expand tls debug

diff --git a/crypto/parse_message.c b/crypto/parse_message.c
index 8f722992343cd9352b12f8b1696e3623789e3ab5..9f5a3e2705d7a351fc42eef9a2f1ae6015e0dbfa 100644 (file)
--- a/crypto/parse_message.c
+++ b/crypto/parse_message.c
@@ -574,7 +574,7 @@ int tls_parse_message(struct TLSContext *context, unsigned char *buf,
                        break;
                default:
                        DEBUG_PRINT("UNKNOWN MESSAGE TYPE: %x\n", (int)type);
-                       payload_res =  TLS_NOT_UNDERSTOOD;
+                       payload_res = TLS_NOT_UNDERSTOOD;
                        break;
        }
 

diff --git a/crypto/tlse.c b/crypto/tlse.c
index a49b447101f59c9bfbbd42bdc5246bbcf9eac515..bbcb1b3a679823fb5ba665e64da60ee3abddaec3 100644 (file)
--- a/crypto/tlse.c
+++ b/crypto/tlse.c
@@ -1787,17 +1787,21 @@ static int tls_expand_key(struct TLSContext *context) {
                        (int) TLS_MAX_KEY_EXPANSION_SIZE);
        DEBUG_DUMP_HEX_LABEL("CLIENT KEY", clientkey, key_length);
        DEBUG_DUMP_HEX_LABEL("CLIENT IV", clientiv, iv_length);
+#if 0
        DEBUG_DUMP_HEX_LABEL("CLIENT MAC KEY",
                        context->is_server ? context->crypto.
                        ctx_remote_mac.remote_mac : context->
                        crypto.ctx_local_mac.local_mac,
                        mac_length);
+#endif
        DEBUG_DUMP_HEX_LABEL("SERVER KEY", serverkey, key_length);
        DEBUG_DUMP_HEX_LABEL("SERVER IV", serveriv, iv_length);
+#if 0
        DEBUG_DUMP_HEX_LABEL("SERVER MAC KEY",
                        context->is_server ? context->crypto.
                        ctx_local_mac.local_mac : context->crypto.
                        ctx_remote_mac.remote_mac, mac_length);
+#endif
        if (context->is_server) {
                if (is_aead == 2) {
                        memcpy(context->crypto.ctx_remote_mac.remote_nonce,
@@ -4238,6 +4242,7 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
                }
 
                if (certificate_verify_alert != no_error) {
+                       MARK;
                        tls_alert(context, 1, certificate_verify_alert);
                        context->critical_error = 1;
                }
@@ -4245,21 +4250,27 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
                if (payload_res < 0) {
                        switch (payload_res) {
                                case TLS_UNEXPECTED_MESSAGE:
+                                       MARK;
                                        tls_alert(context, 1, unexpected_message);
                                        break;
                                case TLS_COMPRESSION_NOT_SUPPORTED:
+                                       MARK;
                                        tls_alert(context, 1, decompression_failure_RESERVED);
                                        break;
                                case TLS_BROKEN_PACKET:
+                                       MARK;
                                        tls_alert(context, 1, decode_error);
                                        break;
                                case TLS_NO_MEMORY:
+                                       MARK;
                                        tls_alert(context, 1, internal_error);
                                        break;
                                case TLS_NOT_VERIFIED:
+                                       MARK;
                                        tls_alert(context, 1, bad_record_mac);
                                        break;
                                case TLS_BAD_CERTIFICATE:
+                                       MARK;
                                        if (context->is_server) {
                                                /* bad client certificate, continue */
                                                tls_alert(context, 0, bad_certificate);
@@ -4269,19 +4280,24 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
                                        }
                                        break;
                                case TLS_UNSUPPORTED_CERTIFICATE:
+                                       MARK;
                                        tls_alert(context, 1, unsupported_certificate);
                                        break;
                                case TLS_NO_COMMON_CIPHER:
+                                       MARK;
                                        tls_alert(context, 1, insufficient_security);
                                        break;
                                case TLS_NOT_UNDERSTOOD:
+                                       MARK;
                                        tls_alert(context, 1, internal_error);
                                        break;
                                case TLS_NO_RENEGOTIATION:
+                                       MARK;
                                        tls_alert(context, 0, no_renegotiation_RESERVED);
                                        payload_res = 0;
                                        break;
                                case TLS_DECRYPTION_FAILED:
+                                       MARK;
                                        tls_alert(context, 1, decryption_failed_RESERVED);
                                        break;
                        }
@@ -4292,6 +4308,7 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
 
                if (certificate_verify_alert != no_error) {
                        payload_res = TLS_BAD_CERTIFICATE;
+                       /* TODO this is set but not used */
                }
 
                /* except renegotiation */
@@ -4337,9 +4354,7 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
                                        }
 
                                        tls_send_certificate(context);
-
                                        tls_send_certificate_verify(context);
-
                                        tls_send_finished(context);
 
                                        /* new key */

diff --git a/crypto/tlse.h b/crypto/tlse.h
index 8c8e31eaa90b4dee26eef0457d6e9c2db122671c..b152c543157135392a2139618adfc4def1c59ba8 100644 (file)
--- a/crypto/tlse.h
+++ b/crypto/tlse.h
@@ -65,12 +65,12 @@ extern int tls_indent_i;
 #define DEBUG_PRINTI(...) do { INDENT; fprintf(stderr, __VA_ARGS__); } while (0)
 #define DEBUG_PRINT(...) do { fprintf(stderr, __VA_ARGS__); } while (0)
 
-#define DEBUG_DUMP_HEX(buf, len)    do {int _i_; for (_i_ = 0; _i_ < (int)len; _i_++) { DEBUG_PRINT("%02X ", (unsigned int)((unsigned char *)buf)[_i_]); } } while (0)
+#define DEBUG_DUMP_HEX(buf, len)    do {int _i_; for (_i_ = 0; _i_ < (int)len; _i_++) { DEBUG_PRINT("%02x ", (unsigned int)((unsigned char *)buf)[_i_]); } } while (0)
 
 #define DEBUG_INDEX(fields)         print_index(fields)
 #define DEBUG_DUMP(buf, length)     fwrite(buf, 1, length, stderr);
 
-#define DEBUG_DUMP_HEX_LABEL(title, buf, len)    do {fprintf(stderr, "%s (%i): ", title, (int)len); DEBUG_DUMP_HEX(buf, len); fprintf(stderr, "\n");} while (0)
+#define DEBUG_DUMP_HEX_LABEL(title, buf, len)    do {fprintf(stderr, "%s (%d): ", title, (int)len); DEBUG_DUMP_HEX(buf, len); fprintf(stderr, "\n");} while (0)
 
 #define ENTER do { MARKP;  fprintf(stderr, "enter function\n"); tls_indent++; } while (0)
 #define LEAVE do { tls_indent--; MARKP;  fprintf(stderr, "leave function\n");} while (0)