addr-eng: ecdhe_point_len
addr-eng: reneg
addr-eng: saved_finished
+addr-eng: flags
addr-eng: pad
addr-eng: action
addr-eng: alert
addr-session-field: cipher_suite
addr-session-field: master_secret
+\ Check a server flag by index.
+: flag? ( index -- bool )
+ addr-flags get32 swap >> 1 and neg ;
+
\ Define a word that evaluates to an error constant. This assumes that
\ all relevant error codes are in the 0..63 range.
: err:
addr-alert get8 case
0 of
\ 'alert' field is 0, so this byte shall be a level.
- \ Levels shall be 1 (alert) or 2 (fatal); we convert
+ \ Levels shall be 1 (warning) or 2 (fatal); we convert
\ all other values to "fatal".
dup 1 <> if drop 2 then
addr-alert set8 0
1 of
0 addr-alert set8
\ close_notify has value 0.
+ \ no_renegotiation has value 100, and we treat it
+ \ as a fatal alert.
+ dup 100 = if 256 + fail then
0= ret
endof
\ Fatal alert implies context termination.
- 256 + fail
+ drop 256 + fail
endcase ;
\ In general we only deal with handshake data here. Alerts are processed
2+
again ;
-\ Check that a given cipher suite is supported.
+\ Check that a given cipher suite is supported. Note that this also
+\ returns true (-1) for the TLS_FALLBACK_SCSV pseudo-ciphersuite.
: suite-supported? ( suite -- bool )
+ dup 0x5600 = if drop -1 ret then
cipher-suite-to-elements 0<> ;
\ Get expected key type for cipher suite. The key type is one of
projects / BearSSL / blobdiff