2 files changed, 61 insertions, 3 deletions
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index 7631dd4cd4..d88e1e9a73 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.64 2020/03/13 16:40:42 jsing Exp $
+# $OpenBSD: Makefile,v 1.65 2020/05/10 14:22:51 jsing Exp $
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -20,6 +20,9 @@ CFLAGS+= -DLIBRESSL_INTERNAL
 CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT
 CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER
 .endif
+.ifdef TLS1_3_DEBUG
+CFLAGS+= -DTLS13_DEBUG
+.endif
 CFLAGS+= -I${.CURDIR}
 LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index d3333a2e4a..1d8e78b927 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_handshake.c,v 1.59 2020/05/09 20:38:19 tb Exp $ */
+/*      $OpenBSD: tls13_handshake.c,v 1.60 2020/05/10 14:22:51 jsing Exp $      */
 /*
 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -248,6 +248,52 @@ const enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
 const size_t handshake_count = sizeof(handshakes) / sizeof(handshakes[0]);
+#ifndef TLS13_DEBUG
+#define DEBUGF(...)
+#else
+#define DEBUGF(...) fprintf(stderr, __VA_ARGS__)
+static const char *
+tls13_handshake_mode_name(uint8_t mode)
+{
+        switch (mode) {
+        case TLS13_HS_CLIENT:
+                return "Client";
+        case TLS13_HS_SERVER:
+                return "Server";
+        }
+        return "Unknown";
+}
+static const char *
+tls13_handshake_message_name(uint8_t msg_type)
+{
+        switch (msg_type) {
+        case TLS13_MT_CLIENT_HELLO:
+                return "ClientHello";
+        case TLS13_MT_SERVER_HELLO:
+                return "ServerHello";
+        case TLS13_MT_NEW_SESSION_TICKET:
+                return "NewSessionTicket";
+        case TLS13_MT_END_OF_EARLY_DATA:
+                return "EndOfEarlyData";
+        case TLS13_MT_ENCRYPTED_EXTENSIONS:
+                return "EncryptedExtensions";
+        case TLS13_MT_CERTIFICATE:
+                return "Certificate";
+        case TLS13_MT_CERTIFICATE_REQUEST:
+                return "CertificateRequest";
+        case TLS13_MT_CERTIFICATE_VERIFY:
+                return "CertificateVerify";
+        case TLS13_MT_FINISHED:
+                return "Finished";
+        case TLS13_MT_KEY_UPDATE:
+                return "KeyUpdate";
+        }
+        return "Unknown";
+}
+#endif
 static const enum tls13_message_type
 tls13_handshake_active_state(struct tls13_ctx *ctx)
 {
@@ -306,6 +352,10 @@ tls13_handshake_perform(struct tls13_ctx *ctx)
                        return TLS13_IO_SUCCESS;
                }
+                DEBUGF("%s %s %s\n", tls13_handshake_mode_name(ctx->mode),
+                    (action->sender == ctx->mode) ? "sending" : "receiving",
+                    tls13_handshake_message_name(action->handshake_type));
                if (ctx->alert)
                        return tls13_send_alert(ctx->rl, ctx->alert);
@@ -317,8 +367,13 @@ tls13_handshake_perform(struct tls13_ctx *ctx)
                if (ctx->alert)
                        return tls13_send_alert(ctx->rl, ctx->alert);
-                if (ret <= 0)
+                if (ret <= 0) {
+                        DEBUGF("%s %s returned %d\n",
+                            tls13_handshake_mode_name(ctx->mode),
+                            (action->sender == ctx->mode) ? "send" : "recv",
+                            ret);
                        return ret;
+                }
                if (!tls13_handshake_advance_state_machine(ctx))
                        return TLS13_IO_FAILURE;

diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index 7631dd4cd4..d88e1e9a73 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.64 2020/03/13 16:40:42 jsing Exp $	1	# $OpenBSD: Makefile,v 1.65 2020/05/10 14:22:51 jsing Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4	.ifndef NOMAN	4	.ifndef NOMAN
@@ -20,6 +20,9 @@ CFLAGS+= -DLIBRESSL_INTERNAL
20	CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT	20	CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT
21	CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER	21	CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER
22	.endif	22	.endif
		23	.ifdef TLS1_3_DEBUG
		24	CFLAGS+= -DTLS13_DEBUG
		25	.endif
23	CFLAGS+= -I${.CURDIR}	26	CFLAGS+= -I${.CURDIR}
24		27
25	LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto	28	LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto


diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index d3333a2e4a..1d8e78b927 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_handshake.c,v 1.59 2020/05/09 20:38:19 tb Exp $ */	1	/* $OpenBSD: tls13_handshake.c,v 1.60 2020/05/10 14:22:51 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>	3	* Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
4	* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>	4	* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -248,6 +248,52 @@ const enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
248		248
249	const size_t handshake_count = sizeof(handshakes) / sizeof(handshakes[0]);	249	const size_t handshake_count = sizeof(handshakes) / sizeof(handshakes[0]);
250		250
		251	#ifndef TLS13_DEBUG
		252	#define DEBUGF(...)
		253	#else
		254	#define DEBUGF(...) fprintf(stderr, __VA_ARGS__)
		255
		256	static const char *
		257	tls13_handshake_mode_name(uint8_t mode)
		258	{
		259	switch (mode) {
		260	case TLS13_HS_CLIENT:
		261	return "Client";
		262	case TLS13_HS_SERVER:
		263	return "Server";
		264	}
		265	return "Unknown";
		266	}
		267
		268	static const char *
		269	tls13_handshake_message_name(uint8_t msg_type)
		270	{
		271	switch (msg_type) {
		272	case TLS13_MT_CLIENT_HELLO:
		273	return "ClientHello";
		274	case TLS13_MT_SERVER_HELLO:
		275	return "ServerHello";
		276	case TLS13_MT_NEW_SESSION_TICKET:
		277	return "NewSessionTicket";
		278	case TLS13_MT_END_OF_EARLY_DATA:
		279	return "EndOfEarlyData";
		280	case TLS13_MT_ENCRYPTED_EXTENSIONS:
		281	return "EncryptedExtensions";
		282	case TLS13_MT_CERTIFICATE:
		283	return "Certificate";
		284	case TLS13_MT_CERTIFICATE_REQUEST:
		285	return "CertificateRequest";
		286	case TLS13_MT_CERTIFICATE_VERIFY:
		287	return "CertificateVerify";
		288	case TLS13_MT_FINISHED:
		289	return "Finished";
		290	case TLS13_MT_KEY_UPDATE:
		291	return "KeyUpdate";
		292	}
		293	return "Unknown";
		294	}
		295	#endif
		296
251	static const enum tls13_message_type	297	static const enum tls13_message_type
252	tls13_handshake_active_state(struct tls13_ctx *ctx)	298	tls13_handshake_active_state(struct tls13_ctx *ctx)
253	{	299	{
@@ -306,6 +352,10 @@ tls13_handshake_perform(struct tls13_ctx *ctx)
306	return TLS13_IO_SUCCESS;	352	return TLS13_IO_SUCCESS;
307	}	353	}
308		354
		355	DEBUGF("%s %s %s\n", tls13_handshake_mode_name(ctx->mode),
		356	(action->sender == ctx->mode) ? "sending" : "receiving",
		357	tls13_handshake_message_name(action->handshake_type));
		358
309	if (ctx->alert)	359	if (ctx->alert)
310	return tls13_send_alert(ctx->rl, ctx->alert);	360	return tls13_send_alert(ctx->rl, ctx->alert);
311		361
@@ -317,8 +367,13 @@ tls13_handshake_perform(struct tls13_ctx *ctx)
317	if (ctx->alert)	367	if (ctx->alert)
318	return tls13_send_alert(ctx->rl, ctx->alert);	368	return tls13_send_alert(ctx->rl, ctx->alert);
319		369
320	if (ret <= 0)	370	if (ret <= 0) {
		371	DEBUGF("%s %s returned %d\n",
		372	tls13_handshake_mode_name(ctx->mode),
		373	(action->sender == ctx->mode) ? "send" : "recv",
		374	ret);
321	return ret;	375	return ret;
		376	}
322		377
323	if (!tls13_handshake_advance_state_machine(ctx))	378	if (!tls13_handshake_advance_state_machine(ctx))
324	return TLS13_IO_FAILURE;	379	return TLS13_IO_FAILURE;