X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;ds=inline;f=ssl%2Ft1_trce.c;h=fdc61a5f3306fac92f96f607097a45b879807a68;hb=ddb4c0477af623fcad3e6709640729e82693a4c9;hp=97170cddce36bb7d70e192ccbd281a40b6b165d1;hpb=9d3356b1186c8449820273aa9ed5d0066f698307;p=oweals%2Fopenssl.git diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 97170cddce..fdc61a5f33 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1,4 +1,3 @@ -/* ssl/t1_trce.c */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -117,7 +116,7 @@ static ssl_trace_tbl ssl_content_tbl[] = { {SSL3_RT_ALERT, "Alert"}, {SSL3_RT_HANDSHAKE, "Handshake"}, {SSL3_RT_APPLICATION_DATA, "ApplicationData"}, - {TLS1_RT_HEARTBEAT, "HeartBeat"} + {DTLS1_RT_HEARTBEAT, "HeartBeat"} }; /* Handshake types */ @@ -461,6 +460,13 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = { {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"}, {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"}, {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"}, + {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" }, + {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" }, + {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305" }, + {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305" }, + {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305" }, + {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305" }, + {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305" }, {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, }; @@ -537,20 +543,26 @@ static ssl_trace_tbl ssl_point_tbl[] = { }; static ssl_trace_tbl ssl_md_tbl[] = { - {0, "none"}, - {1, "md5"}, - {2, "sha1"}, - {3, "sha224"}, - {4, "sha256"}, - {5, "sha384"}, - {6, "sha512"} + {TLSEXT_hash_none, "none"}, + {TLSEXT_hash_md5, "md5"}, + {TLSEXT_hash_sha1, "sha1"}, + {TLSEXT_hash_sha224, "sha224"}, + {TLSEXT_hash_sha256, "sha256"}, + {TLSEXT_hash_sha384, "sha384"}, + {TLSEXT_hash_sha512, "sha512"}, + {TLSEXT_hash_gostr3411, "md_gost94"}, + {TLSEXT_hash_gostr34112012_256, "md_gost2012_256"}, + {TLSEXT_hash_gostr34112012_512, "md_gost2012_512"} }; static ssl_trace_tbl ssl_sig_tbl[] = { - {0, "anonymous"}, - {1, "rsa"}, - {2, "dsa"}, - {3, "ecdsa"} + {TLSEXT_signature_anonymous, "anonymous"}, + {TLSEXT_signature_rsa, "rsa"}, + {TLSEXT_signature_dsa, "dsa"}, + {TLSEXT_signature_ecdsa, "ecdsa"}, + {TLSEXT_signature_gostr34102001, "gost2001"}, + {TLSEXT_signature_gostr34102012_256, "gost2012_256"}, + {TLSEXT_signature_gostr34102012_512, "gost2012_512"} }; static ssl_trace_tbl ssl_hb_tbl[] = { @@ -900,14 +912,6 @@ static int ssl_get_keyex(const char **pname, SSL *ssl) *pname = "rsa"; return SSL_kRSA; } - if (alg_k & SSL_kDHr) { - *pname = "dh_rsa"; - return SSL_kDHr; - } - if (alg_k & SSL_kDHd) { - *pname = "dh_dss"; - return SSL_kDHd; - } if (alg_k & SSL_kDHE) { *pname = "DHE"; return SSL_kDHE; @@ -916,18 +920,22 @@ static int ssl_get_keyex(const char **pname, SSL *ssl) *pname = "ECDHE"; return SSL_kECDHE; } - if (alg_k & SSL_kECDHr) { - *pname = "ECDH RSA"; - return SSL_kECDHr; - } - if (alg_k & SSL_kECDHe) { - *pname = "ECDH ECDSA"; - return SSL_kECDHe; - } if (alg_k & SSL_kPSK) { *pname = "PSK"; return SSL_kPSK; } + if (alg_k & SSL_kRSAPSK) { + *pname = "RSAPSK"; + return SSL_kRSAPSK; + } + if (alg_k & SSL_kDHEPSK) { + *pname = "DHEPSK"; + return SSL_kDHEPSK; + } + if (alg_k & SSL_kECDHEPSK) { + *pname = "ECDHEPSK"; + return SSL_kECDHEPSK; + } if (alg_k & SSL_kSRP) { *pname = "SRP"; return SSL_kSRP; @@ -948,9 +956,15 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl, id = ssl_get_keyex(&algname, ssl); BIO_indent(bio, indent, 80); BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); + if (id & SSL_PSK) { + if (!ssl_print_hexbuf(bio, indent + 2, + "psk_identity", 2, &msg, &msglen)) + return 0; + } switch (id) { case SSL_kRSA: + case SSL_kRSAPSK: if (TLS1_get_version(ssl) == SSL3_VERSION) { ssl_print_hex(bio, indent + 2, "EncyptedPreMasterSecret", msg, msglen); @@ -962,33 +976,21 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl, } break; - /* Implicit parameters only allowed for static DH */ - case SSL_kDHd: - case SSL_kDHr: - if (msglen == 0) { - BIO_indent(bio, indent + 2, 80); - BIO_puts(bio, "implicit\n"); - break; - } case SSL_kDHE: + case SSL_kDHEPSK: if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2, &msg, &msglen)) return 0; break; - case SSL_kECDHr: - case SSL_kECDHe: - if (msglen == 0) { - BIO_indent(bio, indent + 2, 80); - BIO_puts(bio, "implicit\n"); - break; - } case SSL_kECDHE: + case SSL_kECDHEPSK: if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, &msg, &msglen)) return 0; break; + } - return 1; + return !msglen; } static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, @@ -999,16 +1001,12 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, id = ssl_get_keyex(&algname, ssl); BIO_indent(bio, indent, 80); BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); + if (id & SSL_PSK) { + if (!ssl_print_hexbuf(bio, indent + 2, + "psk_identity_hint", 2, &msg, &msglen)) + return 0; + } switch (id) { - /* Should never happen */ - case SSL_kDHd: - case SSL_kDHr: - case SSL_kECDHr: - case SSL_kECDHe: - BIO_indent(bio, indent + 2, 80); - BIO_printf(bio, "Unexpected Message\n"); - break; - case SSL_kRSA: if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, @@ -1020,6 +1018,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, break; case SSL_kDHE: + case SSL_kDHEPSK: if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2, &msg, &msglen)) return 0; if (!ssl_print_hexbuf(bio, indent + 2, "dh_g", 2, &msg, &msglen)) @@ -1028,7 +1027,9 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, return 0; break; +#ifndef OPENSSL_NO_EC case SSL_kECDHE: + case SSL_kECDHEPSK: if (msglen < 1) return 0; BIO_indent(bio, indent + 2, 80); @@ -1047,10 +1048,20 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, msglen -= 3; if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen)) return 0; + } else { + BIO_printf(bio, "UNKNOWN CURVE PARAMETER TYPE %d\n", msg[0]); + return 0; } break; +#endif + + case SSL_kPSK: + case SSL_kRSAPSK: + break; } - return ssl_print_signature(bio, indent, ssl, &msg, &msglen); + if (!(id & SSL_PSK)) + ssl_print_signature(bio, indent, ssl, &msg, &msglen); + return !msglen; } static int ssl_print_certificate(BIO *bio, int indent, @@ -1367,7 +1378,7 @@ void SSL_trace(int write_p, int version, int content_type, SSL_alert_type_string_long(msg[0] << 8), msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); } - case TLS1_RT_HEARTBEAT: + case DTLS1_RT_HEARTBEAT: ssl_print_heartbeat(bio, 4, msg, msglen); break;