From 56db65a14c687656b3c58e9a18782794a2ec4f2f Mon Sep 17 00:00:00 2001
From: Nathan Wagner <nw@hydaspes.if.org>
Date: Thu, 21 Feb 2019 22:04:27 +0000
Subject: [PATCH] expand tls debug

---
 crypto/parse_message.c |  2 +-
 crypto/tlse.c          | 19 +++++++++++++++++--
 crypto/tlse.h          |  4 ++--
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/crypto/parse_message.c b/crypto/parse_message.c
index 8f72299..9f5a3e2 100644
--- a/crypto/parse_message.c
+++ b/crypto/parse_message.c
@@ -574,7 +574,7 @@ int tls_parse_message(struct TLSContext *context, unsigned char *buf,
 			break;
 		default:
 			DEBUG_PRINT("UNKNOWN MESSAGE TYPE: %x\n", (int)type);
-			payload_res =  TLS_NOT_UNDERSTOOD;
+			payload_res = TLS_NOT_UNDERSTOOD;
 			break;
 	}
 
diff --git a/crypto/tlse.c b/crypto/tlse.c
index a49b447..bbcb1b3 100644
--- a/crypto/tlse.c
+++ b/crypto/tlse.c
@@ -1787,17 +1787,21 @@ static int tls_expand_key(struct TLSContext *context) {
 			(int) TLS_MAX_KEY_EXPANSION_SIZE);
 	DEBUG_DUMP_HEX_LABEL("CLIENT KEY", clientkey, key_length);
 	DEBUG_DUMP_HEX_LABEL("CLIENT IV", clientiv, iv_length);
+#if 0
 	DEBUG_DUMP_HEX_LABEL("CLIENT MAC KEY",
 			context->is_server ? context->crypto.
 			ctx_remote_mac.remote_mac : context->
 			crypto.ctx_local_mac.local_mac,
 			mac_length);
+#endif
 	DEBUG_DUMP_HEX_LABEL("SERVER KEY", serverkey, key_length);
 	DEBUG_DUMP_HEX_LABEL("SERVER IV", serveriv, iv_length);
+#if 0
 	DEBUG_DUMP_HEX_LABEL("SERVER MAC KEY",
 			context->is_server ? context->crypto.
 			ctx_local_mac.local_mac : context->crypto.
 			ctx_remote_mac.remote_mac, mac_length);
+#endif
 	if (context->is_server) {
 		if (is_aead == 2) {
 			memcpy(context->crypto.ctx_remote_mac.remote_nonce,
@@ -4238,6 +4242,7 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
 		}
 
 		if (certificate_verify_alert != no_error) {
+			MARK;
 			tls_alert(context, 1, certificate_verify_alert);
 			context->critical_error = 1;
 		}
@@ -4245,21 +4250,27 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
 		if (payload_res < 0) {
 			switch (payload_res) {
 				case TLS_UNEXPECTED_MESSAGE:
+					MARK;
 					tls_alert(context, 1, unexpected_message);
 					break;
 				case TLS_COMPRESSION_NOT_SUPPORTED:
+					MARK;
 					tls_alert(context, 1, decompression_failure_RESERVED);
 					break;
 				case TLS_BROKEN_PACKET:
+					MARK;
 					tls_alert(context, 1, decode_error);
 					break;
 				case TLS_NO_MEMORY:
+					MARK;
 					tls_alert(context, 1, internal_error);
 					break;
 				case TLS_NOT_VERIFIED:
+					MARK;
 					tls_alert(context, 1, bad_record_mac);
 					break;
 				case TLS_BAD_CERTIFICATE:
+					MARK;
 					if (context->is_server) {
 						/* bad client certificate, continue */
 						tls_alert(context, 0, bad_certificate);
@@ -4269,19 +4280,24 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
 					}
 					break;
 				case TLS_UNSUPPORTED_CERTIFICATE:
+					MARK;
 					tls_alert(context, 1, unsupported_certificate);
 					break;
 				case TLS_NO_COMMON_CIPHER:
+					MARK;
 					tls_alert(context, 1, insufficient_security);
 					break;
 				case TLS_NOT_UNDERSTOOD:
+					MARK;
 					tls_alert(context, 1, internal_error);
 					break;
 				case TLS_NO_RENEGOTIATION:
+					MARK;
 					tls_alert(context, 0, no_renegotiation_RESERVED);
 					payload_res = 0;
 					break;
 				case TLS_DECRYPTION_FAILED:
+					MARK;
 					tls_alert(context, 1, decryption_failed_RESERVED);
 					break;
 			}
@@ -4292,6 +4308,7 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
 
 		if (certificate_verify_alert != no_error) {
 			payload_res = TLS_BAD_CERTIFICATE;
+			/* TODO this is set but not used */
 		}
 
 		/* except renegotiation */
@@ -4337,9 +4354,7 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
 					}
 
 					tls_send_certificate(context);
-
 					tls_send_certificate_verify(context);
-
 					tls_send_finished(context);
 
 					/* new key */
diff --git a/crypto/tlse.h b/crypto/tlse.h
index 8c8e31e..b152c54 100644
--- a/crypto/tlse.h
+++ b/crypto/tlse.h
@@ -65,12 +65,12 @@ extern int tls_indent_i;
 #define DEBUG_PRINTI(...) do { INDENT; fprintf(stderr, __VA_ARGS__); } while (0)
 #define DEBUG_PRINT(...) do { fprintf(stderr, __VA_ARGS__); } while (0)
 
-#define DEBUG_DUMP_HEX(buf, len)    do {int _i_; for (_i_ = 0; _i_ < (int)len; _i_++) { DEBUG_PRINT("%02X ", (unsigned int)((unsigned char *)buf)[_i_]); } } while (0)
+#define DEBUG_DUMP_HEX(buf, len)    do {int _i_; for (_i_ = 0; _i_ < (int)len; _i_++) { DEBUG_PRINT("%02x ", (unsigned int)((unsigned char *)buf)[_i_]); } } while (0)
 
 #define DEBUG_INDEX(fields)         print_index(fields)
 #define DEBUG_DUMP(buf, length)     fwrite(buf, 1, length, stderr);
 
-#define DEBUG_DUMP_HEX_LABEL(title, buf, len)    do {fprintf(stderr, "%s (%i): ", title, (int)len); DEBUG_DUMP_HEX(buf, len); fprintf(stderr, "\n");} while (0)
+#define DEBUG_DUMP_HEX_LABEL(title, buf, len)    do {fprintf(stderr, "%s (%d): ", title, (int)len); DEBUG_DUMP_HEX(buf, len); fprintf(stderr, "\n");} while (0)
 
 #define ENTER do { MARKP;  fprintf(stderr, "enter function\n"); tls_indent++; } while (0)
 #define LEAVE do { tls_indent--; MARKP;  fprintf(stderr, "leave function\n");} while (0)
-- 
2.40.0