From fa64210a88a90277aa499fd1616102e5f11967be Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 22 Feb 2017 17:26:04 +0000 Subject: [PATCH] Trace support for TLS 1.3 certificate request message Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2728) --- ssl/t1_trce.c | 75 ++++++++++++++++++++++++++++----------------------- 1 file changed, 42 insertions(+), 33 deletions(-) diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 7340fd1cdb..e99a2ceca8 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1206,46 +1206,50 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s, size_t xlen; unsigned int sigalg; - if (msglen < 1) - return 0; - xlen = msg[0]; - if (msglen < xlen + 1) - return 0; - msg++; - BIO_indent(bio, indent, 80); - BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen); - if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl)) - return 0; - msg += xlen; - msglen -= xlen + 1; - if (!SSL_USE_SIGALGS(s)) - goto skip_sig; - if (msglen < 2) - return 0; - xlen = (msg[0] << 8) | msg[1]; - if (msglen < xlen + 2 || (xlen & 1)) - return 0; - msg += 2; - BIO_indent(bio, indent, 80); - BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen); - while (xlen > 0) { - BIO_indent(bio, indent + 2, 80); - sigalg = (msg[0] << 8) | msg[1]; - BIO_printf(bio, "%s (0x%04x)\n", - ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); - xlen -= 2; + if (SSL_IS_TLS13(s)) { + if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen)) + return 0; + } else { + if (msglen < 1) + return 0; + xlen = msg[0]; + if (msglen < xlen + 1) + return 0; + msg++; + BIO_indent(bio, indent, 80); + BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen); + if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl)) + return 0; + msg += xlen; + msglen -= xlen + 1; + } + if (SSL_USE_SIGALGS(s)) { + if (msglen < 2) + return 0; + xlen = (msg[0] << 8) | msg[1]; + if (msglen < xlen + 2 || (xlen & 1)) + return 0; msg += 2; + msglen -= xlen + 2; + BIO_indent(bio, indent, 80); + BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen); + while (xlen > 0) { + BIO_indent(bio, indent + 2, 80); + sigalg = (msg[0] << 8) | msg[1]; + BIO_printf(bio, "%s (0x%04x)\n", + ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); + xlen -= 2; + msg += 2; + } + msg += xlen; } - msg += xlen; - msglen -= xlen + 2; - skip_sig: xlen = (msg[0] << 8) | msg[1]; BIO_indent(bio, indent, 80); if (msglen < xlen + 2) return 0; msg += 2; - msglen -= 2; + msglen -= 2 + xlen; BIO_printf(bio, "certificate_authorities (len=%d)\n", (int)xlen); while (xlen > 0) { size_t dlen; @@ -1271,7 +1275,12 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s, xlen -= dlen + 2; msg += dlen; } - return 1; + if (SSL_IS_TLS13(s)) { + if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2, + &msg, &msglen)) + return 0; + } + return msglen == 0; } static int ssl_print_ticket(BIO *bio, int indent, SSL *s, -- 2.25.1