X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ft1_trce.c;h=e766095a631ccabea707468b7213e8f09c34ad7d;hp=47539a57cd631e4ac2af1cca4247986545d34e59;hb=890f2f8b92b385ef3898cdb4a15a071ffcf8107f;hpb=63fe4ee14cc631d82bfb982ce5154086eb89ea87 diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 47539a57cd..e766095a63 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -71,7 +71,6 @@ typedef struct do_ssl_trace_list(bio, indent, msg, msglen, value, \ table, sizeof(table)/sizeof(ssl_trace_tbl)) - static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl) { size_t i; @@ -444,6 +443,21 @@ static ssl_trace_tbl ssl_ctype_tbl[] = { {66, "ecdsa_fixed_ecdh"} }; +static ssl_trace_tbl ssl_crypto_tbl[] = { + {TLS1_RT_CRYPTO_PREMASTER, "Premaster Secret"}, + {TLS1_RT_CRYPTO_CLIENT_RANDOM, "Client Random"}, + {TLS1_RT_CRYPTO_SERVER_RANDOM, "Server Random"}, + {TLS1_RT_CRYPTO_MASTER, "Master Secret"}, + {TLS1_RT_CRYPTO_MAC|TLS1_RT_CRYPTO_WRITE, "Write Mac Secret"}, + {TLS1_RT_CRYPTO_MAC|TLS1_RT_CRYPTO_READ, "Read Mac Secret"}, + {TLS1_RT_CRYPTO_KEY|TLS1_RT_CRYPTO_WRITE, "Write Key"}, + {TLS1_RT_CRYPTO_KEY|TLS1_RT_CRYPTO_READ, "Read Key"}, + {TLS1_RT_CRYPTO_IV|TLS1_RT_CRYPTO_WRITE, "Write IV"}, + {TLS1_RT_CRYPTO_IV|TLS1_RT_CRYPTO_READ, "Read IV"}, + {TLS1_RT_CRYPTO_FIXED_IV|TLS1_RT_CRYPTO_WRITE, "Write IV (fixed part)"}, + {TLS1_RT_CRYPTO_FIXED_IV|TLS1_RT_CRYPTO_READ, "Read IV (fixed part)"} +}; + static void ssl_print_hex(BIO *bio, int indent, const char *name, const unsigned char *msg, size_t msglen) { @@ -668,7 +682,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server, return 1; } -static int ssl_print_client_hello(BIO *bio, int indent, +static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent, const unsigned char *msg, size_t msglen) { size_t len; @@ -679,6 +693,11 @@ static int ssl_print_client_hello(BIO *bio, int indent, return 0; if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) return 0; + if (SSL_IS_DTLS(ssl)) + { + if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) + return 0; + } if (msglen < 2) return 0; len = (msg[0] << 8) | msg[1]; @@ -723,6 +742,16 @@ static int ssl_print_client_hello(BIO *bio, int indent, return 1; } +static int dtls_print_hello_vfyrequest(BIO *bio, int indent, + const unsigned char *msg, size_t msglen) + { + if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen)) + return 0; + if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) + return 0; + return 1; + } + static int ssl_print_server_hello(BIO *bio, int indent, const unsigned char *msg, size_t msglen) { @@ -828,10 +857,19 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl, { case SSL_kRSA: - if (!ssl_print_hexbuf(bio, indent + 2, + if (TLS1_get_version(ssl) == SSL3_VERSION) + { + ssl_print_hex(bio, indent + 2, + "EncyptedPreMasterSecret", + msg, msglen); + } + else + { + if (!ssl_print_hexbuf(bio, indent + 2, "EncyptedPreMasterSecret", 2, &msg, &msglen)) return 0; + } break; /* Implicit parameters only allowed for static DH */ @@ -1056,7 +1094,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s, nm = d2i_X509_NAME(NULL, &p, dlen); if (!nm) { - BIO_puts(bio, "\n"); + BIO_puts(bio, "\n"); } else { @@ -1094,6 +1132,7 @@ static int ssl_print_ticket(BIO *bio, int indent, return 1; } + static int ssl_print_handshake(BIO *bio, SSL *ssl, const unsigned char *msg, size_t msglen, int indent) @@ -1110,12 +1149,30 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, (int)hlen); msg += 4; msglen -= 4; + if (SSL_IS_DTLS(ssl)) + { + if (msglen < 8) + return 0; + BIO_indent(bio, indent, 80); + BIO_printf(bio, "message_seq=%d, fragment_offset=%d, " + "fragment_length=%d\n", + (msg[0] << 8) | msg[1], + (msg[2] << 16) | (msg[3] << 8) | msg[4], + (msg[5] << 16) | (msg[6] << 8) | msg[7]); + msg += 8; + msglen -= 8; + } if (msglen < hlen) return 0; switch(htype) { case SSL3_MT_CLIENT_HELLO: - if (!ssl_print_client_hello(bio, indent + 2, msg, msglen)) + if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen)) + return 0; + break; + + case DTLS1_MT_HELLO_VERIFY_REQUEST: + if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen)) return 0; break; @@ -1188,23 +1245,57 @@ static int ssl_print_heartbeat(BIO *bio, int indent, return 1; } +const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c) + { + if (c->algorithm_ssl & SSL_SSLV2) + return NULL; + return ssl_trace_str(c->id & 0xFFFF, ssl_ciphers_tbl); + } + void SSL_trace(int write_p, int version, int content_type, const void *buf, size_t msglen, SSL *ssl, void *arg) { const unsigned char *msg = buf; BIO *bio = arg; - - BIO_printf(bio, "%s Record: Version = %s (0x%x)", - write_p ? "Sent" : "Received", - ssl_trace_str(version, ssl_version_tbl), - version); - BIO_printf(bio, " Length=%d\n", (int)msglen); - BIO_printf(bio, " Content Type = %s (%d)\n", - ssl_trace_str(content_type, ssl_content_tbl), - content_type); + if (write_p == 2) + { + BIO_puts(bio, "Session "); + ssl_print_hex(bio, 0, + ssl_trace_str(content_type, ssl_crypto_tbl), + msg, msglen); + return; + } switch (content_type) { + case SSL3_RT_HEADER: + { + int hvers = msg[1] << 8 | msg[2]; + BIO_puts(bio, write_p ? "Sent" : "Received"); + BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n", + ssl_trace_str(hvers, ssl_version_tbl), hvers); + if (SSL_IS_DTLS(ssl)) + { + BIO_printf(bio, + " epoch=%d, sequence_number=%04x%04x%04x\n", + (msg[3] << 8 | msg[4]), + (msg[5] << 8 | msg[6]), + (msg[7] << 8 | msg[8]), + (msg[9] << 8 | msg[10])); +#if 0 + /* Just print handshake type so we can see what is + * going on during fragmentation. + */ + BIO_printf(bio, "(%s)\n", + ssl_trace_str(msg[msglen], ssl_handshake_tbl)); +#endif + } + + BIO_printf(bio, " Content Type = %s (%d)\n Length = %d", + ssl_trace_str(msg[0], ssl_content_tbl), msg[0], + msg[msglen - 2] << 8 | msg[msglen - 1]); + } + break; case SSL3_RT_HANDSHAKE: if (!ssl_print_handshake(bio, ssl, msg, msglen, 4)) BIO_printf(bio, "Message length parse error!\n");