[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Sun Feb 26 18:27:09 UTC 2017
The branch master has been updated
via 26a556e778f167070037fee243d7e6b9800fdb7f (commit)
via 5032abdfa817f86a722f9342cf57eee346c4f313 (commit)
via 26212351b624376bebac447fc3b8434d335c579f (commit)
via 52434847b10858548f32be086d2855b4beb94a78 (commit)
via b9d71999b06cff481c40f87a6e512dbf6e5daa01 (commit)
via f1dae5f08ad5e62c871cf5d8152f2c180c042227 (commit)
via 6e7c55399ccd81de3b1215ba8b1cf0694fd36c9b (commit)
via 395f7c4217be456ae10e414466bf277fc09b944c (commit)
from 57d0d048a85d641181ac5aec2792109e15630f96 (commit)
- Log -----------------------------------------------------------------
commit 26a556e778f167070037fee243d7e6b9800fdb7f
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Feb 26 16:04:31 2017 +0000
Add missing blank lines and cosmetic improvements
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
commit 5032abdfa817f86a722f9342cf57eee346c4f313
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Feb 26 13:40:03 2017 +0000
TLS 1.3 support for ssl_print_ticket()
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
commit 26212351b624376bebac447fc3b8434d335c579f
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Feb 26 03:14:53 2017 +0000
print out alpn extension
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
commit 52434847b10858548f32be086d2855b4beb94a78
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Feb 26 01:16:30 2017 +0000
Add ffdhe groups to trace output
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
commit b9d71999b06cff481c40f87a6e512dbf6e5daa01
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Feb 22 17:25:17 2017 +0000
Print numerical value of named roups
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
commit f1dae5f08ad5e62c871cf5d8152f2c180c042227
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Feb 22 17:24:42 2017 +0000
Add entry for PSK extension
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
commit 6e7c55399ccd81de3b1215ba8b1cf0694fd36c9b
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Feb 22 17:24:18 2017 +0000
Add trace entries for remaining TLS 1.3 ciphersuites
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
commit 395f7c4217be456ae10e414466bf277fc09b944c
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Feb 21 18:43:46 2017 +0000
Print signature type to out, not bio_err
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
-----------------------------------------------------------------------
Summary of changes:
apps/s_cb.c | 2 +-
ssl/t1_trce.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++--------
2 files changed, 68 insertions(+), 11 deletions(-)
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 89033d5..080fc59 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -292,7 +292,7 @@ int ssl_print_sigalgs(BIO *out, SSL *s)
if (SSL_get_peer_signature_nid(s, &nid))
BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(nid));
if (SSL_get_peer_signature_type_nid(s, &nid))
- BIO_printf(bio_err, "Peer signature type: %s\n", get_sigtype(nid));
+ BIO_printf(out, "Peer signature type: %s\n", get_sigtype(nid));
return 1;
}
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 6f340c9..7340fd1 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -28,6 +28,7 @@ typedef struct {
static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl)
{
size_t i;
+
for (i = 0; i < ntbl; i++, tbl++) {
if (tbl->num == val)
return tbl->name;
@@ -40,6 +41,7 @@ static int do_ssl_trace_list(BIO *bio, int indent,
size_t vlen, ssl_trace_tbl *tbl, size_t ntbl)
{
int val;
+
if (msglen % vlen)
return 0;
while (msglen) {
@@ -428,6 +430,10 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
{0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305"},
{0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305"},
{0x1301, "TLS_AES_128_GCM_SHA256"},
+ {0x1302, "TLS_AES_256_GCM_SHA384"},
+ {0x1303, "TLS_CHACHA20_POLY1305_SHA256"},
+ {0x1304, "TLS_AES_128_CCM_SHA256"},
+ {0x1305, "TLS_AES_128_CCM_8_SHA256"},
{0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
{0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
};
@@ -451,6 +457,7 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_server_authz, "server_authz"},
{TLSEXT_TYPE_cert_type, "cert_type"},
{TLSEXT_TYPE_key_share, "key_share"},
+ {TLSEXT_TYPE_psk, "psk"},
{TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes"},
{TLSEXT_TYPE_supported_groups, "supported_groups"},
{TLSEXT_TYPE_ec_point_formats, "ec_point_formats"},
@@ -463,6 +470,8 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
# ifndef OPENSSL_NO_NEXTPROTONEG
{TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
# endif
+ {TLSEXT_TYPE_application_layer_protocol_negotiation,
+ "application_layer_protocol_negotiation"},
{TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"},
{TLSEXT_TYPE_padding, "padding"},
{TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
@@ -499,6 +508,11 @@ static ssl_trace_tbl ssl_groups_tbl[] = {
{27, "brainpoolP384r1"},
{28, "brainpoolP512r1"},
{29, "ecdh_x25519"},
+ {256, "ffdhe2048"},
+ {257, "ffdhe3072"},
+ {258, "ffdhe4096"},
+ {259, "ffdhe6144"},
+ {260, "ffdhe8192"},
{0xFF01, "arbitrary_explicit_prime_curves"},
{0xFF02, "arbitrary_explicit_char2_curves"}
};
@@ -572,6 +586,7 @@ static void ssl_print_hex(BIO *bio, int indent, const char *name,
const unsigned char *msg, size_t msglen)
{
size_t i;
+
BIO_indent(bio, indent, 80);
BIO_printf(bio, "%s (len=%d): ", name, (int)msglen);
for (i = 0; i < msglen; i++)
@@ -585,6 +600,7 @@ static int ssl_print_hexbuf(BIO *bio, int indent,
{
size_t blen;
const unsigned char *p = *pmsg;
+
if (*pmsglen < nlen)
return 0;
blen = p[0];
@@ -625,6 +641,7 @@ static int ssl_print_random(BIO *bio, int indent,
{
unsigned int tm;
const unsigned char *p = *pmsg;
+
if (*pmsglen < 32)
return 0;
tm = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
@@ -683,6 +700,25 @@ static int ssl_print_extension(BIO *bio, int indent, int server,
if (extlen != xlen + 2)
return 0;
return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl);
+ case TLSEXT_TYPE_application_layer_protocol_negotiation:
+ if (extlen < 2)
+ return 0;
+ xlen = (ext[0] << 8) | ext[1];
+ if (extlen != xlen + 2)
+ return 0;
+ ext += 2;
+ while (xlen > 0) {
+ size_t plen = *ext++;
+
+ if (plen > xlen + 1)
+ return 0;
+ BIO_indent(bio, indent + 2, 80);
+ BIO_write(bio, ext, plen);
+ BIO_puts(bio, "\n");
+ ext += plen;
+ xlen -= plen + 1;
+ }
+ return 1;
case TLSEXT_TYPE_signature_algorithms:
@@ -744,8 +780,8 @@ static int ssl_print_extension(BIO *bio, int indent, int server,
return 0;
group_id = (ext[0] << 8) | ext[1];
BIO_indent(bio, indent + 4, 80);
- BIO_printf(bio, "NamedGroup: %s\n",
- ssl_trace_str(group_id, ssl_groups_tbl));
+ BIO_printf(bio, "NamedGroup: %s (%d)\n",
+ ssl_trace_str(group_id, ssl_groups_tbl), group_id);
break;
}
if (extlen < 2)
@@ -770,8 +806,8 @@ static int ssl_print_extension(BIO *bio, int indent, int server,
if (xlen < share_len)
return 0;
BIO_indent(bio, indent + 4, 80);
- BIO_printf(bio, "NamedGroup: %s\n",
- ssl_trace_str(group_id, ssl_groups_tbl));
+ BIO_printf(bio, "NamedGroup: %s (%d)\n",
+ ssl_trace_str(group_id, ssl_groups_tbl), group_id);
ssl_print_hex(bio, indent + 4, "key_exchange: ", ext, share_len);
}
break;
@@ -845,6 +881,7 @@ static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent,
{
size_t len;
unsigned int cs;
+
if (!ssl_print_version(bio, indent, "client_version", &msg, &msglen, NULL))
return 0;
if (!ssl_print_random(bio, indent, &msg, &msglen))
@@ -945,6 +982,7 @@ static int ssl_print_server_hello(BIO *bio, int indent,
static int ssl_get_keyex(const char **pname, SSL *ssl)
{
unsigned long alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey;
+
if (alg_k & SSL_kRSA) {
*pname = "rsa";
return SSL_kRSA;
@@ -989,8 +1027,8 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
const unsigned char *msg, size_t msglen)
{
const char *algname;
- int id;
- id = ssl_get_keyex(&algname, ssl);
+ int id = ssl_get_keyex(&algname, ssl);
+
BIO_indent(bio, indent, 80);
BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
if (id & SSL_PSK) {
@@ -1033,8 +1071,8 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
const unsigned char *msg, size_t msglen)
{
const char *algname;
- int id;
- id = ssl_get_keyex(&algname, ssl);
+ int id = ssl_get_keyex(&algname, ssl);
+
BIO_indent(bio, indent, 80);
BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
if (id & SSL_PSK) {
@@ -1106,6 +1144,7 @@ static int ssl_print_certificate(BIO *bio, int indent,
size_t clen;
X509 *x;
const unsigned char *p = *pmsg, *q;
+
if (msglen < 3)
return 0;
clen = (p[0] << 16) | (p[1] << 8) | p[2];
@@ -1235,10 +1274,11 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s,
return 1;
}
-static int ssl_print_ticket(BIO *bio, int indent,
+static int ssl_print_ticket(BIO *bio, int indent, SSL *s,
const unsigned char *msg, size_t msglen)
{
unsigned int tick_life;
+
if (msglen == 0) {
BIO_indent(bio, indent + 2, 80);
BIO_puts(bio, "No Ticket\n");
@@ -1251,8 +1291,24 @@ static int ssl_print_ticket(BIO *bio, int indent,
msg += 4;
BIO_indent(bio, indent + 2, 80);
BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life);
+ if (SSL_IS_TLS13(s)) {
+ unsigned int ticket_age_add;
+
+ if (msglen < 4)
+ return 0;
+ ticket_age_add = (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8)
+ | msg[3];
+ msglen -= 4;
+ msg += 4;
+ BIO_indent(bio, indent + 2, 80);
+ BIO_printf(bio, "ticket_age_add=%u\n", ticket_age_add);
+ }
if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen))
return 0;
+ if (SSL_IS_TLS13(s) && !ssl_print_extensions(bio, indent + 2, 0,
+ SSL3_MT_NEWSESSION_TICKET,
+ &msg, &msglen))
+ return 0;
if (msglen)
return 0;
return 1;
@@ -1264,6 +1320,7 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, int server,
{
size_t hlen;
unsigned char htype;
+
if (msglen < 4)
return 0;
htype = msg[0];
@@ -1338,7 +1395,7 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, int server,
break;
case SSL3_MT_NEWSESSION_TICKET:
- if (!ssl_print_ticket(bio, indent + 2, msg, msglen))
+ if (!ssl_print_ticket(bio, indent + 2, ssl, msg, msglen))
return 0;
break;
More information about the openssl-commits
mailing list