From eee2750bd3d25265bb44d029877434d2cc80970c Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 8 May 2017 09:32:58 +0100 Subject: [PATCH] Remove support for OPENSSL_SSL_TRACE_CRYPTO This trace option does not appear in Configure as a separate option and is undocumented. It can be switched on using "-DOPENSSL_SSL_TRACE_CRYPTO", however this does not compile in master or in any 1.1.0 released version. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/3408) --- ssl/s3_enc.c | 35 ----------------------------------- ssl/t1_enc.c | 35 ----------------------------------- ssl/t1_trce.c | 21 --------------------- ssl/tls13_enc.c | 14 -------------- 4 files changed, 105 deletions(-) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 88e74edf2b..0d75567fc6 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -230,23 +230,6 @@ int ssl3_change_cipher_state(SSL *s, int which) if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) goto err2; -#ifdef OPENSSL_SSL_TRACE_CRYPTO - if (s->msg_callback) { - - int wh = which & SSL3_CC_WRITE ? - TLS1_RT_CRYPTO_WRITE : TLS1_RT_CRYPTO_READ; - s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC, - mac_secret, EVP_MD_size(m), s, s->msg_callback_arg); - if (c->key_len) - s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY, - key, c->key_len, s, s->msg_callback_arg); - if (k) { - s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_IV, - iv, k, s, s->msg_callback_arg); - } - } -#endif - OPENSSL_cleanse(exp_key, sizeof(exp_key)); OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); return (1); @@ -470,9 +453,6 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, EVP_MD_CTX *ctx = EVP_MD_CTX_new(); int i, ret = 1; unsigned int n; -#ifdef OPENSSL_SSL_TRACE_CRYPTO - unsigned char *tmpout = out; -#endif size_t ret_secret_size = 0; if (ctx == NULL) { @@ -503,21 +483,6 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, } EVP_MD_CTX_free(ctx); -#ifdef OPENSSL_SSL_TRACE_CRYPTO - if (ret && s->msg_callback) { - s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER, - p, len, s, s->msg_callback_arg); - s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM, - s->s3->client_random, SSL3_RANDOM_SIZE, - s, s->msg_callback_arg); - s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM, - s->s3->server_random, SSL3_RANDOM_SIZE, - s, s->msg_callback_arg); - s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER, - tmpout, SSL3_MASTER_SECRET_SIZE, - s, s->msg_callback_arg); - } -#endif OPENSSL_cleanse(buf, sizeof(buf)); if (ret) *secret_size = ret_secret_size; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 16db3054c6..ad82a55eb8 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -315,25 +315,6 @@ int tls1_change_cipher_state(SSL *s, int which) SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); goto err2; } -#ifdef OPENSSL_SSL_TRACE_CRYPTO - if (s->msg_callback) { - int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0; - if (*mac_secret_size) - s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC, - mac_secret, *mac_secret_size, - s, s->msg_callback_arg); - if (c->key_len) - s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY, - key, c->key_len, s, s->msg_callback_arg); - if (k) { - if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) - wh |= TLS1_RT_CRYPTO_FIXED_IV; - else - wh |= TLS1_RT_CRYPTO_IV; - s->msg_callback(2, s->version, wh, iv, k, s, s->msg_callback_arg); - } - } -#endif #ifdef SSL_DEBUG printf("which = %04X\nkey=", which); @@ -530,22 +511,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, SSL3_MASTER_SECRET_SIZE); #endif -#ifdef OPENSSL_SSL_TRACE_CRYPTO - if (s->msg_callback) { - s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER, - p, len, s, s->msg_callback_arg); - s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM, - s->s3->client_random, SSL3_RANDOM_SIZE, - s, s->msg_callback_arg); - s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM, - s->s3->server_random, SSL3_RANDOM_SIZE, - s, s->msg_callback_arg); - s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER, - s->session->master_key, - SSL3_MASTER_SECRET_SIZE, s, s->msg_callback_arg); - } -#endif - *secret_size = SSL3_MASTER_SECRET_SIZE; return 1; } diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index b96f532e5a..8b6433054e 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -568,21 +568,6 @@ static ssl_trace_tbl ssl_psk_kex_modes_tbl[] = { {TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke"} }; -static ssl_trace_tbl ssl_crypto_tbl[] = { - {TLS1_RT_CRYPTO_PREMASTER, "Premaster Secret"}, - {TLS1_RT_CRYPTO_CLIENT_RANDOM, "Client Random"}, - {TLS1_RT_CRYPTO_SERVER_RANDOM, "Server Random"}, - {TLS1_RT_CRYPTO_MASTER, "Master Secret"}, - {TLS1_RT_CRYPTO_MAC | TLS1_RT_CRYPTO_WRITE, "Write Mac Secret"}, - {TLS1_RT_CRYPTO_MAC | TLS1_RT_CRYPTO_READ, "Read Mac Secret"}, - {TLS1_RT_CRYPTO_KEY | TLS1_RT_CRYPTO_WRITE, "Write Key"}, - {TLS1_RT_CRYPTO_KEY | TLS1_RT_CRYPTO_READ, "Read Key"}, - {TLS1_RT_CRYPTO_IV | TLS1_RT_CRYPTO_WRITE, "Write IV"}, - {TLS1_RT_CRYPTO_IV | TLS1_RT_CRYPTO_READ, "Read IV"}, - {TLS1_RT_CRYPTO_FIXED_IV | TLS1_RT_CRYPTO_WRITE, "Write IV (fixed part)"}, - {TLS1_RT_CRYPTO_FIXED_IV | TLS1_RT_CRYPTO_READ, "Read IV (fixed part)"} -}; - static ssl_trace_tbl ssl_key_update_tbl[] = { {SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested"}, {SSL_KEY_UPDATE_REQUESTED, "update_requested"} @@ -1489,12 +1474,6 @@ void SSL_trace(int write_p, int version, int content_type, const unsigned char *msg = buf; BIO *bio = arg; - if (write_p == 2) { - BIO_puts(bio, "Session "); - ssl_print_hex(bio, 0, - ssl_trace_str(content_type, ssl_crypto_tbl), msg, msglen); - return; - } switch (content_type) { case SSL3_RT_HEADER: { diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 255bc96ac1..2763475382 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -321,20 +321,6 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, goto err; } -#ifdef OPENSSL_SSL_TRACE_CRYPTO - if (s->msg_callback) { - int wh = sending ? TLS1_RT_CRYPTO_WRITE : 0; - - if (ciph->key_len) - s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY, - key, ciph->key_len, s, s->msg_callback_arg); - - wh |= TLS1_RT_CRYPTO_IV; - s->msg_callback(2, s->version, wh, iv, ivlen, s, - s->msg_callback_arg); - } -#endif - return 1; err: OPENSSL_cleanse(key, sizeof(key)); -- 2.25.1