentifier, ctx)) != 0)
+ (err = SSLFreeBuffer(&sessionIdentifier)) != 0)
{ SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
return err;
}
sslLogResumSessDebug("===FAILED TO RESUME SSL3 client-side "
"session");
}
- if ((err = SSLFreeBuffer(&sessionIdentifier, ctx)) != 0)
+ if ((err = SSLFreeBuffer(&sessionIdentifier)) != 0)
{ SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
return err;
}
}
- switch (ctx->selectedCipherSpec.keyExchangeMethod)
- {
+ switch (ctx->selectedCipherSpecParams.keyExchangeMethod)
+ {
/* these require a key exchange message */
case SSL_NULL_auth:
case SSL_DH_anon:
- case SSL_DH_anon_EXPORT:
SSLChangeHdskState(ctx, SSL_HdskStateKeyExchange);
break;
case SSL_RSA:
case SSL_DH_DSS:
- case SSL_DH_DSS_EXPORT:
case SSL_DH_RSA:
- case SSL_DH_RSA_EXPORT:
case SSL_RSA_EXPORT:
case SSL_DHE_DSS:
- case SSL_DHE_DSS_EXPORT:
case SSL_DHE_RSA:
- case SSL_DHE_RSA_EXPORT:
case SSL_Fortezza:
case SSL_ECDH_ECDSA:
case SSL_ECDHE_ECDSA:
case SSL_ECDHE_RSA:
SSLChangeHdskState(ctx, SSL_HdskStateCert);
break;
+ case TLS_PSK:
+ SSLChangeHdskState(ctx, SSL_HdskStateHelloDone);
+ break;
default:
assert("Unknown key exchange method");
break;
break;
case SSL_HdskCert:
if (ctx->state == SSL_HdskStateCert)
- switch (ctx->selectedCipherSpec.keyExchangeMethod)
+ switch (ctx->selectedCipherSpecParams.keyExchangeMethod)
{ case SSL_RSA:
/*
* I really think the two RSA cases should be
* Note this isn't the same as SSL_SERVER_KEYEXCH_HACK;
* we're a client here.
*/
- case SSL_RSA_EXPORT:
case SSL_DH_DSS:
- case SSL_DH_DSS_EXPORT:
case SSL_DH_RSA:
- case SSL_DH_RSA_EXPORT:
case SSL_ECDH_ECDSA:
case SSL_ECDH_RSA:
SSLChangeHdskState(ctx, SSL_HdskStateHelloDone);
break;
case SSL_DHE_DSS:
- case SSL_DHE_DSS_EXPORT:
case SSL_DHE_RSA:
- case SSL_DHE_RSA_EXPORT:
case SSL_Fortezza:
case SSL_ECDHE_ECDSA:
case SSL_ECDHE_RSA:
return err;
}
memset(ctx->preMasterSecret.data, 0, ctx->preMasterSecret.length);
- if ((err = SSLFreeBuffer(&ctx->preMasterSecret, ctx)) != 0) {
+ if ((err = SSLFreeBuffer(&ctx->preMasterSecret))) {
return err;
}
if (ctx->certSent) {
return err;
}
memset(ctx->preMasterSecret.data, 0, ctx->preMasterSecret.length);
- if ((err = SSLFreeBuffer(&ctx->preMasterSecret, ctx)) != 0)
+ if ((err = SSLFreeBuffer(&ctx->preMasterSecret)))
return err;
if (ctx->certReceived) {
SSLChangeHdskState(ctx, SSL_HdskStateClientCertVerify);
break;
case SSL_HdskFinished:
/* Handshake is over; enable data transfer on read channel */
- ctx->readCipher.ready = 1;
- /* If writePending is set, we haven't yet sent a finished message;
+ ctx->readCipher_ready = 1;
+ /* If writePending is set, we haven't yet sent a finished message;
* send it */
- if (ctx->writePending.ready != 0)
- { if ((err = SSLPrepareAndQueueMessage(SSLEncodeChangeCipherSpec,
+ /* Note: If using session resumption, the client will hit this, otherwise the server will */
+ if (ctx->writePending_ready != 0)
+ { if ((err = SSLPrepareAndQueueMessage(SSLEncodeChangeCipherSpec,
ctx)) != 0)
return err;
if ((err = SSLPrepareAndQueueMessage(SSLEncodeFinishedMessage,
queue->next = out;
}
- return noErr;
+ return errSecSuccess;
fail:
- SSLFreeBuffer(&rec.contents, ctx);
+ SSLFreeBuffer(&rec.contents);
return err;
}
{
OSStatus err;
- assert(ctx->sslTslCalls != NULL);
- if ((err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0)
+ if ((err = SSLWriteRecord(rec, ctx)) != 0)
return err;
if(rec.contentType == SSL_RecordTypeChangeCipher) {
/* Install new cipher spec on write side */
- if ((err = SSLDisposeCipherSuite(&ctx->writeCipher, ctx)) != 0)
+ /* Can't send data until Finished is sent */
+ ctx->writeCipher_ready = 0;
+ ctx->wroteAppData = 0;
+
+ if ((err = ctx->recFuncs->advanceWriteCipher(ctx->recCtx)) != 0)
{ SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
return err;
}
- ctx->prevCipher = ctx->writeCipher;
- ctx->writeCipher = ctx->writePending;
- /* Can't send data until Finished is sent */
- ctx->writeCipher.ready = 0;
- ctx->wroteAppData = 0;
- /* Zero out old data */
- memset(&ctx->writePending, 0, sizeof(CipherContext));
- ctx->writePending.encrypting = 1;
+ /* pending cipher is invalid now - this is currently used to figure out if we need
+ to send out the last flight */
+ ctx->writePending_ready = 0;
/* TODO: that should only happen after Finished message is sent. <rdar://problem/9682471> */
- ctx->writeCipher.ready = 1;
+ ctx->writeCipher_ready = 1;
}
- return noErr;
+ return errSecSuccess;
}
static
OSStatus DTLSSendMessage(SSLRecord rec, SSLContext *ctx)
{
- OSStatus err=noErr;
-
- assert(ctx->sslTslCalls != NULL);
+ OSStatus err=errSecSuccess;
if(rec.contentType != SSL_RecordTypeHandshake) {
- sslHdskMsgDebug("Not fragmenting message type=%d len=%d\n", rec.contentType, rec.contents.length);
- if ((err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0)
+ sslHdskMsgDebug("Not fragmenting message type=%d len=%d\n", (int)rec.contentType, (int)rec.contents.length);
+ if ((err = SSLWriteRecord(rec, ctx)) != 0)
return err;
if(rec.contentType == SSL_RecordTypeChangeCipher) {
+ /* Can't send data until Finished is sent */
+ ctx->writeCipher_ready = 0;
+ ctx->wroteAppData = 0;
+
/* Install new cipher spec on write side */
- if ((err = SSLDisposeCipherSuite(&ctx->writeCipher, ctx)) != 0)
+ if ((err = ctx->recFuncs->advanceWriteCipher(ctx->recCtx)) != 0)
{ SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
return err;
}
- ctx->prevCipher = ctx->writeCipher;
- ctx->writeCipher = ctx->writePending;
- /* Can't send data until Finished is sent */
- ctx->writeCipher.ready = 0;
- ctx->wroteAppData = 0;
- /* Zero out old data */
- memset(&ctx->writePending, 0, sizeof(CipherContext));
- ctx->writePending.encrypting = 1;
+ /* pending cipher is invalid now - this is currently used to figure out if we need
+ to send out the last flight */
+ ctx->writePending_ready = 0;
/* TODO: that should only happen after Finished message is sent. See <rdar://problem/9682471> */
- ctx->writeCipher.ready = 1;
+ ctx->writeCipher_ready = 1;
}
} else {
(void) seq; // Suppress warnings
size_t ofs = 0;
- sslHdskMsgDebug("Fragmenting msg seq %ld (rl=%d, ml=%d)", seq, rec.contents.length,
+ sslHdskMsgDebug("Fragmenting msg seq %d (rl=%d, ml=%d)", (int)seq, (int)rec.contents.length,
SSLDecodeInt(rec.contents.data+1, 3));
fragrec.contentType = rec.contentType;
fragrec.protocolVersion = rec.protocolVersion;
- if((err=SSLAllocBuffer(&fragrec.contents, fraglen + msghead, ctx))!=0)
+ if((err=SSLAllocBuffer(&fragrec.contents, fraglen + msghead)))
return err;
/* copy the constant part of the header */
while(len>fraglen) {
- sslHdskMsgDebug("Fragmenting msg seq %ld (o=%d,l=%d)", seq, ofs, fraglen);
+ sslHdskMsgDebug("Fragmenting msg seq %d (o=%d,l=%d)", (int)seq, (int)ofs, (int)fraglen);
/* fragment offset and fragment length */
SSLEncodeSize(fragrec.contents.data+6, ofs, 3);
SSLEncodeSize(fragrec.contents.data+9, fraglen, 3);
/* copy the payload */
memcpy(fragrec.contents.data+msghead, rec.contents.data+msghead+ofs, fraglen);
- if ((err = ctx->sslTslCalls->writeRecord(fragrec, ctx)) != 0)
+ if ((err = SSLWriteRecord(fragrec, ctx)) != 0)
goto cleanup;
len-=fraglen;
ofs+=fraglen;
}
- sslHdskMsgDebug("Fragmenting msg seq %ld - Last Fragment (o=%d,l=%d)", seq, ofs, len);
+ sslHdskMsgDebug("Fragmenting msg seq %d - Last Fragment (o=%d,l=%d)", (int)seq, (int)ofs, (int)len);
/* last fragment */
/* fragment offset and fragment length */
/* copy the payload */
memcpy(fragrec.contents.data+msghead, rec.contents.data+msghead+ofs, len);
fragrec.contents.length=len+msghead;
- err = ctx->sslTslCalls->writeRecord(fragrec, ctx);
+ err = SSLWriteRecord(fragrec, ctx);
cleanup:
/* Free the allocated fragment buffer */
- SSLFreeBuffer(&fragrec.contents, ctx);
+ SSLFreeBuffer(&fragrec.contents);
}
WaitingMessage *next;
int n=0;
- assert(ctx->sslTslCalls != NULL);
-
queue=ctx->messageWriteQueue;
ctx->messageQueueContainsChangeCipherSpec=false;
while(queue) {
n++;
- err = SSLFreeBuffer(&queue->rec.contents, ctx);
+ err = SSLFreeBuffer(&queue->rec.contents);
if (err != 0)
goto fail;
next=queue->next;
ctx->messageWriteQueue=NULL;
- return noErr;
+ return errSecSuccess;
fail:
- assert(0);
+ check_noerr(err);
return err;
}
-
OSStatus SSLSendFlight(SSLContext *ctx)
{
OSStatus err;
WaitingMessage *queue;
int n=0;
- assert(ctx->sslTslCalls != NULL);
-
queue=ctx->messageWriteQueue;
while(queue) {
n++;
}
- return noErr;
+ return errSecSuccess;
fail:
- assert(0);
+ check_noerr(err);
return err;
}
if ((err = SSLAdvanceHandshake(SSL_HdskClientHello, ctx)) != 0)
return err;
- return noErr;
+ return errSecSuccess;
+}
+
+/*
+ * Determine max enabled protocol, i.e., the one we try to negotiate for.
+ * Only returns an error (errSecParam) if NO protocols are enabled, which can
+ * in fact happen by malicious or ignorant use of SSLSetProtocolVersionEnabled().
+ */
+OSStatus sslGetMaxProtVersion(
+ SSLContext *ctx,
+ SSLProtocolVersion *version) // RETURNED
+{
+ /* This check is here until SSLSetProtocolVersionEnabled() is gone .*/
+ if (ctx->maxProtocolVersion == SSL_Version_Undetermined)
+ return errSecBadReq;
+
+ *version = ctx->maxProtocolVersion;
+ return errSecSuccess;
}
+
/* log changes in handshake state */
#ifndef NDEBUG
#include <stdio.h>
return "NoNotifyClose";
case SSL_HdskStateServerHello:
return "ServerHello";
- case SSL_HdskStateServerHelloUnknownVersion:
- return "ServerHelloUnknownVersion";
case SSL_HdskStateKeyExchange:
return "KeyExchange";
case SSL_HdskStateCert:
return "ChangeCipherSpec";
case SSL_HdskStateFinished:
return "Finished";
- case SSL2_HdskStateClientMasterKey:
- return "SSL2_ClientMasterKey";
- case SSL2_HdskStateClientFinished:
- return "SSL2_ClientFinished";
- case SSL2_HdskStateServerHello:
- return "SSL2_ServerHello";
- case SSL2_HdskStateServerVerify:
- return "SSL2_ServerVerify";
- case SSL2_HdskStateServerFinished:
- return "SSL2_ServerFinished";
case SSL_HdskStateServerReady:
return "SSL_ServerReady";
case SSL_HdskStateClientReady:
}
}
+/* This is a macro in Release mode */
void SSLChangeHdskState(SSLContext *ctx, SSLHandshakeState newState)
{
- /* FIXME - this ifndef should not be necessary */
- #ifndef NDEBUG
sslHdskStateDebug("...hdskState = %s", hdskStateToStr(newState));
- #endif
ctx->state = newState;
}
-
/* log handshake messages */
static char *hdskMsgToStr(SSLHandshakeType msg)
projects / apple / security.git / blobdiff