From 87d70b63a53e7268512c7890cb55192669342534 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 2 Feb 2017 11:16:25 +0000 Subject: [PATCH] Add trace support for HelloRetryRequest Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) --- ssl/t1_trce.c | 48 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 38 insertions(+), 10 deletions(-) diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 9da8f756d8..5561e8f8a3 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -83,16 +83,17 @@ static ssl_trace_tbl ssl_handshake_tbl[] = { {SSL3_MT_SERVER_HELLO, "ServerHello"}, {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"}, {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"}, + {SSL3_MT_HELLO_RETRY_REQUEST, "HelloRetryRequest"}, + {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"}, {SSL3_MT_CERTIFICATE, "Certificate"}, {SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange"}, {SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest"}, - {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, - {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}, {SSL3_MT_SERVER_DONE, "ServerHelloDone"}, {SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"}, {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, + {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}, + {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, {SSL3_MT_FINISHED, "Finished"}, - {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"}, {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"} }; @@ -650,7 +651,8 @@ static int ssl_print_signature(BIO *bio, int indent, SSL *s, return ssl_print_hexbuf(bio, indent, "Signature", 2, pmsg, pmsglen); } -static int ssl_print_extension(BIO *bio, int indent, int server, int extype, +static int ssl_print_extension(BIO *bio, int indent, int server, + unsigned char mt, int extype, const unsigned char *ext, size_t extlen) { size_t xlen, share_len; @@ -729,6 +731,17 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype, break; case TLSEXT_TYPE_key_share: + if (mt == SSL3_MT_HELLO_RETRY_REQUEST) { + int group_id; + + if (extlen != 2) + return 0; + group_id = (ext[0] << 8) | ext[1]; + BIO_indent(bio, indent + 4, 80); + BIO_printf(bio, "NamedGroup: %s\n", + ssl_trace_str(group_id, ssl_groups_tbl)); + break; + } if (extlen < 2) return 0; if (server) { @@ -782,7 +795,8 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype, } static int ssl_print_extensions(BIO *bio, int indent, int server, - const unsigned char **msgin, size_t *msginlen) + unsigned char mt, const unsigned char **msgin, + size_t *msginlen) { size_t extslen, msglen = *msginlen; const unsigned char *msg = *msgin; @@ -808,7 +822,8 @@ static int ssl_print_extensions(BIO *bio, int indent, int server, if (msglen < extlen + 4) return 0; msg += 4; - if (!ssl_print_extension(bio, indent + 2, server, extype, msg, extlen)) + if (!ssl_print_extension(bio, indent + 2, server, mt, extype, msg, + extlen)) return 0; msg += extlen; msglen -= extlen + 4; @@ -869,7 +884,8 @@ static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent, msglen--; len--; } - if (!ssl_print_extensions(bio, indent, 0, &msg, &msglen)) + if (!ssl_print_extensions(bio, indent, 0, SSL3_MT_CLIENT_HELLO, &msg, + &msglen)) return 0; return 1; } @@ -914,7 +930,8 @@ static int ssl_print_server_hello(BIO *bio, int indent, msg++; msglen--; } - if (!ssl_print_extensions(bio, indent, 1, &msg, &msglen)) + if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_SERVER_HELLO, &msg, + &msglen)) return 0; return 1; } @@ -1130,7 +1147,8 @@ static int ssl_print_certificates(BIO *bio, SSL *s, int server, int indent, while (clen > 0) { if (!ssl_print_certificate(bio, indent + 2, &msg, &clen)) return 0; - if (!ssl_print_extensions(bio, indent + 2, server, &msg, &clen)) + if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE, + &msg, &clen)) return 0; } @@ -1318,8 +1336,18 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, int server, return 0; break; + case SSL3_MT_HELLO_RETRY_REQUEST: + if (!ssl_print_version(bio, indent + 2, "server_version", &msg, &msglen, + NULL) + || !ssl_print_extensions(bio, indent + 2, 1, + SSL3_MT_HELLO_RETRY_REQUEST, &msg, + &msglen)) + return 0; + break; + case SSL3_MT_ENCRYPTED_EXTENSIONS: - if (!ssl_print_extensions(bio, indent + 2, 1, &msg, &msglen)) + if (!ssl_print_extensions(bio, indent + 2, 1, + SSL3_MT_ENCRYPTED_EXTENSIONS, &msg, &msglen)) return 0; break; -- 2.25.1