diff options
author | Matt Caswell <matt@openssl.org> | 2017-03-13 15:21:15 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-03-16 14:20:38 +0000 |
commit | 11c67eeaf4dd0376d84a90590e307d5d2e12f025 (patch) | |
tree | 3e7903a8c70b6ad63d33be996548251ce439014f /ssl/t1_trce.c | |
parent | 9e0ac6a2f1237ab72f0f26a032199864c7b71f2e (diff) | |
download | openssl-11c67eeaf4dd0376d84a90590e307d5d2e12f025.zip openssl-11c67eeaf4dd0376d84a90590e307d5d2e12f025.tar.gz openssl-11c67eeaf4dd0376d84a90590e307d5d2e12f025.tar.bz2 |
HelloRetryRequest updates for draft-19
Draft-19 changes the HRR transcript hash so that the initial ClientHello
is replaced in the transcript with a special synthetic message_hash message
that just contains a hash of ClientHello1 as its message body.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
Diffstat (limited to 'ssl/t1_trce.c')
-rw-r--r-- | ssl/t1_trce.c | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 3968509..0632066 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -992,6 +992,29 @@ static int ssl_print_server_hello(BIO *bio, int indent, return 1; } +static int ssl_print_hello_retry_request(BIO *bio, int indent, + const unsigned char *msg, + size_t msglen) +{ + unsigned int cs; + + if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, NULL)) + return 0; + + cs = (msg[0] << 8) | msg[1]; + BIO_indent(bio, indent, 80); + BIO_printf(bio, "cipher_suite {0x%02X, 0x%02X} %s\n", + msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); + msg += 2; + msglen -= 2; + + if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_HELLO_RETRY_REQUEST, &msg, + &msglen)) + return 0; + + return 1; +} + static int ssl_get_keyex(const char **pname, SSL *ssl) { unsigned long alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey; @@ -1422,11 +1445,7 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, int server, break; case SSL3_MT_HELLO_RETRY_REQUEST: - if (!ssl_print_version(bio, indent + 2, "server_version", &msg, &msglen, - NULL) - || !ssl_print_extensions(bio, indent + 2, 1, - SSL3_MT_HELLO_RETRY_REQUEST, &msg, - &msglen)) + if (!ssl_print_hello_retry_request(bio, indent + 2, msg, msglen)) return 0; break; |