X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Ft1_trce.c;h=6f340c9ab1ff51d203d0124ddc3f4c743e562985;hb=9bb6f82958537b9ab5ec8fe44c762f448d4a59d8;hp=b3b6e18b0d4827c8b3420daf7763e9454b458d64;hpb=784250519078fac72806d62a03bff2481a3fc2bf;p=oweals%2Fopenssl.git

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index b3b6e18b0d..6f340c9ab1 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -83,17 +83,19 @@ static ssl_trace_tbl ssl_handshake_tbl[] = {
     {SSL3_MT_SERVER_HELLO, "ServerHello"},
     {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"},
     {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"},
+    {SSL3_MT_HELLO_RETRY_REQUEST, "HelloRetryRequest"},
+    {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"},
     {SSL3_MT_CERTIFICATE, "Certificate"},
     {SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange"},
     {SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest"},
-    {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"},
-    {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"},
     {SSL3_MT_SERVER_DONE, "ServerHelloDone"},
     {SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"},
     {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"},
+    {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"},
+    {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"},
     {SSL3_MT_FINISHED, "Finished"},
-    {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"},
-    {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}
+    {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"},
+    {SSL3_MT_KEY_UPDATE, "KeyUpdate"}
 };
 
 /* Cipher suites */
@@ -449,6 +451,7 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
     {TLSEXT_TYPE_server_authz, "server_authz"},
     {TLSEXT_TYPE_cert_type, "cert_type"},
     {TLSEXT_TYPE_key_share, "key_share"},
+    {TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes"},
     {TLSEXT_TYPE_supported_groups, "supported_groups"},
     {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"},
     {TLSEXT_TYPE_srp, "srp"},
@@ -540,6 +543,11 @@ static ssl_trace_tbl ssl_ctype_tbl[] = {
     {66, "ecdsa_fixed_ecdh"}
 };
 
+static ssl_trace_tbl ssl_psk_kex_modes_tbl[] = {
+    {TLSEXT_KEX_MODE_KE, "psk_ke"},
+    {TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke"}
+};
+
 static ssl_trace_tbl ssl_crypto_tbl[] = {
     {TLS1_RT_CRYPTO_PREMASTER, "Premaster Secret"},
     {TLS1_RT_CRYPTO_CLIENT_RANDOM, "Client Random"},
@@ -555,6 +563,11 @@ static ssl_trace_tbl ssl_crypto_tbl[] = {
     {TLS1_RT_CRYPTO_FIXED_IV | TLS1_RT_CRYPTO_READ, "Read IV (fixed part)"}
 };
 
+static ssl_trace_tbl ssl_key_update_tbl[] = {
+    {SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested"},
+    {SSL_KEY_UPDATE_REQUESTED, "update_requested"}
+};
+
 static void ssl_print_hex(BIO *bio, int indent, const char *name,
                           const unsigned char *msg, size_t msglen)
 {
@@ -644,7 +657,8 @@ static int ssl_print_signature(BIO *bio, int indent, SSL *s,
     return ssl_print_hexbuf(bio, indent, "Signature", 2, pmsg, pmsglen);
 }
 
-static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
+static int ssl_print_extension(BIO *bio, int indent, int server,
+                               unsigned char mt, int extype,
                                const unsigned char *ext, size_t extlen)
 {
     size_t xlen, share_len;
@@ -723,6 +737,17 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
         break;
 
     case TLSEXT_TYPE_key_share:
+        if (mt == SSL3_MT_HELLO_RETRY_REQUEST) {
+            int group_id;
+
+            if (extlen != 2)
+                return 0;
+            group_id = (ext[0] << 8) | ext[1];
+            BIO_indent(bio, indent + 4, 80);
+            BIO_printf(bio, "NamedGroup: %s\n",
+                       ssl_trace_str(group_id, ssl_groups_tbl));
+            break;
+        }
         if (extlen < 2)
             return 0;
         if (server) {
@@ -760,6 +785,15 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
         return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2,
                               ssl_version_tbl);
 
+    case TLSEXT_TYPE_psk_kex_modes:
+        if (extlen < 1)
+            return 0;
+        xlen = ext[0];
+        if (extlen != xlen + 1)
+            return 0;
+        return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1,
+                              ssl_psk_kex_modes_tbl);
+
     default:
         BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2);
     }
@@ -767,7 +801,8 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
 }
 
 static int ssl_print_extensions(BIO *bio, int indent, int server,
-                                const unsigned char **msgin, size_t *msginlen)
+                                unsigned char mt, const unsigned char **msgin,
+                                size_t *msginlen)
 {
     size_t extslen, msglen = *msginlen;
     const unsigned char *msg = *msgin;
@@ -793,7 +828,8 @@ static int ssl_print_extensions(BIO *bio, int indent, int server,
         if (msglen < extlen + 4)
             return 0;
         msg += 4;
-        if (!ssl_print_extension(bio, indent + 2, server, extype, msg, extlen))
+        if (!ssl_print_extension(bio, indent + 2, server, mt, extype, msg,
+                                 extlen))
             return 0;
         msg += extlen;
         msglen -= extlen + 4;
@@ -854,7 +890,8 @@ static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent,
         msglen--;
         len--;
     }
-    if (!ssl_print_extensions(bio, indent, 0, &msg, &msglen))
+    if (!ssl_print_extensions(bio, indent, 0, SSL3_MT_CLIENT_HELLO, &msg,
+                              &msglen))
         return 0;
     return 1;
 }
@@ -899,7 +936,8 @@ static int ssl_print_server_hello(BIO *bio, int indent,
         msg++;
         msglen--;
     }
-    if (!ssl_print_extensions(bio, indent, 1, &msg, &msglen))
+    if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_SERVER_HELLO, &msg,
+                              &msglen))
         return 0;
     return 1;
 }
@@ -1115,7 +1153,8 @@ static int ssl_print_certificates(BIO *bio, SSL *s, int server, int indent,
     while (clen > 0) {
         if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
             return 0;
-        if (!ssl_print_extensions(bio, indent + 2, server, &msg, &clen))
+        if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
+                                  &msg, &clen))
             return 0;
 
     }
@@ -1303,8 +1342,28 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, int server,
             return 0;
         break;
 
+    case SSL3_MT_HELLO_RETRY_REQUEST:
+        if (!ssl_print_version(bio, indent + 2, "server_version", &msg, &msglen,
+                               NULL)
+                || !ssl_print_extensions(bio, indent + 2, 1,
+                                         SSL3_MT_HELLO_RETRY_REQUEST, &msg,
+                                         &msglen))
+            return 0;
+        break;
+
     case SSL3_MT_ENCRYPTED_EXTENSIONS:
-        if (!ssl_print_extensions(bio, indent + 2, 1, &msg, &msglen))
+        if (!ssl_print_extensions(bio, indent + 2, 1,
+                                  SSL3_MT_ENCRYPTED_EXTENSIONS, &msg, &msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_KEY_UPDATE:
+        if (msglen != 1) {
+            ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen);
+            return 0;
+        }
+        if (!ssl_trace_list(bio, indent + 2, msg, msglen, 1,
+                            ssl_key_update_tbl))
             return 0;
         break;