(int) TLS_MAX_KEY_EXPANSION_SIZE);
DEBUG_DUMP_HEX_LABEL("CLIENT KEY", clientkey, key_length);
DEBUG_DUMP_HEX_LABEL("CLIENT IV", clientiv, iv_length);
(int) TLS_MAX_KEY_EXPANSION_SIZE);
DEBUG_DUMP_HEX_LABEL("CLIENT KEY", clientkey, key_length);
DEBUG_DUMP_HEX_LABEL("CLIENT IV", clientiv, iv_length);
DEBUG_DUMP_HEX_LABEL("CLIENT MAC KEY",
context->is_server ? context->crypto.
ctx_remote_mac.remote_mac : context->
crypto.ctx_local_mac.local_mac,
mac_length);
DEBUG_DUMP_HEX_LABEL("CLIENT MAC KEY",
context->is_server ? context->crypto.
ctx_remote_mac.remote_mac : context->
crypto.ctx_local_mac.local_mac,
mac_length);
DEBUG_DUMP_HEX_LABEL("SERVER KEY", serverkey, key_length);
DEBUG_DUMP_HEX_LABEL("SERVER IV", serveriv, iv_length);
DEBUG_DUMP_HEX_LABEL("SERVER KEY", serverkey, key_length);
DEBUG_DUMP_HEX_LABEL("SERVER IV", serveriv, iv_length);
DEBUG_DUMP_HEX_LABEL("SERVER MAC KEY",
context->is_server ? context->crypto.
ctx_local_mac.local_mac : context->crypto.
ctx_remote_mac.remote_mac, mac_length);
DEBUG_DUMP_HEX_LABEL("SERVER MAC KEY",
context->is_server ? context->crypto.
ctx_local_mac.local_mac : context->crypto.
ctx_remote_mac.remote_mac, mac_length);
if (context->is_server) {
if (is_aead == 2) {
memcpy(context->crypto.ctx_remote_mac.remote_nonce,
if (context->is_server) {
if (is_aead == 2) {
memcpy(context->crypto.ctx_remote_mac.remote_nonce,
tls_alert(context, 1, certificate_verify_alert);
context->critical_error = 1;
}
tls_alert(context, 1, certificate_verify_alert);
context->critical_error = 1;
}
tls_alert(context, 1, unexpected_message);
break;
case TLS_COMPRESSION_NOT_SUPPORTED:
tls_alert(context, 1, unexpected_message);
break;
case TLS_COMPRESSION_NOT_SUPPORTED:
tls_alert(context, 1, bad_record_mac);
break;
case TLS_BAD_CERTIFICATE:
tls_alert(context, 1, bad_record_mac);
break;
case TLS_BAD_CERTIFICATE:
if (context->is_server) {
/* bad client certificate, continue */
tls_alert(context, 0, bad_certificate);
if (context->is_server) {
/* bad client certificate, continue */
tls_alert(context, 0, bad_certificate);
tls_alert(context, 1, unsupported_certificate);
break;
case TLS_NO_COMMON_CIPHER:
tls_alert(context, 1, unsupported_certificate);
break;
case TLS_NO_COMMON_CIPHER:
tls_alert(context, 1, internal_error);
break;
case TLS_NO_RENEGOTIATION:
tls_alert(context, 1, internal_error);
break;
case TLS_NO_RENEGOTIATION:
tls_alert(context, 0, no_renegotiation_RESERVED);
payload_res = 0;
break;
case TLS_DECRYPTION_FAILED:
tls_alert(context, 0, no_renegotiation_RESERVED);
payload_res = 0;
break;
case TLS_DECRYPTION_FAILED: