From 1cf218bcaa77b8d069af7587585f150575339d54 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 28 Aug 2012 23:17:28 +0000 Subject: [PATCH] New compile time option OPENSSL_SSL_TRACE_CRYPTO, when set this passes all derived keys to the message callback. Add code to SSL_trace to include support for printing out keys. --- ssl/s3_enc.c | 41 +++++++++++++++++++++++++++++++++++++++++ ssl/ssl3.h | 14 ++++++++++++++ ssl/t1_enc.c | 42 ++++++++++++++++++++++++++++++++++++++++++ ssl/t1_trce.c | 26 +++++++++++++++++++++++++- 4 files changed, 122 insertions(+), 1 deletion(-) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index c5df2cb90a..d54babc96d 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -375,6 +375,27 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); +#ifdef OPENSSL_SSL_TRACE_CRYPTO + if (s->msg_callback) + { + + int wh = which & SSL3_CC_WRITE ? + TLS1_RT_CRYPTO_WRITE : TLS1_RT_CRYPTO_READ; + s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC, + mac_secret, EVP_MD_size(m), + s, s->msg_callback_arg); + if (c->key_len) + s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY, + key, c->key_len, + s, s->msg_callback_arg); + if (k) + { + s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_IV, + iv, k, s, s->msg_callback_arg); + } + } +#endif + OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key)); OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv)); EVP_MD_CTX_cleanup(&md); @@ -797,6 +818,9 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, EVP_MD_CTX ctx; int i,ret=0; unsigned int n; +#ifdef SSL_TRACE_CRYPTO_DEBUG + unsigned char *tmpout = out; +#endif EVP_MD_CTX_init(&ctx); for (i=0; i<3; i++) @@ -818,6 +842,23 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, ret+=n; } EVP_MD_CTX_cleanup(&ctx); + +#ifdef SSL_TRACE_CRYPTO_DEBUG + if (s->msg_callback) + { + s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER, + p, len, s, s->msg_callback_arg); + s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM, + s->s3->client_random, SSL3_RANDOM_SIZE, + s, s->msg_callback_arg); + s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM, + s->s3->server_random, SSL3_RANDOM_SIZE, + s, s->msg_callback_arg); + s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER, + tmpout, SSL3_MASTER_SECRET_SIZE, + s, s->msg_callback_arg); + } +#endif return(ret); } diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 74274771ff..b0b6539d5e 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -324,6 +324,20 @@ extern "C" { #define SSL3_RT_APPLICATION_DATA 23 #define TLS1_RT_HEARTBEAT 24 +/* Pseudo content types to indicate additional parameters */ +#define TLS1_RT_CRYPTO 0x1000 +#define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) +#define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) +#define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) +#define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) + +#define TLS1_RT_CRYPTO_READ 0x0000 +#define TLS1_RT_CRYPTO_WRITE 0x0100 +#define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) +#define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) +#define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) +#define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) + #define SSL3_AL_WARNING 1 #define SSL3_AL_FATAL 2 diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index f7bdeb3b9d..44555f581e 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -556,6 +556,30 @@ printf("which = %04X\nmac key=",which); EVP_CIPHER_CTX_ctrl(dd,EVP_CTRL_AEAD_SET_MAC_KEY, *mac_secret_size,mac_secret); +#ifdef OPENSSL_SSL_TRACE_CRYPTO + if (s->msg_callback) + { + int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0; + if (*mac_secret_size) + s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC, + mac_secret, *mac_secret_size, + s, s->msg_callback_arg); + if (c->key_len) + s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY, + key, c->key_len, + s, s->msg_callback_arg); + if (k) + { + if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) + wh |= TLS1_RT_CRYPTO_FIXED_IV; + else + wh |= TLS1_RT_CRYPTO_IV; + s->msg_callback(2, s->version, wh, iv, k, + s, s->msg_callback_arg); + } + } +#endif + #ifdef TLS_DEBUG printf("which = %04X\nkey=",which); { int z; for (z=0; zsession->master_key, SSL3_MASTER_SECRET_SIZE); #endif +#ifdef OPENSSL_SSL_TRACE_CRYPTO + if (s->msg_callback) + { + s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER, + p, len, s, s->msg_callback_arg); + s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM, + s->s3->client_random, SSL3_RANDOM_SIZE, + s, s->msg_callback_arg); + s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM, + s->s3->server_random, SSL3_RANDOM_SIZE, + s, s->msg_callback_arg); + s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER, + s->session->master_key, + SSL3_MASTER_SECRET_SIZE, + s, s->msg_callback_arg); + } +#endif + #ifdef KSSL_DEBUG printf ("tls1_generate_master_secret() complete\n"); #endif /* KSSL_DEBUG */ diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 47539a57cd..3571aaacae 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -444,6 +444,21 @@ static ssl_trace_tbl ssl_ctype_tbl[] = { {66, "ecdsa_fixed_ecdh"} }; +static ssl_trace_tbl ssl_crypto_tbl[] = { + {TLS1_RT_CRYPTO_PREMASTER, "Premaster Secret"}, + {TLS1_RT_CRYPTO_CLIENT_RANDOM, "Client Random"}, + {TLS1_RT_CRYPTO_SERVER_RANDOM, "Server Random"}, + {TLS1_RT_CRYPTO_MASTER, "Master Secret"}, + {TLS1_RT_CRYPTO_MAC|TLS1_RT_CRYPTO_WRITE, "Write Mac Secret"}, + {TLS1_RT_CRYPTO_MAC|TLS1_RT_CRYPTO_READ, "Read Mac Secret"}, + {TLS1_RT_CRYPTO_KEY|TLS1_RT_CRYPTO_WRITE, "Write Key"}, + {TLS1_RT_CRYPTO_KEY|TLS1_RT_CRYPTO_READ, "Read Key"}, + {TLS1_RT_CRYPTO_IV|TLS1_RT_CRYPTO_WRITE, "Write IV"}, + {TLS1_RT_CRYPTO_IV|TLS1_RT_CRYPTO_READ, "Read IV"}, + {TLS1_RT_CRYPTO_FIXED_IV|TLS1_RT_CRYPTO_WRITE, "Write IV (fixed part)"}, + {TLS1_RT_CRYPTO_FIXED_IV|TLS1_RT_CRYPTO_READ, "Read IV (fixed part)"} +}; + static void ssl_print_hex(BIO *bio, int indent, const char *name, const unsigned char *msg, size_t msglen) { @@ -1193,7 +1208,16 @@ void SSL_trace(int write_p, int version, int content_type, { const unsigned char *msg = buf; BIO *bio = arg; - + + if (write_p == 2) + { + BIO_puts(bio, "Session "); + ssl_print_hex(bio, 0, + ssl_trace_str(content_type, ssl_crypto_tbl), + msg, msglen); + return; + } + BIO_printf(bio, "%s Record: Version = %s (0x%x)", write_p ? "Sent" : "Received", ssl_trace_str(version, ssl_version_tbl), -- 2.25.1