mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-28 16:53:37 +08:00
Update TLS print
This commit is contained in:
Zhi Guan
@@ -1910,7 +1910,6 @@ int tlcp_send(TLS_CONNECT *conn, const uint8_t *in, size_t inlen, size_t *sentle
|
||||
conn->record_offset = 0;
|
||||
conn->sentlen = inlen;
|
||||
conn->send_state = TLS_state_send_record;
|
||||
if(conn->verbose) tls_encrypted_record_trace(stderr, conn->record, recordlen, 0, 0);
|
||||
}
|
||||
|
||||
ret = tls_send_record(conn);
|
||||
|
||||
47
src/tls.c
47
src/tls.c
@@ -26,6 +26,33 @@
|
||||
#include <gmssl/tls.h>
|
||||
|
||||
|
||||
const int tls_cipher_suites[] = {
|
||||
TLS_cipher_ecc_sm4_cbc_sm3,
|
||||
TLS_cipher_ecc_sm4_gcm_sm3,
|
||||
TLS_cipher_ecdhe_sm4_cbc_sm3,
|
||||
TLS_cipher_ecdhe_sm4_gcm_sm3,
|
||||
#if defined(ENABLE_AES) && defined(ENABLE_SHA2) && defined(ENABLE_SECP256R1)
|
||||
TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256,
|
||||
TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256,
|
||||
#ifdef ENABLE_AES_CCM
|
||||
TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm,
|
||||
#endif
|
||||
#endif
|
||||
TLS_cipher_sm4_gcm_sm3,
|
||||
#ifdef ENABLE_SM4_CCM
|
||||
TLS_cipher_sm4_ccm_sm3,
|
||||
#endif
|
||||
#if defined(ENABLE_AES) && defined(ENABLE_SHA2)
|
||||
TLS_cipher_aes_128_gcm_sha256,
|
||||
#ifdef ENABLE_AES_CCM
|
||||
TLS_cipher_aes_128_ccm_sha256,
|
||||
#endif
|
||||
#endif
|
||||
};
|
||||
const size_t tls_cipher_suites_cnt =
|
||||
sizeof(tls_cipher_suites)/sizeof(tls_cipher_suites[0]);
|
||||
|
||||
|
||||
void tls_uint8_to_bytes(uint8_t a, uint8_t **out, size_t *outlen)
|
||||
{
|
||||
if (out && *out) {
|
||||
@@ -1415,7 +1442,7 @@ int tls_record_set_handshake_client_hello(uint8_t *record, size_t *recordlen,
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
if (cipher_suites_count > TLS_MAX_CIPHER_SUITES_COUNT) {
|
||||
if (cipher_suites_count > TLS_MAX_CIPHER_SUITES) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
@@ -2356,11 +2383,7 @@ int tls_decrypt_recv(TLS_CONNECT *conn)
|
||||
conn->recv_state = 0;
|
||||
recordlen = conn->recordlen;
|
||||
if (conn->verbose) {
|
||||
if (conn->protocol == TLS_protocol_tls12) {
|
||||
tls_encrypted_record_print(stderr, record, recordlen, 0, 0);
|
||||
} else {
|
||||
tls_encrypted_record_trace(stderr, record, recordlen, 0, 0);
|
||||
}
|
||||
tls_trace("recv {Record}\n");
|
||||
}
|
||||
|
||||
if (conn->protocol == TLS_protocol_tls12) {
|
||||
@@ -2452,14 +2475,12 @@ static int tls12_tlcp_recv(TLS_CONNECT *conn, uint8_t *out, size_t outlen, size_
|
||||
int alert;
|
||||
tls_record_get_alert(conn->databuf, &level, &alert);
|
||||
if (alert == TLS_alert_close_notify) {
|
||||
if(conn->verbose) tls_trace("recv {Alert.close_notify}\n");
|
||||
conn->close_notify_received = 1;
|
||||
conn->data = NULL;
|
||||
conn->datalen = 0;
|
||||
tls_clean_record(conn);
|
||||
return 0;
|
||||
}
|
||||
if(conn->verbose) tls_trace("recv {Alert}\n");
|
||||
conn->data = NULL;
|
||||
conn->datalen = 0;
|
||||
tls_clean_record(conn);
|
||||
@@ -2527,8 +2548,13 @@ static int tls12_send_close_notify(TLS_CONNECT *conn)
|
||||
|
||||
if(conn->verbose) tls_trace("send {Alert.close_notify}\n");
|
||||
|
||||
tls_record_set_protocol(conn->plain_record, conn->protocol);
|
||||
tls_record_set_alert(conn->plain_record, &conn->plain_recordlen,
|
||||
TLS_alert_level_warning, TLS_alert_close_notify);
|
||||
if (conn->verbose) {
|
||||
tls_record_print(stderr, 0, 0, conn->cipher_suite,
|
||||
conn->plain_record, conn->plain_recordlen);
|
||||
}
|
||||
|
||||
if (tls_record_encrypt(conn->cipher_suite, hmac, key, iv, seq_num,
|
||||
conn->plain_record, conn->plain_recordlen,
|
||||
@@ -2580,8 +2606,13 @@ static int tls13_send_close_notify(TLS_CONNECT *conn)
|
||||
|
||||
if(conn->verbose) tls_trace("send {Alert.close_notify}\n");
|
||||
|
||||
tls_record_set_protocol(conn->plain_record, TLS_protocol_tls12);
|
||||
tls_record_set_alert(conn->plain_record, &conn->plain_recordlen,
|
||||
TLS_alert_level_warning, TLS_alert_close_notify);
|
||||
if (conn->verbose) {
|
||||
tls13_record_print(stderr, 0, 0,
|
||||
conn->plain_record, conn->plain_recordlen);
|
||||
}
|
||||
tls13_padding_len_rand(&padding_len);
|
||||
if (tls13_record_encrypt(conn->cipher_suite, key, iv, seq_num, conn->plain_record, conn->plain_recordlen,
|
||||
padding_len, conn->record, &conn->recordlen) != 1) {
|
||||
|
||||
20
src/tls12.c
20
src/tls12.c
@@ -938,7 +938,7 @@ int tls_send_client_hello(TLS_CONNECT *conn)
|
||||
uint8_t exts[TLS_MAX_EXTENSIONS_SIZE];
|
||||
uint8_t *pexts = exts;
|
||||
size_t extslen = 0;
|
||||
int cipher_suites[TLS_MAX_CIPHER_SUITES_COUNT + 1];
|
||||
int cipher_suites[TLS_MAX_CIPHER_SUITES + 1];
|
||||
const int *client_cipher_suites = conn->ctx->cipher_suites;
|
||||
size_t client_cipher_suites_cnt = conn->ctx->cipher_suites_cnt;
|
||||
|
||||
@@ -1924,9 +1924,6 @@ int tls_recv_server_finished(TLS_CONNECT *conn)
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
if(conn->verbose)
|
||||
tls_trace("recv server {Finished}\n");
|
||||
|
||||
if (tls_record_protocol(conn->record) != conn->protocol) {
|
||||
error_print();
|
||||
tls12_send_alert(conn, TLS_alert_unexpected_message);
|
||||
@@ -2001,7 +1998,7 @@ int tls_recv_client_hello(TLS_CONNECT *conn)
|
||||
const uint8_t *renegotiation_info = NULL;
|
||||
size_t renegotiation_info_len = 0;
|
||||
int empty_renegotiation_info_scsv = 0;
|
||||
int common_cipher_suites[TLS_MAX_CIPHER_SUITES_COUNT];
|
||||
int common_cipher_suites[TLS_MAX_CIPHER_SUITES];
|
||||
size_t common_cipher_suites_cnt = 0;
|
||||
int common_supported_groups[32];
|
||||
size_t common_supported_groups_cnt = 0;
|
||||
@@ -2913,16 +2910,12 @@ int tls_recv_client_finished(TLS_CONNECT *conn)
|
||||
return -1;
|
||||
}
|
||||
|
||||
// recv ClientFinished
|
||||
if(conn->verbose) tls_trace("recv client {Finished}\n");
|
||||
if ((ret = tls_recv_record(conn)) != 1) {
|
||||
if (ret != TLS_ERROR_RECV_AGAIN) {
|
||||
error_print();
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
//tls_record_print(stderr, 0, 0, conn->cipher_suite, conn->record, conn->recordlen);
|
||||
|
||||
if (tls_record_protocol(conn->record) != conn->protocol) {
|
||||
error_print();
|
||||
tls_send_alert(conn, TLS_alert_unexpected_message);
|
||||
@@ -3144,6 +3137,7 @@ int tls12_send(TLS_CONNECT *conn, const uint8_t *in, size_t inlen, size_t *sentl
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
if(conn->verbose) tls_trace("send {ApplicationData}\n");
|
||||
if(conn->verbose) tls_record_print(stderr, 0, 0, conn->cipher_suite, conn->databuf, tls_record_length(conn->databuf));
|
||||
|
||||
switch (conn->cipher_suite) {
|
||||
@@ -3195,7 +3189,6 @@ int tls12_send(TLS_CONNECT *conn, const uint8_t *in, size_t inlen, size_t *sentl
|
||||
conn->record_offset = 0;
|
||||
conn->sentlen = inlen;
|
||||
conn->send_state = TLS_state_send_record;
|
||||
if(conn->verbose) tls_record_print(stderr, 0, 0, conn->cipher_suite, conn->record, recordlen);
|
||||
}
|
||||
|
||||
ret = tls_send_record(conn);
|
||||
@@ -3263,6 +3256,9 @@ static int tls12_send_alert_ex(TLS_CONNECT *conn, int level, int alert)
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
if (conn->verbose) {
|
||||
tls_trace("send {Alert}\n");
|
||||
}
|
||||
if (conn->verbose) {
|
||||
tls_record_print(stderr, 0, 0, conn->cipher_suite, conn->plain_record, conn->plain_recordlen);
|
||||
}
|
||||
@@ -3278,10 +3274,6 @@ static int tls12_send_alert_ex(TLS_CONNECT *conn, int level, int alert)
|
||||
tls_seq_num_incr(seq_num);
|
||||
conn->record_offset = 0;
|
||||
conn->send_state = TLS_state_send_record;
|
||||
|
||||
if (conn->verbose) {
|
||||
tls_encrypted_record_print(stderr, conn->record, conn->recordlen, 0, 0);
|
||||
}
|
||||
}
|
||||
|
||||
ret = tls_send_record(conn);
|
||||
|
||||
@@ -1273,7 +1273,7 @@ int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t *s
|
||||
|
||||
|
||||
if(conn->verbose) tls_trace("send {ApplicationData}\n");
|
||||
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
|
||||
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
|
||||
|
||||
}
|
||||
|
||||
@@ -1511,7 +1511,6 @@ int tls13_do_recv(TLS_CONNECT *conn)
|
||||
return -1;
|
||||
}
|
||||
if (alert_description == TLS_alert_close_notify) {
|
||||
if(conn->verbose) tls_trace("recv {Alert.close_notify}\n");
|
||||
conn->close_notify_received = 1;
|
||||
conn->data = NULL;
|
||||
conn->datalen = 0;
|
||||
@@ -7233,7 +7232,7 @@ int tls13_recv_client_hello(TLS_CONNECT *conn)
|
||||
// * [server_name.host_name]
|
||||
//
|
||||
if (common_key_exchange_modes & TLS_KE_CERT_DHE) {
|
||||
int common_cipher_suites[4];
|
||||
int common_cipher_suites[TLS_MAX_CIPHER_SUITES];
|
||||
size_t common_cipher_suites_cnt;
|
||||
|
||||
if (!conn->ctx->cert_chains_len) {
|
||||
@@ -8831,8 +8830,6 @@ int tls13_send_client_key_update(TLS_CONNECT *conn, int request_update)
|
||||
// xxxxxxxx
|
||||
conn->record_offset = 0;
|
||||
|
||||
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
|
||||
|
||||
tls13_update_client_application_secret(conn);
|
||||
tls13_generate_client_application_keys(conn);
|
||||
|
||||
@@ -8881,7 +8878,6 @@ int tls13_send_server_key_update(TLS_CONNECT *conn, int request_update)
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
|
||||
|
||||
conn->record_offset = 0;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user