X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ft1_trce.c;h=e766095a631ccabea707468b7213e8f09c34ad7d;hp=4b3331bb62c20961d784e611fba055e604fd2742;hb=890f2f8b92b385ef3898cdb4a15a071ffcf8107f;hpb=93ab9e421e4517b81d11ca741d55e6bb6f696c40

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 4b3331bb62..e766095a63 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -71,7 +71,6 @@ typedef struct
 	do_ssl_trace_list(bio, indent, msg, msglen, value, \
 	 table, sizeof(table)/sizeof(ssl_trace_tbl))
  
-
 static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl)
 	{
 	size_t i;
@@ -444,6 +443,21 @@ static ssl_trace_tbl ssl_ctype_tbl[] = {
 	{66, "ecdsa_fixed_ecdh"}
 };
 
+static ssl_trace_tbl ssl_crypto_tbl[] = {
+	{TLS1_RT_CRYPTO_PREMASTER,	"Premaster Secret"},
+	{TLS1_RT_CRYPTO_CLIENT_RANDOM,	"Client Random"},
+	{TLS1_RT_CRYPTO_SERVER_RANDOM,	"Server Random"},
+	{TLS1_RT_CRYPTO_MASTER,		"Master Secret"},
+	{TLS1_RT_CRYPTO_MAC|TLS1_RT_CRYPTO_WRITE,	"Write Mac Secret"},
+	{TLS1_RT_CRYPTO_MAC|TLS1_RT_CRYPTO_READ, 	"Read Mac Secret"},
+	{TLS1_RT_CRYPTO_KEY|TLS1_RT_CRYPTO_WRITE,	"Write Key"},
+	{TLS1_RT_CRYPTO_KEY|TLS1_RT_CRYPTO_READ, 	"Read Key"},
+	{TLS1_RT_CRYPTO_IV|TLS1_RT_CRYPTO_WRITE,	"Write IV"},
+	{TLS1_RT_CRYPTO_IV|TLS1_RT_CRYPTO_READ, 	"Read IV"},
+	{TLS1_RT_CRYPTO_FIXED_IV|TLS1_RT_CRYPTO_WRITE,	"Write IV (fixed part)"},
+	{TLS1_RT_CRYPTO_FIXED_IV|TLS1_RT_CRYPTO_READ, 	"Read IV (fixed part)"}
+};
+
 static void ssl_print_hex(BIO *bio, int indent, const char *name,
 				const unsigned char *msg, size_t msglen)
 	{
@@ -668,7 +682,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server,
 	return 1;
 	}
 
-static int ssl_print_client_hello(BIO *bio, int indent,
+static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent,
 				const unsigned char *msg, size_t msglen)
 	{
 	size_t len;
@@ -679,6 +693,11 @@ static int ssl_print_client_hello(BIO *bio, int indent,
 		return 0;
 	if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
 		return 0;
+	if (SSL_IS_DTLS(ssl))
+		{
+		if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+			return 0;
+		}
 	if (msglen < 2)
 		return 0;
 	len = (msg[0] << 8) | msg[1];
@@ -723,6 +742,16 @@ static int ssl_print_client_hello(BIO *bio, int indent,
 	return 1;
 	}
 
+static int dtls_print_hello_vfyrequest(BIO *bio, int indent,
+				const unsigned char *msg, size_t msglen)
+	{
+	if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen))
+		return 0;
+	if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+		return 0;
+	return 1;
+	}
+
 static int ssl_print_server_hello(BIO *bio, int indent,
 				const unsigned char *msg, size_t msglen)
 	{
@@ -767,7 +796,7 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
 		*pname = "dh_rsa";
 		return SSL_kDHr;
 		}
-	if (alg_k & SSL_kDHr)
+	if (alg_k & SSL_kDHd)
 		{
 		*pname = "dh_dss";
 		return SSL_kDHd;
@@ -777,16 +806,26 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
 		*pname = "krb5";
 		return SSL_kKRB5;
 		}
-	if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+	if (alg_k & SSL_kEDH)
 		{
 		*pname = "edh";
 		return SSL_kEDH;
 		}
-	if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
+	if (alg_k & SSL_kEECDH)
 		{
-		*pname = "ECDH";
+		*pname = "EECDH";
 		return SSL_kEECDH;
 		}
+	if (alg_k & SSL_kECDHr)
+		{
+		*pname = "ECDH RSA";
+		return SSL_kECDHr;
+		}
+	if (alg_k & SSL_kECDHe)
+		{
+		*pname = "ECDH ECDSA";
+		return SSL_kECDHe;
+		}
 	if (alg_k & SSL_kPSK)
 		{
 		*pname = "PSK";
@@ -818,10 +857,19 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
 		{
 
 	case SSL_kRSA:
-		if (!ssl_print_hexbuf(bio, indent + 2,
+		if (TLS1_get_version(ssl) == SSL3_VERSION)
+			{
+			ssl_print_hex(bio, indent + 2,
+						"EncyptedPreMasterSecret",
+						msg, msglen);
+			}
+		else
+			{
+			if (!ssl_print_hexbuf(bio, indent + 2,
 						"EncyptedPreMasterSecret", 2,
 						&msg, &msglen))
 				return 0;
+			}
 		break;
 
 		/* Implicit parameters only allowed for static DH */
@@ -839,6 +887,14 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
 			return 0;
 		break;
 
+	case SSL_kECDHr:
+	case SSL_kECDHe:
+		if (msglen == 0)
+			{
+			BIO_indent(bio, indent + 2, 80);
+			BIO_puts(bio, "implicit\n");
+			break;
+			}
 	case SSL_kEECDH:
 		if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1,
 							&msg, &msglen))
@@ -862,6 +918,8 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
 		/* Should never happen */
 	case SSL_kDHd:
 	case SSL_kDHr:
+	case SSL_kECDHr:
+	case SSL_kECDHe:
 		BIO_indent(bio, indent + 2, 80);
 		BIO_printf(bio, "Unexpected Message\n");
 		break;
@@ -1036,7 +1094,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s,
 		nm = d2i_X509_NAME(NULL, &p, dlen);
 		if (!nm)
 			{
-			BIO_puts(bio, "<UNPARESABLE DN>\n");
+			BIO_puts(bio, "<UNPARSEABLE DN>\n");
 			}
 		else
 			{
@@ -1074,6 +1132,7 @@ static int ssl_print_ticket(BIO *bio, int indent,
 	return 1;
 	}
 
+
 static int ssl_print_handshake(BIO *bio, SSL *ssl,
 				const unsigned char *msg, size_t msglen,
 				int indent)
@@ -1090,12 +1149,30 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl,
 				(int)hlen);
 	msg += 4;
 	msglen -= 4;
+	if (SSL_IS_DTLS(ssl))
+		{
+		if (msglen < 8)
+			return 0;
+		BIO_indent(bio, indent, 80);
+		BIO_printf(bio, "message_seq=%d, fragment_offset=%d, "
+				"fragment_length=%d\n",
+				(msg[0] << 8) | msg[1],
+				(msg[2] << 16) | (msg[3] << 8) | msg[4],
+				(msg[5] << 16) | (msg[6] << 8) | msg[7]);
+		msg += 8;
+		msglen -= 8;
+		}
 	if (msglen < hlen)
 		return 0;
 	switch(htype)
 		{
 	case SSL3_MT_CLIENT_HELLO:
-		if (!ssl_print_client_hello(bio, indent + 2, msg, msglen))
+		if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen))
+			return 0;
+		break;
+
+	case DTLS1_MT_HELLO_VERIFY_REQUEST:
+		if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen))
 			return 0;
 		break;
 
@@ -1168,23 +1245,57 @@ static int ssl_print_heartbeat(BIO *bio, int indent,
 	return 1;
 	}
 
+const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
+	{
+	if (c->algorithm_ssl & SSL_SSLV2)
+		return NULL;
+	return ssl_trace_str(c->id & 0xFFFF, ssl_ciphers_tbl);
+	}
+
 void SSL_trace(int write_p, int version, int content_type,
 		const void *buf, size_t msglen, SSL *ssl, void *arg)
 	{
 	const unsigned char *msg = buf;
 	BIO *bio = arg;
-	
-	BIO_printf(bio, "%s Record: Version = %s (0x%x)",
-				write_p ? "Sent" : "Received",
-				ssl_trace_str(version, ssl_version_tbl),
-				version);
-	BIO_printf(bio, " Length=%d\n", (int)msglen);
-	BIO_printf(bio, "  Content Type = %s (%d)\n",
-				ssl_trace_str(content_type, ssl_content_tbl),
-				content_type);
 
+	if (write_p == 2)
+		{
+		BIO_puts(bio, "Session ");
+		ssl_print_hex(bio, 0,
+				ssl_trace_str(content_type, ssl_crypto_tbl),
+				msg, msglen);
+		return;
+		}
 	switch (content_type)
 		{
+	case SSL3_RT_HEADER:
+		{
+		int hvers = msg[1] << 8 | msg[2];
+		BIO_puts(bio, write_p ? "Sent" : "Received");
+		BIO_printf(bio, " Record\nHeader:\n  Version = %s (0x%x)\n",
+				ssl_trace_str(hvers, ssl_version_tbl), hvers);
+		if (SSL_IS_DTLS(ssl))
+			{
+			BIO_printf(bio,
+				"  epoch=%d, sequence_number=%04x%04x%04x\n",
+					(msg[3] << 8 | msg[4]),
+					(msg[5] << 8 | msg[6]),
+					(msg[7] << 8 | msg[8]),
+					(msg[9] << 8 | msg[10]));
+#if 0
+			/* Just print handshake type so we can see what is
+			 * going on during fragmentation.
+			 */
+			BIO_printf(bio, "(%s)\n",
+				ssl_trace_str(msg[msglen], ssl_handshake_tbl));
+#endif
+			}
+
+		BIO_printf(bio, "  Content Type = %s (%d)\n  Length = %d",
+				ssl_trace_str(msg[0], ssl_content_tbl), msg[0],
+				msg[msglen - 2] << 8 | msg[msglen - 1]);
+		}
+		break;
 	case SSL3_RT_HANDSHAKE:
 		if (!ssl_print_handshake(bio, ssl, msg, msglen, 4))
 			BIO_printf(bio, "Message length parse error!\n");