Added POWER8 implementation for AES/CTR+CBC-MAC (for CCM and EAX modes).

[BearSSL] / src / ssl / ssl_hs_client.t0

diff --git a/src/ssl/ssl_hs_client.t0 b/src/ssl/ssl_hs_client.t0
index cfe5f78..23b39e7 100644 (file)
--- a/src/ssl/ssl_hs_client.t0
+++ b/src/ssl/ssl_hs_client.t0
@@ -31,7 +31,7 @@ preamble {
  * specific name. It must be noted that since the engine context is the
  * first field of the br_ssl_client_context structure ('eng'), then
  * pointers values of both types are interchangeable, modulo an
- * appropriate cast. This also means that "adresses" computed as offsets
+ * appropriate cast. This also means that "addresses" computed as offsets
  * within the structure work for both kinds of context.
  */
 #define CTX  ((br_ssl_client_context *)ENG)
@@ -686,16 +686,12 @@ cc: DEBUG-BLOB ( addr len -- ) {
 
        \ Cipher suite. We check that it is part of the list of cipher
        \ suites that we advertised.
-       \ read16 { suite ; found }
-       \ 0 >found
-       \ addr-suites_buf dup addr-suites_num get8 1 << +
-       \ begin dup2 < while
-       \       2 - dup get16
-       \       suite = found or >found
-       \ repeat
-       \ 2drop found ifnot ERR_BAD_CIPHER_SUITE fail then
        read16
        dup scan-suite 0< if ERR_BAD_CIPHER_SUITE fail then
+       \ Also check that the cipher suite is compatible with the
+       \ announced version: suites that don't use HMAC/SHA-1 are
+       \ for TLS-1.2 only, not older versions.
+       dup use-tls12? version 0x0303 < and if ERR_BAD_CIPHER_SUITE fail then
        addr-cipher_suite resume check-resume
 
        \ Compression method. Should be 0 (no compression).
@@ -805,6 +801,13 @@ cc: DEBUG-BLOB ( addr len -- ) {
                        1 addr-reneg set8
                then
                close-elt
+       else
+               \ No extension received at all, so the server does not
+               \ support secure renegotiation. This is a hard failure
+               \ if the server was previously known to support it (i.e.
+               \ this is a renegotiation).
+               ext-reneg-length 5 > if ERR_BAD_SECRENEG fail then
+               1 addr-reneg set8
        then
        close-elt
        resume
@@ -966,7 +969,7 @@ cc: get-client-chain ( auth_types -- ) {
 
 \ Parse CertificateRequest. Header has already been read.
 : read-contents-CertificateRequest ( lim -- )
-       \ Read supported client authentification types. We keep only
+       \ Read supported client authentication types. We keep only
        \ RSA, ECDSA, and ECDH.
        0 { auth_types }
        read8 open-elt
@@ -1257,6 +1260,12 @@ cc: do-client-sign ( -- sig_len ) {
                                                wait-co drop
                                        repeat
                                        100 send-warning
+                                       \ We rejected the renegotiation,
+                                       \ but the connection is not dead.
+                                       \ We must set back things into
+                                       \ working "application data" state.
+                                       1 addr-application_data set8
+                                       23 addr-record_type_out set8
                                else
                                        do-handshake
                                then