1 /* 2 * Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "ssl_local.h" 11 12 #ifndef OPENSSL_NO_SSL_TRACE 13 14 /* Packet trace support for OpenSSL */ 15 #include "internal/nelem.h" 16 #include "internal/ssl_unwrap.h" 17 #include "internal/quic_trace.h" 18 19 typedef struct { 20 int num; 21 const char *name; 22 } ssl_trace_tbl; 23 24 # define ssl_trace_str(val, tbl) \ 25 do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl)) 26 27 # define ssl_trace_list(bio, indent, msg, msglen, value, table) \ 28 do_ssl_trace_list(bio, indent, msg, msglen, value, \ 29 table, OSSL_NELEM(table)) 30 31 static const char *do_ssl_trace_str(int val, const ssl_trace_tbl *tbl, 32 size_t ntbl) 33 { 34 size_t i; 35 36 for (i = 0; i < ntbl; i++, tbl++) { 37 if (tbl->num == val) 38 return tbl->name; 39 } 40 return "UNKNOWN"; 41 } 42 43 static int do_ssl_trace_list(BIO *bio, int indent, 44 const unsigned char *msg, size_t msglen, 45 size_t vlen, const ssl_trace_tbl *tbl, size_t ntbl) 46 { 47 int val; 48 49 if (msglen % vlen) 50 return 0; 51 while (msglen) { 52 val = msg[0]; 53 if (vlen == 2) 54 val = (val << 8) | msg[1]; 55 BIO_indent(bio, indent, 80); 56 BIO_printf(bio, "%s (%d)\n", do_ssl_trace_str(val, tbl, ntbl), val); 57 msg += vlen; 58 msglen -= vlen; 59 } 60 return 1; 61 } 62 63 /* Version number */ 64 65 static const ssl_trace_tbl ssl_version_tbl[] = { 66 {SSL3_VERSION, "SSL 3.0"}, 67 {TLS1_VERSION, "TLS 1.0"}, 68 {TLS1_1_VERSION, "TLS 1.1"}, 69 {TLS1_2_VERSION, "TLS 1.2"}, 70 {TLS1_3_VERSION, "TLS 1.3"}, 71 {DTLS1_VERSION, "DTLS 1.0"}, 72 {DTLS1_2_VERSION, "DTLS 1.2"}, 73 {DTLS1_BAD_VER, "DTLS 1.0 (bad)"} 74 }; 75 76 static const ssl_trace_tbl ssl_content_tbl[] = { 77 {SSL3_RT_CHANGE_CIPHER_SPEC, "ChangeCipherSpec"}, 78 {SSL3_RT_ALERT, "Alert"}, 79 {SSL3_RT_HANDSHAKE, "Handshake"}, 80 {SSL3_RT_APPLICATION_DATA, "ApplicationData"}, 81 }; 82 83 /* Handshake types, sorted by ascending id */ 84 static const ssl_trace_tbl ssl_handshake_tbl[] = { 85 {SSL3_MT_HELLO_REQUEST, "HelloRequest"}, 86 {SSL3_MT_CLIENT_HELLO, "ClientHello"}, 87 {SSL3_MT_SERVER_HELLO, "ServerHello"}, 88 {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"}, 89 {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"}, 90 {SSL3_MT_END_OF_EARLY_DATA, "EndOfEarlyData"}, 91 {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"}, 92 {SSL3_MT_CERTIFICATE, "Certificate"}, 93 {SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange"}, 94 {SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest"}, 95 {SSL3_MT_SERVER_DONE, "ServerHelloDone"}, 96 {SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"}, 97 {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, 98 {SSL3_MT_FINISHED, "Finished"}, 99 {SSL3_MT_CERTIFICATE_URL, "CertificateUrl"}, 100 {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}, 101 {SSL3_MT_SUPPLEMENTAL_DATA, "SupplementalData"}, 102 {SSL3_MT_KEY_UPDATE, "KeyUpdate"}, 103 {SSL3_MT_COMPRESSED_CERTIFICATE, "CompressedCertificate"}, 104 # ifndef OPENSSL_NO_NEXTPROTONEG 105 {SSL3_MT_NEXT_PROTO, "NextProto"}, 106 # endif 107 {SSL3_MT_MESSAGE_HASH, "MessageHash"} 108 }; 109 110 /* Cipher suites */ 111 static const ssl_trace_tbl ssl_ciphers_tbl[] = { 112 {0x0000, "TLS_NULL_WITH_NULL_NULL"}, 113 {0x0001, "TLS_RSA_WITH_NULL_MD5"}, 114 {0x0002, "TLS_RSA_WITH_NULL_SHA"}, 115 {0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"}, 116 {0x0004, "TLS_RSA_WITH_RC4_128_MD5"}, 117 {0x0005, "TLS_RSA_WITH_RC4_128_SHA"}, 118 {0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, 119 {0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA"}, 120 {0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"}, 121 {0x0009, "TLS_RSA_WITH_DES_CBC_SHA"}, 122 {0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"}, 123 {0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, 124 {0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA"}, 125 {0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, 126 {0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, 127 {0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA"}, 128 {0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, 129 {0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, 130 {0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA"}, 131 {0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, 132 {0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, 133 {0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA"}, 134 {0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, 135 {0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"}, 136 {0x0018, "TLS_DH_anon_WITH_RC4_128_MD5"}, 137 {0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, 138 {0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"}, 139 {0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"}, 140 {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"}, 141 {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"}, 142 {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"}, 143 {0x0020, "TLS_KRB5_WITH_RC4_128_SHA"}, 144 {0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA"}, 145 {0x0022, "TLS_KRB5_WITH_DES_CBC_MD5"}, 146 {0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"}, 147 {0x0024, "TLS_KRB5_WITH_RC4_128_MD5"}, 148 {0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5"}, 149 {0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"}, 150 {0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"}, 151 {0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"}, 152 {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"}, 153 {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"}, 154 {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"}, 155 {0x002C, "TLS_PSK_WITH_NULL_SHA"}, 156 {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"}, 157 {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"}, 158 {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"}, 159 {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"}, 160 {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"}, 161 {0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"}, 162 {0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"}, 163 {0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA"}, 164 {0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA"}, 165 {0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"}, 166 {0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"}, 167 {0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"}, 168 {0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"}, 169 {0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA"}, 170 {0x003B, "TLS_RSA_WITH_NULL_SHA256"}, 171 {0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256"}, 172 {0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256"}, 173 {0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"}, 174 {0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"}, 175 {0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"}, 176 {0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"}, 177 {0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"}, 178 {0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"}, 179 {0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"}, 180 {0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"}, 181 {0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"}, 182 {0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"}, 183 {0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"}, 184 {0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"}, 185 {0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"}, 186 {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"}, 187 {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"}, 188 {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"}, 189 {0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT"}, 190 {0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411"}, 191 {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"}, 192 {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"}, 193 {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"}, 194 {0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"}, 195 {0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"}, 196 {0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"}, 197 {0x008A, "TLS_PSK_WITH_RC4_128_SHA"}, 198 {0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA"}, 199 {0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA"}, 200 {0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA"}, 201 {0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA"}, 202 {0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"}, 203 {0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"}, 204 {0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"}, 205 {0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA"}, 206 {0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"}, 207 {0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"}, 208 {0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"}, 209 {0x0096, "TLS_RSA_WITH_SEED_CBC_SHA"}, 210 {0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA"}, 211 {0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA"}, 212 {0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA"}, 213 {0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA"}, 214 {0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA"}, 215 {0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256"}, 216 {0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384"}, 217 {0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"}, 218 {0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"}, 219 {0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"}, 220 {0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"}, 221 {0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"}, 222 {0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"}, 223 {0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"}, 224 {0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"}, 225 {0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256"}, 226 {0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384"}, 227 {0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256"}, 228 {0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384"}, 229 {0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"}, 230 {0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"}, 231 {0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"}, 232 {0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"}, 233 {0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256"}, 234 {0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384"}, 235 {0x00B0, "TLS_PSK_WITH_NULL_SHA256"}, 236 {0x00B1, "TLS_PSK_WITH_NULL_SHA384"}, 237 {0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"}, 238 {0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"}, 239 {0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256"}, 240 {0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384"}, 241 {0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"}, 242 {0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"}, 243 {0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256"}, 244 {0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384"}, 245 {0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 246 {0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"}, 247 {0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 248 {0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"}, 249 {0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 250 {0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"}, 251 {0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, 252 {0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"}, 253 {0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, 254 {0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"}, 255 {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, 256 {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"}, 257 {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"}, 258 {0x5600, "TLS_FALLBACK_SCSV"}, 259 {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"}, 260 {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"}, 261 {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"}, 262 {0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"}, 263 {0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"}, 264 {0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"}, 265 {0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}, 266 {0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"}, 267 {0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"}, 268 {0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"}, 269 {0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA"}, 270 {0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA"}, 271 {0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"}, 272 {0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"}, 273 {0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"}, 274 {0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA"}, 275 {0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"}, 276 {0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"}, 277 {0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}, 278 {0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}, 279 {0xC015, "TLS_ECDH_anon_WITH_NULL_SHA"}, 280 {0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA"}, 281 {0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"}, 282 {0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"}, 283 {0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"}, 284 {0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"}, 285 {0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"}, 286 {0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"}, 287 {0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"}, 288 {0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"}, 289 {0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"}, 290 {0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"}, 291 {0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"}, 292 {0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"}, 293 {0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"}, 294 {0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"}, 295 {0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"}, 296 {0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"}, 297 {0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}, 298 {0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"}, 299 {0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"}, 300 {0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"}, 301 {0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}, 302 {0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}, 303 {0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"}, 304 {0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"}, 305 {0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}, 306 {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, 307 {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"}, 308 {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"}, 309 {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"}, 310 {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"}, 311 {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"}, 312 {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"}, 313 {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"}, 314 {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"}, 315 {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"}, 316 {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"}, 317 {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"}, 318 {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"}, 319 {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"}, 320 {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"}, 321 {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"}, 322 {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"}, 323 {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"}, 324 {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"}, 325 {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"}, 326 {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"}, 327 {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"}, 328 {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"}, 329 {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"}, 330 {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"}, 331 {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"}, 332 {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"}, 333 {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"}, 334 {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"}, 335 {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"}, 336 {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"}, 337 {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"}, 338 {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"}, 339 {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"}, 340 {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"}, 341 {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"}, 342 {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"}, 343 {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"}, 344 {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"}, 345 {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"}, 346 {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"}, 347 {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"}, 348 {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"}, 349 {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"}, 350 {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"}, 351 {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"}, 352 {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"}, 353 {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"}, 354 {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"}, 355 {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"}, 356 {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"}, 357 {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"}, 358 {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"}, 359 {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"}, 360 {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"}, 361 {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"}, 362 {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"}, 363 {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"}, 364 {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"}, 365 {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"}, 366 {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"}, 367 {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"}, 368 {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"}, 369 {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"}, 370 {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"}, 371 {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"}, 372 {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, 373 {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, 374 {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, 375 {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, 376 {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 377 {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, 378 {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 379 {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, 380 {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 381 {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 382 {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 383 {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 384 {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 385 {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 386 {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, 387 {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, 388 {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, 389 {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, 390 {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"}, 391 {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"}, 392 {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, 393 {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, 394 {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, 395 {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, 396 {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 397 {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 398 {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 399 {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 400 {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, 401 {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, 402 {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, 403 {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, 404 {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, 405 {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, 406 {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, 407 {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, 408 {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, 409 {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, 410 {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, 411 {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, 412 {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, 413 {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, 414 {0xC09C, "TLS_RSA_WITH_AES_128_CCM"}, 415 {0xC09D, "TLS_RSA_WITH_AES_256_CCM"}, 416 {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"}, 417 {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"}, 418 {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"}, 419 {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"}, 420 {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"}, 421 {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"}, 422 {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"}, 423 {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"}, 424 {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"}, 425 {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"}, 426 {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"}, 427 {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"}, 428 {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"}, 429 {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"}, 430 {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"}, 431 {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"}, 432 {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"}, 433 {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"}, 434 {0xC102, "IANA-GOST2012-GOST8912-GOST8912"}, 435 {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, 436 {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}, 437 {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, 438 {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"}, 439 {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, 440 {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, 441 {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"}, 442 {0x1301, "TLS_AES_128_GCM_SHA256"}, 443 {0x1302, "TLS_AES_256_GCM_SHA384"}, 444 {0x1303, "TLS_CHACHA20_POLY1305_SHA256"}, 445 {0x1304, "TLS_AES_128_CCM_SHA256"}, 446 {0x1305, "TLS_AES_128_CCM_8_SHA256"}, 447 {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, 448 {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, 449 {0xFF85, "LEGACY-GOST2012-GOST8912-GOST8912"}, 450 {0xFF87, "GOST2012-NULL-GOST12"}, 451 {0xC0B4, "TLS_SHA256_SHA256"}, 452 {0xC0B5, "TLS_SHA384_SHA384"}, 453 {0xC100, "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC"}, 454 {0xC101, "GOST2012-MAGMA-MAGMAOMAC"}, 455 {0xC102, "GOST2012-GOST8912-IANA"}, 456 }; 457 458 /* Compression methods */ 459 static const ssl_trace_tbl ssl_comp_tbl[] = { 460 {0x0000, "No Compression"}, 461 {0x0001, "Zlib Compression"} 462 }; 463 464 /* Extensions sorted by ascending id */ 465 static const ssl_trace_tbl ssl_exts_tbl[] = { 466 {TLSEXT_TYPE_server_name, "server_name"}, 467 {TLSEXT_TYPE_max_fragment_length, "max_fragment_length"}, 468 {TLSEXT_TYPE_client_certificate_url, "client_certificate_url"}, 469 {TLSEXT_TYPE_trusted_ca_keys, "trusted_ca_keys"}, 470 {TLSEXT_TYPE_truncated_hmac, "truncated_hmac"}, 471 {TLSEXT_TYPE_status_request, "status_request"}, 472 {TLSEXT_TYPE_user_mapping, "user_mapping"}, 473 {TLSEXT_TYPE_client_authz, "client_authz"}, 474 {TLSEXT_TYPE_server_authz, "server_authz"}, 475 {TLSEXT_TYPE_cert_type, "cert_type"}, 476 {TLSEXT_TYPE_supported_groups, "supported_groups"}, 477 {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"}, 478 {TLSEXT_TYPE_srp, "srp"}, 479 {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"}, 480 {TLSEXT_TYPE_use_srtp, "use_srtp"}, 481 {TLSEXT_TYPE_application_layer_protocol_negotiation, 482 "application_layer_protocol_negotiation"}, 483 {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"}, 484 {TLSEXT_TYPE_client_cert_type, "client_cert_type"}, 485 {TLSEXT_TYPE_server_cert_type, "server_cert_type"}, 486 {TLSEXT_TYPE_padding, "padding"}, 487 {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"}, 488 {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}, 489 {TLSEXT_TYPE_compress_certificate, "compress_certificate"}, 490 {TLSEXT_TYPE_session_ticket, "session_ticket"}, 491 {TLSEXT_TYPE_psk, "psk"}, 492 {TLSEXT_TYPE_early_data, "early_data"}, 493 {TLSEXT_TYPE_supported_versions, "supported_versions"}, 494 {TLSEXT_TYPE_cookie, "cookie_ext"}, 495 {TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes"}, 496 {TLSEXT_TYPE_certificate_authorities, "certificate_authorities"}, 497 {TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth"}, 498 {TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert"}, 499 {TLSEXT_TYPE_key_share, "key_share"}, 500 {TLSEXT_TYPE_renegotiate, "renegotiate"}, 501 # ifndef OPENSSL_NO_NEXTPROTONEG 502 {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"}, 503 # endif 504 }; 505 506 static const ssl_trace_tbl ssl_groups_tbl[] = { 507 {1, "sect163k1 (K-163)"}, 508 {2, "sect163r1"}, 509 {3, "sect163r2 (B-163)"}, 510 {4, "sect193r1"}, 511 {5, "sect193r2"}, 512 {6, "sect233k1 (K-233)"}, 513 {7, "sect233r1 (B-233)"}, 514 {8, "sect239k1"}, 515 {9, "sect283k1 (K-283)"}, 516 {10, "sect283r1 (B-283)"}, 517 {11, "sect409k1 (K-409)"}, 518 {12, "sect409r1 (B-409)"}, 519 {13, "sect571k1 (K-571)"}, 520 {14, "sect571r1 (B-571)"}, 521 {15, "secp160k1"}, 522 {16, "secp160r1"}, 523 {17, "secp160r2"}, 524 {18, "secp192k1"}, 525 {19, "secp192r1 (P-192)"}, 526 {20, "secp224k1"}, 527 {21, "secp224r1 (P-224)"}, 528 {22, "secp256k1"}, 529 {23, "secp256r1 (P-256)"}, 530 {24, "secp384r1 (P-384)"}, 531 {25, "secp521r1 (P-521)"}, 532 {26, "brainpoolP256r1"}, 533 {27, "brainpoolP384r1"}, 534 {28, "brainpoolP512r1"}, 535 {29, "ecdh_x25519"}, 536 {30, "ecdh_x448"}, 537 {31, "brainpoolP256r1tls13"}, 538 {32, "brainpoolP384r1tls13"}, 539 {33, "brainpoolP512r1tls13"}, 540 {34, "GC256A"}, 541 {35, "GC256B"}, 542 {36, "GC256C"}, 543 {37, "GC256D"}, 544 {38, "GC512A"}, 545 {39, "GC512B"}, 546 {40, "GC512C"}, 547 {256, "ffdhe2048"}, 548 {257, "ffdhe3072"}, 549 {258, "ffdhe4096"}, 550 {259, "ffdhe6144"}, 551 {260, "ffdhe8192"}, 552 {4587, "SecP256r1MLKEM768"}, 553 {4588, "X25519MLKEM768"}, 554 {25497, "X25519Kyber768Draft00"}, 555 {25498, "SecP256r1Kyber768Draft00"}, 556 {0xFF01, "arbitrary_explicit_prime_curves"}, 557 {0xFF02, "arbitrary_explicit_char2_curves"} 558 }; 559 560 static const ssl_trace_tbl ssl_point_tbl[] = { 561 {0, "uncompressed"}, 562 {1, "ansiX962_compressed_prime"}, 563 {2, "ansiX962_compressed_char2"} 564 }; 565 566 static const ssl_trace_tbl ssl_mfl_tbl[] = { 567 {0, "disabled"}, 568 {1, "max_fragment_length := 2^9 (512 bytes)"}, 569 {2, "max_fragment_length := 2^10 (1024 bytes)"}, 570 {3, "max_fragment_length := 2^11 (2048 bytes)"}, 571 {4, "max_fragment_length := 2^12 (4096 bytes)"} 572 }; 573 574 static const ssl_trace_tbl ssl_sigalg_tbl[] = { 575 {TLSEXT_SIGALG_ecdsa_secp256r1_sha256, TLSEXT_SIGALG_ecdsa_secp256r1_sha256_name}, 576 {TLSEXT_SIGALG_ecdsa_secp384r1_sha384, TLSEXT_SIGALG_ecdsa_secp384r1_sha384_name}, 577 {TLSEXT_SIGALG_ecdsa_secp521r1_sha512,TLSEXT_SIGALG_ecdsa_secp521r1_sha512_name}, 578 {TLSEXT_SIGALG_ecdsa_sha224, TLSEXT_SIGALG_ecdsa_sha224_name}, 579 {TLSEXT_SIGALG_ed25519, TLSEXT_SIGALG_ed25519_name}, 580 {TLSEXT_SIGALG_ed448, TLSEXT_SIGALG_ed448_name}, 581 {TLSEXT_SIGALG_ecdsa_sha1, TLSEXT_SIGALG_ecdsa_sha1_name}, 582 {TLSEXT_SIGALG_rsa_pss_rsae_sha256, TLSEXT_SIGALG_rsa_pss_rsae_sha256_name}, 583 {TLSEXT_SIGALG_rsa_pss_rsae_sha384, TLSEXT_SIGALG_rsa_pss_rsae_sha384_name}, 584 {TLSEXT_SIGALG_rsa_pss_rsae_sha512, TLSEXT_SIGALG_rsa_pss_rsae_sha512_name}, 585 {TLSEXT_SIGALG_rsa_pss_pss_sha256, TLSEXT_SIGALG_rsa_pss_pss_sha256_name}, 586 {TLSEXT_SIGALG_rsa_pss_pss_sha384, TLSEXT_SIGALG_rsa_pss_pss_sha384_name}, 587 {TLSEXT_SIGALG_rsa_pss_pss_sha512, TLSEXT_SIGALG_rsa_pss_pss_sha512_name}, 588 {TLSEXT_SIGALG_rsa_pkcs1_sha256, TLSEXT_SIGALG_rsa_pkcs1_sha256_name}, 589 {TLSEXT_SIGALG_rsa_pkcs1_sha384, TLSEXT_SIGALG_rsa_pkcs1_sha384_name}, 590 {TLSEXT_SIGALG_rsa_pkcs1_sha512, TLSEXT_SIGALG_rsa_pkcs1_sha512_name}, 591 {TLSEXT_SIGALG_rsa_pkcs1_sha224, TLSEXT_SIGALG_rsa_pkcs1_sha224_name}, 592 {TLSEXT_SIGALG_rsa_pkcs1_sha1, TLSEXT_SIGALG_rsa_pkcs1_sha1_name}, 593 {TLSEXT_SIGALG_dsa_sha256, TLSEXT_SIGALG_dsa_sha256_name}, 594 {TLSEXT_SIGALG_dsa_sha384, TLSEXT_SIGALG_dsa_sha384_name}, 595 {TLSEXT_SIGALG_dsa_sha512, TLSEXT_SIGALG_dsa_sha512_name}, 596 {TLSEXT_SIGALG_dsa_sha224, TLSEXT_SIGALG_dsa_sha224_name}, 597 {TLSEXT_SIGALG_dsa_sha1, TLSEXT_SIGALG_dsa_sha1_name}, 598 {TLSEXT_SIGALG_gostr34102012_256_intrinsic, TLSEXT_SIGALG_gostr34102012_256_intrinsic_name}, 599 {TLSEXT_SIGALG_gostr34102012_512_intrinsic, TLSEXT_SIGALG_gostr34102012_512_intrinsic_name}, 600 {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256_name}, 601 {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512_name}, 602 {TLSEXT_SIGALG_gostr34102001_gostr3411, TLSEXT_SIGALG_gostr34102001_gostr3411_name}, 603 {TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256, TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256_name}, 604 {TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384, TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384_name}, 605 {TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512, TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512_name}, 606 /* 607 * Well known groups that we happen to know about, but only come from 608 * provider capability declarations (hence no macros for the 609 * codepoints/names) 610 */ 611 {0x0904, "mldsa44"}, 612 {0x0905, "mldsa65"}, 613 {0x0906, "mldsa87"} 614 }; 615 616 static const ssl_trace_tbl ssl_ctype_tbl[] = { 617 {1, "rsa_sign"}, 618 {2, "dss_sign"}, 619 {3, "rsa_fixed_dh"}, 620 {4, "dss_fixed_dh"}, 621 {5, "rsa_ephemeral_dh"}, 622 {6, "dss_ephemeral_dh"}, 623 {20, "fortezza_dms"}, 624 {64, "ecdsa_sign"}, 625 {65, "rsa_fixed_ecdh"}, 626 {66, "ecdsa_fixed_ecdh"}, 627 {67, "gost_sign256"}, 628 {68, "gost_sign512"}, 629 }; 630 631 static const ssl_trace_tbl ssl_psk_kex_modes_tbl[] = { 632 {TLSEXT_KEX_MODE_KE, "psk_ke"}, 633 {TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke"} 634 }; 635 636 static const ssl_trace_tbl ssl_key_update_tbl[] = { 637 {SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested"}, 638 {SSL_KEY_UPDATE_REQUESTED, "update_requested"} 639 }; 640 641 static const ssl_trace_tbl ssl_comp_cert_tbl[] = { 642 {TLSEXT_comp_cert_none, "none"}, 643 {TLSEXT_comp_cert_zlib, "zlib"}, 644 {TLSEXT_comp_cert_brotli, "brotli"}, 645 {TLSEXT_comp_cert_zstd, "zstd"} 646 }; 647 648 /* 649 * "pgp" and "1609dot2" are defined in RFC7250, 650 * although OpenSSL doesn't support them, it can 651 * at least report them in traces 652 */ 653 static const ssl_trace_tbl ssl_cert_type_tbl[] = { 654 {TLSEXT_cert_type_x509, "x509"}, 655 {TLSEXT_cert_type_pgp, "pgp"}, 656 {TLSEXT_cert_type_rpk, "rpk"}, 657 {TLSEXT_cert_type_1609dot2, "1609dot2"} 658 }; 659 660 static void ssl_print_hex(BIO *bio, int indent, const char *name, 661 const unsigned char *msg, size_t msglen) 662 { 663 size_t i; 664 665 BIO_indent(bio, indent, 80); 666 BIO_printf(bio, "%s (len=%d): ", name, (int)msglen); 667 for (i = 0; i < msglen; i++) 668 BIO_printf(bio, "%02X", msg[i]); 669 BIO_puts(bio, "\n"); 670 } 671 672 static int ssl_print_hexbuf(BIO *bio, int indent, const char *name, size_t nlen, 673 const unsigned char **pmsg, size_t *pmsglen) 674 { 675 size_t blen; 676 const unsigned char *p = *pmsg; 677 678 if (*pmsglen < nlen) 679 return 0; 680 blen = p[0]; 681 if (nlen > 1) 682 blen = (blen << 8) | p[1]; 683 if (*pmsglen < nlen + blen) 684 return 0; 685 p += nlen; 686 ssl_print_hex(bio, indent, name, p, blen); 687 *pmsg += blen + nlen; 688 *pmsglen -= blen + nlen; 689 return 1; 690 } 691 692 static int ssl_print_version(BIO *bio, int indent, const char *name, 693 const unsigned char **pmsg, size_t *pmsglen, 694 unsigned int *version) 695 { 696 int vers; 697 698 if (*pmsglen < 2) 699 return 0; 700 vers = ((*pmsg)[0] << 8) | (*pmsg)[1]; 701 if (version != NULL) 702 *version = vers; 703 BIO_indent(bio, indent, 80); 704 BIO_printf(bio, "%s=0x%x (%s)\n", 705 name, vers, ssl_trace_str(vers, ssl_version_tbl)); 706 *pmsg += 2; 707 *pmsglen -= 2; 708 return 1; 709 } 710 711 static int ssl_print_random(BIO *bio, int indent, 712 const unsigned char **pmsg, size_t *pmsglen) 713 { 714 unsigned int tm; 715 const unsigned char *p = *pmsg; 716 717 if (*pmsglen < 32) 718 return 0; 719 tm = ((unsigned int)p[0] << 24) 720 | ((unsigned int)p[1] << 16) 721 | ((unsigned int)p[2] << 8) 722 | (unsigned int)p[3]; 723 p += 4; 724 BIO_indent(bio, indent, 80); 725 BIO_puts(bio, "Random:\n"); 726 BIO_indent(bio, indent + 2, 80); 727 BIO_printf(bio, "gmt_unix_time=0x%08X\n", tm); 728 ssl_print_hex(bio, indent + 2, "random_bytes", p, 28); 729 *pmsg += 32; 730 *pmsglen -= 32; 731 return 1; 732 } 733 734 static int ssl_print_signature(BIO *bio, int indent, const SSL_CONNECTION *sc, 735 const unsigned char **pmsg, size_t *pmsglen) 736 { 737 if (*pmsglen < 2) 738 return 0; 739 if (SSL_USE_SIGALGS(sc)) { 740 const unsigned char *p = *pmsg; 741 unsigned int sigalg = (p[0] << 8) | p[1]; 742 743 BIO_indent(bio, indent, 80); 744 BIO_printf(bio, "Signature Algorithm: %s (0x%04x)\n", 745 ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); 746 *pmsg += 2; 747 *pmsglen -= 2; 748 } 749 return ssl_print_hexbuf(bio, indent, "Signature", 2, pmsg, pmsglen); 750 } 751 752 static int ssl_print_extension(BIO *bio, int indent, int server, 753 unsigned char mt, int extype, 754 const unsigned char *ext, size_t extlen) 755 { 756 size_t xlen, share_len; 757 unsigned int sigalg; 758 uint32_t max_early_data; 759 760 BIO_indent(bio, indent, 80); 761 BIO_printf(bio, "extension_type=%s(%d), length=%d\n", 762 ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen); 763 switch (extype) { 764 case TLSEXT_TYPE_compress_certificate: 765 if (extlen < 1) 766 return 0; 767 xlen = ext[0]; 768 if (extlen != xlen + 1) 769 return 0; 770 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2, ssl_comp_cert_tbl); 771 772 case TLSEXT_TYPE_max_fragment_length: 773 if (extlen < 1) 774 return 0; 775 xlen = extlen; 776 return ssl_trace_list(bio, indent + 2, ext, xlen, 1, ssl_mfl_tbl); 777 778 case TLSEXT_TYPE_ec_point_formats: 779 if (extlen < 1) 780 return 0; 781 xlen = ext[0]; 782 if (extlen != xlen + 1) 783 return 0; 784 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl); 785 786 case TLSEXT_TYPE_supported_groups: 787 if (extlen < 2) 788 return 0; 789 xlen = (ext[0] << 8) | ext[1]; 790 if (extlen != xlen + 2) 791 return 0; 792 return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl); 793 case TLSEXT_TYPE_application_layer_protocol_negotiation: 794 if (extlen < 2) 795 return 0; 796 xlen = (ext[0] << 8) | ext[1]; 797 if (extlen != xlen + 2) 798 return 0; 799 ext += 2; 800 while (xlen > 0) { 801 size_t plen = *ext++; 802 803 if (plen + 1 > xlen) 804 return 0; 805 BIO_indent(bio, indent + 2, 80); 806 BIO_write(bio, ext, plen); 807 BIO_puts(bio, "\n"); 808 ext += plen; 809 xlen -= plen + 1; 810 } 811 return 1; 812 813 case TLSEXT_TYPE_signature_algorithms: 814 815 if (extlen < 2) 816 return 0; 817 xlen = (ext[0] << 8) | ext[1]; 818 if (extlen != xlen + 2) 819 return 0; 820 if (xlen & 1) 821 return 0; 822 ext += 2; 823 while (xlen > 0) { 824 BIO_indent(bio, indent + 2, 80); 825 sigalg = (ext[0] << 8) | ext[1]; 826 BIO_printf(bio, "%s (0x%04x)\n", 827 ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); 828 xlen -= 2; 829 ext += 2; 830 } 831 break; 832 833 case TLSEXT_TYPE_renegotiate: 834 if (extlen < 1) 835 return 0; 836 xlen = ext[0]; 837 if (xlen + 1 != extlen) 838 return 0; 839 ext++; 840 if (xlen) { 841 if (server) { 842 if (xlen & 1) 843 return 0; 844 xlen >>= 1; 845 } 846 ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen); 847 if (server) { 848 ext += xlen; 849 ssl_print_hex(bio, indent + 4, "server_verify_data", ext, xlen); 850 } 851 } else { 852 BIO_indent(bio, indent + 4, 80); 853 BIO_puts(bio, "<EMPTY>\n"); 854 } 855 break; 856 857 case TLSEXT_TYPE_session_ticket: 858 if (extlen != 0) 859 ssl_print_hex(bio, indent + 4, "ticket", ext, extlen); 860 break; 861 862 case TLSEXT_TYPE_key_share: 863 if (server && extlen == 2) { 864 int group_id; 865 866 /* We assume this is an HRR, otherwise this is an invalid key_share */ 867 group_id = (ext[0] << 8) | ext[1]; 868 BIO_indent(bio, indent + 4, 80); 869 BIO_printf(bio, "NamedGroup: %s (%d)\n", 870 ssl_trace_str(group_id, ssl_groups_tbl), group_id); 871 break; 872 } 873 if (extlen < 2) 874 return 0; 875 if (server) { 876 xlen = extlen; 877 } else { 878 xlen = (ext[0] << 8) | ext[1]; 879 if (extlen != xlen + 2) 880 return 0; 881 ext += 2; 882 } 883 for (; xlen > 0; ext += share_len, xlen -= share_len) { 884 int group_id; 885 886 if (xlen < 4) 887 return 0; 888 group_id = (ext[0] << 8) | ext[1]; 889 share_len = (ext[2] << 8) | ext[3]; 890 ext += 4; 891 xlen -= 4; 892 if (xlen < share_len) 893 return 0; 894 BIO_indent(bio, indent + 4, 80); 895 BIO_printf(bio, "NamedGroup: %s (%d)\n", 896 ssl_trace_str(group_id, ssl_groups_tbl), group_id); 897 ssl_print_hex(bio, indent + 4, "key_exchange: ", ext, share_len); 898 } 899 break; 900 901 case TLSEXT_TYPE_supported_versions: 902 if (server) { 903 int version; 904 905 if (extlen != 2) 906 return 0; 907 version = (ext[0] << 8) | ext[1]; 908 BIO_indent(bio, indent + 4, 80); 909 BIO_printf(bio, "%s (%d)\n", 910 ssl_trace_str(version, ssl_version_tbl), version); 911 break; 912 } 913 if (extlen < 1) 914 return 0; 915 xlen = ext[0]; 916 if (extlen != xlen + 1) 917 return 0; 918 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2, 919 ssl_version_tbl); 920 921 case TLSEXT_TYPE_psk_kex_modes: 922 if (extlen < 1) 923 return 0; 924 xlen = ext[0]; 925 if (extlen != xlen + 1) 926 return 0; 927 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, 928 ssl_psk_kex_modes_tbl); 929 930 case TLSEXT_TYPE_early_data: 931 if (mt != SSL3_MT_NEWSESSION_TICKET) 932 break; 933 if (extlen != 4) 934 return 0; 935 max_early_data = ((unsigned int)ext[0] << 24) 936 | ((unsigned int)ext[1] << 16) 937 | ((unsigned int)ext[2] << 8) 938 | (unsigned int)ext[3]; 939 BIO_indent(bio, indent + 2, 80); 940 BIO_printf(bio, "max_early_data=%u\n", (unsigned int)max_early_data); 941 break; 942 943 case TLSEXT_TYPE_server_cert_type: 944 case TLSEXT_TYPE_client_cert_type: 945 if (server) { 946 if (extlen != 1) 947 return 0; 948 return ssl_trace_list(bio, indent + 2, ext, 1, 1, ssl_cert_type_tbl); 949 } 950 if (extlen < 1) 951 return 0; 952 xlen = ext[0]; 953 if (extlen != xlen + 1) 954 return 0; 955 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_cert_type_tbl); 956 957 default: 958 BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2); 959 } 960 return 1; 961 } 962 963 static int ssl_print_extensions(BIO *bio, int indent, int server, 964 unsigned char mt, const unsigned char **msgin, 965 size_t *msginlen) 966 { 967 size_t extslen, msglen = *msginlen; 968 const unsigned char *msg = *msgin; 969 970 BIO_indent(bio, indent, 80); 971 if (msglen == 0) { 972 BIO_puts(bio, "No extensions\n"); 973 return 1; 974 } 975 if (msglen < 2) 976 return 0; 977 extslen = (msg[0] << 8) | msg[1]; 978 msglen -= 2; 979 msg += 2; 980 if (extslen == 0) { 981 BIO_puts(bio, "No extensions\n"); 982 *msgin = msg; 983 *msginlen = msglen; 984 return 1; 985 } 986 if (extslen > msglen) 987 return 0; 988 BIO_printf(bio, "extensions, length = %d\n", (int)extslen); 989 msglen -= extslen; 990 while (extslen > 0) { 991 int extype; 992 size_t extlen; 993 if (extslen < 4) 994 return 0; 995 extype = (msg[0] << 8) | msg[1]; 996 extlen = (msg[2] << 8) | msg[3]; 997 if (extslen < extlen + 4) { 998 BIO_printf(bio, "extensions, extype = %d, extlen = %d\n", extype, 999 (int)extlen); 1000 BIO_dump_indent(bio, (const char *)msg, extslen, indent + 2); 1001 return 0; 1002 } 1003 msg += 4; 1004 if (!ssl_print_extension(bio, indent + 2, server, mt, extype, msg, 1005 extlen)) 1006 return 0; 1007 msg += extlen; 1008 extslen -= extlen + 4; 1009 } 1010 1011 *msgin = msg; 1012 *msginlen = msglen; 1013 return 1; 1014 } 1015 1016 static int ssl_print_client_hello(BIO *bio, const SSL_CONNECTION *sc, int indent, 1017 const unsigned char *msg, size_t msglen) 1018 { 1019 size_t len; 1020 unsigned int cs; 1021 1022 if (!ssl_print_version(bio, indent, "client_version", &msg, &msglen, NULL)) 1023 return 0; 1024 if (!ssl_print_random(bio, indent, &msg, &msglen)) 1025 return 0; 1026 if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) 1027 return 0; 1028 if (SSL_CONNECTION_IS_DTLS(sc)) { 1029 if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) 1030 return 0; 1031 } 1032 if (msglen < 2) 1033 return 0; 1034 len = (msg[0] << 8) | msg[1]; 1035 msg += 2; 1036 msglen -= 2; 1037 BIO_indent(bio, indent, 80); 1038 BIO_printf(bio, "cipher_suites (len=%d)\n", (int)len); 1039 if (msglen < len || len & 1) 1040 return 0; 1041 while (len > 0) { 1042 cs = (msg[0] << 8) | msg[1]; 1043 BIO_indent(bio, indent + 2, 80); 1044 BIO_printf(bio, "{0x%02X, 0x%02X} %s\n", 1045 msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); 1046 msg += 2; 1047 msglen -= 2; 1048 len -= 2; 1049 } 1050 if (msglen < 1) 1051 return 0; 1052 len = msg[0]; 1053 msg++; 1054 msglen--; 1055 if (msglen < len) 1056 return 0; 1057 BIO_indent(bio, indent, 80); 1058 BIO_printf(bio, "compression_methods (len=%d)\n", (int)len); 1059 while (len > 0) { 1060 BIO_indent(bio, indent + 2, 80); 1061 BIO_printf(bio, "%s (0x%02X)\n", 1062 ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); 1063 msg++; 1064 msglen--; 1065 len--; 1066 } 1067 if (!ssl_print_extensions(bio, indent, 0, SSL3_MT_CLIENT_HELLO, &msg, 1068 &msglen)) 1069 return 0; 1070 return 1; 1071 } 1072 1073 static int dtls_print_hello_vfyrequest(BIO *bio, int indent, 1074 const unsigned char *msg, size_t msglen) 1075 { 1076 if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, NULL)) 1077 return 0; 1078 if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) 1079 return 0; 1080 return 1; 1081 } 1082 1083 static int ssl_print_server_hello(BIO *bio, int indent, 1084 const unsigned char *msg, size_t msglen) 1085 { 1086 unsigned int cs; 1087 unsigned int vers; 1088 1089 if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, &vers)) 1090 return 0; 1091 if (!ssl_print_random(bio, indent, &msg, &msglen)) 1092 return 0; 1093 if (vers != TLS1_3_VERSION 1094 && !ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) 1095 return 0; 1096 if (msglen < 2) 1097 return 0; 1098 cs = (msg[0] << 8) | msg[1]; 1099 BIO_indent(bio, indent, 80); 1100 BIO_printf(bio, "cipher_suite {0x%02X, 0x%02X} %s\n", 1101 msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); 1102 msg += 2; 1103 msglen -= 2; 1104 if (vers != TLS1_3_VERSION) { 1105 if (msglen < 1) 1106 return 0; 1107 BIO_indent(bio, indent, 80); 1108 BIO_printf(bio, "compression_method: %s (0x%02X)\n", 1109 ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); 1110 msg++; 1111 msglen--; 1112 } 1113 if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_SERVER_HELLO, &msg, 1114 &msglen)) 1115 return 0; 1116 return 1; 1117 } 1118 1119 static int ssl_get_keyex(const char **pname, const SSL_CONNECTION *sc) 1120 { 1121 unsigned long alg_k = sc->s3.tmp.new_cipher->algorithm_mkey; 1122 1123 if (alg_k & SSL_kRSA) { 1124 *pname = "rsa"; 1125 return SSL_kRSA; 1126 } 1127 if (alg_k & SSL_kDHE) { 1128 *pname = "DHE"; 1129 return SSL_kDHE; 1130 } 1131 if (alg_k & SSL_kECDHE) { 1132 *pname = "ECDHE"; 1133 return SSL_kECDHE; 1134 } 1135 if (alg_k & SSL_kPSK) { 1136 *pname = "PSK"; 1137 return SSL_kPSK; 1138 } 1139 if (alg_k & SSL_kRSAPSK) { 1140 *pname = "RSAPSK"; 1141 return SSL_kRSAPSK; 1142 } 1143 if (alg_k & SSL_kDHEPSK) { 1144 *pname = "DHEPSK"; 1145 return SSL_kDHEPSK; 1146 } 1147 if (alg_k & SSL_kECDHEPSK) { 1148 *pname = "ECDHEPSK"; 1149 return SSL_kECDHEPSK; 1150 } 1151 if (alg_k & SSL_kSRP) { 1152 *pname = "SRP"; 1153 return SSL_kSRP; 1154 } 1155 if (alg_k & SSL_kGOST) { 1156 *pname = "GOST"; 1157 return SSL_kGOST; 1158 } 1159 if (alg_k & SSL_kGOST18) { 1160 *pname = "GOST18"; 1161 return SSL_kGOST18; 1162 } 1163 *pname = "UNKNOWN"; 1164 return 0; 1165 } 1166 1167 static int ssl_print_client_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc, 1168 const unsigned char *msg, size_t msglen) 1169 { 1170 const char *algname; 1171 int id = ssl_get_keyex(&algname, sc); 1172 1173 BIO_indent(bio, indent, 80); 1174 BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); 1175 if (id & SSL_PSK) { 1176 if (!ssl_print_hexbuf(bio, indent + 2, 1177 "psk_identity", 2, &msg, &msglen)) 1178 return 0; 1179 } 1180 switch (id) { 1181 1182 case SSL_kRSA: 1183 case SSL_kRSAPSK: 1184 if (TLS1_get_version(SSL_CONNECTION_GET_SSL(sc)) == SSL3_VERSION) { 1185 ssl_print_hex(bio, indent + 2, 1186 "EncryptedPreMasterSecret", msg, msglen); 1187 } else { 1188 if (!ssl_print_hexbuf(bio, indent + 2, 1189 "EncryptedPreMasterSecret", 2, &msg, &msglen)) 1190 return 0; 1191 } 1192 break; 1193 1194 case SSL_kDHE: 1195 case SSL_kDHEPSK: 1196 if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2, &msg, &msglen)) 1197 return 0; 1198 break; 1199 1200 case SSL_kECDHE: 1201 case SSL_kECDHEPSK: 1202 if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, &msg, &msglen)) 1203 return 0; 1204 break; 1205 case SSL_kGOST: 1206 ssl_print_hex(bio, indent + 2, "GostKeyTransportBlob", msg, msglen); 1207 msglen = 0; 1208 break; 1209 case SSL_kGOST18: 1210 ssl_print_hex(bio, indent + 2, 1211 "GOST-wrapped PreMasterSecret", msg, msglen); 1212 msglen = 0; 1213 break; 1214 } 1215 1216 return !msglen; 1217 } 1218 1219 static int ssl_print_server_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc, 1220 const unsigned char *msg, size_t msglen) 1221 { 1222 const char *algname; 1223 int id = ssl_get_keyex(&algname, sc); 1224 1225 BIO_indent(bio, indent, 80); 1226 BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); 1227 if (id & SSL_PSK) { 1228 if (!ssl_print_hexbuf(bio, indent + 2, 1229 "psk_identity_hint", 2, &msg, &msglen)) 1230 return 0; 1231 } 1232 switch (id) { 1233 case SSL_kRSA: 1234 1235 if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, &msg, &msglen)) 1236 return 0; 1237 if (!ssl_print_hexbuf(bio, indent + 2, "rsa_exponent", 2, 1238 &msg, &msglen)) 1239 return 0; 1240 break; 1241 1242 case SSL_kDHE: 1243 case SSL_kDHEPSK: 1244 if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2, &msg, &msglen)) 1245 return 0; 1246 if (!ssl_print_hexbuf(bio, indent + 2, "dh_g", 2, &msg, &msglen)) 1247 return 0; 1248 if (!ssl_print_hexbuf(bio, indent + 2, "dh_Ys", 2, &msg, &msglen)) 1249 return 0; 1250 break; 1251 1252 case SSL_kECDHE: 1253 case SSL_kECDHEPSK: 1254 if (msglen < 1) 1255 return 0; 1256 BIO_indent(bio, indent + 2, 80); 1257 if (msg[0] == EXPLICIT_PRIME_CURVE_TYPE) 1258 BIO_puts(bio, "explicit_prime\n"); 1259 else if (msg[0] == EXPLICIT_CHAR2_CURVE_TYPE) 1260 BIO_puts(bio, "explicit_char2\n"); 1261 else if (msg[0] == NAMED_CURVE_TYPE) { 1262 int curve; 1263 if (msglen < 3) 1264 return 0; 1265 curve = (msg[1] << 8) | msg[2]; 1266 BIO_printf(bio, "named_curve: %s (%d)\n", 1267 ssl_trace_str(curve, ssl_groups_tbl), curve); 1268 msg += 3; 1269 msglen -= 3; 1270 if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen)) 1271 return 0; 1272 } else { 1273 BIO_printf(bio, "UNKNOWN CURVE PARAMETER TYPE %d\n", msg[0]); 1274 return 0; 1275 } 1276 break; 1277 1278 case SSL_kPSK: 1279 case SSL_kRSAPSK: 1280 break; 1281 } 1282 if (!(id & SSL_PSK)) 1283 ssl_print_signature(bio, indent, sc, &msg, &msglen); 1284 return !msglen; 1285 } 1286 1287 static int ssl_print_certificate(BIO *bio, const SSL_CONNECTION *sc, int indent, 1288 const unsigned char **pmsg, size_t *pmsglen) 1289 { 1290 size_t msglen = *pmsglen; 1291 size_t clen; 1292 X509 *x; 1293 const unsigned char *p = *pmsg, *q; 1294 SSL_CTX *ctx = SSL_CONNECTION_GET_CTX(sc); 1295 1296 if (msglen < 3) 1297 return 0; 1298 clen = (p[0] << 16) | (p[1] << 8) | p[2]; 1299 if (msglen < clen + 3) 1300 return 0; 1301 q = p + 3; 1302 BIO_indent(bio, indent, 80); 1303 BIO_printf(bio, "ASN.1Cert, length=%d", (int)clen); 1304 x = X509_new_ex(ctx->libctx, ctx->propq); 1305 if (x != NULL && d2i_X509(&x, &q, clen) == NULL) { 1306 X509_free(x); 1307 x = NULL; 1308 } 1309 if (x == NULL) 1310 BIO_puts(bio, "<UNPARSEABLE CERTIFICATE>\n"); 1311 else { 1312 BIO_puts(bio, "\n------details-----\n"); 1313 X509_print_ex(bio, x, XN_FLAG_ONELINE, 0); 1314 PEM_write_bio_X509(bio, x); 1315 /* Print certificate stuff */ 1316 BIO_puts(bio, "------------------\n"); 1317 X509_free(x); 1318 } 1319 if (q != p + 3 + clen) { 1320 BIO_puts(bio, "<TRAILING GARBAGE AFTER CERTIFICATE>\n"); 1321 } 1322 *pmsg += clen + 3; 1323 *pmsglen -= clen + 3; 1324 return 1; 1325 } 1326 1327 static int ssl_print_raw_public_key(BIO *bio, const SSL *ssl, int server, 1328 int indent, const unsigned char **pmsg, 1329 size_t *pmsglen) 1330 { 1331 EVP_PKEY *pkey; 1332 size_t clen; 1333 const unsigned char *msg = *pmsg; 1334 size_t msglen = *pmsglen; 1335 1336 if (msglen < 3) 1337 return 0; 1338 clen = (msg[0] << 16) | (msg[1] << 8) | msg[2]; 1339 if (msglen < clen + 3) 1340 return 0; 1341 1342 msg += 3; 1343 1344 BIO_indent(bio, indent, 80); 1345 BIO_printf(bio, "raw_public_key, length=%d\n", (int)clen); 1346 1347 pkey = d2i_PUBKEY_ex(NULL, &msg, clen, ssl->ctx->libctx, ssl->ctx->propq); 1348 if (pkey == NULL) 1349 return 0; 1350 EVP_PKEY_print_public(bio, pkey, indent + 2, NULL); 1351 EVP_PKEY_free(pkey); 1352 *pmsg += clen + 3; 1353 *pmsglen -= clen + 3; 1354 return 1; 1355 } 1356 1357 static int ssl_print_certificates(BIO *bio, const SSL_CONNECTION *sc, int server, 1358 int indent, const unsigned char *msg, 1359 size_t msglen) 1360 { 1361 size_t clen; 1362 1363 if (SSL_CONNECTION_IS_TLS13(sc) 1364 && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen)) 1365 return 0; 1366 1367 if (msglen < 3) 1368 return 0; 1369 clen = (msg[0] << 16) | (msg[1] << 8) | msg[2]; 1370 if (msglen != clen + 3) 1371 return 0; 1372 msg += 3; 1373 if ((server && sc->ext.server_cert_type == TLSEXT_cert_type_rpk) 1374 || (!server && sc->ext.client_cert_type == TLSEXT_cert_type_rpk)) { 1375 if (!ssl_print_raw_public_key(bio, &sc->ssl, server, indent, &msg, &clen)) 1376 return 0; 1377 if (SSL_CONNECTION_IS_TLS13(sc) 1378 && !ssl_print_extensions(bio, indent + 2, server, 1379 SSL3_MT_CERTIFICATE, &msg, &clen)) 1380 return 0; 1381 return 1; 1382 } 1383 BIO_indent(bio, indent, 80); 1384 BIO_printf(bio, "certificate_list, length=%d\n", (int)clen); 1385 while (clen > 0) { 1386 if (!ssl_print_certificate(bio, sc, indent + 2, &msg, &clen)) 1387 return 0; 1388 if (SSL_CONNECTION_IS_TLS13(sc) 1389 && !ssl_print_extensions(bio, indent + 2, server, 1390 SSL3_MT_CERTIFICATE, &msg, &clen)) 1391 return 0; 1392 1393 } 1394 return 1; 1395 } 1396 1397 static int ssl_print_compressed_certificates(BIO *bio, const SSL_CONNECTION *sc, 1398 int server, int indent, 1399 const unsigned char *msg, 1400 size_t msglen) 1401 { 1402 size_t uclen; 1403 size_t clen; 1404 unsigned int alg; 1405 int ret = 1; 1406 #ifndef OPENSSL_NO_COMP_ALG 1407 COMP_METHOD *method; 1408 COMP_CTX *comp = NULL; 1409 unsigned char* ucdata = NULL; 1410 #endif 1411 1412 if (msglen < 8) 1413 return 0; 1414 1415 alg = (msg[0] << 8) | msg[1]; 1416 uclen = (msg[2] << 16) | (msg[3] << 8) | msg[4]; 1417 clen = (msg[5] << 16) | (msg[6] << 8) | msg[7]; 1418 if (msglen != clen + 8) 1419 return 0; 1420 1421 msg += 8; 1422 BIO_indent(bio, indent, 80); 1423 BIO_printf(bio, "Compression type=%s (0x%04x)\n", ssl_trace_str(alg, ssl_comp_cert_tbl), alg); 1424 BIO_indent(bio, indent, 80); 1425 BIO_printf(bio, "Uncompressed length=%d\n", (int)uclen); 1426 BIO_indent(bio, indent, 80); 1427 if (clen > 0) 1428 BIO_printf(bio, "Compressed length=%d, Ratio=%f:1\n", (int)clen, (float)uclen / (float)clen); 1429 else 1430 BIO_printf(bio, "Compressed length=%d, Ratio=unknown\n", (int)clen); 1431 1432 BIO_dump_indent(bio, (const char *)msg, clen, indent); 1433 1434 #ifndef OPENSSL_NO_COMP_ALG 1435 if (!ossl_comp_has_alg(alg)) 1436 return 0; 1437 1438 /* Check against certificate maximum size (coverity) */ 1439 if (uclen == 0 || uclen > 0xFFFFFF || (ucdata = OPENSSL_malloc(uclen)) == NULL) 1440 return 0; 1441 1442 switch (alg) { 1443 case TLSEXT_comp_cert_zlib: 1444 method = COMP_zlib(); 1445 break; 1446 case TLSEXT_comp_cert_brotli: 1447 method = COMP_brotli_oneshot(); 1448 break; 1449 case TLSEXT_comp_cert_zstd: 1450 method = COMP_zstd_oneshot(); 1451 break; 1452 default: 1453 goto err; 1454 } 1455 1456 if ((comp = COMP_CTX_new(method)) == NULL 1457 || COMP_expand_block(comp, ucdata, uclen, (unsigned char*)msg, clen) != (int)uclen) 1458 goto err; 1459 1460 ret = ssl_print_certificates(bio, sc, server, indent, ucdata, uclen); 1461 err: 1462 COMP_CTX_free(comp); 1463 OPENSSL_free(ucdata); 1464 #endif 1465 return ret; 1466 } 1467 1468 static int ssl_print_cert_request(BIO *bio, int indent, const SSL_CONNECTION *sc, 1469 const unsigned char *msg, size_t msglen) 1470 { 1471 size_t xlen; 1472 unsigned int sigalg; 1473 1474 if (SSL_CONNECTION_IS_TLS13(sc)) { 1475 if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen)) 1476 return 0; 1477 if (!ssl_print_extensions(bio, indent, 1, 1478 SSL3_MT_CERTIFICATE_REQUEST, &msg, &msglen)) 1479 return 0; 1480 return 1; 1481 } else { 1482 if (msglen < 1) 1483 return 0; 1484 xlen = msg[0]; 1485 if (msglen < xlen + 1) 1486 return 0; 1487 msg++; 1488 BIO_indent(bio, indent, 80); 1489 BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen); 1490 if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl)) 1491 return 0; 1492 msg += xlen; 1493 msglen -= xlen + 1; 1494 } 1495 if (SSL_USE_SIGALGS(sc)) { 1496 if (msglen < 2) 1497 return 0; 1498 xlen = (msg[0] << 8) | msg[1]; 1499 if (msglen < xlen + 2 || (xlen & 1)) 1500 return 0; 1501 msg += 2; 1502 msglen -= xlen + 2; 1503 BIO_indent(bio, indent, 80); 1504 BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen); 1505 while (xlen > 0) { 1506 BIO_indent(bio, indent + 2, 80); 1507 sigalg = (msg[0] << 8) | msg[1]; 1508 BIO_printf(bio, "%s (0x%04x)\n", 1509 ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); 1510 xlen -= 2; 1511 msg += 2; 1512 } 1513 msg += xlen; 1514 } 1515 1516 if (msglen < 2) 1517 return 0; 1518 xlen = (msg[0] << 8) | msg[1]; 1519 BIO_indent(bio, indent, 80); 1520 if (msglen < xlen + 2) 1521 return 0; 1522 msg += 2; 1523 msglen -= 2 + xlen; 1524 BIO_printf(bio, "certificate_authorities (len=%d)\n", (int)xlen); 1525 while (xlen > 0) { 1526 size_t dlen; 1527 X509_NAME *nm; 1528 const unsigned char *p; 1529 if (xlen < 2) 1530 return 0; 1531 dlen = (msg[0] << 8) | msg[1]; 1532 if (xlen < dlen + 2) 1533 return 0; 1534 msg += 2; 1535 BIO_indent(bio, indent + 2, 80); 1536 BIO_printf(bio, "DistinguishedName (len=%d): ", (int)dlen); 1537 p = msg; 1538 nm = d2i_X509_NAME(NULL, &p, dlen); 1539 if (!nm) { 1540 BIO_puts(bio, "<UNPARSEABLE DN>\n"); 1541 } else { 1542 X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE); 1543 BIO_puts(bio, "\n"); 1544 X509_NAME_free(nm); 1545 } 1546 xlen -= dlen + 2; 1547 msg += dlen; 1548 } 1549 if (SSL_CONNECTION_IS_TLS13(sc)) { 1550 if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2, 1551 &msg, &msglen)) 1552 return 0; 1553 } 1554 return msglen == 0; 1555 } 1556 1557 static int ssl_print_ticket(BIO *bio, int indent, const SSL_CONNECTION *sc, 1558 const unsigned char *msg, size_t msglen) 1559 { 1560 unsigned int tick_life; 1561 1562 if (msglen == 0) { 1563 BIO_indent(bio, indent + 2, 80); 1564 BIO_puts(bio, "No Ticket\n"); 1565 return 1; 1566 } 1567 if (msglen < 4) 1568 return 0; 1569 tick_life = ((unsigned int)msg[0] << 24) 1570 | ((unsigned int)msg[1] << 16) 1571 | ((unsigned int)msg[2] << 8) 1572 | (unsigned int)msg[3]; 1573 msglen -= 4; 1574 msg += 4; 1575 BIO_indent(bio, indent + 2, 80); 1576 BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life); 1577 if (SSL_CONNECTION_IS_TLS13(sc)) { 1578 unsigned int ticket_age_add; 1579 1580 if (msglen < 4) 1581 return 0; 1582 ticket_age_add = 1583 ((unsigned int)msg[0] << 24) 1584 | ((unsigned int)msg[1] << 16) 1585 | ((unsigned int)msg[2] << 8) 1586 | (unsigned int)msg[3]; 1587 msglen -= 4; 1588 msg += 4; 1589 BIO_indent(bio, indent + 2, 80); 1590 BIO_printf(bio, "ticket_age_add=%u\n", ticket_age_add); 1591 if (!ssl_print_hexbuf(bio, indent + 2, "ticket_nonce", 1, &msg, 1592 &msglen)) 1593 return 0; 1594 } 1595 if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen)) 1596 return 0; 1597 if (SSL_CONNECTION_IS_TLS13(sc) 1598 && !ssl_print_extensions(bio, indent + 2, 0, 1599 SSL3_MT_NEWSESSION_TICKET, &msg, &msglen)) 1600 return 0; 1601 if (msglen) 1602 return 0; 1603 return 1; 1604 } 1605 1606 static int ssl_print_handshake(BIO *bio, const SSL_CONNECTION *sc, int server, 1607 const unsigned char *msg, size_t msglen, 1608 int indent) 1609 { 1610 size_t hlen; 1611 unsigned char htype; 1612 1613 if (msglen < 4) 1614 return 0; 1615 htype = msg[0]; 1616 hlen = (msg[1] << 16) | (msg[2] << 8) | msg[3]; 1617 BIO_indent(bio, indent, 80); 1618 BIO_printf(bio, "%s, Length=%d\n", 1619 ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen); 1620 msg += 4; 1621 msglen -= 4; 1622 if (SSL_CONNECTION_IS_DTLS(sc)) { 1623 if (msglen < 8) 1624 return 0; 1625 BIO_indent(bio, indent, 80); 1626 BIO_printf(bio, "message_seq=%d, fragment_offset=%d, " 1627 "fragment_length=%d\n", 1628 (msg[0] << 8) | msg[1], 1629 (msg[2] << 16) | (msg[3] << 8) | msg[4], 1630 (msg[5] << 16) | (msg[6] << 8) | msg[7]); 1631 msg += 8; 1632 msglen -= 8; 1633 } 1634 if (msglen < hlen) 1635 return 0; 1636 switch (htype) { 1637 case SSL3_MT_CLIENT_HELLO: 1638 if (!ssl_print_client_hello(bio, sc, indent + 2, msg, msglen)) 1639 return 0; 1640 break; 1641 1642 case DTLS1_MT_HELLO_VERIFY_REQUEST: 1643 if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen)) 1644 return 0; 1645 break; 1646 1647 case SSL3_MT_SERVER_HELLO: 1648 if (!ssl_print_server_hello(bio, indent + 2, msg, msglen)) 1649 return 0; 1650 break; 1651 1652 case SSL3_MT_SERVER_KEY_EXCHANGE: 1653 if (!ssl_print_server_keyex(bio, indent + 2, sc, msg, msglen)) 1654 return 0; 1655 break; 1656 1657 case SSL3_MT_CLIENT_KEY_EXCHANGE: 1658 if (!ssl_print_client_keyex(bio, indent + 2, sc, msg, msglen)) 1659 return 0; 1660 break; 1661 1662 case SSL3_MT_CERTIFICATE: 1663 if (!ssl_print_certificates(bio, sc, server, indent + 2, msg, msglen)) 1664 return 0; 1665 break; 1666 1667 case SSL3_MT_COMPRESSED_CERTIFICATE: 1668 if (!ssl_print_compressed_certificates(bio, sc, server, indent + 2, msg, msglen)) 1669 return 0; 1670 break; 1671 1672 case SSL3_MT_CERTIFICATE_VERIFY: 1673 if (!ssl_print_signature(bio, indent + 2, sc, &msg, &msglen)) 1674 return 0; 1675 break; 1676 1677 case SSL3_MT_CERTIFICATE_REQUEST: 1678 if (!ssl_print_cert_request(bio, indent + 2, sc, msg, msglen)) 1679 return 0; 1680 break; 1681 1682 case SSL3_MT_FINISHED: 1683 ssl_print_hex(bio, indent + 2, "verify_data", msg, msglen); 1684 break; 1685 1686 case SSL3_MT_END_OF_EARLY_DATA: 1687 case SSL3_MT_SERVER_DONE: 1688 if (msglen != 0) 1689 ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen); 1690 break; 1691 1692 case SSL3_MT_NEWSESSION_TICKET: 1693 if (!ssl_print_ticket(bio, indent + 2, sc, msg, msglen)) 1694 return 0; 1695 break; 1696 1697 case SSL3_MT_ENCRYPTED_EXTENSIONS: 1698 if (!ssl_print_extensions(bio, indent + 2, 1, 1699 SSL3_MT_ENCRYPTED_EXTENSIONS, &msg, &msglen)) 1700 return 0; 1701 break; 1702 1703 case SSL3_MT_KEY_UPDATE: 1704 if (msglen != 1) { 1705 ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen); 1706 return 0; 1707 } 1708 if (!ssl_trace_list(bio, indent + 2, msg, msglen, 1, 1709 ssl_key_update_tbl)) 1710 return 0; 1711 break; 1712 1713 default: 1714 BIO_indent(bio, indent + 2, 80); 1715 BIO_puts(bio, "Unsupported, hex dump follows:\n"); 1716 BIO_dump_indent(bio, (const char *)msg, msglen, indent + 4); 1717 } 1718 return 1; 1719 } 1720 1721 void SSL_trace(int write_p, int version, int content_type, 1722 const void *buf, size_t msglen, SSL *ssl, void *arg) 1723 { 1724 const unsigned char *msg = buf; 1725 BIO *bio = arg; 1726 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); 1727 #ifndef OPENSSL_NO_QUIC 1728 QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(ssl); 1729 1730 if (qc != NULL) { 1731 if (ossl_quic_trace(write_p, version, content_type, buf, msglen, ssl, 1732 arg)) 1733 return; 1734 /* 1735 * Otherwise ossl_quic_trace didn't handle this content_type so we 1736 * fallback to standard TLS handling 1737 */ 1738 } 1739 #endif 1740 1741 if (sc == NULL) 1742 return; 1743 1744 switch (content_type) { 1745 case SSL3_RT_HEADER: 1746 { 1747 int hvers; 1748 1749 /* avoid overlapping with length at the end of buffer */ 1750 if (msglen < (size_t)(SSL_CONNECTION_IS_DTLS(sc) ? 1751 DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) { 1752 BIO_puts(bio, write_p ? "Sent" : "Received"); 1753 ssl_print_hex(bio, 0, " too short message", msg, msglen); 1754 break; 1755 } 1756 hvers = msg[1] << 8 | msg[2]; 1757 BIO_puts(bio, write_p ? "Sent" : "Received"); 1758 BIO_printf(bio, " TLS Record\nHeader:\n Version = %s (0x%x)\n", 1759 ssl_trace_str(hvers, ssl_version_tbl), hvers); 1760 if (SSL_CONNECTION_IS_DTLS(sc)) { 1761 BIO_printf(bio, 1762 " epoch=%d, sequence_number=%04x%04x%04x\n", 1763 (msg[3] << 8 | msg[4]), 1764 (msg[5] << 8 | msg[6]), 1765 (msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10])); 1766 } 1767 1768 BIO_printf(bio, " Content Type = %s (%d)\n Length = %d", 1769 ssl_trace_str(msg[0], ssl_content_tbl), msg[0], 1770 msg[msglen - 2] << 8 | msg[msglen - 1]); 1771 } 1772 break; 1773 1774 case SSL3_RT_INNER_CONTENT_TYPE: 1775 BIO_printf(bio, " Inner Content Type = %s (%d)", 1776 ssl_trace_str(msg[0], ssl_content_tbl), msg[0]); 1777 break; 1778 1779 case SSL3_RT_HANDSHAKE: 1780 if (!ssl_print_handshake(bio, sc, sc->server ? write_p : !write_p, 1781 msg, msglen, 4)) 1782 BIO_printf(bio, "Message length parse error!\n"); 1783 break; 1784 1785 case SSL3_RT_CHANGE_CIPHER_SPEC: 1786 if (msglen == 1 && msg[0] == 1) 1787 BIO_puts(bio, " change_cipher_spec (1)\n"); 1788 else 1789 ssl_print_hex(bio, 4, "unknown value", msg, msglen); 1790 break; 1791 1792 case SSL3_RT_ALERT: 1793 if (msglen != 2) 1794 BIO_puts(bio, " Illegal Alert Length\n"); 1795 else { 1796 BIO_printf(bio, " Level=%s(%d), description=%s(%d)\n", 1797 SSL_alert_type_string_long(msg[0] << 8), 1798 msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); 1799 } 1800 1801 } 1802 1803 BIO_puts(bio, "\n"); 1804 } 1805 1806 #endif 1807