pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:385:   void new_cipher_states();      //! Derive the master secret from the premaster_secret   //! and the random seeds, and configure the keys.   void derive_master_secret(string(8bit) premaster_secret)   {    SSL3_DEBUG_MSG("%O: derive_master_secret: %s (%s)\n",    this, fmt_constant(handshake_state, "STATE"),    fmt_version(version));    -  if (version >= PROTOCOL_TLS_1_3) { -  switch(handshake_state) { -  case STATE_wait_for_hello: // Resume -  case STATE_wait_for_key_share: // Full hello -  session->master_secret = premaster_secret; -  session->master_secret = hash_messages("handshake master secret", 48); -  break; -  case STATE_wait_for_finish: -  session->master_secret = premaster_secret; -  session->master_secret = hash_messages("extended master secret", 48); -  break; -  default: -  error("Unexpected handshake state: %s\n", -  fmt_constant(handshake_state, "STATE")); -  break; -  } -  } else if (!sizeof(premaster_secret)) { +  if (!sizeof(premaster_secret)) {    // Clear text mode.    session->master_secret = "";    } else if (session->extended_master_secret) {    // Extended Master Secret Draft.    session->master_secret = premaster_secret;    session->master_secret = hash_messages("extended master secret", 48);    } else {    session->master_secret =    session->cipher_spec->prf(premaster_secret, "master secret",    client_random + server_random, 48);    }       new_cipher_states(); -  -  if ((version >= PROTOCOL_TLS_1_3) && -  (handshake_state == STATE_wait_for_finish)) { -  // Generate the resumption premaster secret. -  session->master_secret = premaster_secret; -  session->master_secret = hash_messages("resumption premaster secret", 48); +    } - } +          //! Do handshake processing. Type is one of HANDSHAKE_*, data is the   //! contents of the packet, and raw is the raw packet received (needed   //! for supporting SSLv2 hello messages).   //!   //! This function returns 0 if handshake is in progress, 1 if handshake   //! is finished, and -1 if a fatal error occurred. It uses the   //! send_packet() function to transmit packets.   int(-1..1) handle_handshake(int type, Buffer input, Stdio.Buffer raw);
pike.git/lib/modules/SSL.pmod/Connection.pike:677:    }    }    packet = current_write_state->encrypt_packet(packet, context);    if (packet->content_type == PACKET_change_cipher_spec) {    if (sizeof(pending_write_state)) {    current_write_state = pending_write_state[0];    pending_write_state = pending_write_state[1..];    } else {    error("Invalid Change Cipher Spec.\n");    } -  if (version >= PROTOCOL_TLS_1_3) { -  // The change cipher state packet is not sent on the wire in TLS 1.3. -  return 2; +     } -  } +        packet->send(output);    return 2;   }      //! Initiate close.   void send_close()   {    send_packet(alert(ALERT_warning, ALERT_close_notify,    "Closing connection.\n"), PRI_application);