提交 eee2750b 编写于 作者: M Matt Caswell

Remove support for OPENSSL_SSL_TRACE_CRYPTO

This trace option does not appear in Configure as a separate option and is
undocumented. It can be switched on using "-DOPENSSL_SSL_TRACE_CRYPTO",
however this does not compile in master or in any 1.1.0 released version.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3408)
上级 12635aa0
......@@ -230,23 +230,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)))
goto err2;
#ifdef OPENSSL_SSL_TRACE_CRYPTO
if (s->msg_callback) {
int wh = which & SSL3_CC_WRITE ?
TLS1_RT_CRYPTO_WRITE : TLS1_RT_CRYPTO_READ;
s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
mac_secret, EVP_MD_size(m), s, s->msg_callback_arg);
if (c->key_len)
s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
key, c->key_len, s, s->msg_callback_arg);
if (k) {
s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_IV,
iv, k, s, s->msg_callback_arg);
}
}
#endif
OPENSSL_cleanse(exp_key, sizeof(exp_key));
OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return (1);
......@@ -470,9 +453,6 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
int i, ret = 1;
unsigned int n;
#ifdef OPENSSL_SSL_TRACE_CRYPTO
unsigned char *tmpout = out;
#endif
size_t ret_secret_size = 0;
if (ctx == NULL) {
......@@ -503,21 +483,6 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
}
EVP_MD_CTX_free(ctx);
#ifdef OPENSSL_SSL_TRACE_CRYPTO
if (ret && s->msg_callback) {
s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
p, len, s, s->msg_callback_arg);
s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
s->s3->client_random, SSL3_RANDOM_SIZE,
s, s->msg_callback_arg);
s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
s->s3->server_random, SSL3_RANDOM_SIZE,
s, s->msg_callback_arg);
s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
tmpout, SSL3_MASTER_SECRET_SIZE,
s, s->msg_callback_arg);
}
#endif
OPENSSL_cleanse(buf, sizeof(buf));
if (ret)
*secret_size = ret_secret_size;
......
......@@ -315,25 +315,6 @@ int tls1_change_cipher_state(SSL *s, int which)
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
#ifdef OPENSSL_SSL_TRACE_CRYPTO
if (s->msg_callback) {
int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0;
if (*mac_secret_size)
s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
mac_secret, *mac_secret_size,
s, s->msg_callback_arg);
if (c->key_len)
s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
key, c->key_len, s, s->msg_callback_arg);
if (k) {
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
wh |= TLS1_RT_CRYPTO_FIXED_IV;
else
wh |= TLS1_RT_CRYPTO_IV;
s->msg_callback(2, s->version, wh, iv, k, s, s->msg_callback_arg);
}
}
#endif
#ifdef SSL_DEBUG
printf("which = %04X\nkey=", which);
......@@ -530,22 +511,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
SSL3_MASTER_SECRET_SIZE);
#endif
#ifdef OPENSSL_SSL_TRACE_CRYPTO
if (s->msg_callback) {
s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
p, len, s, s->msg_callback_arg);
s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
s->s3->client_random, SSL3_RANDOM_SIZE,
s, s->msg_callback_arg);
s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
s->s3->server_random, SSL3_RANDOM_SIZE,
s, s->msg_callback_arg);
s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
s->session->master_key,
SSL3_MASTER_SECRET_SIZE, s, s->msg_callback_arg);
}
#endif
*secret_size = SSL3_MASTER_SECRET_SIZE;
return 1;
}
......
......@@ -568,21 +568,6 @@ static ssl_trace_tbl ssl_psk_kex_modes_tbl[] = {
{TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke"}
};
static ssl_trace_tbl ssl_crypto_tbl[] = {
{TLS1_RT_CRYPTO_PREMASTER, "Premaster Secret"},
{TLS1_RT_CRYPTO_CLIENT_RANDOM, "Client Random"},
{TLS1_RT_CRYPTO_SERVER_RANDOM, "Server Random"},
{TLS1_RT_CRYPTO_MASTER, "Master Secret"},
{TLS1_RT_CRYPTO_MAC | TLS1_RT_CRYPTO_WRITE, "Write Mac Secret"},
{TLS1_RT_CRYPTO_MAC | TLS1_RT_CRYPTO_READ, "Read Mac Secret"},
{TLS1_RT_CRYPTO_KEY | TLS1_RT_CRYPTO_WRITE, "Write Key"},
{TLS1_RT_CRYPTO_KEY | TLS1_RT_CRYPTO_READ, "Read Key"},
{TLS1_RT_CRYPTO_IV | TLS1_RT_CRYPTO_WRITE, "Write IV"},
{TLS1_RT_CRYPTO_IV | TLS1_RT_CRYPTO_READ, "Read IV"},
{TLS1_RT_CRYPTO_FIXED_IV | TLS1_RT_CRYPTO_WRITE, "Write IV (fixed part)"},
{TLS1_RT_CRYPTO_FIXED_IV | TLS1_RT_CRYPTO_READ, "Read IV (fixed part)"}
};
static ssl_trace_tbl ssl_key_update_tbl[] = {
{SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested"},
{SSL_KEY_UPDATE_REQUESTED, "update_requested"}
......@@ -1489,12 +1474,6 @@ void SSL_trace(int write_p, int version, int content_type,
const unsigned char *msg = buf;
BIO *bio = arg;
if (write_p == 2) {
BIO_puts(bio, "Session ");
ssl_print_hex(bio, 0,
ssl_trace_str(content_type, ssl_crypto_tbl), msg, msglen);
return;
}
switch (content_type) {
case SSL3_RT_HEADER:
{
......
......@@ -321,20 +321,6 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
goto err;
}
#ifdef OPENSSL_SSL_TRACE_CRYPTO
if (s->msg_callback) {
int wh = sending ? TLS1_RT_CRYPTO_WRITE : 0;
if (ciph->key_len)
s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
key, ciph->key_len, s, s->msg_callback_arg);
wh |= TLS1_RT_CRYPTO_IV;
s->msg_callback(2, s->version, wh, iv, ivlen, s,
s->msg_callback_arg);
}
#endif
return 1;
err:
OPENSSL_cleanse(key, sizeof(key));
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册