Remove support for OPENSSL_SSL_TRACE_CRYPTO
This trace option does not appear in Configure as a separate option and is
undocumented. It can be switched on using "-DOPENSSL_SSL_TRACE_CRYPTO",
however this does not compile in master or in any 1.1.0 released version.
(cherry picked from commit eee2750bd3d25265bb44d029877434d2cc80970c)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3413)
Matt Caswell
7 years ago
227 | 227 | if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) |
228 | 228 | goto err2; |
229 | 229 | |
230 | #ifdef OPENSSL_SSL_TRACE_CRYPTO | |
231 | if (s->msg_callback) { | |
232 | ||
233 | int wh = which & SSL3_CC_WRITE ? | |
234 | TLS1_RT_CRYPTO_WRITE : TLS1_RT_CRYPTO_READ; | |
235 | s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC, | |
236 | mac_secret, EVP_MD_size(m), s, s->msg_callback_arg); | |
237 | if (c->key_len) | |
238 | s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY, | |
239 | key, c->key_len, s, s->msg_callback_arg); | |
240 | if (k) { | |
241 | s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_IV, | |
242 | iv, k, s, s->msg_callback_arg); | |
243 | } | |
244 | } | |
245 | #endif | |
246 | ||
247 | 230 | OPENSSL_cleanse(exp_key, sizeof(exp_key)); |
248 | 231 | OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); |
249 | 232 | return (1); |
461 | 444 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
462 | 445 | int i, ret = 0; |
463 | 446 | unsigned int n; |
464 | #ifdef OPENSSL_SSL_TRACE_CRYPTO | |
465 | unsigned char *tmpout = out; | |
466 | #endif | |
467 | 447 | |
468 | 448 | if (ctx == NULL) { |
469 | 449 | SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE); |
492 | 472 | } |
493 | 473 | EVP_MD_CTX_free(ctx); |
494 | 474 | |
495 | #ifdef OPENSSL_SSL_TRACE_CRYPTO | |
496 | if (ret > 0 && s->msg_callback) { | |
497 | s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER, | |
498 | p, len, s, s->msg_callback_arg); | |
499 | s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM, | |
500 | s->s3->client_random, SSL3_RANDOM_SIZE, | |
501 | s, s->msg_callback_arg); | |
502 | s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM, | |
503 | s->s3->server_random, SSL3_RANDOM_SIZE, | |
504 | s, s->msg_callback_arg); | |
505 | s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER, | |
506 | tmpout, SSL3_MASTER_SECRET_SIZE, | |
507 | s, s->msg_callback_arg); | |
508 | } | |
509 | #endif | |
510 | 475 | OPENSSL_cleanse(buf, sizeof(buf)); |
511 | 476 | return (ret); |
512 | 477 | } |
312 | 312 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); |
313 | 313 | goto err2; |
314 | 314 | } |
315 | #ifdef OPENSSL_SSL_TRACE_CRYPTO | |
316 | if (s->msg_callback) { | |
317 | int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0; | |
318 | if (*mac_secret_size) | |
319 | s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC, | |
320 | mac_secret, *mac_secret_size, | |
321 | s, s->msg_callback_arg); | |
322 | if (c->key_len) | |
323 | s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY, | |
324 | key, c->key_len, s, s->msg_callback_arg); | |
325 | if (k) { | |
326 | if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) | |
327 | wh |= TLS1_RT_CRYPTO_FIXED_IV; | |
328 | else | |
329 | wh |= TLS1_RT_CRYPTO_IV; | |
330 | s->msg_callback(2, s->version, wh, iv, k, s, s->msg_callback_arg); | |
331 | } | |
332 | } | |
333 | #endif | |
334 | 315 | |
335 | 316 | #ifdef SSL_DEBUG |
336 | 317 | printf("which = %04X\nkey=", which); |
525 | 506 | fprintf(stderr, "Master Secret:\n"); |
526 | 507 | BIO_dump_fp(stderr, (char *)s->session->master_key, |
527 | 508 | SSL3_MASTER_SECRET_SIZE); |
528 | #endif | |
529 | ||
530 | #ifdef OPENSSL_SSL_TRACE_CRYPTO | |
531 | if (s->msg_callback) { | |
532 | s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER, | |
533 | p, len, s, s->msg_callback_arg); | |
534 | s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM, | |
535 | s->s3->client_random, SSL3_RANDOM_SIZE, | |
536 | s, s->msg_callback_arg); | |
537 | s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM, | |
538 | s->s3->server_random, SSL3_RANDOM_SIZE, | |
539 | s, s->msg_callback_arg); | |
540 | s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER, | |
541 | s->session->master_key, | |
542 | SSL3_MASTER_SECRET_SIZE, s, s->msg_callback_arg); | |
543 | } | |
544 | 509 | #endif |
545 | 510 | |
546 | 511 | return (SSL3_MASTER_SECRET_SIZE); |
546 | 546 | {66, "ecdsa_fixed_ecdh"} |
547 | 547 | }; |
548 | 548 | |
549 | static ssl_trace_tbl ssl_crypto_tbl[] = { | |
550 | {TLS1_RT_CRYPTO_PREMASTER, "Premaster Secret"}, | |
551 | {TLS1_RT_CRYPTO_CLIENT_RANDOM, "Client Random"}, | |
552 | {TLS1_RT_CRYPTO_SERVER_RANDOM, "Server Random"}, | |
553 | {TLS1_RT_CRYPTO_MASTER, "Master Secret"}, | |
554 | {TLS1_RT_CRYPTO_MAC | TLS1_RT_CRYPTO_WRITE, "Write Mac Secret"}, | |
555 | {TLS1_RT_CRYPTO_MAC | TLS1_RT_CRYPTO_READ, "Read Mac Secret"}, | |
556 | {TLS1_RT_CRYPTO_KEY | TLS1_RT_CRYPTO_WRITE, "Write Key"}, | |
557 | {TLS1_RT_CRYPTO_KEY | TLS1_RT_CRYPTO_READ, "Read Key"}, | |
558 | {TLS1_RT_CRYPTO_IV | TLS1_RT_CRYPTO_WRITE, "Write IV"}, | |
559 | {TLS1_RT_CRYPTO_IV | TLS1_RT_CRYPTO_READ, "Read IV"}, | |
560 | {TLS1_RT_CRYPTO_FIXED_IV | TLS1_RT_CRYPTO_WRITE, "Write IV (fixed part)"}, | |
561 | {TLS1_RT_CRYPTO_FIXED_IV | TLS1_RT_CRYPTO_READ, "Read IV (fixed part)"} | |
562 | }; | |
563 | ||
564 | 549 | static void ssl_print_hex(BIO *bio, int indent, const char *name, |
565 | 550 | const unsigned char *msg, size_t msglen) |
566 | 551 | { |
1282 | 1267 | const unsigned char *msg = buf; |
1283 | 1268 | BIO *bio = arg; |
1284 | 1269 | |
1285 | if (write_p == 2) { | |
1286 | BIO_puts(bio, "Session "); | |
1287 | ssl_print_hex(bio, 0, | |
1288 | ssl_trace_str(content_type, ssl_crypto_tbl), msg, msglen); | |
1289 | return; | |
1290 | } | |
1291 | 1270 | switch (content_type) { |
1292 | 1271 | case SSL3_RT_HEADER: |
1293 | 1272 | { |