diff options
| author | jsing <> | 2020-05-10 14:22:51 +0000 |
|---|---|---|
| committer | jsing <> | 2020-05-10 14:22:51 +0000 |
| commit | e3c950e99fdc9bd1236909cca3074806223d651b (patch) | |
| tree | 24ef4e392f9a47dd96a11297a8b36b4198afe23d | |
| parent | 2c5bb57394ae3bd0d749e60f9e5489396e6f7d75 (diff) | |
| download | openbsd-e3c950e99fdc9bd1236909cca3074806223d651b.tar.gz openbsd-e3c950e99fdc9bd1236909cca3074806223d651b.tar.bz2 openbsd-e3c950e99fdc9bd1236909cca3074806223d651b.zip | |
Provide an easy way to get debug information from TLSv1.3 handshakes.
This makes it easier to debug TLSv1.3 handshake failures.
"Yes please!" tb@, ok beck@
| -rw-r--r-- | src/lib/libssl/Makefile | 5 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_handshake.c | 59 |
2 files changed, 61 insertions, 3 deletions
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index 7631dd4cd4..d88e1e9a73 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.64 2020/03/13 16:40:42 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.65 2020/05/10 14:22:51 jsing Exp $ |
| 2 | 2 | ||
| 3 | .include <bsd.own.mk> | 3 | .include <bsd.own.mk> |
| 4 | .ifndef NOMAN | 4 | .ifndef NOMAN |
| @@ -20,6 +20,9 @@ CFLAGS+= -DLIBRESSL_INTERNAL | |||
| 20 | CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT | 20 | CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT |
| 21 | CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER | 21 | CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER |
| 22 | .endif | 22 | .endif |
| 23 | .ifdef TLS1_3_DEBUG | ||
| 24 | CFLAGS+= -DTLS13_DEBUG | ||
| 25 | .endif | ||
| 23 | CFLAGS+= -I${.CURDIR} | 26 | CFLAGS+= -I${.CURDIR} |
| 24 | 27 | ||
| 25 | LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto | 28 | LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto |
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index d3333a2e4a..1d8e78b927 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_handshake.c,v 1.59 2020/05/09 20:38:19 tb Exp $ */ | 1 | /* $OpenBSD: tls13_handshake.c,v 1.60 2020/05/10 14:22:51 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> |
| 4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> |
| @@ -248,6 +248,52 @@ const enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = { | |||
| 248 | 248 | ||
| 249 | const size_t handshake_count = sizeof(handshakes) / sizeof(handshakes[0]); | 249 | const size_t handshake_count = sizeof(handshakes) / sizeof(handshakes[0]); |
| 250 | 250 | ||
| 251 | #ifndef TLS13_DEBUG | ||
| 252 | #define DEBUGF(...) | ||
| 253 | #else | ||
| 254 | #define DEBUGF(...) fprintf(stderr, __VA_ARGS__) | ||
| 255 | |||
| 256 | static const char * | ||
| 257 | tls13_handshake_mode_name(uint8_t mode) | ||
| 258 | { | ||
| 259 | switch (mode) { | ||
| 260 | case TLS13_HS_CLIENT: | ||
| 261 | return "Client"; | ||
| 262 | case TLS13_HS_SERVER: | ||
| 263 | return "Server"; | ||
| 264 | } | ||
| 265 | return "Unknown"; | ||
| 266 | } | ||
| 267 | |||
| 268 | static const char * | ||
| 269 | tls13_handshake_message_name(uint8_t msg_type) | ||
| 270 | { | ||
| 271 | switch (msg_type) { | ||
| 272 | case TLS13_MT_CLIENT_HELLO: | ||
| 273 | return "ClientHello"; | ||
| 274 | case TLS13_MT_SERVER_HELLO: | ||
| 275 | return "ServerHello"; | ||
| 276 | case TLS13_MT_NEW_SESSION_TICKET: | ||
| 277 | return "NewSessionTicket"; | ||
| 278 | case TLS13_MT_END_OF_EARLY_DATA: | ||
| 279 | return "EndOfEarlyData"; | ||
| 280 | case TLS13_MT_ENCRYPTED_EXTENSIONS: | ||
| 281 | return "EncryptedExtensions"; | ||
| 282 | case TLS13_MT_CERTIFICATE: | ||
| 283 | return "Certificate"; | ||
| 284 | case TLS13_MT_CERTIFICATE_REQUEST: | ||
| 285 | return "CertificateRequest"; | ||
| 286 | case TLS13_MT_CERTIFICATE_VERIFY: | ||
| 287 | return "CertificateVerify"; | ||
| 288 | case TLS13_MT_FINISHED: | ||
| 289 | return "Finished"; | ||
| 290 | case TLS13_MT_KEY_UPDATE: | ||
| 291 | return "KeyUpdate"; | ||
| 292 | } | ||
| 293 | return "Unknown"; | ||
| 294 | } | ||
| 295 | #endif | ||
| 296 | |||
| 251 | static const enum tls13_message_type | 297 | static const enum tls13_message_type |
| 252 | tls13_handshake_active_state(struct tls13_ctx *ctx) | 298 | tls13_handshake_active_state(struct tls13_ctx *ctx) |
| 253 | { | 299 | { |
| @@ -306,6 +352,10 @@ tls13_handshake_perform(struct tls13_ctx *ctx) | |||
| 306 | return TLS13_IO_SUCCESS; | 352 | return TLS13_IO_SUCCESS; |
| 307 | } | 353 | } |
| 308 | 354 | ||
| 355 | DEBUGF("%s %s %s\n", tls13_handshake_mode_name(ctx->mode), | ||
| 356 | (action->sender == ctx->mode) ? "sending" : "receiving", | ||
| 357 | tls13_handshake_message_name(action->handshake_type)); | ||
| 358 | |||
| 309 | if (ctx->alert) | 359 | if (ctx->alert) |
| 310 | return tls13_send_alert(ctx->rl, ctx->alert); | 360 | return tls13_send_alert(ctx->rl, ctx->alert); |
| 311 | 361 | ||
| @@ -317,8 +367,13 @@ tls13_handshake_perform(struct tls13_ctx *ctx) | |||
| 317 | if (ctx->alert) | 367 | if (ctx->alert) |
| 318 | return tls13_send_alert(ctx->rl, ctx->alert); | 368 | return tls13_send_alert(ctx->rl, ctx->alert); |
| 319 | 369 | ||
| 320 | if (ret <= 0) | 370 | if (ret <= 0) { |
| 371 | DEBUGF("%s %s returned %d\n", | ||
| 372 | tls13_handshake_mode_name(ctx->mode), | ||
| 373 | (action->sender == ctx->mode) ? "send" : "recv", | ||
| 374 | ret); | ||
| 321 | return ret; | 375 | return ret; |
| 376 | } | ||
| 322 | 377 | ||
| 323 | if (!tls13_handshake_advance_state_machine(ctx)) | 378 | if (!tls13_handshake_advance_state_machine(ctx)) |
| 324 | return TLS13_IO_FAILURE; | 379 | return TLS13_IO_FAILURE; |