From 1cf218bcaa77b8d069af7587585f150575339d54 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 28 Aug 2012 23:17:28 +0000
Subject: [PATCH] New compile time option OPENSSL_SSL_TRACE_CRYPTO, when set
 this passes all derived keys to the message callback.

Add code to SSL_trace to include support for printing out keys.
---
 ssl/s3_enc.c  | 41 +++++++++++++++++++++++++++++++++++++++++
 ssl/ssl3.h    | 14 ++++++++++++++
 ssl/t1_enc.c  | 42 ++++++++++++++++++++++++++++++++++++++++++
 ssl/t1_trce.c | 26 +++++++++++++++++++++++++-
 4 files changed, 122 insertions(+), 1 deletion(-)

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index c5df2cb90a..d54babc96d 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -375,6 +375,27 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
 	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 
+#ifdef OPENSSL_SSL_TRACE_CRYPTO
+	if (s->msg_callback)
+		{
+ 
+		int wh = which & SSL3_CC_WRITE ?
+				TLS1_RT_CRYPTO_WRITE : TLS1_RT_CRYPTO_READ;
+		s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
+						mac_secret, EVP_MD_size(m),
+						s, s->msg_callback_arg);
+		if (c->key_len)
+			s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
+						key, c->key_len,
+						s, s->msg_callback_arg);
+		if (k)
+			{
+			s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_IV,
+						iv, k, s, s->msg_callback_arg);
+			}
+		}
+#endif
+
 	OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
 	OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
 	EVP_MD_CTX_cleanup(&md);
@@ -797,6 +818,9 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 	EVP_MD_CTX ctx;
 	int i,ret=0;
 	unsigned int n;
+#ifdef SSL_TRACE_CRYPTO_DEBUG
+	unsigned char *tmpout = out;
+#endif
 
 	EVP_MD_CTX_init(&ctx);
 	for (i=0; i<3; i++)
@@ -818,6 +842,23 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 		ret+=n;
 		}
 	EVP_MD_CTX_cleanup(&ctx);
+
+#ifdef SSL_TRACE_CRYPTO_DEBUG
+	if (s->msg_callback)
+		{
+		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
+						p, len, s, s->msg_callback_arg);
+		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
+					s->s3->client_random, SSL3_RANDOM_SIZE,
+						s, s->msg_callback_arg);
+		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
+					s->s3->server_random, SSL3_RANDOM_SIZE,
+					s, s->msg_callback_arg);
+		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
+					tmpout, SSL3_MASTER_SECRET_SIZE,
+					s, s->msg_callback_arg);
+		}
+#endif
 	return(ret);
 	}
 
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 74274771ff..b0b6539d5e 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -324,6 +324,20 @@ extern "C" {
 #define SSL3_RT_APPLICATION_DATA	23
 #define TLS1_RT_HEARTBEAT		24
 
+/* Pseudo content types to indicate additional parameters */
+#define TLS1_RT_CRYPTO			0x1000
+#define TLS1_RT_CRYPTO_PREMASTER	(TLS1_RT_CRYPTO | 0x1)
+#define TLS1_RT_CRYPTO_CLIENT_RANDOM	(TLS1_RT_CRYPTO | 0x2)
+#define TLS1_RT_CRYPTO_SERVER_RANDOM	(TLS1_RT_CRYPTO | 0x3)
+#define TLS1_RT_CRYPTO_MASTER		(TLS1_RT_CRYPTO | 0x4)
+
+#define TLS1_RT_CRYPTO_READ		0x0000
+#define TLS1_RT_CRYPTO_WRITE		0x0100
+#define TLS1_RT_CRYPTO_MAC		(TLS1_RT_CRYPTO | 0x5)
+#define TLS1_RT_CRYPTO_KEY		(TLS1_RT_CRYPTO | 0x6)
+#define TLS1_RT_CRYPTO_IV		(TLS1_RT_CRYPTO | 0x7)
+#define TLS1_RT_CRYPTO_FIXED_IV		(TLS1_RT_CRYPTO | 0x8)
+
 #define SSL3_AL_WARNING			1
 #define SSL3_AL_FATAL			2
 
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index f7bdeb3b9d..44555f581e 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -556,6 +556,30 @@ printf("which = %04X\nmac key=",which);
 		EVP_CIPHER_CTX_ctrl(dd,EVP_CTRL_AEAD_SET_MAC_KEY,
 				*mac_secret_size,mac_secret);
 
+#ifdef OPENSSL_SSL_TRACE_CRYPTO
+	if (s->msg_callback)
+		{
+		int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0;
+		if (*mac_secret_size)
+			s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
+						mac_secret, *mac_secret_size,
+						s, s->msg_callback_arg);
+		if (c->key_len)
+			s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
+						key, c->key_len,
+						s, s->msg_callback_arg);
+		if (k)
+			{
+			if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
+				wh |= TLS1_RT_CRYPTO_FIXED_IV;
+			else
+				wh |= TLS1_RT_CRYPTO_IV;
+			s->msg_callback(2, s->version, wh, iv, k,
+						s, s->msg_callback_arg);
+			}
+		}
+#endif
+
 #ifdef TLS_DEBUG
 printf("which = %04X\nkey=",which);
 { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
@@ -1118,6 +1142,24 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 	BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
 #endif
 
+#ifdef OPENSSL_SSL_TRACE_CRYPTO
+	if (s->msg_callback)
+		{
+		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
+						p, len, s, s->msg_callback_arg);
+		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
+					s->s3->client_random, SSL3_RANDOM_SIZE,
+						s, s->msg_callback_arg);
+		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
+					s->s3->server_random, SSL3_RANDOM_SIZE,
+					s, s->msg_callback_arg);
+		s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
+					s->session->master_key,
+					SSL3_MASTER_SECRET_SIZE,
+					s, s->msg_callback_arg);
+		}
+#endif
+
 #ifdef KSSL_DEBUG
 	printf ("tls1_generate_master_secret() complete\n");
 #endif	/* KSSL_DEBUG */
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 47539a57cd..3571aaacae 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -444,6 +444,21 @@ static ssl_trace_tbl ssl_ctype_tbl[] = {
 	{66, "ecdsa_fixed_ecdh"}
 };
 
+static ssl_trace_tbl ssl_crypto_tbl[] = {
+	{TLS1_RT_CRYPTO_PREMASTER,	"Premaster Secret"},
+	{TLS1_RT_CRYPTO_CLIENT_RANDOM,	"Client Random"},
+	{TLS1_RT_CRYPTO_SERVER_RANDOM,	"Server Random"},
+	{TLS1_RT_CRYPTO_MASTER,		"Master Secret"},
+	{TLS1_RT_CRYPTO_MAC|TLS1_RT_CRYPTO_WRITE,	"Write Mac Secret"},
+	{TLS1_RT_CRYPTO_MAC|TLS1_RT_CRYPTO_READ, 	"Read Mac Secret"},
+	{TLS1_RT_CRYPTO_KEY|TLS1_RT_CRYPTO_WRITE,	"Write Key"},
+	{TLS1_RT_CRYPTO_KEY|TLS1_RT_CRYPTO_READ, 	"Read Key"},
+	{TLS1_RT_CRYPTO_IV|TLS1_RT_CRYPTO_WRITE,	"Write IV"},
+	{TLS1_RT_CRYPTO_IV|TLS1_RT_CRYPTO_READ, 	"Read IV"},
+	{TLS1_RT_CRYPTO_FIXED_IV|TLS1_RT_CRYPTO_WRITE,	"Write IV (fixed part)"},
+	{TLS1_RT_CRYPTO_FIXED_IV|TLS1_RT_CRYPTO_READ, 	"Read IV (fixed part)"}
+};
+
 static void ssl_print_hex(BIO *bio, int indent, const char *name,
 				const unsigned char *msg, size_t msglen)
 	{
@@ -1193,7 +1208,16 @@ void SSL_trace(int write_p, int version, int content_type,
 	{
 	const unsigned char *msg = buf;
 	BIO *bio = arg;
-	
+
+	if (write_p == 2)
+		{
+		BIO_puts(bio, "Session ");
+		ssl_print_hex(bio, 0,
+				ssl_trace_str(content_type, ssl_crypto_tbl),
+				msg, msglen);
+		return;
+		}
+
 	BIO_printf(bio, "%s Record: Version = %s (0x%x)",
 				write_p ? "Sent" : "Received",
 				ssl_trace_str(version, ssl_version_tbl),
-- 
GitLab