1 /* 2 * Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "ssl_local.h" 11 12 #ifndef OPENSSL_NO_SSL_TRACE 13 14 /* Packet trace support for OpenSSL */ 15 #include "internal/nelem.h" 16 #include "internal/ssl_unwrap.h" 17 #include "internal/quic_trace.h" 18 19 typedef struct { 20 int num; 21 const char *name; 22 } ssl_trace_tbl; 23 24 # define ssl_trace_str(val, tbl) \ 25 do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl)) 26 27 # define ssl_trace_list(bio, indent, msg, msglen, value, table) \ 28 do_ssl_trace_list(bio, indent, msg, msglen, value, \ 29 table, OSSL_NELEM(table)) 30 31 static const char *do_ssl_trace_str(int val, const ssl_trace_tbl *tbl, 32 size_t ntbl) 33 { 34 size_t i; 35 36 for (i = 0; i < ntbl; i++, tbl++) { 37 if (tbl->num == val) 38 return tbl->name; 39 } 40 return "UNKNOWN"; 41 } 42 43 static int do_ssl_trace_list(BIO *bio, int indent, 44 const unsigned char *msg, size_t msglen, 45 size_t vlen, const ssl_trace_tbl *tbl, size_t ntbl) 46 { 47 int val; 48 49 if (msglen % vlen) 50 return 0; 51 while (msglen) { 52 val = msg[0]; 53 if (vlen == 2) 54 val = (val << 8) | msg[1]; 55 BIO_indent(bio, indent, 80); 56 BIO_printf(bio, "%s (%d)\n", do_ssl_trace_str(val, tbl, ntbl), val); 57 msg += vlen; 58 msglen -= vlen; 59 } 60 return 1; 61 } 62 63 /* Version number */ 64 65 static const ssl_trace_tbl ssl_version_tbl[] = { 66 {SSL3_VERSION, "SSL 3.0"}, 67 {TLS1_VERSION, "TLS 1.0"}, 68 {TLS1_1_VERSION, "TLS 1.1"}, 69 {TLS1_2_VERSION, "TLS 1.2"}, 70 {TLS1_3_VERSION, "TLS 1.3"}, 71 {DTLS1_VERSION, "DTLS 1.0"}, 72 {DTLS1_2_VERSION, "DTLS 1.2"}, 73 {DTLS1_BAD_VER, "DTLS 1.0 (bad)"} 74 }; 75 76 static const ssl_trace_tbl ssl_content_tbl[] = { 77 {SSL3_RT_CHANGE_CIPHER_SPEC, "ChangeCipherSpec"}, 78 {SSL3_RT_ALERT, "Alert"}, 79 {SSL3_RT_HANDSHAKE, "Handshake"}, 80 {SSL3_RT_APPLICATION_DATA, "ApplicationData"}, 81 }; 82 83 /* Handshake types, sorted by ascending id */ 84 static const ssl_trace_tbl ssl_handshake_tbl[] = { 85 {SSL3_MT_HELLO_REQUEST, "HelloRequest"}, 86 {SSL3_MT_CLIENT_HELLO, "ClientHello"}, 87 {SSL3_MT_SERVER_HELLO, "ServerHello"}, 88 {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"}, 89 {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"}, 90 {SSL3_MT_END_OF_EARLY_DATA, "EndOfEarlyData"}, 91 {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"}, 92 {SSL3_MT_CERTIFICATE, "Certificate"}, 93 {SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange"}, 94 {SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest"}, 95 {SSL3_MT_SERVER_DONE, "ServerHelloDone"}, 96 {SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"}, 97 {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, 98 {SSL3_MT_FINISHED, "Finished"}, 99 {SSL3_MT_CERTIFICATE_URL, "CertificateUrl"}, 100 {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}, 101 {SSL3_MT_SUPPLEMENTAL_DATA, "SupplementalData"}, 102 {SSL3_MT_KEY_UPDATE, "KeyUpdate"}, 103 {SSL3_MT_COMPRESSED_CERTIFICATE, "CompressedCertificate"}, 104 # ifndef OPENSSL_NO_NEXTPROTONEG 105 {SSL3_MT_NEXT_PROTO, "NextProto"}, 106 # endif 107 {SSL3_MT_MESSAGE_HASH, "MessageHash"} 108 }; 109 110 /* Cipher suites */ 111 static const ssl_trace_tbl ssl_ciphers_tbl[] = { 112 {0x0000, "TLS_NULL_WITH_NULL_NULL"}, 113 {0x0001, "TLS_RSA_WITH_NULL_MD5"}, 114 {0x0002, "TLS_RSA_WITH_NULL_SHA"}, 115 {0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"}, 116 {0x0004, "TLS_RSA_WITH_RC4_128_MD5"}, 117 {0x0005, "TLS_RSA_WITH_RC4_128_SHA"}, 118 {0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, 119 {0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA"}, 120 {0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"}, 121 {0x0009, "TLS_RSA_WITH_DES_CBC_SHA"}, 122 {0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"}, 123 {0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, 124 {0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA"}, 125 {0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, 126 {0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, 127 {0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA"}, 128 {0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, 129 {0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, 130 {0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA"}, 131 {0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, 132 {0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, 133 {0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA"}, 134 {0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, 135 {0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"}, 136 {0x0018, "TLS_DH_anon_WITH_RC4_128_MD5"}, 137 {0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, 138 {0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"}, 139 {0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"}, 140 {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"}, 141 {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"}, 142 {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"}, 143 {0x0020, "TLS_KRB5_WITH_RC4_128_SHA"}, 144 {0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA"}, 145 {0x0022, "TLS_KRB5_WITH_DES_CBC_MD5"}, 146 {0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"}, 147 {0x0024, "TLS_KRB5_WITH_RC4_128_MD5"}, 148 {0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5"}, 149 {0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"}, 150 {0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"}, 151 {0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"}, 152 {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"}, 153 {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"}, 154 {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"}, 155 {0x002C, "TLS_PSK_WITH_NULL_SHA"}, 156 {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"}, 157 {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"}, 158 {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"}, 159 {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"}, 160 {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"}, 161 {0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"}, 162 {0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"}, 163 {0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA"}, 164 {0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA"}, 165 {0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"}, 166 {0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"}, 167 {0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"}, 168 {0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"}, 169 {0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA"}, 170 {0x003B, "TLS_RSA_WITH_NULL_SHA256"}, 171 {0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256"}, 172 {0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256"}, 173 {0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"}, 174 {0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"}, 175 {0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"}, 176 {0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"}, 177 {0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"}, 178 {0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"}, 179 {0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"}, 180 {0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"}, 181 {0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"}, 182 {0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"}, 183 {0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"}, 184 {0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"}, 185 {0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"}, 186 {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"}, 187 {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"}, 188 {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"}, 189 {0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT"}, 190 {0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411"}, 191 {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"}, 192 {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"}, 193 {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"}, 194 {0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"}, 195 {0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"}, 196 {0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"}, 197 {0x008A, "TLS_PSK_WITH_RC4_128_SHA"}, 198 {0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA"}, 199 {0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA"}, 200 {0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA"}, 201 {0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA"}, 202 {0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"}, 203 {0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"}, 204 {0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"}, 205 {0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA"}, 206 {0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"}, 207 {0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"}, 208 {0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"}, 209 {0x0096, "TLS_RSA_WITH_SEED_CBC_SHA"}, 210 {0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA"}, 211 {0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA"}, 212 {0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA"}, 213 {0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA"}, 214 {0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA"}, 215 {0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256"}, 216 {0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384"}, 217 {0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"}, 218 {0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"}, 219 {0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"}, 220 {0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"}, 221 {0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"}, 222 {0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"}, 223 {0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"}, 224 {0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"}, 225 {0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256"}, 226 {0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384"}, 227 {0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256"}, 228 {0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384"}, 229 {0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"}, 230 {0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"}, 231 {0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"}, 232 {0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"}, 233 {0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256"}, 234 {0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384"}, 235 {0x00B0, "TLS_PSK_WITH_NULL_SHA256"}, 236 {0x00B1, "TLS_PSK_WITH_NULL_SHA384"}, 237 {0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"}, 238 {0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"}, 239 {0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256"}, 240 {0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384"}, 241 {0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"}, 242 {0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"}, 243 {0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256"}, 244 {0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384"}, 245 {0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 246 {0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"}, 247 {0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 248 {0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"}, 249 {0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 250 {0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"}, 251 {0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, 252 {0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"}, 253 {0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, 254 {0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"}, 255 {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, 256 {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"}, 257 {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"}, 258 {0x5600, "TLS_FALLBACK_SCSV"}, 259 {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"}, 260 {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"}, 261 {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"}, 262 {0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"}, 263 {0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"}, 264 {0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"}, 265 {0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}, 266 {0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"}, 267 {0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"}, 268 {0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"}, 269 {0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA"}, 270 {0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA"}, 271 {0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"}, 272 {0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"}, 273 {0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"}, 274 {0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA"}, 275 {0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"}, 276 {0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"}, 277 {0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}, 278 {0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}, 279 {0xC015, "TLS_ECDH_anon_WITH_NULL_SHA"}, 280 {0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA"}, 281 {0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"}, 282 {0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"}, 283 {0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"}, 284 {0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"}, 285 {0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"}, 286 {0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"}, 287 {0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"}, 288 {0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"}, 289 {0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"}, 290 {0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"}, 291 {0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"}, 292 {0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"}, 293 {0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"}, 294 {0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"}, 295 {0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"}, 296 {0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"}, 297 {0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}, 298 {0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"}, 299 {0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"}, 300 {0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"}, 301 {0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}, 302 {0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}, 303 {0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"}, 304 {0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"}, 305 {0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}, 306 {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, 307 {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"}, 308 {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"}, 309 {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"}, 310 {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"}, 311 {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"}, 312 {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"}, 313 {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"}, 314 {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"}, 315 {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"}, 316 {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"}, 317 {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"}, 318 {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"}, 319 {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"}, 320 {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"}, 321 {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"}, 322 {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"}, 323 {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"}, 324 {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"}, 325 {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"}, 326 {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"}, 327 {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"}, 328 {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"}, 329 {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"}, 330 {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"}, 331 {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"}, 332 {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"}, 333 {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"}, 334 {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"}, 335 {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"}, 336 {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"}, 337 {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"}, 338 {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"}, 339 {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"}, 340 {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"}, 341 {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"}, 342 {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"}, 343 {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"}, 344 {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"}, 345 {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"}, 346 {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"}, 347 {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"}, 348 {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"}, 349 {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"}, 350 {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"}, 351 {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"}, 352 {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"}, 353 {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"}, 354 {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"}, 355 {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"}, 356 {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"}, 357 {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"}, 358 {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"}, 359 {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"}, 360 {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"}, 361 {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"}, 362 {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"}, 363 {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"}, 364 {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"}, 365 {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"}, 366 {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"}, 367 {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"}, 368 {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"}, 369 {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"}, 370 {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"}, 371 {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"}, 372 {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, 373 {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, 374 {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, 375 {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, 376 {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 377 {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, 378 {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 379 {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, 380 {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 381 {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 382 {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 383 {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 384 {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 385 {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 386 {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, 387 {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, 388 {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, 389 {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, 390 {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"}, 391 {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"}, 392 {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, 393 {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, 394 {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, 395 {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, 396 {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 397 {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 398 {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 399 {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 400 {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, 401 {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, 402 {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, 403 {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, 404 {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, 405 {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, 406 {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, 407 {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, 408 {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, 409 {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, 410 {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, 411 {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, 412 {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, 413 {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, 414 {0xC09C, "TLS_RSA_WITH_AES_128_CCM"}, 415 {0xC09D, "TLS_RSA_WITH_AES_256_CCM"}, 416 {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"}, 417 {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"}, 418 {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"}, 419 {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"}, 420 {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"}, 421 {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"}, 422 {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"}, 423 {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"}, 424 {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"}, 425 {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"}, 426 {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"}, 427 {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"}, 428 {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"}, 429 {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"}, 430 {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"}, 431 {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"}, 432 {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"}, 433 {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"}, 434 {0xC102, "IANA-GOST2012-GOST8912-GOST8912"}, 435 {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, 436 {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}, 437 {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, 438 {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"}, 439 {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, 440 {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, 441 {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"}, 442 {0x1301, "TLS_AES_128_GCM_SHA256"}, 443 {0x1302, "TLS_AES_256_GCM_SHA384"}, 444 {0x1303, "TLS_CHACHA20_POLY1305_SHA256"}, 445 {0x1304, "TLS_AES_128_CCM_SHA256"}, 446 {0x1305, "TLS_AES_128_CCM_8_SHA256"}, 447 {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, 448 {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, 449 {0xFF85, "LEGACY-GOST2012-GOST8912-GOST8912"}, 450 {0xFF87, "GOST2012-NULL-GOST12"}, 451 {0xC0B4, "TLS_SHA256_SHA256"}, 452 {0xC0B5, "TLS_SHA384_SHA384"}, 453 {0xC100, "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC"}, 454 {0xC101, "GOST2012-MAGMA-MAGMAOMAC"}, 455 {0xC102, "GOST2012-GOST8912-IANA"}, 456 }; 457 458 /* Compression methods */ 459 static const ssl_trace_tbl ssl_comp_tbl[] = { 460 {0x0000, "No Compression"}, 461 {0x0001, "Zlib Compression"} 462 }; 463 464 /* Extensions sorted by ascending id */ 465 static const ssl_trace_tbl ssl_exts_tbl[] = { 466 {TLSEXT_TYPE_server_name, "server_name"}, 467 {TLSEXT_TYPE_max_fragment_length, "max_fragment_length"}, 468 {TLSEXT_TYPE_client_certificate_url, "client_certificate_url"}, 469 {TLSEXT_TYPE_trusted_ca_keys, "trusted_ca_keys"}, 470 {TLSEXT_TYPE_truncated_hmac, "truncated_hmac"}, 471 {TLSEXT_TYPE_status_request, "status_request"}, 472 {TLSEXT_TYPE_user_mapping, "user_mapping"}, 473 {TLSEXT_TYPE_client_authz, "client_authz"}, 474 {TLSEXT_TYPE_server_authz, "server_authz"}, 475 {TLSEXT_TYPE_cert_type, "cert_type"}, 476 {TLSEXT_TYPE_supported_groups, "supported_groups"}, 477 {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"}, 478 {TLSEXT_TYPE_srp, "srp"}, 479 {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"}, 480 {TLSEXT_TYPE_use_srtp, "use_srtp"}, 481 {TLSEXT_TYPE_application_layer_protocol_negotiation, 482 "application_layer_protocol_negotiation"}, 483 {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"}, 484 {TLSEXT_TYPE_client_cert_type, "client_cert_type"}, 485 {TLSEXT_TYPE_server_cert_type, "server_cert_type"}, 486 {TLSEXT_TYPE_padding, "padding"}, 487 {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"}, 488 {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}, 489 {TLSEXT_TYPE_compress_certificate, "compress_certificate"}, 490 {TLSEXT_TYPE_session_ticket, "session_ticket"}, 491 {TLSEXT_TYPE_psk, "psk"}, 492 {TLSEXT_TYPE_early_data, "early_data"}, 493 {TLSEXT_TYPE_supported_versions, "supported_versions"}, 494 {TLSEXT_TYPE_cookie, "cookie_ext"}, 495 {TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes"}, 496 {TLSEXT_TYPE_certificate_authorities, "certificate_authorities"}, 497 {TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth"}, 498 {TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert"}, 499 {TLSEXT_TYPE_key_share, "key_share"}, 500 {TLSEXT_TYPE_renegotiate, "renegotiate"}, 501 # ifndef OPENSSL_NO_NEXTPROTONEG 502 {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"}, 503 # endif 504 }; 505 506 static const ssl_trace_tbl ssl_groups_tbl[] = { 507 {1, "sect163k1 (K-163)"}, 508 {2, "sect163r1"}, 509 {3, "sect163r2 (B-163)"}, 510 {4, "sect193r1"}, 511 {5, "sect193r2"}, 512 {6, "sect233k1 (K-233)"}, 513 {7, "sect233r1 (B-233)"}, 514 {8, "sect239k1"}, 515 {9, "sect283k1 (K-283)"}, 516 {10, "sect283r1 (B-283)"}, 517 {11, "sect409k1 (K-409)"}, 518 {12, "sect409r1 (B-409)"}, 519 {13, "sect571k1 (K-571)"}, 520 {14, "sect571r1 (B-571)"}, 521 {15, "secp160k1"}, 522 {16, "secp160r1"}, 523 {17, "secp160r2"}, 524 {18, "secp192k1"}, 525 {19, "secp192r1 (P-192)"}, 526 {20, "secp224k1"}, 527 {21, "secp224r1 (P-224)"}, 528 {22, "secp256k1"}, 529 {23, "secp256r1 (P-256)"}, 530 {24, "secp384r1 (P-384)"}, 531 {25, "secp521r1 (P-521)"}, 532 {26, "brainpoolP256r1"}, 533 {27, "brainpoolP384r1"}, 534 {28, "brainpoolP512r1"}, 535 {29, "ecdh_x25519"}, 536 {30, "ecdh_x448"}, 537 {31, "brainpoolP256r1tls13"}, 538 {32, "brainpoolP384r1tls13"}, 539 {33, "brainpoolP512r1tls13"}, 540 {34, "GC256A"}, 541 {35, "GC256B"}, 542 {36, "GC256C"}, 543 {37, "GC256D"}, 544 {38, "GC512A"}, 545 {39, "GC512B"}, 546 {40, "GC512C"}, 547 {256, "ffdhe2048"}, 548 {257, "ffdhe3072"}, 549 {258, "ffdhe4096"}, 550 {259, "ffdhe6144"}, 551 {260, "ffdhe8192"}, 552 {512, "MLKEM512"}, 553 {513, "MLKEM768"}, 554 {514, "MLKEM1024"}, 555 {4587, "SecP256r1MLKEM768"}, 556 {4588, "X25519MLKEM768"}, 557 {4589, "SecP384r1MLKEM1024"}, 558 {25497, "X25519Kyber768Draft00"}, 559 {25498, "SecP256r1Kyber768Draft00"}, 560 {0xFF01, "arbitrary_explicit_prime_curves"}, 561 {0xFF02, "arbitrary_explicit_char2_curves"} 562 }; 563 564 static const ssl_trace_tbl ssl_point_tbl[] = { 565 {0, "uncompressed"}, 566 {1, "ansiX962_compressed_prime"}, 567 {2, "ansiX962_compressed_char2"} 568 }; 569 570 static const ssl_trace_tbl ssl_mfl_tbl[] = { 571 {0, "disabled"}, 572 {1, "max_fragment_length := 2^9 (512 bytes)"}, 573 {2, "max_fragment_length := 2^10 (1024 bytes)"}, 574 {3, "max_fragment_length := 2^11 (2048 bytes)"}, 575 {4, "max_fragment_length := 2^12 (4096 bytes)"} 576 }; 577 578 static const ssl_trace_tbl ssl_sigalg_tbl[] = { 579 {TLSEXT_SIGALG_ecdsa_secp256r1_sha256, TLSEXT_SIGALG_ecdsa_secp256r1_sha256_name}, 580 {TLSEXT_SIGALG_ecdsa_secp384r1_sha384, TLSEXT_SIGALG_ecdsa_secp384r1_sha384_name}, 581 {TLSEXT_SIGALG_ecdsa_secp521r1_sha512,TLSEXT_SIGALG_ecdsa_secp521r1_sha512_name}, 582 {TLSEXT_SIGALG_ecdsa_sha224, TLSEXT_SIGALG_ecdsa_sha224_name}, 583 {TLSEXT_SIGALG_ed25519, TLSEXT_SIGALG_ed25519_name}, 584 {TLSEXT_SIGALG_ed448, TLSEXT_SIGALG_ed448_name}, 585 {TLSEXT_SIGALG_ecdsa_sha1, TLSEXT_SIGALG_ecdsa_sha1_name}, 586 {TLSEXT_SIGALG_rsa_pss_rsae_sha256, TLSEXT_SIGALG_rsa_pss_rsae_sha256_name}, 587 {TLSEXT_SIGALG_rsa_pss_rsae_sha384, TLSEXT_SIGALG_rsa_pss_rsae_sha384_name}, 588 {TLSEXT_SIGALG_rsa_pss_rsae_sha512, TLSEXT_SIGALG_rsa_pss_rsae_sha512_name}, 589 {TLSEXT_SIGALG_rsa_pss_pss_sha256, TLSEXT_SIGALG_rsa_pss_pss_sha256_name}, 590 {TLSEXT_SIGALG_rsa_pss_pss_sha384, TLSEXT_SIGALG_rsa_pss_pss_sha384_name}, 591 {TLSEXT_SIGALG_rsa_pss_pss_sha512, TLSEXT_SIGALG_rsa_pss_pss_sha512_name}, 592 {TLSEXT_SIGALG_rsa_pkcs1_sha256, TLSEXT_SIGALG_rsa_pkcs1_sha256_name}, 593 {TLSEXT_SIGALG_rsa_pkcs1_sha384, TLSEXT_SIGALG_rsa_pkcs1_sha384_name}, 594 {TLSEXT_SIGALG_rsa_pkcs1_sha512, TLSEXT_SIGALG_rsa_pkcs1_sha512_name}, 595 {TLSEXT_SIGALG_rsa_pkcs1_sha224, TLSEXT_SIGALG_rsa_pkcs1_sha224_name}, 596 {TLSEXT_SIGALG_rsa_pkcs1_sha1, TLSEXT_SIGALG_rsa_pkcs1_sha1_name}, 597 {TLSEXT_SIGALG_dsa_sha256, TLSEXT_SIGALG_dsa_sha256_name}, 598 {TLSEXT_SIGALG_dsa_sha384, TLSEXT_SIGALG_dsa_sha384_name}, 599 {TLSEXT_SIGALG_dsa_sha512, TLSEXT_SIGALG_dsa_sha512_name}, 600 {TLSEXT_SIGALG_dsa_sha224, TLSEXT_SIGALG_dsa_sha224_name}, 601 {TLSEXT_SIGALG_dsa_sha1, TLSEXT_SIGALG_dsa_sha1_name}, 602 {TLSEXT_SIGALG_gostr34102012_256_intrinsic, TLSEXT_SIGALG_gostr34102012_256_intrinsic_name}, 603 {TLSEXT_SIGALG_gostr34102012_512_intrinsic, TLSEXT_SIGALG_gostr34102012_512_intrinsic_name}, 604 {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256_name}, 605 {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512_name}, 606 {TLSEXT_SIGALG_gostr34102001_gostr3411, TLSEXT_SIGALG_gostr34102001_gostr3411_name}, 607 {TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256, TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256_name}, 608 {TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384, TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384_name}, 609 {TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512, TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512_name}, 610 /* 611 * Well known groups that we happen to know about, but only come from 612 * provider capability declarations (hence no macros for the 613 * codepoints/names) 614 */ 615 {0x0904, "mldsa44"}, 616 {0x0905, "mldsa65"}, 617 {0x0906, "mldsa87"} 618 }; 619 620 static const ssl_trace_tbl ssl_ctype_tbl[] = { 621 {1, "rsa_sign"}, 622 {2, "dss_sign"}, 623 {3, "rsa_fixed_dh"}, 624 {4, "dss_fixed_dh"}, 625 {5, "rsa_ephemeral_dh"}, 626 {6, "dss_ephemeral_dh"}, 627 {20, "fortezza_dms"}, 628 {64, "ecdsa_sign"}, 629 {65, "rsa_fixed_ecdh"}, 630 {66, "ecdsa_fixed_ecdh"}, 631 {67, "gost_sign256"}, 632 {68, "gost_sign512"}, 633 }; 634 635 static const ssl_trace_tbl ssl_psk_kex_modes_tbl[] = { 636 {TLSEXT_KEX_MODE_KE, "psk_ke"}, 637 {TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke"} 638 }; 639 640 static const ssl_trace_tbl ssl_key_update_tbl[] = { 641 {SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested"}, 642 {SSL_KEY_UPDATE_REQUESTED, "update_requested"} 643 }; 644 645 static const ssl_trace_tbl ssl_comp_cert_tbl[] = { 646 {TLSEXT_comp_cert_none, "none"}, 647 {TLSEXT_comp_cert_zlib, "zlib"}, 648 {TLSEXT_comp_cert_brotli, "brotli"}, 649 {TLSEXT_comp_cert_zstd, "zstd"} 650 }; 651 652 /* 653 * "pgp" and "1609dot2" are defined in RFC7250, 654 * although OpenSSL doesn't support them, it can 655 * at least report them in traces 656 */ 657 static const ssl_trace_tbl ssl_cert_type_tbl[] = { 658 {TLSEXT_cert_type_x509, "x509"}, 659 {TLSEXT_cert_type_pgp, "pgp"}, 660 {TLSEXT_cert_type_rpk, "rpk"}, 661 {TLSEXT_cert_type_1609dot2, "1609dot2"} 662 }; 663 664 static void ssl_print_hex(BIO *bio, int indent, const char *name, 665 const unsigned char *msg, size_t msglen) 666 { 667 size_t i; 668 669 BIO_indent(bio, indent, 80); 670 BIO_printf(bio, "%s (len=%d): ", name, (int)msglen); 671 for (i = 0; i < msglen; i++) 672 BIO_printf(bio, "%02X", msg[i]); 673 BIO_puts(bio, "\n"); 674 } 675 676 static int ssl_print_hexbuf(BIO *bio, int indent, const char *name, size_t nlen, 677 const unsigned char **pmsg, size_t *pmsglen) 678 { 679 size_t blen; 680 const unsigned char *p = *pmsg; 681 682 if (*pmsglen < nlen) 683 return 0; 684 blen = p[0]; 685 if (nlen > 1) 686 blen = (blen << 8) | p[1]; 687 if (*pmsglen < nlen + blen) 688 return 0; 689 p += nlen; 690 ssl_print_hex(bio, indent, name, p, blen); 691 *pmsg += blen + nlen; 692 *pmsglen -= blen + nlen; 693 return 1; 694 } 695 696 static int ssl_print_version(BIO *bio, int indent, const char *name, 697 const unsigned char **pmsg, size_t *pmsglen, 698 unsigned int *version) 699 { 700 int vers; 701 702 if (*pmsglen < 2) 703 return 0; 704 vers = ((*pmsg)[0] << 8) | (*pmsg)[1]; 705 if (version != NULL) 706 *version = vers; 707 BIO_indent(bio, indent, 80); 708 BIO_printf(bio, "%s=0x%x (%s)\n", 709 name, vers, ssl_trace_str(vers, ssl_version_tbl)); 710 *pmsg += 2; 711 *pmsglen -= 2; 712 return 1; 713 } 714 715 static int ssl_print_random(BIO *bio, int indent, 716 const unsigned char **pmsg, size_t *pmsglen) 717 { 718 unsigned int tm; 719 const unsigned char *p = *pmsg; 720 721 if (*pmsglen < 32) 722 return 0; 723 tm = ((unsigned int)p[0] << 24) 724 | ((unsigned int)p[1] << 16) 725 | ((unsigned int)p[2] << 8) 726 | (unsigned int)p[3]; 727 p += 4; 728 BIO_indent(bio, indent, 80); 729 BIO_puts(bio, "Random:\n"); 730 BIO_indent(bio, indent + 2, 80); 731 BIO_printf(bio, "gmt_unix_time=0x%08X\n", tm); 732 ssl_print_hex(bio, indent + 2, "random_bytes", p, 28); 733 *pmsg += 32; 734 *pmsglen -= 32; 735 return 1; 736 } 737 738 static int ssl_print_signature(BIO *bio, int indent, const SSL_CONNECTION *sc, 739 const unsigned char **pmsg, size_t *pmsglen) 740 { 741 if (*pmsglen < 2) 742 return 0; 743 if (SSL_USE_SIGALGS(sc)) { 744 const unsigned char *p = *pmsg; 745 unsigned int sigalg = (p[0] << 8) | p[1]; 746 747 BIO_indent(bio, indent, 80); 748 BIO_printf(bio, "Signature Algorithm: %s (0x%04x)\n", 749 ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); 750 *pmsg += 2; 751 *pmsglen -= 2; 752 } 753 return ssl_print_hexbuf(bio, indent, "Signature", 2, pmsg, pmsglen); 754 } 755 756 static int ssl_print_extension(BIO *bio, int indent, int server, 757 unsigned char mt, int extype, 758 const unsigned char *ext, size_t extlen) 759 { 760 size_t xlen, share_len; 761 unsigned int sigalg; 762 uint32_t max_early_data; 763 764 BIO_indent(bio, indent, 80); 765 BIO_printf(bio, "extension_type=%s(%d), length=%d\n", 766 ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen); 767 switch (extype) { 768 case TLSEXT_TYPE_compress_certificate: 769 if (extlen < 1) 770 return 0; 771 xlen = ext[0]; 772 if (extlen != xlen + 1) 773 return 0; 774 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2, ssl_comp_cert_tbl); 775 776 case TLSEXT_TYPE_max_fragment_length: 777 if (extlen < 1) 778 return 0; 779 xlen = extlen; 780 return ssl_trace_list(bio, indent + 2, ext, xlen, 1, ssl_mfl_tbl); 781 782 case TLSEXT_TYPE_ec_point_formats: 783 if (extlen < 1) 784 return 0; 785 xlen = ext[0]; 786 if (extlen != xlen + 1) 787 return 0; 788 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl); 789 790 case TLSEXT_TYPE_supported_groups: 791 if (extlen < 2) 792 return 0; 793 xlen = (ext[0] << 8) | ext[1]; 794 if (extlen != xlen + 2) 795 return 0; 796 return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl); 797 case TLSEXT_TYPE_application_layer_protocol_negotiation: 798 if (extlen < 2) 799 return 0; 800 xlen = (ext[0] << 8) | ext[1]; 801 if (extlen != xlen + 2) 802 return 0; 803 ext += 2; 804 while (xlen > 0) { 805 size_t plen = *ext++; 806 807 if (plen + 1 > xlen) 808 return 0; 809 BIO_indent(bio, indent + 2, 80); 810 BIO_write(bio, ext, plen); 811 BIO_puts(bio, "\n"); 812 ext += plen; 813 xlen -= plen + 1; 814 } 815 return 1; 816 817 case TLSEXT_TYPE_signature_algorithms: 818 819 if (extlen < 2) 820 return 0; 821 xlen = (ext[0] << 8) | ext[1]; 822 if (extlen != xlen + 2) 823 return 0; 824 if (xlen & 1) 825 return 0; 826 ext += 2; 827 while (xlen > 0) { 828 BIO_indent(bio, indent + 2, 80); 829 sigalg = (ext[0] << 8) | ext[1]; 830 BIO_printf(bio, "%s (0x%04x)\n", 831 ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); 832 xlen -= 2; 833 ext += 2; 834 } 835 break; 836 837 case TLSEXT_TYPE_renegotiate: 838 if (extlen < 1) 839 return 0; 840 xlen = ext[0]; 841 if (xlen + 1 != extlen) 842 return 0; 843 ext++; 844 if (xlen) { 845 if (server) { 846 if (xlen & 1) 847 return 0; 848 xlen >>= 1; 849 } 850 ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen); 851 if (server) { 852 ext += xlen; 853 ssl_print_hex(bio, indent + 4, "server_verify_data", ext, xlen); 854 } 855 } else { 856 BIO_indent(bio, indent + 4, 80); 857 BIO_puts(bio, "<EMPTY>\n"); 858 } 859 break; 860 861 case TLSEXT_TYPE_session_ticket: 862 if (extlen != 0) 863 ssl_print_hex(bio, indent + 4, "ticket", ext, extlen); 864 break; 865 866 case TLSEXT_TYPE_key_share: 867 if (server && extlen == 2) { 868 int group_id; 869 870 /* We assume this is an HRR, otherwise this is an invalid key_share */ 871 group_id = (ext[0] << 8) | ext[1]; 872 BIO_indent(bio, indent + 4, 80); 873 BIO_printf(bio, "NamedGroup: %s (%d)\n", 874 ssl_trace_str(group_id, ssl_groups_tbl), group_id); 875 break; 876 } 877 if (extlen < 2) 878 return 0; 879 if (server) { 880 xlen = extlen; 881 } else { 882 xlen = (ext[0] << 8) | ext[1]; 883 if (extlen != xlen + 2) 884 return 0; 885 ext += 2; 886 } 887 for (; xlen > 0; ext += share_len, xlen -= share_len) { 888 int group_id; 889 890 if (xlen < 4) 891 return 0; 892 group_id = (ext[0] << 8) | ext[1]; 893 share_len = (ext[2] << 8) | ext[3]; 894 ext += 4; 895 xlen -= 4; 896 if (xlen < share_len) 897 return 0; 898 BIO_indent(bio, indent + 4, 80); 899 BIO_printf(bio, "NamedGroup: %s (%d)\n", 900 ssl_trace_str(group_id, ssl_groups_tbl), group_id); 901 ssl_print_hex(bio, indent + 4, "key_exchange: ", ext, share_len); 902 } 903 break; 904 905 case TLSEXT_TYPE_supported_versions: 906 if (server) { 907 int version; 908 909 if (extlen != 2) 910 return 0; 911 version = (ext[0] << 8) | ext[1]; 912 BIO_indent(bio, indent + 4, 80); 913 BIO_printf(bio, "%s (%d)\n", 914 ssl_trace_str(version, ssl_version_tbl), version); 915 break; 916 } 917 if (extlen < 1) 918 return 0; 919 xlen = ext[0]; 920 if (extlen != xlen + 1) 921 return 0; 922 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2, 923 ssl_version_tbl); 924 925 case TLSEXT_TYPE_psk_kex_modes: 926 if (extlen < 1) 927 return 0; 928 xlen = ext[0]; 929 if (extlen != xlen + 1) 930 return 0; 931 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, 932 ssl_psk_kex_modes_tbl); 933 934 case TLSEXT_TYPE_early_data: 935 if (mt != SSL3_MT_NEWSESSION_TICKET) 936 break; 937 if (extlen != 4) 938 return 0; 939 max_early_data = ((unsigned int)ext[0] << 24) 940 | ((unsigned int)ext[1] << 16) 941 | ((unsigned int)ext[2] << 8) 942 | (unsigned int)ext[3]; 943 BIO_indent(bio, indent + 2, 80); 944 BIO_printf(bio, "max_early_data=%u\n", (unsigned int)max_early_data); 945 break; 946 947 case TLSEXT_TYPE_server_cert_type: 948 case TLSEXT_TYPE_client_cert_type: 949 if (server) { 950 if (extlen != 1) 951 return 0; 952 return ssl_trace_list(bio, indent + 2, ext, 1, 1, ssl_cert_type_tbl); 953 } 954 if (extlen < 1) 955 return 0; 956 xlen = ext[0]; 957 if (extlen != xlen + 1) 958 return 0; 959 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_cert_type_tbl); 960 961 default: 962 BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2); 963 } 964 return 1; 965 } 966 967 static int ssl_print_extensions(BIO *bio, int indent, int server, 968 unsigned char mt, const unsigned char **msgin, 969 size_t *msginlen) 970 { 971 size_t extslen, msglen = *msginlen; 972 const unsigned char *msg = *msgin; 973 974 BIO_indent(bio, indent, 80); 975 if (msglen == 0) { 976 BIO_puts(bio, "No extensions\n"); 977 return 1; 978 } 979 if (msglen < 2) 980 return 0; 981 extslen = (msg[0] << 8) | msg[1]; 982 msglen -= 2; 983 msg += 2; 984 if (extslen == 0) { 985 BIO_puts(bio, "No extensions\n"); 986 *msgin = msg; 987 *msginlen = msglen; 988 return 1; 989 } 990 if (extslen > msglen) 991 return 0; 992 BIO_printf(bio, "extensions, length = %d\n", (int)extslen); 993 msglen -= extslen; 994 while (extslen > 0) { 995 int extype; 996 size_t extlen; 997 if (extslen < 4) 998 return 0; 999 extype = (msg[0] << 8) | msg[1]; 1000 extlen = (msg[2] << 8) | msg[3]; 1001 if (extslen < extlen + 4) { 1002 BIO_printf(bio, "extensions, extype = %d, extlen = %d\n", extype, 1003 (int)extlen); 1004 BIO_dump_indent(bio, (const char *)msg, extslen, indent + 2); 1005 return 0; 1006 } 1007 msg += 4; 1008 if (!ssl_print_extension(bio, indent + 2, server, mt, extype, msg, 1009 extlen)) 1010 return 0; 1011 msg += extlen; 1012 extslen -= extlen + 4; 1013 } 1014 1015 *msgin = msg; 1016 *msginlen = msglen; 1017 return 1; 1018 } 1019 1020 static int ssl_print_client_hello(BIO *bio, const SSL_CONNECTION *sc, int indent, 1021 const unsigned char *msg, size_t msglen) 1022 { 1023 size_t len; 1024 unsigned int cs; 1025 1026 if (!ssl_print_version(bio, indent, "client_version", &msg, &msglen, NULL)) 1027 return 0; 1028 if (!ssl_print_random(bio, indent, &msg, &msglen)) 1029 return 0; 1030 if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) 1031 return 0; 1032 if (SSL_CONNECTION_IS_DTLS(sc)) { 1033 if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) 1034 return 0; 1035 } 1036 if (msglen < 2) 1037 return 0; 1038 len = (msg[0] << 8) | msg[1]; 1039 msg += 2; 1040 msglen -= 2; 1041 BIO_indent(bio, indent, 80); 1042 BIO_printf(bio, "cipher_suites (len=%d)\n", (int)len); 1043 if (msglen < len || len & 1) 1044 return 0; 1045 while (len > 0) { 1046 cs = (msg[0] << 8) | msg[1]; 1047 BIO_indent(bio, indent + 2, 80); 1048 BIO_printf(bio, "{0x%02X, 0x%02X} %s\n", 1049 msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); 1050 msg += 2; 1051 msglen -= 2; 1052 len -= 2; 1053 } 1054 if (msglen < 1) 1055 return 0; 1056 len = msg[0]; 1057 msg++; 1058 msglen--; 1059 if (msglen < len) 1060 return 0; 1061 BIO_indent(bio, indent, 80); 1062 BIO_printf(bio, "compression_methods (len=%d)\n", (int)len); 1063 while (len > 0) { 1064 BIO_indent(bio, indent + 2, 80); 1065 BIO_printf(bio, "%s (0x%02X)\n", 1066 ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); 1067 msg++; 1068 msglen--; 1069 len--; 1070 } 1071 if (!ssl_print_extensions(bio, indent, 0, SSL3_MT_CLIENT_HELLO, &msg, 1072 &msglen)) 1073 return 0; 1074 return 1; 1075 } 1076 1077 static int dtls_print_hello_vfyrequest(BIO *bio, int indent, 1078 const unsigned char *msg, size_t msglen) 1079 { 1080 if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, NULL)) 1081 return 0; 1082 if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) 1083 return 0; 1084 return 1; 1085 } 1086 1087 static int ssl_print_server_hello(BIO *bio, int indent, 1088 const unsigned char *msg, size_t msglen) 1089 { 1090 unsigned int cs; 1091 unsigned int vers; 1092 1093 if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, &vers)) 1094 return 0; 1095 if (!ssl_print_random(bio, indent, &msg, &msglen)) 1096 return 0; 1097 if (vers != TLS1_3_VERSION 1098 && !ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) 1099 return 0; 1100 if (msglen < 2) 1101 return 0; 1102 cs = (msg[0] << 8) | msg[1]; 1103 BIO_indent(bio, indent, 80); 1104 BIO_printf(bio, "cipher_suite {0x%02X, 0x%02X} %s\n", 1105 msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); 1106 msg += 2; 1107 msglen -= 2; 1108 if (vers != TLS1_3_VERSION) { 1109 if (msglen < 1) 1110 return 0; 1111 BIO_indent(bio, indent, 80); 1112 BIO_printf(bio, "compression_method: %s (0x%02X)\n", 1113 ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); 1114 msg++; 1115 msglen--; 1116 } 1117 if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_SERVER_HELLO, &msg, 1118 &msglen)) 1119 return 0; 1120 return 1; 1121 } 1122 1123 static int ssl_get_keyex(const char **pname, const SSL_CONNECTION *sc) 1124 { 1125 unsigned long alg_k = sc->s3.tmp.new_cipher->algorithm_mkey; 1126 1127 if (alg_k & SSL_kRSA) { 1128 *pname = "rsa"; 1129 return SSL_kRSA; 1130 } 1131 if (alg_k & SSL_kDHE) { 1132 *pname = "DHE"; 1133 return SSL_kDHE; 1134 } 1135 if (alg_k & SSL_kECDHE) { 1136 *pname = "ECDHE"; 1137 return SSL_kECDHE; 1138 } 1139 if (alg_k & SSL_kPSK) { 1140 *pname = "PSK"; 1141 return SSL_kPSK; 1142 } 1143 if (alg_k & SSL_kRSAPSK) { 1144 *pname = "RSAPSK"; 1145 return SSL_kRSAPSK; 1146 } 1147 if (alg_k & SSL_kDHEPSK) { 1148 *pname = "DHEPSK"; 1149 return SSL_kDHEPSK; 1150 } 1151 if (alg_k & SSL_kECDHEPSK) { 1152 *pname = "ECDHEPSK"; 1153 return SSL_kECDHEPSK; 1154 } 1155 if (alg_k & SSL_kSRP) { 1156 *pname = "SRP"; 1157 return SSL_kSRP; 1158 } 1159 if (alg_k & SSL_kGOST) { 1160 *pname = "GOST"; 1161 return SSL_kGOST; 1162 } 1163 if (alg_k & SSL_kGOST18) { 1164 *pname = "GOST18"; 1165 return SSL_kGOST18; 1166 } 1167 *pname = "UNKNOWN"; 1168 return 0; 1169 } 1170 1171 static int ssl_print_client_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc, 1172 const unsigned char *msg, size_t msglen) 1173 { 1174 const char *algname; 1175 int id = ssl_get_keyex(&algname, sc); 1176 1177 BIO_indent(bio, indent, 80); 1178 BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); 1179 if (id & SSL_PSK) { 1180 if (!ssl_print_hexbuf(bio, indent + 2, 1181 "psk_identity", 2, &msg, &msglen)) 1182 return 0; 1183 } 1184 switch (id) { 1185 1186 case SSL_kRSA: 1187 case SSL_kRSAPSK: 1188 if (TLS1_get_version(SSL_CONNECTION_GET_SSL(sc)) == SSL3_VERSION) { 1189 ssl_print_hex(bio, indent + 2, 1190 "EncryptedPreMasterSecret", msg, msglen); 1191 } else { 1192 if (!ssl_print_hexbuf(bio, indent + 2, 1193 "EncryptedPreMasterSecret", 2, &msg, &msglen)) 1194 return 0; 1195 } 1196 break; 1197 1198 case SSL_kDHE: 1199 case SSL_kDHEPSK: 1200 if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2, &msg, &msglen)) 1201 return 0; 1202 break; 1203 1204 case SSL_kECDHE: 1205 case SSL_kECDHEPSK: 1206 if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, &msg, &msglen)) 1207 return 0; 1208 break; 1209 case SSL_kGOST: 1210 ssl_print_hex(bio, indent + 2, "GostKeyTransportBlob", msg, msglen); 1211 msglen = 0; 1212 break; 1213 case SSL_kGOST18: 1214 ssl_print_hex(bio, indent + 2, 1215 "GOST-wrapped PreMasterSecret", msg, msglen); 1216 msglen = 0; 1217 break; 1218 } 1219 1220 return !msglen; 1221 } 1222 1223 static int ssl_print_server_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc, 1224 const unsigned char *msg, size_t msglen) 1225 { 1226 const char *algname; 1227 int id = ssl_get_keyex(&algname, sc); 1228 1229 BIO_indent(bio, indent, 80); 1230 BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); 1231 if (id & SSL_PSK) { 1232 if (!ssl_print_hexbuf(bio, indent + 2, 1233 "psk_identity_hint", 2, &msg, &msglen)) 1234 return 0; 1235 } 1236 switch (id) { 1237 case SSL_kRSA: 1238 1239 if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, &msg, &msglen)) 1240 return 0; 1241 if (!ssl_print_hexbuf(bio, indent + 2, "rsa_exponent", 2, 1242 &msg, &msglen)) 1243 return 0; 1244 break; 1245 1246 case SSL_kDHE: 1247 case SSL_kDHEPSK: 1248 if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2, &msg, &msglen)) 1249 return 0; 1250 if (!ssl_print_hexbuf(bio, indent + 2, "dh_g", 2, &msg, &msglen)) 1251 return 0; 1252 if (!ssl_print_hexbuf(bio, indent + 2, "dh_Ys", 2, &msg, &msglen)) 1253 return 0; 1254 break; 1255 1256 case SSL_kECDHE: 1257 case SSL_kECDHEPSK: 1258 if (msglen < 1) 1259 return 0; 1260 BIO_indent(bio, indent + 2, 80); 1261 if (msg[0] == EXPLICIT_PRIME_CURVE_TYPE) 1262 BIO_puts(bio, "explicit_prime\n"); 1263 else if (msg[0] == EXPLICIT_CHAR2_CURVE_TYPE) 1264 BIO_puts(bio, "explicit_char2\n"); 1265 else if (msg[0] == NAMED_CURVE_TYPE) { 1266 int curve; 1267 if (msglen < 3) 1268 return 0; 1269 curve = (msg[1] << 8) | msg[2]; 1270 BIO_printf(bio, "named_curve: %s (%d)\n", 1271 ssl_trace_str(curve, ssl_groups_tbl), curve); 1272 msg += 3; 1273 msglen -= 3; 1274 if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen)) 1275 return 0; 1276 } else { 1277 BIO_printf(bio, "UNKNOWN CURVE PARAMETER TYPE %d\n", msg[0]); 1278 return 0; 1279 } 1280 break; 1281 1282 case SSL_kPSK: 1283 case SSL_kRSAPSK: 1284 break; 1285 } 1286 if (!(id & SSL_PSK)) 1287 ssl_print_signature(bio, indent, sc, &msg, &msglen); 1288 return !msglen; 1289 } 1290 1291 static int ssl_print_certificate(BIO *bio, const SSL_CONNECTION *sc, int indent, 1292 const unsigned char **pmsg, size_t *pmsglen) 1293 { 1294 size_t msglen = *pmsglen; 1295 size_t clen; 1296 X509 *x; 1297 const unsigned char *p = *pmsg, *q; 1298 SSL_CTX *ctx = SSL_CONNECTION_GET_CTX(sc); 1299 1300 if (msglen < 3) 1301 return 0; 1302 clen = (p[0] << 16) | (p[1] << 8) | p[2]; 1303 if (msglen < clen + 3) 1304 return 0; 1305 q = p + 3; 1306 BIO_indent(bio, indent, 80); 1307 BIO_printf(bio, "ASN.1Cert, length=%d", (int)clen); 1308 x = X509_new_ex(ctx->libctx, ctx->propq); 1309 if (x != NULL && d2i_X509(&x, &q, clen) == NULL) { 1310 X509_free(x); 1311 x = NULL; 1312 } 1313 if (x == NULL) 1314 BIO_puts(bio, "<UNPARSEABLE CERTIFICATE>\n"); 1315 else { 1316 BIO_puts(bio, "\n------details-----\n"); 1317 X509_print_ex(bio, x, XN_FLAG_ONELINE, 0); 1318 PEM_write_bio_X509(bio, x); 1319 /* Print certificate stuff */ 1320 BIO_puts(bio, "------------------\n"); 1321 X509_free(x); 1322 } 1323 if (q != p + 3 + clen) { 1324 BIO_puts(bio, "<TRAILING GARBAGE AFTER CERTIFICATE>\n"); 1325 } 1326 *pmsg += clen + 3; 1327 *pmsglen -= clen + 3; 1328 return 1; 1329 } 1330 1331 static int ssl_print_raw_public_key(BIO *bio, const SSL *ssl, int server, 1332 int indent, const unsigned char **pmsg, 1333 size_t *pmsglen) 1334 { 1335 EVP_PKEY *pkey; 1336 size_t clen; 1337 const unsigned char *msg = *pmsg; 1338 size_t msglen = *pmsglen; 1339 1340 if (msglen < 3) 1341 return 0; 1342 clen = (msg[0] << 16) | (msg[1] << 8) | msg[2]; 1343 if (msglen < clen + 3) 1344 return 0; 1345 1346 msg += 3; 1347 1348 BIO_indent(bio, indent, 80); 1349 BIO_printf(bio, "raw_public_key, length=%d\n", (int)clen); 1350 1351 pkey = d2i_PUBKEY_ex(NULL, &msg, clen, ssl->ctx->libctx, ssl->ctx->propq); 1352 if (pkey == NULL) 1353 return 0; 1354 EVP_PKEY_print_public(bio, pkey, indent + 2, NULL); 1355 EVP_PKEY_free(pkey); 1356 *pmsg += clen + 3; 1357 *pmsglen -= clen + 3; 1358 return 1; 1359 } 1360 1361 static int ssl_print_certificates(BIO *bio, const SSL_CONNECTION *sc, int server, 1362 int indent, const unsigned char *msg, 1363 size_t msglen) 1364 { 1365 size_t clen; 1366 1367 if (SSL_CONNECTION_IS_TLS13(sc) 1368 && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen)) 1369 return 0; 1370 1371 if (msglen < 3) 1372 return 0; 1373 clen = (msg[0] << 16) | (msg[1] << 8) | msg[2]; 1374 if (msglen != clen + 3) 1375 return 0; 1376 msg += 3; 1377 if ((server && sc->ext.server_cert_type == TLSEXT_cert_type_rpk) 1378 || (!server && sc->ext.client_cert_type == TLSEXT_cert_type_rpk)) { 1379 if (!ssl_print_raw_public_key(bio, &sc->ssl, server, indent, &msg, &clen)) 1380 return 0; 1381 if (SSL_CONNECTION_IS_TLS13(sc) 1382 && !ssl_print_extensions(bio, indent + 2, server, 1383 SSL3_MT_CERTIFICATE, &msg, &clen)) 1384 return 0; 1385 return 1; 1386 } 1387 BIO_indent(bio, indent, 80); 1388 BIO_printf(bio, "certificate_list, length=%d\n", (int)clen); 1389 while (clen > 0) { 1390 if (!ssl_print_certificate(bio, sc, indent + 2, &msg, &clen)) 1391 return 0; 1392 if (SSL_CONNECTION_IS_TLS13(sc) 1393 && !ssl_print_extensions(bio, indent + 2, server, 1394 SSL3_MT_CERTIFICATE, &msg, &clen)) 1395 return 0; 1396 1397 } 1398 return 1; 1399 } 1400 1401 static int ssl_print_compressed_certificates(BIO *bio, const SSL_CONNECTION *sc, 1402 int server, int indent, 1403 const unsigned char *msg, 1404 size_t msglen) 1405 { 1406 size_t uclen; 1407 size_t clen; 1408 unsigned int alg; 1409 int ret = 1; 1410 #ifndef OPENSSL_NO_COMP_ALG 1411 COMP_METHOD *method; 1412 COMP_CTX *comp = NULL; 1413 unsigned char* ucdata = NULL; 1414 #endif 1415 1416 if (msglen < 8) 1417 return 0; 1418 1419 alg = (msg[0] << 8) | msg[1]; 1420 uclen = (msg[2] << 16) | (msg[3] << 8) | msg[4]; 1421 clen = (msg[5] << 16) | (msg[6] << 8) | msg[7]; 1422 if (msglen != clen + 8) 1423 return 0; 1424 1425 msg += 8; 1426 BIO_indent(bio, indent, 80); 1427 BIO_printf(bio, "Compression type=%s (0x%04x)\n", ssl_trace_str(alg, ssl_comp_cert_tbl), alg); 1428 BIO_indent(bio, indent, 80); 1429 BIO_printf(bio, "Uncompressed length=%d\n", (int)uclen); 1430 BIO_indent(bio, indent, 80); 1431 if (clen > 0) 1432 BIO_printf(bio, "Compressed length=%d, Ratio=%f:1\n", (int)clen, (float)uclen / (float)clen); 1433 else 1434 BIO_printf(bio, "Compressed length=%d, Ratio=unknown\n", (int)clen); 1435 1436 BIO_dump_indent(bio, (const char *)msg, clen, indent); 1437 1438 #ifndef OPENSSL_NO_COMP_ALG 1439 if (!ossl_comp_has_alg(alg)) 1440 return 0; 1441 1442 /* Check against certificate maximum size (coverity) */ 1443 if (uclen == 0 || uclen > 0xFFFFFF || (ucdata = OPENSSL_malloc(uclen)) == NULL) 1444 return 0; 1445 1446 switch (alg) { 1447 case TLSEXT_comp_cert_zlib: 1448 method = COMP_zlib(); 1449 break; 1450 case TLSEXT_comp_cert_brotli: 1451 method = COMP_brotli_oneshot(); 1452 break; 1453 case TLSEXT_comp_cert_zstd: 1454 method = COMP_zstd_oneshot(); 1455 break; 1456 default: 1457 goto err; 1458 } 1459 1460 if ((comp = COMP_CTX_new(method)) == NULL 1461 || COMP_expand_block(comp, ucdata, uclen, (unsigned char*)msg, clen) != (int)uclen) 1462 goto err; 1463 1464 ret = ssl_print_certificates(bio, sc, server, indent, ucdata, uclen); 1465 err: 1466 COMP_CTX_free(comp); 1467 OPENSSL_free(ucdata); 1468 #endif 1469 return ret; 1470 } 1471 1472 static int ssl_print_cert_request(BIO *bio, int indent, const SSL_CONNECTION *sc, 1473 const unsigned char *msg, size_t msglen) 1474 { 1475 size_t xlen; 1476 unsigned int sigalg; 1477 1478 if (SSL_CONNECTION_IS_TLS13(sc)) { 1479 if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen)) 1480 return 0; 1481 if (!ssl_print_extensions(bio, indent, 1, 1482 SSL3_MT_CERTIFICATE_REQUEST, &msg, &msglen)) 1483 return 0; 1484 return 1; 1485 } else { 1486 if (msglen < 1) 1487 return 0; 1488 xlen = msg[0]; 1489 if (msglen < xlen + 1) 1490 return 0; 1491 msg++; 1492 BIO_indent(bio, indent, 80); 1493 BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen); 1494 if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl)) 1495 return 0; 1496 msg += xlen; 1497 msglen -= xlen + 1; 1498 } 1499 if (SSL_USE_SIGALGS(sc)) { 1500 if (msglen < 2) 1501 return 0; 1502 xlen = (msg[0] << 8) | msg[1]; 1503 if (msglen < xlen + 2 || (xlen & 1)) 1504 return 0; 1505 msg += 2; 1506 msglen -= xlen + 2; 1507 BIO_indent(bio, indent, 80); 1508 BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen); 1509 while (xlen > 0) { 1510 BIO_indent(bio, indent + 2, 80); 1511 sigalg = (msg[0] << 8) | msg[1]; 1512 BIO_printf(bio, "%s (0x%04x)\n", 1513 ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); 1514 xlen -= 2; 1515 msg += 2; 1516 } 1517 msg += xlen; 1518 } 1519 1520 if (msglen < 2) 1521 return 0; 1522 xlen = (msg[0] << 8) | msg[1]; 1523 BIO_indent(bio, indent, 80); 1524 if (msglen < xlen + 2) 1525 return 0; 1526 msg += 2; 1527 msglen -= 2 + xlen; 1528 BIO_printf(bio, "certificate_authorities (len=%d)\n", (int)xlen); 1529 while (xlen > 0) { 1530 size_t dlen; 1531 X509_NAME *nm; 1532 const unsigned char *p; 1533 if (xlen < 2) 1534 return 0; 1535 dlen = (msg[0] << 8) | msg[1]; 1536 if (xlen < dlen + 2) 1537 return 0; 1538 msg += 2; 1539 BIO_indent(bio, indent + 2, 80); 1540 BIO_printf(bio, "DistinguishedName (len=%d): ", (int)dlen); 1541 p = msg; 1542 nm = d2i_X509_NAME(NULL, &p, dlen); 1543 if (!nm) { 1544 BIO_puts(bio, "<UNPARSEABLE DN>\n"); 1545 } else { 1546 X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE); 1547 BIO_puts(bio, "\n"); 1548 X509_NAME_free(nm); 1549 } 1550 xlen -= dlen + 2; 1551 msg += dlen; 1552 } 1553 if (SSL_CONNECTION_IS_TLS13(sc)) { 1554 if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2, 1555 &msg, &msglen)) 1556 return 0; 1557 } 1558 return msglen == 0; 1559 } 1560 1561 static int ssl_print_ticket(BIO *bio, int indent, const SSL_CONNECTION *sc, 1562 const unsigned char *msg, size_t msglen) 1563 { 1564 unsigned int tick_life; 1565 1566 if (msglen == 0) { 1567 BIO_indent(bio, indent + 2, 80); 1568 BIO_puts(bio, "No Ticket\n"); 1569 return 1; 1570 } 1571 if (msglen < 4) 1572 return 0; 1573 tick_life = ((unsigned int)msg[0] << 24) 1574 | ((unsigned int)msg[1] << 16) 1575 | ((unsigned int)msg[2] << 8) 1576 | (unsigned int)msg[3]; 1577 msglen -= 4; 1578 msg += 4; 1579 BIO_indent(bio, indent + 2, 80); 1580 BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life); 1581 if (SSL_CONNECTION_IS_TLS13(sc)) { 1582 unsigned int ticket_age_add; 1583 1584 if (msglen < 4) 1585 return 0; 1586 ticket_age_add = 1587 ((unsigned int)msg[0] << 24) 1588 | ((unsigned int)msg[1] << 16) 1589 | ((unsigned int)msg[2] << 8) 1590 | (unsigned int)msg[3]; 1591 msglen -= 4; 1592 msg += 4; 1593 BIO_indent(bio, indent + 2, 80); 1594 BIO_printf(bio, "ticket_age_add=%u\n", ticket_age_add); 1595 if (!ssl_print_hexbuf(bio, indent + 2, "ticket_nonce", 1, &msg, 1596 &msglen)) 1597 return 0; 1598 } 1599 if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen)) 1600 return 0; 1601 if (SSL_CONNECTION_IS_TLS13(sc) 1602 && !ssl_print_extensions(bio, indent + 2, 0, 1603 SSL3_MT_NEWSESSION_TICKET, &msg, &msglen)) 1604 return 0; 1605 if (msglen) 1606 return 0; 1607 return 1; 1608 } 1609 1610 static int ssl_print_handshake(BIO *bio, const SSL_CONNECTION *sc, int server, 1611 const unsigned char *msg, size_t msglen, 1612 int indent) 1613 { 1614 size_t hlen; 1615 unsigned char htype; 1616 1617 if (msglen < 4) 1618 return 0; 1619 htype = msg[0]; 1620 hlen = (msg[1] << 16) | (msg[2] << 8) | msg[3]; 1621 BIO_indent(bio, indent, 80); 1622 BIO_printf(bio, "%s, Length=%d\n", 1623 ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen); 1624 msg += 4; 1625 msglen -= 4; 1626 if (SSL_CONNECTION_IS_DTLS(sc)) { 1627 if (msglen < 8) 1628 return 0; 1629 BIO_indent(bio, indent, 80); 1630 BIO_printf(bio, "message_seq=%d, fragment_offset=%d, " 1631 "fragment_length=%d\n", 1632 (msg[0] << 8) | msg[1], 1633 (msg[2] << 16) | (msg[3] << 8) | msg[4], 1634 (msg[5] << 16) | (msg[6] << 8) | msg[7]); 1635 msg += 8; 1636 msglen -= 8; 1637 } 1638 if (msglen < hlen) 1639 return 0; 1640 switch (htype) { 1641 case SSL3_MT_CLIENT_HELLO: 1642 if (!ssl_print_client_hello(bio, sc, indent + 2, msg, msglen)) 1643 return 0; 1644 break; 1645 1646 case DTLS1_MT_HELLO_VERIFY_REQUEST: 1647 if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen)) 1648 return 0; 1649 break; 1650 1651 case SSL3_MT_SERVER_HELLO: 1652 if (!ssl_print_server_hello(bio, indent + 2, msg, msglen)) 1653 return 0; 1654 break; 1655 1656 case SSL3_MT_SERVER_KEY_EXCHANGE: 1657 if (!ssl_print_server_keyex(bio, indent + 2, sc, msg, msglen)) 1658 return 0; 1659 break; 1660 1661 case SSL3_MT_CLIENT_KEY_EXCHANGE: 1662 if (!ssl_print_client_keyex(bio, indent + 2, sc, msg, msglen)) 1663 return 0; 1664 break; 1665 1666 case SSL3_MT_CERTIFICATE: 1667 if (!ssl_print_certificates(bio, sc, server, indent + 2, msg, msglen)) 1668 return 0; 1669 break; 1670 1671 case SSL3_MT_COMPRESSED_CERTIFICATE: 1672 if (!ssl_print_compressed_certificates(bio, sc, server, indent + 2, msg, msglen)) 1673 return 0; 1674 break; 1675 1676 case SSL3_MT_CERTIFICATE_VERIFY: 1677 if (!ssl_print_signature(bio, indent + 2, sc, &msg, &msglen)) 1678 return 0; 1679 break; 1680 1681 case SSL3_MT_CERTIFICATE_REQUEST: 1682 if (!ssl_print_cert_request(bio, indent + 2, sc, msg, msglen)) 1683 return 0; 1684 break; 1685 1686 case SSL3_MT_FINISHED: 1687 ssl_print_hex(bio, indent + 2, "verify_data", msg, msglen); 1688 break; 1689 1690 case SSL3_MT_END_OF_EARLY_DATA: 1691 case SSL3_MT_SERVER_DONE: 1692 if (msglen != 0) 1693 ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen); 1694 break; 1695 1696 case SSL3_MT_NEWSESSION_TICKET: 1697 if (!ssl_print_ticket(bio, indent + 2, sc, msg, msglen)) 1698 return 0; 1699 break; 1700 1701 case SSL3_MT_ENCRYPTED_EXTENSIONS: 1702 if (!ssl_print_extensions(bio, indent + 2, 1, 1703 SSL3_MT_ENCRYPTED_EXTENSIONS, &msg, &msglen)) 1704 return 0; 1705 break; 1706 1707 case SSL3_MT_KEY_UPDATE: 1708 if (msglen != 1) { 1709 ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen); 1710 return 0; 1711 } 1712 if (!ssl_trace_list(bio, indent + 2, msg, msglen, 1, 1713 ssl_key_update_tbl)) 1714 return 0; 1715 break; 1716 1717 default: 1718 BIO_indent(bio, indent + 2, 80); 1719 BIO_puts(bio, "Unsupported, hex dump follows:\n"); 1720 BIO_dump_indent(bio, (const char *)msg, msglen, indent + 4); 1721 } 1722 return 1; 1723 } 1724 1725 void SSL_trace(int write_p, int version, int content_type, 1726 const void *buf, size_t msglen, SSL *ssl, void *arg) 1727 { 1728 const unsigned char *msg = buf; 1729 BIO *bio = arg; 1730 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); 1731 #ifndef OPENSSL_NO_QUIC 1732 QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(ssl); 1733 1734 if (qc != NULL) { 1735 if (ossl_quic_trace(write_p, version, content_type, buf, msglen, ssl, 1736 arg)) 1737 return; 1738 /* 1739 * Otherwise ossl_quic_trace didn't handle this content_type so we 1740 * fallback to standard TLS handling 1741 */ 1742 } 1743 #endif 1744 1745 if (sc == NULL) 1746 return; 1747 1748 switch (content_type) { 1749 case SSL3_RT_HEADER: 1750 { 1751 int hvers; 1752 1753 /* avoid overlapping with length at the end of buffer */ 1754 if (msglen < (size_t)(SSL_CONNECTION_IS_DTLS(sc) ? 1755 DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) { 1756 BIO_puts(bio, write_p ? "Sent" : "Received"); 1757 ssl_print_hex(bio, 0, " too short message", msg, msglen); 1758 break; 1759 } 1760 hvers = msg[1] << 8 | msg[2]; 1761 BIO_puts(bio, write_p ? "Sent" : "Received"); 1762 BIO_printf(bio, " TLS Record\nHeader:\n Version = %s (0x%x)\n", 1763 ssl_trace_str(hvers, ssl_version_tbl), hvers); 1764 if (SSL_CONNECTION_IS_DTLS(sc)) { 1765 BIO_printf(bio, 1766 " epoch=%d, sequence_number=%04x%04x%04x\n", 1767 (msg[3] << 8 | msg[4]), 1768 (msg[5] << 8 | msg[6]), 1769 (msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10])); 1770 } 1771 1772 BIO_printf(bio, " Content Type = %s (%d)\n Length = %d", 1773 ssl_trace_str(msg[0], ssl_content_tbl), msg[0], 1774 msg[msglen - 2] << 8 | msg[msglen - 1]); 1775 } 1776 break; 1777 1778 case SSL3_RT_INNER_CONTENT_TYPE: 1779 BIO_printf(bio, " Inner Content Type = %s (%d)", 1780 ssl_trace_str(msg[0], ssl_content_tbl), msg[0]); 1781 break; 1782 1783 case SSL3_RT_HANDSHAKE: 1784 if (!ssl_print_handshake(bio, sc, sc->server ? write_p : !write_p, 1785 msg, msglen, 4)) 1786 BIO_printf(bio, "Message length parse error!\n"); 1787 break; 1788 1789 case SSL3_RT_CHANGE_CIPHER_SPEC: 1790 if (msglen == 1 && msg[0] == 1) 1791 BIO_puts(bio, " change_cipher_spec (1)\n"); 1792 else 1793 ssl_print_hex(bio, 4, "unknown value", msg, msglen); 1794 break; 1795 1796 case SSL3_RT_ALERT: 1797 if (msglen != 2) 1798 BIO_puts(bio, " Illegal Alert Length\n"); 1799 else { 1800 BIO_printf(bio, " Level=%s(%d), description=%s(%d)\n", 1801 SSL_alert_type_string_long(msg[0] << 8), 1802 msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); 1803 } 1804 1805 } 1806 1807 BIO_puts(bio, "\n"); 1808 } 1809 1810 #endif 1811