abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-27 15:43:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update tls13.c

Browse Source
This commit is contained in:
Zhi Guan
2026-06-20 17:52:57 +08:00
parent 0f2f35ab97
commit 5c00dc3138
3 changed files with 56 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -841,7 +841,7 @@ endif()
# #
set(CPACK_PACKAGE_NAME "GmSSL") set(CPACK_PACKAGE_NAME "GmSSL")
set(CPACK_PACKAGE_VENDOR "GmSSL develop team") set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1120") set(CPACK_PACKAGE_VERSION "3.2.0-dev.1121")
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
set(CPACK_NSIS_MODIFY_PATH ON) set(CPACK_NSIS_MODIFY_PATH ON)
include(CPack) include(CPack)

2
include/gmssl/version.h
View File

@@ -18,7 +18,7 @@ extern "C" {
#define GMSSL_VERSION_NUM 30200 #define GMSSL_VERSION_NUM 30200
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1120" #define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1121"
int gmssl_version_num(void); int gmssl_version_num(void);
const char *gmssl_version_str(void); const char *gmssl_version_str(void);

126
src/tls13.c
View File

@@ -62,8 +62,6 @@ const size_t tls13_cipher_suites_cnt =
sizeof(tls13_cipher_suites)/sizeof(tls13_cipher_suites[0]); sizeof(tls13_cipher_suites)/sizeof(tls13_cipher_suites[0]);
int tls13_random_generate(uint8_t random[32]) int tls13_random_generate(uint8_t random[32])
{ {
if (rand_bytes(random, 32) != 1) { if (rand_bytes(random, 32) != 1) {
@@ -1273,7 +1271,7 @@ int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t *s
if(conn->verbose) tls_trace("send {ApplicationData}\n"); if(conn->verbose) tls_trace("send {ApplicationData}\n");
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
} }
@@ -1388,7 +1386,7 @@ int tls13_do_recv(TLS_CONNECT *conn)
conn->recordlen = tls_record_length(conn->record); conn->recordlen = tls_record_length(conn->record);
if(conn->verbose) tls_trace("recv {Record}\n"); if(conn->verbose) tls_trace("recv {Record}\n");
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
if (conn->is_client) { if (conn->is_client) {
@@ -1417,7 +1415,7 @@ int tls13_do_recv(TLS_CONNECT *conn)
} }
tls_seq_num_incr(seq_num); tls_seq_num_incr(seq_num);
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
switch (tls_record_type(conn->plain_record)) { switch (tls_record_type(conn->plain_record)) {
@@ -3736,19 +3734,20 @@ static int tls13_recv_change_cipher_spec_if_present(TLS_CONNECT *conn)
{ {
int ret; int ret;
if(conn->verbose) tls_trace("recv [ChangeCipherSpec*]\n");
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
if (ret != TLS_ERROR_RECV_AGAIN) { if (ret != TLS_ERROR_RECV_AGAIN) {
error_print(); error_print();
} }
return ret; return ret;
} }
if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
if (tls_record_type(conn->record) != TLS_record_change_cipher_spec) { if (tls_record_type(conn->record) != TLS_record_change_cipher_spec) {
if(conn->verbose) tls_trace("recv [ChangeCipherSpec*]\n no [ChangeCipherSpec]\n\n");
return 0; return 0;
} }
if(conn->verbose) tls_trace("recv [ChangeCipherSpec*]\n");
if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
if (tls_record_get_change_cipher_spec(conn->record) != 1) { if (tls_record_get_change_cipher_spec(conn->record) != 1) {
error_print(); error_print();
tls13_send_alert(conn, TLS_alert_decode_error); tls13_send_alert(conn, TLS_alert_decode_error);
@@ -3881,7 +3880,7 @@ int tls13_record_print(FILE *fp, int fmt, int ind, const uint8_t *record, size_t
format_print(fp, 0, 0, "DataLeftInRecord: %zu\n", recordlen); format_print(fp, 0, 0, "DataLeftInRecord: %zu\n", recordlen);
} }
//fprintf(fp, "\n"); fprintf(fp, "\n");
return 1; return 1;
} }
@@ -4283,7 +4282,7 @@ int tls13_send_client_hello(TLS_CONNECT *conn)
error_print(); error_print();
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
// early_data encryption keys depends on the full client_hello // early_data encryption keys depends on the full client_hello
if (conn->early_data) { if (conn->early_data) {
@@ -4367,8 +4366,6 @@ int tls13_recv_hello_retry_request(TLS_CONNECT *conn)
int selected_version; int selected_version;
int key_exchange_group; int key_exchange_group;
if(conn->verbose) tls_trace("recv HelloRetryRequest*\n");
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
if (ret != TLS_ERROR_RECV_AGAIN) { if (ret != TLS_ERROR_RECV_AGAIN) {
@@ -4380,6 +4377,7 @@ int tls13_recv_hello_retry_request(TLS_CONNECT *conn)
} }
return ret; return ret;
} }
if(conn->verbose) tls_trace("recv HelloRetryRequest*\n");
if (tls_record_protocol(conn->record) != TLS_protocol_tls12) { if (tls_record_protocol(conn->record) != TLS_protocol_tls12) {
error_print(); error_print();
@@ -4399,12 +4397,10 @@ int tls13_recv_hello_retry_request(TLS_CONNECT *conn)
} }
if (handshake_type != TLS_handshake_hello_retry_request if (handshake_type != TLS_handshake_hello_retry_request
&& handshake_type != TLS_handshake_server_hello) { && handshake_type != TLS_handshake_server_hello) {
if(conn->verbose) tls_trace(" no HelloRetryRequest\n"); if(conn->verbose) tls_trace(" no HelloRetryRequest\n\n");
return 0; return 0;
} }
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
if ((ret = tls13_record_get_handshake_hello_retry_request(conn->record, if ((ret = tls13_record_get_handshake_hello_retry_request(conn->record,
&legacy_version, &random, &legacy_version, &random,
&legacy_session_id_echo, &legacy_session_id_echo_len, &legacy_session_id_echo, &legacy_session_id_echo_len,
@@ -4414,9 +4410,10 @@ int tls13_recv_hello_retry_request(TLS_CONNECT *conn)
return -1; return -1;
} }
if (memcmp(random, TLS13_HELLO_RETRY_REQUEST_RANDOM, 32) != 0) { if (memcmp(random, TLS13_HELLO_RETRY_REQUEST_RANDOM, 32) != 0) {
if(conn->verbose) tls_trace(" no HelloRetryRequest\n"); if(conn->verbose) tls_trace(" no HelloRetryRequest\n\n");
return 0; return 0;
} }
if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
conn->hello_retry_request = 1; conn->hello_retry_request = 1;
@@ -4909,7 +4906,7 @@ int tls13_send_client_hello_again(TLS_CONNECT *conn)
error_print(); error_print();
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
// ClientHello2 // ClientHello2
if (digest_update(&conn->dgst_ctx, conn->record + 5, conn->recordlen - 5) != 1) { if (digest_update(&conn->dgst_ctx, conn->record + 5, conn->recordlen - 5) != 1) {
@@ -4976,15 +4973,14 @@ int tls13_recv_server_hello(TLS_CONNECT *conn)
int selected_version; int selected_version;
int server_key_exchange_mode = 0; int server_key_exchange_mode = 0;
if(conn->verbose) tls_trace("recv ServerHello\n");
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
if (ret != TLS_ERROR_RECV_AGAIN) { if (ret != TLS_ERROR_RECV_AGAIN) {
error_print(); error_print();
} }
return ret; return ret;
} }
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen); if(conn->verbose) tls_trace("recv ServerHello\n");
if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
if (tls_record_protocol(conn->record) != TLS_protocol_tls12) { if (tls_record_protocol(conn->record) != TLS_protocol_tls12) {
error_print(); error_print();
@@ -5352,7 +5348,7 @@ int tls13_send_change_cipher_spec(TLS_CONNECT *conn)
tls_send_alert(conn, TLS_alert_internal_error); tls_send_alert(conn, TLS_alert_internal_error);
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
} }
if ((ret = tls_send_record(conn)) != 1) { if ((ret = tls_send_record(conn)) != 1) {
@@ -5369,15 +5365,14 @@ int tls13_recv_change_cipher_spec(TLS_CONNECT *conn)
{ {
int ret; int ret;
if(conn->verbose) tls_trace("recv [ChangeCipherSpec]\n");
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
if (ret != TLS_ERROR_RECV_AGAIN) { if (ret != TLS_ERROR_RECV_AGAIN) {
error_print(); error_print();
} }
return ret; return ret;
} }
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen); if(conn->verbose) tls_trace("recv [ChangeCipherSpec]\n");
if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
if ((ret = tls_record_get_change_cipher_spec(conn->record)) < 0) { if ((ret = tls_record_get_change_cipher_spec(conn->record)) < 0) {
error_print(); error_print();
@@ -5404,18 +5399,13 @@ int tls13_recv_encrypted_extensions(TLS_CONNECT *conn)
int early_data = 0; int early_data = 0;
int alpn = 0; int alpn = 0;
if(conn->verbose) {
printf("recv {EncryptedExtensions}\n");
}
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
if (ret != TLS_ERROR_RECV_AGAIN) { if (ret != TLS_ERROR_RECV_AGAIN) {
error_print(); error_print();
} }
return ret; return ret;
} }
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen); if(conn->verbose) tls_trace("recv {EncryptedExtensions}\n");
if (tls13_record_decrypt(conn->cipher_suite, &conn->server_write_key, conn->server_write_iv, if (tls13_record_decrypt(conn->cipher_suite, &conn->server_write_key, conn->server_write_iv,
conn->server_seq_num, conn->record, conn->recordlen, conn->server_seq_num, conn->record, conn->recordlen,
conn->plain_record, &conn->plain_recordlen) != 1) { conn->plain_record, &conn->plain_recordlen) != 1) {
@@ -5430,7 +5420,7 @@ int tls13_recv_encrypted_extensions(TLS_CONNECT *conn)
error_print(); error_print();
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_trace(stderr, conn->plain_record, conn->plain_recordlen, 0, 0);
if(conn->verbose) tls_handshake_digest_print(stderr, 0, 0, "EncryptedExtension", &conn->dgst_ctx); if(conn->verbose) tls_handshake_digest_print(stderr, 0, 0, "EncryptedExtension", &conn->dgst_ctx);
@@ -5890,14 +5880,13 @@ int tls13_recv_certificate_request(TLS_CONNECT *conn)
const uint8_t *filters = NULL; const uint8_t *filters = NULL;
size_t filters_len = 0; size_t filters_len = 0;
if(conn->verbose) tls_trace("recv {CertificateRequest*}\n");
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
if (ret != TLS_ERROR_RECV_AGAIN) { if (ret != TLS_ERROR_RECV_AGAIN) {
error_print(); error_print();
} }
return ret; return ret;
} }
if(conn->verbose) tls_trace("recv {CertificateRequest*}\n");
if (tls13_record_decrypt(conn->cipher_suite, &conn->server_write_key, conn->server_write_iv, if (tls13_record_decrypt(conn->cipher_suite, &conn->server_write_key, conn->server_write_iv,
conn->server_seq_num, conn->record, conn->recordlen, conn->server_seq_num, conn->record, conn->recordlen,
@@ -5915,10 +5904,10 @@ int tls13_recv_certificate_request(TLS_CONNECT *conn)
return -1; return -1;
} }
if (handshake_type != TLS_handshake_certificate_request) { if (handshake_type != TLS_handshake_certificate_request) {
if(conn->verbose) tls_trace(" no {CertificateRequest}\n"); if(conn->verbose) tls_trace(" no {CertificateRequest}\n\n");
return 0; return 0;
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_trace(stderr, conn->plain_record, conn->plain_recordlen, 0, 0);
if ((ret = tls13_record_get_handshake_certificate_request(conn->plain_record, if ((ret = tls13_record_get_handshake_certificate_request(conn->plain_record,
@@ -6173,14 +6162,13 @@ int tls13_recv_server_certificate(TLS_CONNECT *conn)
int verify_result = X509_verify_ok; int verify_result = X509_verify_ok;
if(conn->verbose) tls_trace("recv server {Certificate}\n");
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
if (ret != TLS_ERROR_RECV_AGAIN) { if (ret != TLS_ERROR_RECV_AGAIN) {
error_print(); error_print();
} }
return ret; return ret;
} }
if(conn->verbose) tls_trace("recv server {Certificate}\n");
// decrypt unless previous handshake is CertificateRequest // decrypt unless previous handshake is CertificateRequest
if (!conn->plain_recordlen) { if (!conn->plain_recordlen) {
@@ -6199,7 +6187,7 @@ int tls13_recv_server_certificate(TLS_CONNECT *conn)
error_print(); error_print();
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
if(conn->verbose) tls_handshake_digest_print(stderr, 0, 0, "ServerCertificate", &conn->dgst_ctx); if(conn->verbose) tls_handshake_digest_print(stderr, 0, 0, "ServerCertificate", &conn->dgst_ctx);
if ((ret = tls13_record_get_handshake_certificate(conn->plain_record, if ((ret = tls13_record_get_handshake_certificate(conn->plain_record,
@@ -6309,14 +6297,13 @@ int tls13_recv_server_certificate_verify(TLS_CONNECT *conn)
size_t certlen; size_t certlen;
X509_KEY public_key; X509_KEY public_key;
if(conn->verbose) tls_trace("recv server {CertificateVerify}\n");
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
if (ret != TLS_ERROR_RECV_AGAIN) { if (ret != TLS_ERROR_RECV_AGAIN) {
error_print(); error_print();
} }
return ret; return ret;
} }
if(conn->verbose) tls_trace("recv server {CertificateVerify}\n");
if (tls13_record_decrypt(conn->cipher_suite, &conn->server_write_key, conn->server_write_iv, if (tls13_record_decrypt(conn->cipher_suite, &conn->server_write_key, conn->server_write_iv,
conn->server_seq_num, conn->record, conn->recordlen, conn->server_seq_num, conn->record, conn->recordlen,
@@ -6326,7 +6313,7 @@ int tls13_recv_server_certificate_verify(TLS_CONNECT *conn)
return -1; return -1;
} }
tls_seq_num_incr(conn->server_seq_num); tls_seq_num_incr(conn->server_seq_num);
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
if ((ret = tls13_record_get_handshake_certificate_verify(conn->plain_record, if ((ret = tls13_record_get_handshake_certificate_verify(conn->plain_record,
&sig_alg, &sig, &siglen)) < 0) { &sig_alg, &sig, &siglen)) < 0) {
@@ -6385,14 +6372,13 @@ int tls13_recv_client_certificate_verify(TLS_CONNECT *conn)
size_t certlen; size_t certlen;
X509_KEY public_key; X509_KEY public_key;
if(conn->verbose) tls_trace("recv client {CertificateVerify}\n");
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
if (ret != TLS_ERROR_RECV_AGAIN) { if (ret != TLS_ERROR_RECV_AGAIN) {
error_print(); error_print();
} }
return ret; return ret;
} }
if(conn->verbose) tls_trace("recv client {CertificateVerify}\n");
if (tls13_record_decrypt(conn->cipher_suite, &conn->client_write_key, conn->client_write_iv, if (tls13_record_decrypt(conn->cipher_suite, &conn->client_write_key, conn->client_write_iv,
conn->client_seq_num, conn->record, conn->recordlen, conn->client_seq_num, conn->record, conn->recordlen,
@@ -6402,7 +6388,7 @@ int tls13_recv_client_certificate_verify(TLS_CONNECT *conn)
return -1; return -1;
} }
tls_seq_num_incr(conn->client_seq_num); tls_seq_num_incr(conn->client_seq_num);
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
@@ -6469,8 +6455,6 @@ int tls13_recv_server_finished(TLS_CONNECT *conn)
return -1; return -1;
} }
if(conn->verbose) tls_trace("recv server {Finished}\n");
if (!conn->plain_recordlen) { if (!conn->plain_recordlen) {
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
@@ -6489,7 +6473,8 @@ int tls13_recv_server_finished(TLS_CONNECT *conn)
} }
tls_seq_num_incr(conn->server_seq_num); tls_seq_num_incr(conn->server_seq_num);
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls_trace("recv server {Finished}\n");
if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) { if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) {
error_print(); error_print();
@@ -6560,7 +6545,7 @@ int tls13_send_client_certificate(TLS_CONNECT *conn)
tls13_send_alert(conn, TLS_alert_internal_error); tls13_send_alert(conn, TLS_alert_internal_error);
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) { if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) {
error_print(); error_print();
@@ -6614,7 +6599,7 @@ int tls13_send_client_certificate_verify(TLS_CONNECT *conn)
tls13_send_alert(conn, TLS_alert_internal_error); tls13_send_alert(conn, TLS_alert_internal_error);
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) { if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) {
error_print(); error_print();
@@ -6663,7 +6648,7 @@ int tls13_send_client_finished(TLS_CONNECT *conn)
tls13_send_alert(conn, TLS_alert_internal_error); tls13_send_alert(conn, TLS_alert_internal_error);
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
//format_print(stderr, 0, 0, "client_seq_num: "PRIu64"\n", GETU64(conn->client_seq_num)); //format_print(stderr, 0, 0, "client_seq_num: "PRIu64"\n", GETU64(conn->client_seq_num));
@@ -6805,15 +6790,14 @@ int tls13_recv_client_hello(TLS_CONNECT *conn)
tls_client_verify_init(&conn->client_verify_ctx); tls_client_verify_init(&conn->client_verify_ctx);
*/ */
if(conn->verbose) tls_trace("recv ClientHello\n");
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
if (ret != TLS_ERROR_RECV_AGAIN) { if (ret != TLS_ERROR_RECV_AGAIN) {
error_print(); error_print();
} }
return ret; return ret;
} }
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen); if(conn->verbose) tls_trace("recv ClientHello\n");
if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
if (tls_record_protocol(record) != TLS_protocol_tls1 if (tls_record_protocol(record) != TLS_protocol_tls1
&& tls_record_protocol(record) != TLS_protocol_tls12) { && tls_record_protocol(record) != TLS_protocol_tls12) {
@@ -7597,7 +7581,7 @@ int tls13_send_hello_retry_request(TLS_CONNECT *conn)
error_print(); error_print();
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
} }
if ((ret = tls_send_record(conn)) != 1) { if ((ret = tls_send_record(conn)) != 1) {
@@ -7660,15 +7644,14 @@ int tls13_recv_client_hello_again(TLS_CONNECT *conn)
size_t key_exchange_len; size_t key_exchange_len;
if(conn->verbose) tls_trace("recv ClientHello again\n");
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
if (ret != TLS_ERROR_RECV_AGAIN) { if (ret != TLS_ERROR_RECV_AGAIN) {
error_print(); error_print();
} }
return ret; return ret;
} }
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen); if(conn->verbose) tls_trace("recv ClientHello again\n");
if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
if (tls_record_protocol(record) != TLS_protocol_tls1 if (tls_record_protocol(record) != TLS_protocol_tls1
&& tls_record_protocol(record) != TLS_protocol_tls12) { && tls_record_protocol(record) != TLS_protocol_tls12) {
@@ -8022,7 +8005,7 @@ int tls13_send_server_hello(TLS_CONNECT *conn)
error_print(); error_print();
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
if (digest_update(&conn->dgst_ctx, conn->record + 5, conn->recordlen - 5) != 1) { if (digest_update(&conn->dgst_ctx, conn->record + 5, conn->recordlen - 5) != 1) {
error_print(); error_print();
@@ -8075,7 +8058,7 @@ int tls13_send_alert(TLS_CONNECT *conn, int alert)
tls_record_set_protocol(conn->plain_record, TLS_protocol_tls12); tls_record_set_protocol(conn->plain_record, TLS_protocol_tls12);
tls_record_set_alert(conn->plain_record, &conn->plain_recordlen, TLS_alert_level_fatal, alert); tls_record_set_alert(conn->plain_record, &conn->plain_recordlen, TLS_alert_level_fatal, alert);
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
switch (conn->handshake_state) { switch (conn->handshake_state) {
@@ -8176,7 +8159,7 @@ int tls13_send_encrypted_extensions(TLS_CONNECT *conn)
error_print(); error_print();
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5); digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5);
@@ -8304,7 +8287,7 @@ int tls13_send_certificate_request(TLS_CONNECT *conn)
error_print(); error_print();
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
if(conn->verbose) tls_handshake_digest_print(stderr, 0, 0, "after CertificateRequest", &conn->dgst_ctx); if(conn->verbose) tls_handshake_digest_print(stderr, 0, 0, "after CertificateRequest", &conn->dgst_ctx);
@@ -8369,7 +8352,7 @@ int tls13_send_server_certificate(TLS_CONNECT *conn)
tls13_send_alert(conn, TLS_alert_internal_error); tls13_send_alert(conn, TLS_alert_internal_error);
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) { if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) {
error_print(); error_print();
@@ -8423,7 +8406,7 @@ int tls13_send_server_certificate_verify(TLS_CONNECT *conn)
tls13_send_alert(conn, TLS_alert_internal_error); tls13_send_alert(conn, TLS_alert_internal_error);
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) { if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) {
error_print(); error_print();
@@ -8473,7 +8456,7 @@ int tls13_send_server_finished(TLS_CONNECT *conn)
error_print(); error_print();
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
if(conn->verbose) tls_handshake_digest_print(stderr, 0, 0, "ServerFinished", &conn->dgst_ctx); if(conn->verbose) tls_handshake_digest_print(stderr, 0, 0, "ServerFinished", &conn->dgst_ctx);
@@ -8527,14 +8510,13 @@ int tls13_recv_client_certificate(TLS_CONNECT *conn)
int verify_result = X509_verify_ok; int verify_result = X509_verify_ok;
if(conn->verbose) tls_trace("recv client {Certificate*}\n");
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
if (ret != TLS_ERROR_RECV_AGAIN) { if (ret != TLS_ERROR_RECV_AGAIN) {
error_print(); error_print();
} }
return ret; return ret;
} }
if(conn->verbose) tls_trace("recv client {Certificate*}\n");
if (tls_record_protocol(conn->record) != TLS_protocol_tls12) { if (tls_record_protocol(conn->record) != TLS_protocol_tls12) {
error_print(); error_print();
@@ -8553,7 +8535,7 @@ int tls13_recv_client_certificate(TLS_CONNECT *conn)
} }
tls_seq_num_incr(conn->client_seq_num); tls_seq_num_incr(conn->client_seq_num);
if(conn->verbose) tls13_record_trace(stderr, conn->plain_record, conn->plain_recordlen, 0, 0); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) { if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) {
error_print(); error_print();
@@ -8669,13 +8651,13 @@ int tls13_recv_client_finished(TLS_CONNECT *conn)
const uint8_t *verify_data; const uint8_t *verify_data;
size_t verify_data_len; size_t verify_data_len;
if(conn->verbose) tls_trace("recv client {Finished}\n");
if ((ret = tls_recv_record(conn)) != 1) { if ((ret = tls_recv_record(conn)) != 1) {
if (ret != TLS_ERROR_RECV_AGAIN) { if (ret != TLS_ERROR_RECV_AGAIN) {
error_print(); error_print();
} }
return ret; return ret;
} }
if(conn->verbose) tls_trace("recv client {Finished}\n");
if (tls_record_protocol(conn->record) != TLS_protocol_tls12) { if (tls_record_protocol(conn->record) != TLS_protocol_tls12) {
error_print(); error_print();
@@ -8694,7 +8676,7 @@ int tls13_recv_client_finished(TLS_CONNECT *conn)
} }
tls_seq_num_incr(conn->client_seq_num); tls_seq_num_incr(conn->client_seq_num);
if(conn->verbose) tls13_record_trace(stderr, conn->plain_record, conn->plain_recordlen, 0, 0); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
if ((ret = tls13_record_get_handshake_finished(conn->plain_record, if ((ret = tls13_record_get_handshake_finished(conn->plain_record,
@@ -8779,7 +8761,7 @@ int tls13_send_early_data(TLS_CONNECT *conn)
conn->record_offset = 0; conn->record_offset = 0;
conn->sentlen = datalen; conn->sentlen = datalen;
tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->record, conn->recordlen);
} }
if ((ret = tls_send_record(conn)) != 1) { if ((ret = tls_send_record(conn)) != 1) {
@@ -8815,7 +8797,7 @@ int tls13_send_client_key_update(TLS_CONNECT *conn, int request_update)
error_print(); error_print();
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
tls13_padding_len_rand(&padding_len); tls13_padding_len_rand(&padding_len);
@@ -8869,7 +8851,7 @@ int tls13_send_server_key_update(TLS_CONNECT *conn, int request_update)
error_print(); error_print();
return -1; return -1;
} }
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); if(conn->verbose) tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
tls13_padding_len_rand(&padding_len); tls13_padding_len_rand(&padding_len);
if (tls13_record_encrypt(conn->cipher_suite, &conn->server_write_key, conn->server_write_iv, if (tls13_record_encrypt(conn->cipher_suite, &conn->server_write_key, conn->server_write_iv,