From 9a25e2a4445ce75cc2001829b28296be6245ea06 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Sat, 20 Jun 2026 11:05:46 +0800 Subject: [PATCH] Update record_print --- CMakeLists.txt | 2 +- include/gmssl/version.h | 2 +- src/tlcp.c | 11 ----------- src/tls_trace.c | 32 +++++++++++++++++++------------- src/x509_cer.c | 2 -- tests/tlstest.c | 40 ++++++++++++++++++++++++++++++++++++++++ 6 files changed, 61 insertions(+), 28 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index af2064ae..39417e2f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -831,7 +831,7 @@ endif() # set(CPACK_PACKAGE_NAME "GmSSL") set(CPACK_PACKAGE_VENDOR "GmSSL develop team") -set(CPACK_PACKAGE_VERSION "3.2.0-dev.1115") +set(CPACK_PACKAGE_VERSION "3.2.0-dev.1116") set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) set(CPACK_NSIS_MODIFY_PATH ON) include(CPack) diff --git a/include/gmssl/version.h b/include/gmssl/version.h index 6487566a..af26d2c6 100644 --- a/include/gmssl/version.h +++ b/include/gmssl/version.h @@ -18,7 +18,7 @@ extern "C" { #define GMSSL_VERSION_NUM 30200 -#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1115" +#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1116" int gmssl_version_num(void); const char *gmssl_version_str(void); diff --git a/src/tlcp.c b/src/tlcp.c index 9e295dda..341a14ff 100644 --- a/src/tlcp.c +++ b/src/tlcp.c @@ -1412,17 +1412,6 @@ int tlcp_recv_client_hello(TLS_CONNECT *conn) return -1; } - //sm3_update(&conn->sm3_ctx, conn->record + 5, conn->recordlen - 5); - //tlcp_handshake_digest_print(stderr, 0, 0, "ClientHello", &conn->sm3_ctx); - - /* - if (client_verify) - tls_client_verify_update(&conn->client_verify_ctx, conn->record + 5, conn->recordlen - 5); - */ - - if(conn->verbose) { - fprintf(stderr, "end of recv_client_hello\n"); - } tls_clean_record(conn); return 1; diff --git a/src/tls_trace.c b/src/tls_trace.c index 1779a3c6..1a2fa434 100644 --- a/src/tls_trace.c +++ b/src/tls_trace.c @@ -901,7 +901,7 @@ int tls_certificate_subjects_print(FILE *fp, int fmt, int ind, const char *label return 1; } -int tls_certificate_request_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind) +int tls_certificate_request_print(FILE *fp, int protocol, const uint8_t *data, size_t datalen, int fmt, int ind) { const uint8_t *cert_types; const uint8_t *sig_algs; @@ -915,16 +915,24 @@ int tls_certificate_request_print(FILE *fp, const uint8_t *data, size_t datalen, int cert_type = *cert_types++; format_print(fp, fmt, ind + 4, "%s (%d)\n", tls_cert_type_name(cert_type), cert_type); } - if (tls_uint16array_from_bytes(&sig_algs, &sig_algs_len, &data, &datalen) != 1) goto bad; - format_print(fp, fmt, ind, "signature_algorithms\n"); - while (sig_algs_len) { - const char *sig_alg_name; - uint16_t sig_alg; + switch (protocol) { + case TLS_protocol_tls12: + if (tls_uint16array_from_bytes(&sig_algs, &sig_algs_len, &data, &datalen) != 1) goto bad; + format_print(fp, fmt, ind, "signature_algorithms\n"); + while (sig_algs_len) { + const char *sig_alg_name; + uint16_t sig_alg; - if (tls_uint16_from_bytes(&sig_alg, &sig_algs, &sig_algs_len) != 1) goto bad; - sig_alg_name = tls_signature_scheme_name(sig_alg); - format_print(fp, fmt, ind + 4, "%s (0x%04x)\n", - sig_alg_name ? sig_alg_name : "unknown", sig_alg); + if (tls_uint16_from_bytes(&sig_alg, &sig_algs, &sig_algs_len) != 1) goto bad; + sig_alg_name = tls_signature_scheme_name(sig_alg); + format_print(fp, fmt, ind + 4, "%s (0x%04x)\n", + sig_alg_name ? sig_alg_name : "unknown", sig_alg); + } + break; + case TLS_protocol_tlcp: + break; + default: + goto bad; } if (tls_uint16array_from_bytes(&ca_names, &ca_names_len, &data, &datalen) != 1) goto bad; tls_certificate_subjects_print(fp, fmt, ind, "CAnames", ca_names, ca_names_len); @@ -1050,8 +1058,6 @@ int tls_handshake_print(FILE *fp, int fmt, int ind, int protocol, int cipher_sui const uint8_t *data; uint24_t datalen; - (void)protocol; - format_print(fp, fmt, ind, "Handshake\n"); ind += 4; @@ -1091,7 +1097,7 @@ int tls_handshake_print(FILE *fp, int fmt, int ind, int protocol, int cipher_sui if (tls_server_key_exchange_print(fp, fmt, ind, cipher_suite, data, datalen) != 1) { error_print(); return -1; } break; case TLS_handshake_certificate_request: - if (tls_certificate_request_print(fp, data, datalen, fmt, ind) != 1) + if (tls_certificate_request_print(fp, protocol, data, datalen, fmt, ind) != 1) { error_print(); return -1; } break; case TLS_handshake_server_hello_done: if (tls_server_hello_done_print(fp, data, datalen, fmt, ind) != 1) diff --git a/src/x509_cer.c b/src/x509_cer.c index 55539baa..c4a15daf 100644 --- a/src/x509_cer.c +++ b/src/x509_cer.c @@ -1639,8 +1639,6 @@ int x509_cert_get_subject_alt_name_dns_name(const uint8_t *a, size_t alen, const // x509_exts_get_ext_by_oid 这里取出的数据是一个SEQUENCE 的 TLV // 然后x509_general_names_get_first 需要提供的是其中的V - format_bytes(stderr, 0, 0, "general_names", general_names, general_names_len); - if ((ret = x509_general_names_get_first(general_names, general_names_len, NULL, choice, dns_name, dns_name_len)) < 0) { error_print(); diff --git a/tests/tlstest.c b/tests/tlstest.c index e54b6602..8350bd48 100644 --- a/tests/tlstest.c +++ b/tests/tlstest.c @@ -515,6 +515,45 @@ static int test_tls_trusted_ca_keys_ext(void) return 1; } +static int test_tls_certificate_request_print(void) +{ + uint8_t tlcp_data[] = { + 1, TLS_cert_type_ecdsa_sign, + 0, 0, + }; + uint8_t tls12_data[] = { + 1, TLS_cert_type_ecdsa_sign, + 0, 2, TLS_sig_sm2sig_sm3 >> 8, TLS_sig_sm2sig_sm3 & 0xff, + 0, 0, + }; + uint8_t handshake[32]; + uint8_t *p; + size_t len; + + p = handshake; + len = 0; + tls_uint8_to_bytes(TLS_handshake_certificate_request, &p, &len); + tls_uint24array_to_bytes(tlcp_data, sizeof(tlcp_data), &p, &len); + if (tls_handshake_print(stderr, 0, 0, TLS_protocol_tlcp, + 0, handshake, len) != 1) { + error_print(); + return -1; + } + + p = handshake; + len = 0; + tls_uint8_to_bytes(TLS_handshake_certificate_request, &p, &len); + tls_uint24array_to_bytes(tls12_data, sizeof(tls12_data), &p, &len); + if (tls_handshake_print(stderr, 0, 0, TLS_protocol_tls12, + 0, handshake, len) != 1) { + error_print(); + return -1; + } + + printf("%s() ok\n", __FUNCTION__); + return 1; +} + int main(void) { if (test_tls_null_to_bytes() != 1) goto err; @@ -535,6 +574,7 @@ int main(void) if (test_tls_change_cipher_spec() != 1) goto err; if (test_tls_application_data() != 1) goto err; */ + if (test_tls_certificate_request_print() != 1) goto err; if (test_tls_trusted_ca_keys_ext() != 1) goto err; if (test_tls_status_request_ext() != 1) goto err; printf("%s all tests passed\n", __FILE__);