mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-13 08:23:50 +08:00
Update TLS 1.3
This commit is contained in:
Zhi Guan
@@ -82,10 +82,6 @@ int tls_send_record(TLS_CONNECT *conn)
|
||||
while (left) {
|
||||
n = tls_socket_send(conn->sock, conn->record + conn->record_offset, left, 0);
|
||||
if (n < 0) {
|
||||
|
||||
fprintf(stderr, "send() return %d\n", n);
|
||||
fprintf(stderr, "send() errno %d\n", errno);
|
||||
|
||||
if (errno == EAGAIN && errno == EWOULDBLOCK) {
|
||||
return TLS_ERROR_SEND_AGAIN;
|
||||
} else if (errno == EINTR) {
|
||||
|
||||
@@ -6859,10 +6859,6 @@ int tls13_recv_client_hello(TLS_CONNECT *conn)
|
||||
int common_cipher_suites[4];
|
||||
size_t common_cipher_suites_cnt;
|
||||
|
||||
if (!conn->ctx->cert_chains) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
if (!conn->ctx->cert_chains_len) {
|
||||
error_print();
|
||||
return -1;
|
||||
|
||||
@@ -176,7 +176,7 @@ int tls13_client_main(int argc, char *argv[])
|
||||
char *cipher_suite_name;
|
||||
int cipher_suite;
|
||||
if (cipher_suites_cnt >= sizeof(cipher_suites)/sizeof(cipher_suites[0])) {
|
||||
fprintf(stderr, "%s: too much -cipher_suite\n", prog);
|
||||
fprintf(stderr, "%s: too many -cipher_suite options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
@@ -230,7 +230,7 @@ int tls13_client_main(int argc, char *argv[])
|
||||
psk_dhe_ke = 1;
|
||||
} else if (!strcmp(*argv, "-psk_identity")) {
|
||||
if (psk_identities_cnt > sizeof(psk_identities)/sizeof(psk_identities[0])) {
|
||||
fprintf(stderr, "%s: too much -psk_identity\n", prog);
|
||||
fprintf(stderr, "%s: too many -psk_identity options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
@@ -239,7 +239,7 @@ int tls13_client_main(int argc, char *argv[])
|
||||
char *cipher_suite_name;
|
||||
int cipher_suite;
|
||||
if (psk_cipher_suites_cnt > sizeof(psk_cipher_suites)/sizeof(psk_cipher_suites[0])) {
|
||||
fprintf(stderr, "%s: too much -psk_cipher_suite\n", prog);
|
||||
fprintf(stderr, "%s: too many -psk_cipher_suite options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
@@ -252,7 +252,7 @@ int tls13_client_main(int argc, char *argv[])
|
||||
} else if (!strcmp(*argv, "-psk_key")) {
|
||||
char *psk_key_hex;
|
||||
if (psk_keys_cnt > sizeof(psk_keys)/sizeof(psk_keys[0])) {
|
||||
fprintf(stderr, "%s: too much -psk_key\n", prog);
|
||||
fprintf(stderr, "%s: too many -psk_key options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
@@ -272,7 +272,7 @@ int tls13_client_main(int argc, char *argv[])
|
||||
char *supported_group_name;
|
||||
int supported_group;
|
||||
if (supported_groups_cnt >= sizeof(supported_groups)/sizeof(supported_groups[0])) {
|
||||
fprintf(stderr, "%s: too much -supported_group\n", prog);
|
||||
fprintf(stderr, "%s: too many -supported_group options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
@@ -286,7 +286,7 @@ int tls13_client_main(int argc, char *argv[])
|
||||
char *sig_alg_name;
|
||||
int sig_alg;
|
||||
if (sig_algs_cnt >= sizeof(sig_algs)/sizeof(sig_algs[0])) {
|
||||
fprintf(stderr, "%s: too much -sig_alg\n", prog);
|
||||
fprintf(stderr, "%s: too many -sig_alg options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
@@ -376,7 +376,7 @@ bad:
|
||||
// CA certificates
|
||||
if (cacertfile) {
|
||||
if (tls_ctx_set_ca_certificates(&ctx, cacertfile, verify_depth) != 1) {
|
||||
fprintf(stderr, "%s: load CA certificates file '%s' failure\n", prog, cacertfile);
|
||||
fprintf(stderr, "%s: failed to load certificate '%s'\n", prog, cacertfile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
@@ -384,11 +384,11 @@ bad:
|
||||
// CertificateRequest
|
||||
if (certfile) {
|
||||
if (!keyfile) {
|
||||
fprintf(stderr, "%s: option '-key' required\n", prog);
|
||||
fprintf(stderr, "%s: option -key is required\n", prog);
|
||||
goto end;
|
||||
}
|
||||
if (!pass) {
|
||||
fprintf(stderr, "%s: option '-pass' requried\n", prog);
|
||||
fprintf(stderr, "%s: option -pass is requried\n", prog);
|
||||
goto end;
|
||||
}
|
||||
if (tls_ctx_add_certificate_chain_and_key(&ctx, certfile, keyfile, pass) != 1) {
|
||||
@@ -690,7 +690,6 @@ bad:
|
||||
|
||||
if (sent_len > 0 && FD_ISSET(conn.sock, &fds_send)) {
|
||||
|
||||
|
||||
// tls13_send 会返回一个 -1 , 但是没有打印错误信息!!!!
|
||||
if ((ret = tls13_send(&conn, (uint8_t *)send_buf + sent_offset, sent_len, &sentlen)) != 1) {
|
||||
if (ret == TLS_ERROR_SEND_AGAIN || ret == TLS_ERROR_RECV_AGAIN) {
|
||||
|
||||
@@ -145,21 +145,21 @@ int tls13_server_main(int argc , char **argv)
|
||||
port = atoi(*(++argv));
|
||||
} else if (!strcmp(*argv, "-cert")) {
|
||||
if (certfiles_cnt >= sizeof(certfiles)/sizeof(certfiles[0])) {
|
||||
fprintf(stderr, "%s: too much -cert\n", prog);
|
||||
fprintf(stderr, "%s: too many -cert options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
certfiles[certfiles_cnt++] = *(++argv);
|
||||
} else if (!strcmp(*argv, "-key")) {
|
||||
if (keyfiles_cnt >= sizeof(keyfiles)/sizeof(keyfiles[0])) {
|
||||
fprintf(stderr, "%s: too much -key\n", prog);
|
||||
fprintf(stderr, "%s: too many -key options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
keyfiles[keyfiles_cnt++] = *(++argv);
|
||||
} else if (!strcmp(*argv, "-pass")) {
|
||||
if (passes_cnt >= sizeof(passes)/sizeof(passes[0])) {
|
||||
fprintf(stderr, "%s: too much -pass\n", prog);
|
||||
fprintf(stderr, "%s: too many -pass options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
@@ -220,7 +220,7 @@ int tls13_server_main(int argc , char **argv)
|
||||
char *cipher_suite_name;
|
||||
int cipher_suite;
|
||||
if (cipher_suites_cnt >= sizeof(cipher_suites)/sizeof(cipher_suites[0])) {
|
||||
fprintf(stderr, "%s: too much -cipher_suite\n", prog);
|
||||
fprintf(stderr, "%s: too many -cipher_suite options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
@@ -235,7 +235,7 @@ int tls13_server_main(int argc , char **argv)
|
||||
char *supported_group_name;
|
||||
int supported_group;
|
||||
if (supported_groups_cnt >= sizeof(supported_groups)/sizeof(supported_groups[0])) {
|
||||
fprintf(stderr, "%s: too much -supported_group\n", prog);
|
||||
fprintf(stderr, "%s: too many -supported_group options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
@@ -249,7 +249,7 @@ int tls13_server_main(int argc , char **argv)
|
||||
char *sig_alg_name;
|
||||
int sig_alg;
|
||||
if (sig_algs_cnt >= sizeof(sig_algs)/sizeof(sig_algs[0])) {
|
||||
fprintf(stderr, "%s: too much -sig_alg\n", prog);
|
||||
fprintf(stderr, "%s: too many -sig_alg options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
@@ -550,9 +550,7 @@ restart:
|
||||
if (send_len > 0 && FD_ISSET(conn.sock, &fds_send)) {
|
||||
fprintf(stderr, ">>>>>>>> send back\n");
|
||||
|
||||
|
||||
format_bytes(stderr, 0, 0, "tls13_send", buf + send_offset, send_len);
|
||||
|
||||
format_bytes(stderr, 0, 0, "tls13_send", (const uint8_t *)buf + send_offset, send_len);
|
||||
|
||||
if ((ret = tls13_send(&conn, (uint8_t *)buf + send_offset, send_len, &sentlen)) != 1) {
|
||||
if (ret == TLS_ERROR_SEND_AGAIN || ret == TLS_ERROR_RECV_AGAIN) {
|
||||
|
||||
Reference in New Issue
Block a user