New compile time option OPENSSL_SSL_TRACE_CRYPTO, when set this passes

[openssl.git] / ssl / s3_enc.c

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index c5df2cb90ae1c34db4bda00773466ad041b32383..d54babc96d2b4a730638c0260b20c9319f578e16 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -375,6 +375,27 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
        EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 
+#ifdef OPENSSL_SSL_TRACE_CRYPTO
+       if (s->msg_callback)
+               {
+ 
+               int wh = which & SSL3_CC_WRITE ?
+                               TLS1_RT_CRYPTO_WRITE : TLS1_RT_CRYPTO_READ;
+               s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
+                                               mac_secret, EVP_MD_size(m),
+                                               s, s->msg_callback_arg);
+               if (c->key_len)
+                       s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
+                                               key, c->key_len,
+                                               s, s->msg_callback_arg);
+               if (k)
+                       {
+                       s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_IV,
+                                               iv, k, s, s->msg_callback_arg);
+                       }
+               }
+#endif
+
        OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
        OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
        EVP_MD_CTX_cleanup(&md);
@@ -797,6 +818,9 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
        EVP_MD_CTX ctx;
        int i,ret=0;
        unsigned int n;
+#ifdef SSL_TRACE_CRYPTO_DEBUG
+       unsigned char *tmpout = out;
+#endif
 
        EVP_MD_CTX_init(&ctx);
        for (i=0; i<3; i++)
@@ -818,6 +842,23 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
                ret+=n;
                }
        EVP_MD_CTX_cleanup(&ctx);
+
+#ifdef SSL_TRACE_CRYPTO_DEBUG
+       if (s->msg_callback)
+               {
+               s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
+                                               p, len, s, s->msg_callback_arg);
+               s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
+                                       s->s3->client_random, SSL3_RANDOM_SIZE,
+                                               s, s->msg_callback_arg);
+               s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
+                                       s->s3->server_random, SSL3_RANDOM_SIZE,
+                                       s, s->msg_callback_arg);
+               s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
+                                       tmpout, SSL3_MASTER_SECRET_SIZE,
+                                       s, s->msg_callback_arg);
+               }
+#endif
        return(ret);
        }