mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-13 08:23:50 +08:00
Update TLS 1.3
This commit is contained in:
Zhi Guan
@@ -82,10 +82,6 @@ int tls_send_record(TLS_CONNECT *conn)
|
|||||||
while (left) {
|
while (left) {
|
||||||
n = tls_socket_send(conn->sock, conn->record + conn->record_offset, left, 0);
|
n = tls_socket_send(conn->sock, conn->record + conn->record_offset, left, 0);
|
||||||
if (n < 0) {
|
if (n < 0) {
|
||||||
|
|
||||||
fprintf(stderr, "send() return %d\n", n);
|
|
||||||
fprintf(stderr, "send() errno %d\n", errno);
|
|
||||||
|
|
||||||
if (errno == EAGAIN && errno == EWOULDBLOCK) {
|
if (errno == EAGAIN && errno == EWOULDBLOCK) {
|
||||||
return TLS_ERROR_SEND_AGAIN;
|
return TLS_ERROR_SEND_AGAIN;
|
||||||
} else if (errno == EINTR) {
|
} else if (errno == EINTR) {
|
||||||
|
|||||||
@@ -6859,10 +6859,6 @@ int tls13_recv_client_hello(TLS_CONNECT *conn)
|
|||||||
int common_cipher_suites[4];
|
int common_cipher_suites[4];
|
||||||
size_t common_cipher_suites_cnt;
|
size_t common_cipher_suites_cnt;
|
||||||
|
|
||||||
if (!conn->ctx->cert_chains) {
|
|
||||||
error_print();
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (!conn->ctx->cert_chains_len) {
|
if (!conn->ctx->cert_chains_len) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
|
|||||||
@@ -176,7 +176,7 @@ int tls13_client_main(int argc, char *argv[])
|
|||||||
char *cipher_suite_name;
|
char *cipher_suite_name;
|
||||||
int cipher_suite;
|
int cipher_suite;
|
||||||
if (cipher_suites_cnt >= sizeof(cipher_suites)/sizeof(cipher_suites[0])) {
|
if (cipher_suites_cnt >= sizeof(cipher_suites)/sizeof(cipher_suites[0])) {
|
||||||
fprintf(stderr, "%s: too much -cipher_suite\n", prog);
|
fprintf(stderr, "%s: too many -cipher_suite options\n", prog);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@@ -230,7 +230,7 @@ int tls13_client_main(int argc, char *argv[])
|
|||||||
psk_dhe_ke = 1;
|
psk_dhe_ke = 1;
|
||||||
} else if (!strcmp(*argv, "-psk_identity")) {
|
} else if (!strcmp(*argv, "-psk_identity")) {
|
||||||
if (psk_identities_cnt > sizeof(psk_identities)/sizeof(psk_identities[0])) {
|
if (psk_identities_cnt > sizeof(psk_identities)/sizeof(psk_identities[0])) {
|
||||||
fprintf(stderr, "%s: too much -psk_identity\n", prog);
|
fprintf(stderr, "%s: too many -psk_identity options\n", prog);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@@ -239,7 +239,7 @@ int tls13_client_main(int argc, char *argv[])
|
|||||||
char *cipher_suite_name;
|
char *cipher_suite_name;
|
||||||
int cipher_suite;
|
int cipher_suite;
|
||||||
if (psk_cipher_suites_cnt > sizeof(psk_cipher_suites)/sizeof(psk_cipher_suites[0])) {
|
if (psk_cipher_suites_cnt > sizeof(psk_cipher_suites)/sizeof(psk_cipher_suites[0])) {
|
||||||
fprintf(stderr, "%s: too much -psk_cipher_suite\n", prog);
|
fprintf(stderr, "%s: too many -psk_cipher_suite options\n", prog);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@@ -252,7 +252,7 @@ int tls13_client_main(int argc, char *argv[])
|
|||||||
} else if (!strcmp(*argv, "-psk_key")) {
|
} else if (!strcmp(*argv, "-psk_key")) {
|
||||||
char *psk_key_hex;
|
char *psk_key_hex;
|
||||||
if (psk_keys_cnt > sizeof(psk_keys)/sizeof(psk_keys[0])) {
|
if (psk_keys_cnt > sizeof(psk_keys)/sizeof(psk_keys[0])) {
|
||||||
fprintf(stderr, "%s: too much -psk_key\n", prog);
|
fprintf(stderr, "%s: too many -psk_key options\n", prog);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@@ -272,7 +272,7 @@ int tls13_client_main(int argc, char *argv[])
|
|||||||
char *supported_group_name;
|
char *supported_group_name;
|
||||||
int supported_group;
|
int supported_group;
|
||||||
if (supported_groups_cnt >= sizeof(supported_groups)/sizeof(supported_groups[0])) {
|
if (supported_groups_cnt >= sizeof(supported_groups)/sizeof(supported_groups[0])) {
|
||||||
fprintf(stderr, "%s: too much -supported_group\n", prog);
|
fprintf(stderr, "%s: too many -supported_group options\n", prog);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@@ -286,7 +286,7 @@ int tls13_client_main(int argc, char *argv[])
|
|||||||
char *sig_alg_name;
|
char *sig_alg_name;
|
||||||
int sig_alg;
|
int sig_alg;
|
||||||
if (sig_algs_cnt >= sizeof(sig_algs)/sizeof(sig_algs[0])) {
|
if (sig_algs_cnt >= sizeof(sig_algs)/sizeof(sig_algs[0])) {
|
||||||
fprintf(stderr, "%s: too much -sig_alg\n", prog);
|
fprintf(stderr, "%s: too many -sig_alg options\n", prog);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@@ -376,7 +376,7 @@ bad:
|
|||||||
// CA certificates
|
// CA certificates
|
||||||
if (cacertfile) {
|
if (cacertfile) {
|
||||||
if (tls_ctx_set_ca_certificates(&ctx, cacertfile, verify_depth) != 1) {
|
if (tls_ctx_set_ca_certificates(&ctx, cacertfile, verify_depth) != 1) {
|
||||||
fprintf(stderr, "%s: load CA certificates file '%s' failure\n", prog, cacertfile);
|
fprintf(stderr, "%s: failed to load certificate '%s'\n", prog, cacertfile);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -384,11 +384,11 @@ bad:
|
|||||||
// CertificateRequest
|
// CertificateRequest
|
||||||
if (certfile) {
|
if (certfile) {
|
||||||
if (!keyfile) {
|
if (!keyfile) {
|
||||||
fprintf(stderr, "%s: option '-key' required\n", prog);
|
fprintf(stderr, "%s: option -key is required\n", prog);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
if (!pass) {
|
if (!pass) {
|
||||||
fprintf(stderr, "%s: option '-pass' requried\n", prog);
|
fprintf(stderr, "%s: option -pass is requried\n", prog);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
if (tls_ctx_add_certificate_chain_and_key(&ctx, certfile, keyfile, pass) != 1) {
|
if (tls_ctx_add_certificate_chain_and_key(&ctx, certfile, keyfile, pass) != 1) {
|
||||||
@@ -690,7 +690,6 @@ bad:
|
|||||||
|
|
||||||
if (sent_len > 0 && FD_ISSET(conn.sock, &fds_send)) {
|
if (sent_len > 0 && FD_ISSET(conn.sock, &fds_send)) {
|
||||||
|
|
||||||
|
|
||||||
// tls13_send 会返回一个 -1 , 但是没有打印错误信息!!!!
|
// tls13_send 会返回一个 -1 , 但是没有打印错误信息!!!!
|
||||||
if ((ret = tls13_send(&conn, (uint8_t *)send_buf + sent_offset, sent_len, &sentlen)) != 1) {
|
if ((ret = tls13_send(&conn, (uint8_t *)send_buf + sent_offset, sent_len, &sentlen)) != 1) {
|
||||||
if (ret == TLS_ERROR_SEND_AGAIN || ret == TLS_ERROR_RECV_AGAIN) {
|
if (ret == TLS_ERROR_SEND_AGAIN || ret == TLS_ERROR_RECV_AGAIN) {
|
||||||
|
|||||||
@@ -145,21 +145,21 @@ int tls13_server_main(int argc , char **argv)
|
|||||||
port = atoi(*(++argv));
|
port = atoi(*(++argv));
|
||||||
} else if (!strcmp(*argv, "-cert")) {
|
} else if (!strcmp(*argv, "-cert")) {
|
||||||
if (certfiles_cnt >= sizeof(certfiles)/sizeof(certfiles[0])) {
|
if (certfiles_cnt >= sizeof(certfiles)/sizeof(certfiles[0])) {
|
||||||
fprintf(stderr, "%s: too much -cert\n", prog);
|
fprintf(stderr, "%s: too many -cert options\n", prog);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
certfiles[certfiles_cnt++] = *(++argv);
|
certfiles[certfiles_cnt++] = *(++argv);
|
||||||
} else if (!strcmp(*argv, "-key")) {
|
} else if (!strcmp(*argv, "-key")) {
|
||||||
if (keyfiles_cnt >= sizeof(keyfiles)/sizeof(keyfiles[0])) {
|
if (keyfiles_cnt >= sizeof(keyfiles)/sizeof(keyfiles[0])) {
|
||||||
fprintf(stderr, "%s: too much -key\n", prog);
|
fprintf(stderr, "%s: too many -key options\n", prog);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
keyfiles[keyfiles_cnt++] = *(++argv);
|
keyfiles[keyfiles_cnt++] = *(++argv);
|
||||||
} else if (!strcmp(*argv, "-pass")) {
|
} else if (!strcmp(*argv, "-pass")) {
|
||||||
if (passes_cnt >= sizeof(passes)/sizeof(passes[0])) {
|
if (passes_cnt >= sizeof(passes)/sizeof(passes[0])) {
|
||||||
fprintf(stderr, "%s: too much -pass\n", prog);
|
fprintf(stderr, "%s: too many -pass options\n", prog);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@@ -220,7 +220,7 @@ int tls13_server_main(int argc , char **argv)
|
|||||||
char *cipher_suite_name;
|
char *cipher_suite_name;
|
||||||
int cipher_suite;
|
int cipher_suite;
|
||||||
if (cipher_suites_cnt >= sizeof(cipher_suites)/sizeof(cipher_suites[0])) {
|
if (cipher_suites_cnt >= sizeof(cipher_suites)/sizeof(cipher_suites[0])) {
|
||||||
fprintf(stderr, "%s: too much -cipher_suite\n", prog);
|
fprintf(stderr, "%s: too many -cipher_suite options\n", prog);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@@ -235,7 +235,7 @@ int tls13_server_main(int argc , char **argv)
|
|||||||
char *supported_group_name;
|
char *supported_group_name;
|
||||||
int supported_group;
|
int supported_group;
|
||||||
if (supported_groups_cnt >= sizeof(supported_groups)/sizeof(supported_groups[0])) {
|
if (supported_groups_cnt >= sizeof(supported_groups)/sizeof(supported_groups[0])) {
|
||||||
fprintf(stderr, "%s: too much -supported_group\n", prog);
|
fprintf(stderr, "%s: too many -supported_group options\n", prog);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@@ -249,7 +249,7 @@ int tls13_server_main(int argc , char **argv)
|
|||||||
char *sig_alg_name;
|
char *sig_alg_name;
|
||||||
int sig_alg;
|
int sig_alg;
|
||||||
if (sig_algs_cnt >= sizeof(sig_algs)/sizeof(sig_algs[0])) {
|
if (sig_algs_cnt >= sizeof(sig_algs)/sizeof(sig_algs[0])) {
|
||||||
fprintf(stderr, "%s: too much -sig_alg\n", prog);
|
fprintf(stderr, "%s: too many -sig_alg options\n", prog);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@@ -550,9 +550,7 @@ restart:
|
|||||||
if (send_len > 0 && FD_ISSET(conn.sock, &fds_send)) {
|
if (send_len > 0 && FD_ISSET(conn.sock, &fds_send)) {
|
||||||
fprintf(stderr, ">>>>>>>> send back\n");
|
fprintf(stderr, ">>>>>>>> send back\n");
|
||||||
|
|
||||||
|
format_bytes(stderr, 0, 0, "tls13_send", (const uint8_t *)buf + send_offset, send_len);
|
||||||
format_bytes(stderr, 0, 0, "tls13_send", buf + send_offset, send_len);
|
|
||||||
|
|
||||||
|
|
||||||
if ((ret = tls13_send(&conn, (uint8_t *)buf + send_offset, send_len, &sentlen)) != 1) {
|
if ((ret = tls13_send(&conn, (uint8_t *)buf + send_offset, send_len, &sentlen)) != 1) {
|
||||||
if (ret == TLS_ERROR_SEND_AGAIN || ret == TLS_ERROR_RECV_AGAIN) {
|
if (ret == TLS_ERROR_SEND_AGAIN || ret == TLS_ERROR_RECV_AGAIN) {
|
||||||
|
|||||||
Reference in New Issue
Block a user