Commit 410ab527b38ea99e1d897cc60c45aad0d9bac913 - openssl

Remove support for OPENSSL_SSL_TRACE_CRYPTO This trace option does not appear in Configure as a separate option and is undocumented. It can be switched on using "-DOPENSSL_SSL_TRACE_CRYPTO", however this does not compile in master or in any 1.1.0 released version. (cherry picked from commit eee2750bd3d25265bb44d029877434d2cc80970c) Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3413) Matt Caswell 7 years ago

3 changed file(s) with 0 addition(s) and 91 deletion(s). Raw diff Collapse all Expand all

-35

ssl/s3_enc.c less more

227	227	if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)))
228	228	goto err2;
229	229
230		#ifdef OPENSSL_SSL_TRACE_CRYPTO
231		if (s->msg_callback) {
232
233		int wh = which & SSL3_CC_WRITE ?
234		TLS1_RT_CRYPTO_WRITE : TLS1_RT_CRYPTO_READ;
235		s->msg_callback(2, s->version, wh \| TLS1_RT_CRYPTO_MAC,
236		mac_secret, EVP_MD_size(m), s, s->msg_callback_arg);
237		if (c->key_len)
238		s->msg_callback(2, s->version, wh \| TLS1_RT_CRYPTO_KEY,
239		key, c->key_len, s, s->msg_callback_arg);
240		if (k) {
241		s->msg_callback(2, s->version, wh \| TLS1_RT_CRYPTO_IV,
242		iv, k, s, s->msg_callback_arg);
243		}
244		}
245		#endif
246
247	230	OPENSSL_cleanse(exp_key, sizeof(exp_key));
248	231	OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
249	232	return (1);

461	444	EVP_MD_CTX *ctx = EVP_MD_CTX_new();
462	445	int i, ret = 0;
463	446	unsigned int n;
464		#ifdef OPENSSL_SSL_TRACE_CRYPTO
465		unsigned char *tmpout = out;
466		#endif
467	447
468	448	if (ctx == NULL) {
469	449	SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE);

492	472	}
493	473	EVP_MD_CTX_free(ctx);
494	474
495		#ifdef OPENSSL_SSL_TRACE_CRYPTO
496		if (ret > 0 && s->msg_callback) {
497		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
498		p, len, s, s->msg_callback_arg);
499		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
500		s->s3->client_random, SSL3_RANDOM_SIZE,
501		s, s->msg_callback_arg);
502		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
503		s->s3->server_random, SSL3_RANDOM_SIZE,
504		s, s->msg_callback_arg);
505		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
506		tmpout, SSL3_MASTER_SECRET_SIZE,
507		s, s->msg_callback_arg);
508		}
509		#endif
510	475	OPENSSL_cleanse(buf, sizeof(buf));
511	476	return (ret);
512	477	}

-35

ssl/t1_enc.c less more

312	312	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
313	313	goto err2;
314	314	}
315		#ifdef OPENSSL_SSL_TRACE_CRYPTO
316		if (s->msg_callback) {
317		int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0;
318		if (*mac_secret_size)
319		s->msg_callback(2, s->version, wh \| TLS1_RT_CRYPTO_MAC,
320		mac_secret, *mac_secret_size,
321		s, s->msg_callback_arg);
322		if (c->key_len)
323		s->msg_callback(2, s->version, wh \| TLS1_RT_CRYPTO_KEY,
324		key, c->key_len, s, s->msg_callback_arg);
325		if (k) {
326		if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
327		wh \|= TLS1_RT_CRYPTO_FIXED_IV;
328		else
329		wh \|= TLS1_RT_CRYPTO_IV;
330		s->msg_callback(2, s->version, wh, iv, k, s, s->msg_callback_arg);
331		}
332		}
333		#endif
334	315
335	316	#ifdef SSL_DEBUG
336	317	printf("which = %04X\nkey=", which);

525	506	fprintf(stderr, "Master Secret:\n");
526	507	BIO_dump_fp(stderr, (char *)s->session->master_key,
527	508	SSL3_MASTER_SECRET_SIZE);
528		#endif
529
530		#ifdef OPENSSL_SSL_TRACE_CRYPTO
531		if (s->msg_callback) {
532		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
533		p, len, s, s->msg_callback_arg);
534		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
535		s->s3->client_random, SSL3_RANDOM_SIZE,
536		s, s->msg_callback_arg);
537		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
538		s->s3->server_random, SSL3_RANDOM_SIZE,
539		s, s->msg_callback_arg);
540		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
541		s->session->master_key,
542		SSL3_MASTER_SECRET_SIZE, s, s->msg_callback_arg);
543		}
544	509	#endif
545	510
546	511	return (SSL3_MASTER_SECRET_SIZE);

-21

ssl/t1_trce.c less more

546	546	{66, "ecdsa_fixed_ecdh"}
547	547	};
548	548
549		static ssl_trace_tbl ssl_crypto_tbl[] = {
550		{TLS1_RT_CRYPTO_PREMASTER, "Premaster Secret"},
551		{TLS1_RT_CRYPTO_CLIENT_RANDOM, "Client Random"},
552		{TLS1_RT_CRYPTO_SERVER_RANDOM, "Server Random"},
553		{TLS1_RT_CRYPTO_MASTER, "Master Secret"},
554		{TLS1_RT_CRYPTO_MAC \| TLS1_RT_CRYPTO_WRITE, "Write Mac Secret"},
555		{TLS1_RT_CRYPTO_MAC \| TLS1_RT_CRYPTO_READ, "Read Mac Secret"},
556		{TLS1_RT_CRYPTO_KEY \| TLS1_RT_CRYPTO_WRITE, "Write Key"},
557		{TLS1_RT_CRYPTO_KEY \| TLS1_RT_CRYPTO_READ, "Read Key"},
558		{TLS1_RT_CRYPTO_IV \| TLS1_RT_CRYPTO_WRITE, "Write IV"},
559		{TLS1_RT_CRYPTO_IV \| TLS1_RT_CRYPTO_READ, "Read IV"},
560		{TLS1_RT_CRYPTO_FIXED_IV \| TLS1_RT_CRYPTO_WRITE, "Write IV (fixed part)"},
561		{TLS1_RT_CRYPTO_FIXED_IV \| TLS1_RT_CRYPTO_READ, "Read IV (fixed part)"}
562		};
563
564	549	static void ssl_print_hex(BIO bio, int indent, const char name,
565	550	const unsigned char *msg, size_t msglen)
566	551	{

1282	1267	const unsigned char *msg = buf;
1283	1268	BIO *bio = arg;
1284	1269
1285		if (write_p == 2) {
1286		BIO_puts(bio, "Session ");
1287		ssl_print_hex(bio, 0,
1288		ssl_trace_str(content_type, ssl_crypto_tbl), msg, msglen);
1289		return;
1290		}
1291	1270	switch (content_type) {
1292	1271	case SSL3_RT_HEADER:
1293	1272	{