/*
* This macro evaluates to a pointer to the current engine context.
*/
-#define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
+#define ENG ((br_ssl_engine_context *)(void *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
}
: NYI ( -- ! )
"NOT YET IMPLEMENTED!" puts cr -1 fail ;
+\ Debug function that prints a string (and a newline) on stderr.
+cc: DBG ( addr -- ) {
+ extern void *stderr;
+ extern int fprintf(void *, const char *, ...);
+ fprintf(stderr, "%s\n", &t0_datablock[T0_POPi()]);
+}
+
+\ Debug function that prints a string and an integer value (followed
+\ by a newline) on stderr.
+cc: DBG2 ( addr x -- ) {
+ extern void *stderr;
+ extern int fprintf(void *, const char *, ...);
+ int32_t x = T0_POPi();
+ fprintf(stderr, "%s: %ld (0x%08lX)\n",
+ &t0_datablock[T0_POPi()], (long)x, (unsigned long)(uint32_t)x);
+}
+
\ Mark the context as failed with a specific error code. This also
\ returns control to the caller.
cc: fail ( err -- ! ) {
\ Read a 16-bit word from the context (address is offset in context).
cc: get16 ( addr -- val ) {
size_t addr = (size_t)T0_POP();
- T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
+ T0_PUSH(*(uint16_t *)(void *)((unsigned char *)ENG + addr));
}
\ Read a 32-bit word from the context (address is offset in context).
cc: get32 ( addr -- val ) {
size_t addr = (size_t)T0_POP();
- T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
+ T0_PUSH(*(uint32_t *)(void *)((unsigned char *)ENG + addr));
}
\ Set a byte in the context (address is offset in context).
\ Set a 16-bit word in the context (address is offset in context).
cc: set16 ( val addr -- ) {
size_t addr = (size_t)T0_POP();
- *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
+ *(uint16_t *)(void *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
}
\ Set a 32-bit word in the context (address is offset in context).
cc: set32 ( val addr -- ) {
size_t addr = (size_t)T0_POP();
- *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
+ *(uint32_t *)(void *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
}
\ Define a word that evaluates as an address of a field within the
read16 skip-blob ;
\ Open a substructure: the inner structure length is checked against,
-\ and substracted, from the output structure current limit.
+\ and subtracted, from the output structure current limit.
: open-elt ( lim len -- lim-outer lim-inner )
dup { len }
- dup 0< if ERR_BAD_PARAM fail then
: prf-id ( suite -- id )
cipher-suite-to-elements 15 and ;
+\ Test whether a cipher suite is only for TLS-1.2. Cipher suites that
+\ can be used with TLS-1.0 or 1.1 use HMAC/SHA-1. RFC do not formally
+\ forbid using a CBC-based TLS-1.2 cipher suite, e.g. based on HMAC/SHA-256,
+\ with older protocol versions; however, servers should not do that, since
+\ it may confuse clients. Since the server code does not try such games,
+\ for consistency, the client should reject it as well (normal servers
+\ don't do that, so any attempt is a sign of foul play).
+: use-tls12? ( suite -- bool )
+ cipher-suite-to-elements 0xF0 and 0x20 <> ;
+
\ Switch to negotiated security parameters for input or output.
: switch-encryption ( is-client for-input -- )
{ for-input }