X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Ft1_trce.c;h=1067a7522ce9c27ec5513d865ef2d1847b49b732;hb=9ee344f5cd5e935c60d3bf7c3ce9ee21895069db;hp=e99a2ceca852f6349b01f6566dc7492bd7ebe5a7;hpb=fa64210a88a90277aa499fd1616102e5f11967be;p=openssl.git diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index e99a2ceca8..1067a7522c 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -85,6 +85,7 @@ static ssl_trace_tbl ssl_handshake_tbl[] = { {SSL3_MT_SERVER_HELLO, "ServerHello"}, {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"}, {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"}, + {SSL3_MT_END_OF_EARLY_DATA, "EndOfEarlyData"}, {SSL3_MT_HELLO_RETRY_REQUEST, "HelloRetryRequest"}, {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"}, {SSL3_MT_CERTIFICATE, "Certificate"}, @@ -97,7 +98,11 @@ static ssl_trace_tbl ssl_handshake_tbl[] = { {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, {SSL3_MT_FINISHED, "Finished"}, {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}, - {SSL3_MT_KEY_UPDATE, "KeyUpdate"} + {SSL3_MT_KEY_UPDATE, "KeyUpdate"}, +# ifndef OPENSSL_NO_NEXTPROTONEG + {SSL3_MT_NEXT_PROTO, "NextProto"}, +# endif + {SSL3_MT_MESSAGE_HASH, "MessageHash"} }; /* Cipher suites */ @@ -422,13 +427,13 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = { {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"}, {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"}, {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"}, - {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"}, - {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"}, - {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305"}, - {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305"}, - {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305"}, - {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305"}, - {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305"}, + {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, + {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}, + {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, + {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"}, + {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, + {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, + {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"}, {0x1301, "TLS_AES_128_GCM_SHA256"}, {0x1302, "TLS_AES_256_GCM_SHA384"}, {0x1303, "TLS_CHACHA20_POLY1305_SHA256"}, @@ -475,7 +480,8 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"}, {TLSEXT_TYPE_padding, "padding"}, {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"}, - {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"} + {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}, + {TLSEXT_TYPE_early_data, "early_data"} }; static ssl_trace_tbl ssl_groups_tbl[] = { @@ -527,6 +533,8 @@ static ssl_trace_tbl ssl_sigalg_tbl[] = { {TLSEXT_SIGALG_ecdsa_secp256r1_sha256, "ecdsa_secp256r1_sha256"}, {TLSEXT_SIGALG_ecdsa_secp384r1_sha384, "ecdsa_secp384r1_sha384"}, {TLSEXT_SIGALG_ecdsa_secp521r1_sha512, "ecdsa_secp521r1_sha512"}, + {TLSEXT_SIGALG_ecdsa_sha224, "ecdsa_sha224"}, + {TLSEXT_SIGALG_ed25519, "ed25519"}, {TLSEXT_SIGALG_ecdsa_sha1, "ecdsa_sha1"}, {TLSEXT_SIGALG_rsa_pss_sha256, "rsa_pss_sha256"}, {TLSEXT_SIGALG_rsa_pss_sha384, "rsa_pss_sha384"}, @@ -534,10 +542,12 @@ static ssl_trace_tbl ssl_sigalg_tbl[] = { {TLSEXT_SIGALG_rsa_pkcs1_sha256, "rsa_pkcs1_sha256"}, {TLSEXT_SIGALG_rsa_pkcs1_sha384, "rsa_pkcs1_sha384"}, {TLSEXT_SIGALG_rsa_pkcs1_sha512, "rsa_pkcs1_sha512"}, + {TLSEXT_SIGALG_rsa_pkcs1_sha224, "rsa_pkcs1_sha224"}, {TLSEXT_SIGALG_rsa_pkcs1_sha1, "rsa_pkcs1_sha1"}, {TLSEXT_SIGALG_dsa_sha256, "dsa_sha256"}, {TLSEXT_SIGALG_dsa_sha384, "dsa_sha384"}, {TLSEXT_SIGALG_dsa_sha512, "dsa_sha512"}, + {TLSEXT_SIGALG_dsa_sha224, "dsa_sha224"}, {TLSEXT_SIGALG_dsa_sha1, "dsa_sha1"}, {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"}, {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"}, @@ -562,21 +572,6 @@ static ssl_trace_tbl ssl_psk_kex_modes_tbl[] = { {TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke"} }; -static ssl_trace_tbl ssl_crypto_tbl[] = { - {TLS1_RT_CRYPTO_PREMASTER, "Premaster Secret"}, - {TLS1_RT_CRYPTO_CLIENT_RANDOM, "Client Random"}, - {TLS1_RT_CRYPTO_SERVER_RANDOM, "Server Random"}, - {TLS1_RT_CRYPTO_MASTER, "Master Secret"}, - {TLS1_RT_CRYPTO_MAC | TLS1_RT_CRYPTO_WRITE, "Write Mac Secret"}, - {TLS1_RT_CRYPTO_MAC | TLS1_RT_CRYPTO_READ, "Read Mac Secret"}, - {TLS1_RT_CRYPTO_KEY | TLS1_RT_CRYPTO_WRITE, "Write Key"}, - {TLS1_RT_CRYPTO_KEY | TLS1_RT_CRYPTO_READ, "Read Key"}, - {TLS1_RT_CRYPTO_IV | TLS1_RT_CRYPTO_WRITE, "Write IV"}, - {TLS1_RT_CRYPTO_IV | TLS1_RT_CRYPTO_READ, "Read IV"}, - {TLS1_RT_CRYPTO_FIXED_IV | TLS1_RT_CRYPTO_WRITE, "Write IV (fixed part)"}, - {TLS1_RT_CRYPTO_FIXED_IV | TLS1_RT_CRYPTO_READ, "Read IV (fixed part)"} -}; - static ssl_trace_tbl ssl_key_update_tbl[] = { {SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested"}, {SSL_KEY_UPDATE_REQUESTED, "update_requested"} @@ -680,6 +675,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, { size_t xlen, share_len; unsigned int sigalg; + uint32_t max_early_data; BIO_indent(bio, indent, 80); BIO_printf(bio, "extension_type=%s(%d), length=%d\n", @@ -830,6 +826,17 @@ static int ssl_print_extension(BIO *bio, int indent, int server, return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_psk_kex_modes_tbl); + case TLSEXT_TYPE_early_data: + if (mt != SSL3_MT_NEWSESSION_TICKET) + break; + if (extlen != 4) + return 0; + max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8) + | ext[3]; + BIO_indent(bio, indent + 2, 80); + BIO_printf(bio, "max_early_data=%u\n", max_early_data); + break; + default: BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2); } @@ -979,6 +986,29 @@ static int ssl_print_server_hello(BIO *bio, int indent, return 1; } +static int ssl_print_hello_retry_request(BIO *bio, int indent, + const unsigned char *msg, + size_t msglen) +{ + unsigned int cs; + + if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, NULL)) + return 0; + + cs = (msg[0] << 8) | msg[1]; + BIO_indent(bio, indent, 80); + BIO_printf(bio, "cipher_suite {0x%02X, 0x%02X} %s\n", + msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); + msg += 2; + msglen -= 2; + + if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_HELLO_RETRY_REQUEST, &msg, + &msglen)) + return 0; + + return 1; +} + static int ssl_get_keyex(const char **pname, SSL *ssl) { unsigned long alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey; @@ -1409,11 +1439,7 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, int server, break; case SSL3_MT_HELLO_RETRY_REQUEST: - if (!ssl_print_version(bio, indent + 2, "server_version", &msg, &msglen, - NULL) - || !ssl_print_extensions(bio, indent + 2, 1, - SSL3_MT_HELLO_RETRY_REQUEST, &msg, - &msglen)) + if (!ssl_print_hello_retry_request(bio, indent + 2, msg, msglen)) return 0; break; @@ -1452,12 +1478,6 @@ void SSL_trace(int write_p, int version, int content_type, const unsigned char *msg = buf; BIO *bio = arg; - if (write_p == 2) { - BIO_puts(bio, "Session "); - ssl_print_hex(bio, 0, - ssl_trace_str(content_type, ssl_crypto_tbl), msg, msglen); - return; - } switch (content_type) { case SSL3_RT_HEADER: { @@ -1478,6 +1498,12 @@ void SSL_trace(int write_p, int version, int content_type, msg[msglen - 2] << 8 | msg[msglen - 1]); } break; + + case SSL3_RT_INNER_CONTENT_TYPE: + BIO_printf(bio, " Inner Content Type = %s (%d)", + ssl_trace_str(msg[0], ssl_content_tbl), msg[0]); + break; + case SSL3_RT_HANDSHAKE: if (!ssl_print_handshake(bio, ssl, ssl->server ? write_p : !write_p, msg, msglen, 4))