1 /* 2 * Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "ssl_local.h" 11 12 #ifndef OPENSSL_NO_SSL_TRACE 13 14 /* Packet trace support for OpenSSL */ 15 #include "internal/nelem.h" 16 #include "internal/ssl_unwrap.h" 17 #include "internal/quic_trace.h" 18 19 typedef struct { 20 int num; 21 const char *name; 22 } ssl_trace_tbl; 23 24 #define ssl_trace_str(val, tbl) \ 25 do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl)) 26 27 #define ssl_trace_list(bio, indent, msg, msglen, value, table) \ 28 do_ssl_trace_list(bio, indent, msg, msglen, value, \ 29 table, OSSL_NELEM(table)) 30 31 static const char *do_ssl_trace_str(int val, const ssl_trace_tbl *tbl, 32 size_t ntbl) 33 { 34 size_t i; 35 36 for (i = 0; i < ntbl; i++, tbl++) { 37 if (tbl->num == val) 38 return tbl->name; 39 } 40 return "UNKNOWN"; 41 } 42 43 static int do_ssl_trace_list(BIO *bio, int indent, 44 const unsigned char *msg, size_t msglen, 45 size_t vlen, const ssl_trace_tbl *tbl, size_t ntbl) 46 { 47 int val; 48 49 if (msglen % vlen) 50 return 0; 51 while (msglen) { 52 val = msg[0]; 53 if (vlen == 2) 54 val = (val << 8) | msg[1]; 55 BIO_indent(bio, indent, 80); 56 BIO_printf(bio, "%s (%d)\n", do_ssl_trace_str(val, tbl, ntbl), val); 57 msg += vlen; 58 msglen -= vlen; 59 } 60 return 1; 61 } 62 63 /* Version number */ 64 65 static const ssl_trace_tbl ssl_version_tbl[] = { 66 { SSL3_VERSION, "SSL 3.0" }, 67 { TLS1_VERSION, "TLS 1.0" }, 68 { TLS1_1_VERSION, "TLS 1.1" }, 69 { TLS1_2_VERSION, "TLS 1.2" }, 70 { TLS1_3_VERSION, "TLS 1.3" }, 71 { DTLS1_VERSION, "DTLS 1.0" }, 72 { DTLS1_2_VERSION, "DTLS 1.2" }, 73 { DTLS1_BAD_VER, "DTLS 1.0 (bad)" } 74 }; 75 76 static const ssl_trace_tbl ssl_content_tbl[] = { 77 { SSL3_RT_CHANGE_CIPHER_SPEC, "ChangeCipherSpec" }, 78 { SSL3_RT_ALERT, "Alert" }, 79 { SSL3_RT_HANDSHAKE, "Handshake" }, 80 { SSL3_RT_APPLICATION_DATA, "ApplicationData" }, 81 }; 82 83 /* Handshake types, sorted by ascending id */ 84 static const ssl_trace_tbl ssl_handshake_tbl[] = { 85 { SSL3_MT_HELLO_REQUEST, "HelloRequest" }, 86 { SSL3_MT_CLIENT_HELLO, "ClientHello" }, 87 { SSL3_MT_SERVER_HELLO, "ServerHello" }, 88 { DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest" }, 89 { SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket" }, 90 { SSL3_MT_END_OF_EARLY_DATA, "EndOfEarlyData" }, 91 { SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions" }, 92 { SSL3_MT_CERTIFICATE, "Certificate" }, 93 { SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange" }, 94 { SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest" }, 95 { SSL3_MT_SERVER_DONE, "ServerHelloDone" }, 96 { SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify" }, 97 { SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange" }, 98 { SSL3_MT_FINISHED, "Finished" }, 99 { SSL3_MT_CERTIFICATE_URL, "CertificateUrl" }, 100 { SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus" }, 101 { SSL3_MT_SUPPLEMENTAL_DATA, "SupplementalData" }, 102 { SSL3_MT_KEY_UPDATE, "KeyUpdate" }, 103 { SSL3_MT_COMPRESSED_CERTIFICATE, "CompressedCertificate" }, 104 #ifndef OPENSSL_NO_NEXTPROTONEG 105 { SSL3_MT_NEXT_PROTO, "NextProto" }, 106 #endif 107 { SSL3_MT_MESSAGE_HASH, "MessageHash" } 108 }; 109 110 /* Cipher suites */ 111 static const ssl_trace_tbl ssl_ciphers_tbl[] = { 112 { 0x0000, "TLS_NULL_WITH_NULL_NULL" }, 113 { 0x0001, "TLS_RSA_WITH_NULL_MD5" }, 114 { 0x0002, "TLS_RSA_WITH_NULL_SHA" }, 115 { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, 116 { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" }, 117 { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" }, 118 { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, 119 { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, 120 { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, 121 { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" }, 122 { 0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, 123 { 0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, 124 { 0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, 125 { 0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, 126 { 0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, 127 { 0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, 128 { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, 129 { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, 130 { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, 131 { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, 132 { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, 133 { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, 134 { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, 135 { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, 136 { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" }, 137 { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, 138 { 0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA" }, 139 { 0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, 140 { 0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, 141 { 0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, 142 { 0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" }, 143 { 0x0020, "TLS_KRB5_WITH_RC4_128_SHA" }, 144 { 0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA" }, 145 { 0x0022, "TLS_KRB5_WITH_DES_CBC_MD5" }, 146 { 0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" }, 147 { 0x0024, "TLS_KRB5_WITH_RC4_128_MD5" }, 148 { 0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5" }, 149 { 0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" }, 150 { 0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" }, 151 { 0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" }, 152 { 0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" }, 153 { 0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" }, 154 { 0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" }, 155 { 0x002C, "TLS_PSK_WITH_NULL_SHA" }, 156 { 0x002D, "TLS_DHE_PSK_WITH_NULL_SHA" }, 157 { 0x002E, "TLS_RSA_PSK_WITH_NULL_SHA" }, 158 { 0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA" }, 159 { 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, 160 { 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, 161 { 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, 162 { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, 163 { 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, 164 { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, 165 { 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, 166 { 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, 167 { 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, 168 { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, 169 { 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, 170 { 0x003B, "TLS_RSA_WITH_NULL_SHA256" }, 171 { 0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" }, 172 { 0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" }, 173 { 0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" }, 174 { 0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" }, 175 { 0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" }, 176 { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, 177 { 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, 178 { 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, 179 { 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, 180 { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, 181 { 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, 182 { 0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }, 183 { 0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" }, 184 { 0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" }, 185 { 0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" }, 186 { 0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" }, 187 { 0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" }, 188 { 0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" }, 189 { 0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT" }, 190 { 0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411" }, 191 { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, 192 { 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, 193 { 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, 194 { 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, 195 { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, 196 { 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, 197 { 0x008A, "TLS_PSK_WITH_RC4_128_SHA" }, 198 { 0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" }, 199 { 0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA" }, 200 { 0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA" }, 201 { 0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" }, 202 { 0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" }, 203 { 0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" }, 204 { 0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" }, 205 { 0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA" }, 206 { 0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" }, 207 { 0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" }, 208 { 0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" }, 209 { 0x0096, "TLS_RSA_WITH_SEED_CBC_SHA" }, 210 { 0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" }, 211 { 0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" }, 212 { 0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" }, 213 { 0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" }, 214 { 0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" }, 215 { 0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" }, 216 { 0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" }, 217 { 0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" }, 218 { 0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" }, 219 { 0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" }, 220 { 0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" }, 221 { 0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" }, 222 { 0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" }, 223 { 0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" }, 224 { 0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" }, 225 { 0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" }, 226 { 0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" }, 227 { 0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" }, 228 { 0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" }, 229 { 0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" }, 230 { 0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" }, 231 { 0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" }, 232 { 0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" }, 233 { 0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" }, 234 { 0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" }, 235 { 0x00B0, "TLS_PSK_WITH_NULL_SHA256" }, 236 { 0x00B1, "TLS_PSK_WITH_NULL_SHA384" }, 237 { 0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" }, 238 { 0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" }, 239 { 0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256" }, 240 { 0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384" }, 241 { 0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" }, 242 { 0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" }, 243 { 0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256" }, 244 { 0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384" }, 245 { 0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, 246 { 0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, 247 { 0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, 248 { 0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, 249 { 0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, 250 { 0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" }, 251 { 0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, 252 { 0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, 253 { 0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, 254 { 0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, 255 { 0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, 256 { 0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" }, 257 { 0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }, 258 { 0x5600, "TLS_FALLBACK_SCSV" }, 259 { 0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, 260 { 0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, 261 { 0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, 262 { 0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, 263 { 0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, 264 { 0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" }, 265 { 0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" }, 266 { 0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" }, 267 { 0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" }, 268 { 0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" }, 269 { 0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA" }, 270 { 0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA" }, 271 { 0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" }, 272 { 0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" }, 273 { 0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" }, 274 { 0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA" }, 275 { 0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" }, 276 { 0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" }, 277 { 0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" }, 278 { 0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" }, 279 { 0xC015, "TLS_ECDH_anon_WITH_NULL_SHA" }, 280 { 0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA" }, 281 { 0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" }, 282 { 0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" }, 283 { 0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" }, 284 { 0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" }, 285 { 0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" }, 286 { 0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" }, 287 { 0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" }, 288 { 0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" }, 289 { 0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" }, 290 { 0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" }, 291 { 0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" }, 292 { 0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" }, 293 { 0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" }, 294 { 0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" }, 295 { 0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" }, 296 { 0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" }, 297 { 0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, 298 { 0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" }, 299 { 0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" }, 300 { 0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" }, 301 { 0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, 302 { 0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, 303 { 0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" }, 304 { 0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" }, 305 { 0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }, 306 { 0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" }, 307 { 0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" }, 308 { 0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" }, 309 { 0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" }, 310 { 0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" }, 311 { 0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" }, 312 { 0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" }, 313 { 0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" }, 314 { 0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" }, 315 { 0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA" }, 316 { 0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" }, 317 { 0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" }, 318 { 0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256" }, 319 { 0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384" }, 320 { 0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" }, 321 { 0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" }, 322 { 0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" }, 323 { 0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" }, 324 { 0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" }, 325 { 0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" }, 326 { 0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" }, 327 { 0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" }, 328 { 0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256" }, 329 { 0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384" }, 330 { 0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" }, 331 { 0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" }, 332 { 0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" }, 333 { 0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" }, 334 { 0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" }, 335 { 0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" }, 336 { 0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" }, 337 { 0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" }, 338 { 0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256" }, 339 { 0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384" }, 340 { 0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" }, 341 { 0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" }, 342 { 0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" }, 343 { 0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" }, 344 { 0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" }, 345 { 0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" }, 346 { 0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" }, 347 { 0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" }, 348 { 0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" }, 349 { 0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" }, 350 { 0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" }, 351 { 0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" }, 352 { 0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" }, 353 { 0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" }, 354 { 0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" }, 355 { 0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" }, 356 { 0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" }, 357 { 0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" }, 358 { 0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256" }, 359 { 0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384" }, 360 { 0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" }, 361 { 0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" }, 362 { 0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" }, 363 { 0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" }, 364 { 0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256" }, 365 { 0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384" }, 366 { 0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" }, 367 { 0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" }, 368 { 0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" }, 369 { 0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" }, 370 { 0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" }, 371 { 0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" }, 372 { 0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, 373 { 0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, 374 { 0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, 375 { 0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, 376 { 0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, 377 { 0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, 378 { 0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, 379 { 0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, 380 { 0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, 381 { 0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, 382 { 0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, 383 { 0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, 384 { 0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, 385 { 0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, 386 { 0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, 387 { 0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, 388 { 0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, 389 { 0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, 390 { 0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256" }, 391 { 0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" }, 392 { 0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, 393 { 0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, 394 { 0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, 395 { 0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, 396 { 0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, 397 { 0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, 398 { 0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, 399 { 0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, 400 { 0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, 401 { 0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, 402 { 0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, 403 { 0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, 404 { 0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, 405 { 0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, 406 { 0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, 407 { 0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, 408 { 0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, 409 { 0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, 410 { 0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, 411 { 0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, 412 { 0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, 413 { 0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, 414 { 0xC09C, "TLS_RSA_WITH_AES_128_CCM" }, 415 { 0xC09D, "TLS_RSA_WITH_AES_256_CCM" }, 416 { 0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM" }, 417 { 0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM" }, 418 { 0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8" }, 419 { 0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8" }, 420 { 0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8" }, 421 { 0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8" }, 422 { 0xC0A4, "TLS_PSK_WITH_AES_128_CCM" }, 423 { 0xC0A5, "TLS_PSK_WITH_AES_256_CCM" }, 424 { 0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM" }, 425 { 0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM" }, 426 { 0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8" }, 427 { 0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8" }, 428 { 0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8" }, 429 { 0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8" }, 430 { 0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" }, 431 { 0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" }, 432 { 0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" }, 433 { 0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" }, 434 { 0xC102, "IANA-GOST2012-GOST8912-GOST8912" }, 435 { 0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, 436 { 0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, 437 { 0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, 438 { 0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" }, 439 { 0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, 440 { 0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, 441 { 0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" }, 442 { 0x1301, "TLS_AES_128_GCM_SHA256" }, 443 { 0x1302, "TLS_AES_256_GCM_SHA384" }, 444 { 0x1303, "TLS_CHACHA20_POLY1305_SHA256" }, 445 { 0x1304, "TLS_AES_128_CCM_SHA256" }, 446 { 0x1305, "TLS_AES_128_CCM_8_SHA256" }, 447 { 0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA" }, 448 { 0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, 449 { 0xFF85, "LEGACY-GOST2012-GOST8912-GOST8912" }, 450 { 0xFF87, "GOST2012-NULL-GOST12" }, 451 { 0xC0B4, "TLS_SHA256_SHA256" }, 452 { 0xC0B5, "TLS_SHA384_SHA384" }, 453 { 0xC100, "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC" }, 454 { 0xC101, "GOST2012-MAGMA-MAGMAOMAC" }, 455 { 0xC102, "GOST2012-GOST8912-IANA" }, 456 }; 457 458 /* Compression methods */ 459 static const ssl_trace_tbl ssl_comp_tbl[] = { 460 { 0x0000, "No Compression" }, 461 { 0x0001, "Zlib Compression" } 462 }; 463 464 /* Extensions sorted by ascending id */ 465 static const ssl_trace_tbl ssl_exts_tbl[] = { 466 { TLSEXT_TYPE_server_name, "server_name" }, 467 { TLSEXT_TYPE_max_fragment_length, "max_fragment_length" }, 468 { TLSEXT_TYPE_client_certificate_url, "client_certificate_url" }, 469 { TLSEXT_TYPE_trusted_ca_keys, "trusted_ca_keys" }, 470 { TLSEXT_TYPE_truncated_hmac, "truncated_hmac" }, 471 { TLSEXT_TYPE_status_request, "status_request" }, 472 { TLSEXT_TYPE_user_mapping, "user_mapping" }, 473 { TLSEXT_TYPE_client_authz, "client_authz" }, 474 { TLSEXT_TYPE_server_authz, "server_authz" }, 475 { TLSEXT_TYPE_cert_type, "cert_type" }, 476 { TLSEXT_TYPE_supported_groups, "supported_groups" }, 477 { TLSEXT_TYPE_ec_point_formats, "ec_point_formats" }, 478 { TLSEXT_TYPE_srp, "srp" }, 479 { TLSEXT_TYPE_signature_algorithms, "signature_algorithms" }, 480 { TLSEXT_TYPE_use_srtp, "use_srtp" }, 481 { TLSEXT_TYPE_application_layer_protocol_negotiation, 482 "application_layer_protocol_negotiation" }, 483 { TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps" }, 484 { TLSEXT_TYPE_client_cert_type, "client_cert_type" }, 485 { TLSEXT_TYPE_server_cert_type, "server_cert_type" }, 486 { TLSEXT_TYPE_padding, "padding" }, 487 { TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac" }, 488 { TLSEXT_TYPE_extended_master_secret, "extended_master_secret" }, 489 { TLSEXT_TYPE_compress_certificate, "compress_certificate" }, 490 { TLSEXT_TYPE_session_ticket, "session_ticket" }, 491 { TLSEXT_TYPE_psk, "psk" }, 492 { TLSEXT_TYPE_early_data, "early_data" }, 493 { TLSEXT_TYPE_supported_versions, "supported_versions" }, 494 { TLSEXT_TYPE_cookie, "cookie_ext" }, 495 { TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes" }, 496 { TLSEXT_TYPE_certificate_authorities, "certificate_authorities" }, 497 { TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth" }, 498 { TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert" }, 499 { TLSEXT_TYPE_key_share, "key_share" }, 500 { TLSEXT_TYPE_renegotiate, "renegotiate" }, 501 #ifndef OPENSSL_NO_NEXTPROTONEG 502 { TLSEXT_TYPE_next_proto_neg, "next_proto_neg" }, 503 #endif 504 }; 505 506 static const ssl_trace_tbl ssl_groups_tbl[] = { 507 { 1, "sect163k1 (K-163)" }, 508 { 2, "sect163r1" }, 509 { 3, "sect163r2 (B-163)" }, 510 { 4, "sect193r1" }, 511 { 5, "sect193r2" }, 512 { 6, "sect233k1 (K-233)" }, 513 { 7, "sect233r1 (B-233)" }, 514 { 8, "sect239k1" }, 515 { 9, "sect283k1 (K-283)" }, 516 { 10, "sect283r1 (B-283)" }, 517 { 11, "sect409k1 (K-409)" }, 518 { 12, "sect409r1 (B-409)" }, 519 { 13, "sect571k1 (K-571)" }, 520 { 14, "sect571r1 (B-571)" }, 521 { 15, "secp160k1" }, 522 { 16, "secp160r1" }, 523 { 17, "secp160r2" }, 524 { 18, "secp192k1" }, 525 { 19, "secp192r1 (P-192)" }, 526 { 20, "secp224k1" }, 527 { 21, "secp224r1 (P-224)" }, 528 { 22, "secp256k1" }, 529 { 23, "secp256r1 (P-256)" }, 530 { 24, "secp384r1 (P-384)" }, 531 { 25, "secp521r1 (P-521)" }, 532 { 26, "brainpoolP256r1" }, 533 { 27, "brainpoolP384r1" }, 534 { 28, "brainpoolP512r1" }, 535 { 29, "ecdh_x25519" }, 536 { 30, "ecdh_x448" }, 537 { 31, "brainpoolP256r1tls13" }, 538 { 32, "brainpoolP384r1tls13" }, 539 { 33, "brainpoolP512r1tls13" }, 540 { 34, "GC256A" }, 541 { 35, "GC256B" }, 542 { 36, "GC256C" }, 543 { 37, "GC256D" }, 544 { 38, "GC512A" }, 545 { 39, "GC512B" }, 546 { 40, "GC512C" }, 547 { 256, "ffdhe2048" }, 548 { 257, "ffdhe3072" }, 549 { 258, "ffdhe4096" }, 550 { 259, "ffdhe6144" }, 551 { 260, "ffdhe8192" }, 552 { 512, "MLKEM512" }, 553 { 513, "MLKEM768" }, 554 { 514, "MLKEM1024" }, 555 { 4587, "SecP256r1MLKEM768" }, 556 { 4588, "X25519MLKEM768" }, 557 { 4589, "SecP384r1MLKEM1024" }, 558 { 25497, "X25519Kyber768Draft00" }, 559 { 25498, "SecP256r1Kyber768Draft00" }, 560 { 0xFF01, "arbitrary_explicit_prime_curves" }, 561 { 0xFF02, "arbitrary_explicit_char2_curves" } 562 }; 563 564 static const ssl_trace_tbl ssl_point_tbl[] = { 565 { 0, "uncompressed" }, 566 { 1, "ansiX962_compressed_prime" }, 567 { 2, "ansiX962_compressed_char2" } 568 }; 569 570 static const ssl_trace_tbl ssl_mfl_tbl[] = { 571 { 0, "disabled" }, 572 { 1, "max_fragment_length := 2^9 (512 bytes)" }, 573 { 2, "max_fragment_length := 2^10 (1024 bytes)" }, 574 { 3, "max_fragment_length := 2^11 (2048 bytes)" }, 575 { 4, "max_fragment_length := 2^12 (4096 bytes)" } 576 }; 577 578 static const ssl_trace_tbl ssl_sigalg_tbl[] = { 579 { TLSEXT_SIGALG_ecdsa_secp256r1_sha256, TLSEXT_SIGALG_ecdsa_secp256r1_sha256_name }, 580 { TLSEXT_SIGALG_ecdsa_secp384r1_sha384, TLSEXT_SIGALG_ecdsa_secp384r1_sha384_name }, 581 { TLSEXT_SIGALG_ecdsa_secp521r1_sha512, TLSEXT_SIGALG_ecdsa_secp521r1_sha512_name }, 582 { TLSEXT_SIGALG_ecdsa_sha224, TLSEXT_SIGALG_ecdsa_sha224_name }, 583 { TLSEXT_SIGALG_ed25519, TLSEXT_SIGALG_ed25519_name }, 584 { TLSEXT_SIGALG_ed448, TLSEXT_SIGALG_ed448_name }, 585 { TLSEXT_SIGALG_ecdsa_sha1, TLSEXT_SIGALG_ecdsa_sha1_name }, 586 { TLSEXT_SIGALG_rsa_pss_rsae_sha256, TLSEXT_SIGALG_rsa_pss_rsae_sha256_name }, 587 { TLSEXT_SIGALG_rsa_pss_rsae_sha384, TLSEXT_SIGALG_rsa_pss_rsae_sha384_name }, 588 { TLSEXT_SIGALG_rsa_pss_rsae_sha512, TLSEXT_SIGALG_rsa_pss_rsae_sha512_name }, 589 { TLSEXT_SIGALG_rsa_pss_pss_sha256, TLSEXT_SIGALG_rsa_pss_pss_sha256_name }, 590 { TLSEXT_SIGALG_rsa_pss_pss_sha384, TLSEXT_SIGALG_rsa_pss_pss_sha384_name }, 591 { TLSEXT_SIGALG_rsa_pss_pss_sha512, TLSEXT_SIGALG_rsa_pss_pss_sha512_name }, 592 { TLSEXT_SIGALG_rsa_pkcs1_sha256, TLSEXT_SIGALG_rsa_pkcs1_sha256_name }, 593 { TLSEXT_SIGALG_rsa_pkcs1_sha384, TLSEXT_SIGALG_rsa_pkcs1_sha384_name }, 594 { TLSEXT_SIGALG_rsa_pkcs1_sha512, TLSEXT_SIGALG_rsa_pkcs1_sha512_name }, 595 { TLSEXT_SIGALG_rsa_pkcs1_sha224, TLSEXT_SIGALG_rsa_pkcs1_sha224_name }, 596 { TLSEXT_SIGALG_rsa_pkcs1_sha1, TLSEXT_SIGALG_rsa_pkcs1_sha1_name }, 597 { TLSEXT_SIGALG_dsa_sha256, TLSEXT_SIGALG_dsa_sha256_name }, 598 { TLSEXT_SIGALG_dsa_sha384, TLSEXT_SIGALG_dsa_sha384_name }, 599 { TLSEXT_SIGALG_dsa_sha512, TLSEXT_SIGALG_dsa_sha512_name }, 600 { TLSEXT_SIGALG_dsa_sha224, TLSEXT_SIGALG_dsa_sha224_name }, 601 { TLSEXT_SIGALG_dsa_sha1, TLSEXT_SIGALG_dsa_sha1_name }, 602 { TLSEXT_SIGALG_gostr34102012_256_intrinsic, TLSEXT_SIGALG_gostr34102012_256_intrinsic_name }, 603 { TLSEXT_SIGALG_gostr34102012_512_intrinsic, TLSEXT_SIGALG_gostr34102012_512_intrinsic_name }, 604 { TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256_name }, 605 { TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512_name }, 606 { TLSEXT_SIGALG_gostr34102001_gostr3411, TLSEXT_SIGALG_gostr34102001_gostr3411_name }, 607 { TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256, TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256_name }, 608 { TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384, TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384_name }, 609 { TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512, TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512_name }, 610 /* 611 * Well known groups that we happen to know about, but only come from 612 * provider capability declarations (hence no macros for the 613 * codepoints/names) 614 */ 615 { 0x0904, "mldsa44" }, 616 { 0x0905, "mldsa65" }, 617 { 0x0906, "mldsa87" } 618 }; 619 620 static const ssl_trace_tbl ssl_ctype_tbl[] = { 621 { 1, "rsa_sign" }, 622 { 2, "dss_sign" }, 623 { 3, "rsa_fixed_dh" }, 624 { 4, "dss_fixed_dh" }, 625 { 5, "rsa_ephemeral_dh" }, 626 { 6, "dss_ephemeral_dh" }, 627 { 20, "fortezza_dms" }, 628 { 64, "ecdsa_sign" }, 629 { 65, "rsa_fixed_ecdh" }, 630 { 66, "ecdsa_fixed_ecdh" }, 631 { 67, "gost_sign256" }, 632 { 68, "gost_sign512" }, 633 }; 634 635 static const ssl_trace_tbl ssl_psk_kex_modes_tbl[] = { 636 { TLSEXT_KEX_MODE_KE, "psk_ke" }, 637 { TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke" } 638 }; 639 640 static const ssl_trace_tbl ssl_key_update_tbl[] = { 641 { SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested" }, 642 { SSL_KEY_UPDATE_REQUESTED, "update_requested" } 643 }; 644 645 static const ssl_trace_tbl ssl_comp_cert_tbl[] = { 646 { TLSEXT_comp_cert_none, "none" }, 647 { TLSEXT_comp_cert_zlib, "zlib" }, 648 { TLSEXT_comp_cert_brotli, "brotli" }, 649 { TLSEXT_comp_cert_zstd, "zstd" } 650 }; 651 652 /* 653 * "pgp" and "1609dot2" are defined in RFC7250, 654 * although OpenSSL doesn't support them, it can 655 * at least report them in traces 656 */ 657 static const ssl_trace_tbl ssl_cert_type_tbl[] = { 658 { TLSEXT_cert_type_x509, "x509" }, 659 { TLSEXT_cert_type_pgp, "pgp" }, 660 { TLSEXT_cert_type_rpk, "rpk" }, 661 { TLSEXT_cert_type_1609dot2, "1609dot2" } 662 }; 663 664 static void ssl_print_hex(BIO *bio, int indent, const char *name, 665 const unsigned char *msg, size_t msglen) 666 { 667 size_t i; 668 669 BIO_indent(bio, indent, 80); 670 BIO_printf(bio, "%s (len=%d): ", name, (int)msglen); 671 for (i = 0; i < msglen; i++) 672 BIO_printf(bio, "%02X", msg[i]); 673 BIO_puts(bio, "\n"); 674 } 675 676 static int ssl_print_hexbuf(BIO *bio, int indent, const char *name, size_t nlen, 677 const unsigned char **pmsg, size_t *pmsglen) 678 { 679 size_t blen; 680 const unsigned char *p = *pmsg; 681 682 if (*pmsglen < nlen) 683 return 0; 684 blen = p[0]; 685 if (nlen > 1) 686 blen = (blen << 8) | p[1]; 687 if (*pmsglen < nlen + blen) 688 return 0; 689 p += nlen; 690 ssl_print_hex(bio, indent, name, p, blen); 691 *pmsg += blen + nlen; 692 *pmsglen -= blen + nlen; 693 return 1; 694 } 695 696 static int ssl_print_version(BIO *bio, int indent, const char *name, 697 const unsigned char **pmsg, size_t *pmsglen, 698 unsigned int *version) 699 { 700 int vers; 701 702 if (*pmsglen < 2) 703 return 0; 704 vers = ((*pmsg)[0] << 8) | (*pmsg)[1]; 705 if (version != NULL) 706 *version = vers; 707 BIO_indent(bio, indent, 80); 708 BIO_printf(bio, "%s=0x%x (%s)\n", 709 name, vers, ssl_trace_str(vers, ssl_version_tbl)); 710 *pmsg += 2; 711 *pmsglen -= 2; 712 return 1; 713 } 714 715 static int ssl_print_random(BIO *bio, int indent, 716 const unsigned char **pmsg, size_t *pmsglen) 717 { 718 unsigned int tm; 719 const unsigned char *p = *pmsg; 720 721 if (*pmsglen < 32) 722 return 0; 723 tm = ((unsigned int)p[0] << 24) 724 | ((unsigned int)p[1] << 16) 725 | ((unsigned int)p[2] << 8) 726 | (unsigned int)p[3]; 727 p += 4; 728 BIO_indent(bio, indent, 80); 729 BIO_puts(bio, "Random:\n"); 730 BIO_indent(bio, indent + 2, 80); 731 BIO_printf(bio, "gmt_unix_time=0x%08X\n", tm); 732 ssl_print_hex(bio, indent + 2, "random_bytes", p, 28); 733 *pmsg += 32; 734 *pmsglen -= 32; 735 return 1; 736 } 737 738 static int ssl_print_signature(BIO *bio, int indent, const SSL_CONNECTION *sc, 739 const unsigned char **pmsg, size_t *pmsglen) 740 { 741 if (*pmsglen < 2) 742 return 0; 743 if (SSL_USE_SIGALGS(sc)) { 744 const unsigned char *p = *pmsg; 745 unsigned int sigalg = (p[0] << 8) | p[1]; 746 747 BIO_indent(bio, indent, 80); 748 BIO_printf(bio, "Signature Algorithm: %s (0x%04x)\n", 749 ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); 750 *pmsg += 2; 751 *pmsglen -= 2; 752 } 753 return ssl_print_hexbuf(bio, indent, "Signature", 2, pmsg, pmsglen); 754 } 755 756 static int ssl_print_extension(BIO *bio, int indent, int server, 757 unsigned char mt, int extype, 758 const unsigned char *ext, size_t extlen) 759 { 760 size_t xlen, share_len; 761 unsigned int sigalg; 762 uint32_t max_early_data; 763 764 BIO_indent(bio, indent, 80); 765 BIO_printf(bio, "extension_type=%s(%d), length=%d\n", 766 ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen); 767 switch (extype) { 768 case TLSEXT_TYPE_compress_certificate: 769 if (extlen < 1) 770 return 0; 771 xlen = ext[0]; 772 if (extlen != xlen + 1) 773 return 0; 774 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2, ssl_comp_cert_tbl); 775 776 case TLSEXT_TYPE_max_fragment_length: 777 if (extlen < 1) 778 return 0; 779 xlen = extlen; 780 return ssl_trace_list(bio, indent + 2, ext, xlen, 1, ssl_mfl_tbl); 781 782 case TLSEXT_TYPE_ec_point_formats: 783 if (extlen < 1) 784 return 0; 785 xlen = ext[0]; 786 if (extlen != xlen + 1) 787 return 0; 788 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl); 789 790 case TLSEXT_TYPE_supported_groups: 791 if (extlen < 2) 792 return 0; 793 xlen = (ext[0] << 8) | ext[1]; 794 if (extlen != xlen + 2) 795 return 0; 796 return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl); 797 case TLSEXT_TYPE_application_layer_protocol_negotiation: 798 if (extlen < 2) 799 return 0; 800 xlen = (ext[0] << 8) | ext[1]; 801 if (extlen != xlen + 2) 802 return 0; 803 ext += 2; 804 while (xlen > 0) { 805 size_t plen = *ext++; 806 807 if (plen + 1 > xlen) 808 return 0; 809 BIO_indent(bio, indent + 2, 80); 810 BIO_write(bio, ext, plen); 811 BIO_puts(bio, "\n"); 812 ext += plen; 813 xlen -= plen + 1; 814 } 815 return 1; 816 817 case TLSEXT_TYPE_signature_algorithms: 818 819 if (extlen < 2) 820 return 0; 821 xlen = (ext[0] << 8) | ext[1]; 822 if (extlen != xlen + 2) 823 return 0; 824 if (xlen & 1) 825 return 0; 826 ext += 2; 827 while (xlen > 0) { 828 BIO_indent(bio, indent + 2, 80); 829 sigalg = (ext[0] << 8) | ext[1]; 830 BIO_printf(bio, "%s (0x%04x)\n", 831 ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); 832 xlen -= 2; 833 ext += 2; 834 } 835 break; 836 837 case TLSEXT_TYPE_renegotiate: 838 if (extlen < 1) 839 return 0; 840 xlen = ext[0]; 841 if (xlen + 1 != extlen) 842 return 0; 843 ext++; 844 if (xlen) { 845 if (server) { 846 if (xlen & 1) 847 return 0; 848 xlen >>= 1; 849 } 850 ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen); 851 if (server) { 852 ext += xlen; 853 ssl_print_hex(bio, indent + 4, "server_verify_data", ext, xlen); 854 } 855 } else { 856 BIO_indent(bio, indent + 4, 80); 857 BIO_puts(bio, "<EMPTY>\n"); 858 } 859 break; 860 861 case TLSEXT_TYPE_session_ticket: 862 if (extlen != 0) 863 ssl_print_hex(bio, indent + 4, "ticket", ext, extlen); 864 break; 865 866 case TLSEXT_TYPE_key_share: 867 if (server && extlen == 2) { 868 int group_id; 869 870 /* We assume this is an HRR, otherwise this is an invalid key_share */ 871 group_id = (ext[0] << 8) | ext[1]; 872 BIO_indent(bio, indent + 4, 80); 873 BIO_printf(bio, "NamedGroup: %s (%d)\n", 874 ssl_trace_str(group_id, ssl_groups_tbl), group_id); 875 break; 876 } 877 if (extlen < 2) 878 return 0; 879 if (server) { 880 xlen = extlen; 881 } else { 882 xlen = (ext[0] << 8) | ext[1]; 883 if (extlen != xlen + 2) 884 return 0; 885 ext += 2; 886 } 887 for (; xlen > 0; ext += share_len, xlen -= share_len) { 888 int group_id; 889 890 if (xlen < 4) 891 return 0; 892 group_id = (ext[0] << 8) | ext[1]; 893 share_len = (ext[2] << 8) | ext[3]; 894 ext += 4; 895 xlen -= 4; 896 if (xlen < share_len) 897 return 0; 898 BIO_indent(bio, indent + 4, 80); 899 BIO_printf(bio, "NamedGroup: %s (%d)\n", 900 ssl_trace_str(group_id, ssl_groups_tbl), group_id); 901 ssl_print_hex(bio, indent + 4, "key_exchange: ", ext, share_len); 902 } 903 break; 904 905 case TLSEXT_TYPE_supported_versions: 906 if (server) { 907 int version; 908 909 if (extlen != 2) 910 return 0; 911 version = (ext[0] << 8) | ext[1]; 912 BIO_indent(bio, indent + 4, 80); 913 BIO_printf(bio, "%s (%d)\n", 914 ssl_trace_str(version, ssl_version_tbl), version); 915 break; 916 } 917 if (extlen < 1) 918 return 0; 919 xlen = ext[0]; 920 if (extlen != xlen + 1) 921 return 0; 922 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2, 923 ssl_version_tbl); 924 925 case TLSEXT_TYPE_psk_kex_modes: 926 if (extlen < 1) 927 return 0; 928 xlen = ext[0]; 929 if (extlen != xlen + 1) 930 return 0; 931 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, 932 ssl_psk_kex_modes_tbl); 933 934 case TLSEXT_TYPE_early_data: 935 if (mt != SSL3_MT_NEWSESSION_TICKET) 936 break; 937 if (extlen != 4) 938 return 0; 939 max_early_data = ((unsigned int)ext[0] << 24) 940 | ((unsigned int)ext[1] << 16) 941 | ((unsigned int)ext[2] << 8) 942 | (unsigned int)ext[3]; 943 BIO_indent(bio, indent + 2, 80); 944 BIO_printf(bio, "max_early_data=%u\n", (unsigned int)max_early_data); 945 break; 946 947 case TLSEXT_TYPE_server_cert_type: 948 case TLSEXT_TYPE_client_cert_type: 949 if (server) { 950 if (extlen != 1) 951 return 0; 952 return ssl_trace_list(bio, indent + 2, ext, 1, 1, ssl_cert_type_tbl); 953 } 954 if (extlen < 1) 955 return 0; 956 xlen = ext[0]; 957 if (extlen != xlen + 1) 958 return 0; 959 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_cert_type_tbl); 960 961 default: 962 BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2); 963 } 964 return 1; 965 } 966 967 static int ssl_print_extensions(BIO *bio, int indent, int server, 968 unsigned char mt, const unsigned char **msgin, 969 size_t *msginlen) 970 { 971 size_t extslen, msglen = *msginlen; 972 const unsigned char *msg = *msgin; 973 974 BIO_indent(bio, indent, 80); 975 if (msglen == 0) { 976 BIO_puts(bio, "No extensions\n"); 977 return 1; 978 } 979 if (msglen < 2) 980 return 0; 981 extslen = (msg[0] << 8) | msg[1]; 982 msglen -= 2; 983 msg += 2; 984 if (extslen == 0) { 985 BIO_puts(bio, "No extensions\n"); 986 *msgin = msg; 987 *msginlen = msglen; 988 return 1; 989 } 990 if (extslen > msglen) 991 return 0; 992 BIO_printf(bio, "extensions, length = %d\n", (int)extslen); 993 msglen -= extslen; 994 while (extslen > 0) { 995 int extype; 996 size_t extlen; 997 if (extslen < 4) 998 return 0; 999 extype = (msg[0] << 8) | msg[1]; 1000 extlen = (msg[2] << 8) | msg[3]; 1001 if (extslen < extlen + 4) { 1002 BIO_printf(bio, "extensions, extype = %d, extlen = %d\n", extype, 1003 (int)extlen); 1004 BIO_dump_indent(bio, (const char *)msg, extslen, indent + 2); 1005 return 0; 1006 } 1007 msg += 4; 1008 if (!ssl_print_extension(bio, indent + 2, server, mt, extype, msg, 1009 extlen)) 1010 return 0; 1011 msg += extlen; 1012 extslen -= extlen + 4; 1013 } 1014 1015 *msgin = msg; 1016 *msginlen = msglen; 1017 return 1; 1018 } 1019 1020 static int ssl_print_client_hello(BIO *bio, const SSL_CONNECTION *sc, int indent, 1021 const unsigned char *msg, size_t msglen) 1022 { 1023 size_t len; 1024 unsigned int cs; 1025 1026 if (!ssl_print_version(bio, indent, "client_version", &msg, &msglen, NULL)) 1027 return 0; 1028 if (!ssl_print_random(bio, indent, &msg, &msglen)) 1029 return 0; 1030 if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) 1031 return 0; 1032 if (SSL_CONNECTION_IS_DTLS(sc)) { 1033 if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) 1034 return 0; 1035 } 1036 if (msglen < 2) 1037 return 0; 1038 len = (msg[0] << 8) | msg[1]; 1039 msg += 2; 1040 msglen -= 2; 1041 BIO_indent(bio, indent, 80); 1042 BIO_printf(bio, "cipher_suites (len=%d)\n", (int)len); 1043 if (msglen < len || len & 1) 1044 return 0; 1045 while (len > 0) { 1046 cs = (msg[0] << 8) | msg[1]; 1047 BIO_indent(bio, indent + 2, 80); 1048 BIO_printf(bio, "{0x%02X, 0x%02X} %s\n", 1049 msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); 1050 msg += 2; 1051 msglen -= 2; 1052 len -= 2; 1053 } 1054 if (msglen < 1) 1055 return 0; 1056 len = msg[0]; 1057 msg++; 1058 msglen--; 1059 if (msglen < len) 1060 return 0; 1061 BIO_indent(bio, indent, 80); 1062 BIO_printf(bio, "compression_methods (len=%d)\n", (int)len); 1063 while (len > 0) { 1064 BIO_indent(bio, indent + 2, 80); 1065 BIO_printf(bio, "%s (0x%02X)\n", 1066 ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); 1067 msg++; 1068 msglen--; 1069 len--; 1070 } 1071 if (!ssl_print_extensions(bio, indent, 0, SSL3_MT_CLIENT_HELLO, &msg, 1072 &msglen)) 1073 return 0; 1074 return 1; 1075 } 1076 1077 static int dtls_print_hello_vfyrequest(BIO *bio, int indent, 1078 const unsigned char *msg, size_t msglen) 1079 { 1080 if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, NULL)) 1081 return 0; 1082 if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) 1083 return 0; 1084 return 1; 1085 } 1086 1087 static int ssl_print_server_hello(BIO *bio, int indent, 1088 const unsigned char *msg, size_t msglen) 1089 { 1090 unsigned int cs; 1091 unsigned int vers; 1092 1093 if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, &vers)) 1094 return 0; 1095 if (!ssl_print_random(bio, indent, &msg, &msglen)) 1096 return 0; 1097 if (vers != TLS1_3_VERSION 1098 && !ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) 1099 return 0; 1100 if (msglen < 2) 1101 return 0; 1102 cs = (msg[0] << 8) | msg[1]; 1103 BIO_indent(bio, indent, 80); 1104 BIO_printf(bio, "cipher_suite {0x%02X, 0x%02X} %s\n", 1105 msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); 1106 msg += 2; 1107 msglen -= 2; 1108 if (vers != TLS1_3_VERSION) { 1109 if (msglen < 1) 1110 return 0; 1111 BIO_indent(bio, indent, 80); 1112 BIO_printf(bio, "compression_method: %s (0x%02X)\n", 1113 ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); 1114 msg++; 1115 msglen--; 1116 } 1117 if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_SERVER_HELLO, &msg, 1118 &msglen)) 1119 return 0; 1120 return 1; 1121 } 1122 1123 static int ssl_get_keyex(const char **pname, const SSL_CONNECTION *sc) 1124 { 1125 unsigned long alg_k = sc->s3.tmp.new_cipher->algorithm_mkey; 1126 1127 if (alg_k & SSL_kRSA) { 1128 *pname = "rsa"; 1129 return SSL_kRSA; 1130 } 1131 if (alg_k & SSL_kDHE) { 1132 *pname = "DHE"; 1133 return SSL_kDHE; 1134 } 1135 if (alg_k & SSL_kECDHE) { 1136 *pname = "ECDHE"; 1137 return SSL_kECDHE; 1138 } 1139 if (alg_k & SSL_kPSK) { 1140 *pname = "PSK"; 1141 return SSL_kPSK; 1142 } 1143 if (alg_k & SSL_kRSAPSK) { 1144 *pname = "RSAPSK"; 1145 return SSL_kRSAPSK; 1146 } 1147 if (alg_k & SSL_kDHEPSK) { 1148 *pname = "DHEPSK"; 1149 return SSL_kDHEPSK; 1150 } 1151 if (alg_k & SSL_kECDHEPSK) { 1152 *pname = "ECDHEPSK"; 1153 return SSL_kECDHEPSK; 1154 } 1155 if (alg_k & SSL_kSRP) { 1156 *pname = "SRP"; 1157 return SSL_kSRP; 1158 } 1159 if (alg_k & SSL_kGOST) { 1160 *pname = "GOST"; 1161 return SSL_kGOST; 1162 } 1163 if (alg_k & SSL_kGOST18) { 1164 *pname = "GOST18"; 1165 return SSL_kGOST18; 1166 } 1167 *pname = "UNKNOWN"; 1168 return 0; 1169 } 1170 1171 static int ssl_print_client_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc, 1172 const unsigned char *msg, size_t msglen) 1173 { 1174 const char *algname; 1175 int id = ssl_get_keyex(&algname, sc); 1176 1177 BIO_indent(bio, indent, 80); 1178 BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); 1179 if (id & SSL_PSK) { 1180 if (!ssl_print_hexbuf(bio, indent + 2, 1181 "psk_identity", 2, &msg, &msglen)) 1182 return 0; 1183 } 1184 switch (id) { 1185 1186 case SSL_kRSA: 1187 case SSL_kRSAPSK: 1188 if (TLS1_get_version(SSL_CONNECTION_GET_SSL(sc)) == SSL3_VERSION) { 1189 ssl_print_hex(bio, indent + 2, 1190 "EncryptedPreMasterSecret", msg, msglen); 1191 } else { 1192 if (!ssl_print_hexbuf(bio, indent + 2, 1193 "EncryptedPreMasterSecret", 2, &msg, &msglen)) 1194 return 0; 1195 } 1196 break; 1197 1198 case SSL_kDHE: 1199 case SSL_kDHEPSK: 1200 if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2, &msg, &msglen)) 1201 return 0; 1202 break; 1203 1204 case SSL_kECDHE: 1205 case SSL_kECDHEPSK: 1206 if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, &msg, &msglen)) 1207 return 0; 1208 break; 1209 case SSL_kGOST: 1210 ssl_print_hex(bio, indent + 2, "GostKeyTransportBlob", msg, msglen); 1211 msglen = 0; 1212 break; 1213 case SSL_kGOST18: 1214 ssl_print_hex(bio, indent + 2, 1215 "GOST-wrapped PreMasterSecret", msg, msglen); 1216 msglen = 0; 1217 break; 1218 } 1219 1220 return !msglen; 1221 } 1222 1223 static int ssl_print_server_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc, 1224 const unsigned char *msg, size_t msglen) 1225 { 1226 const char *algname; 1227 int id = ssl_get_keyex(&algname, sc); 1228 1229 BIO_indent(bio, indent, 80); 1230 BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); 1231 if (id & SSL_PSK) { 1232 if (!ssl_print_hexbuf(bio, indent + 2, 1233 "psk_identity_hint", 2, &msg, &msglen)) 1234 return 0; 1235 } 1236 switch (id) { 1237 case SSL_kRSA: 1238 1239 if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, &msg, &msglen)) 1240 return 0; 1241 if (!ssl_print_hexbuf(bio, indent + 2, "rsa_exponent", 2, 1242 &msg, &msglen)) 1243 return 0; 1244 break; 1245 1246 case SSL_kDHE: 1247 case SSL_kDHEPSK: 1248 if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2, &msg, &msglen)) 1249 return 0; 1250 if (!ssl_print_hexbuf(bio, indent + 2, "dh_g", 2, &msg, &msglen)) 1251 return 0; 1252 if (!ssl_print_hexbuf(bio, indent + 2, "dh_Ys", 2, &msg, &msglen)) 1253 return 0; 1254 break; 1255 1256 case SSL_kECDHE: 1257 case SSL_kECDHEPSK: 1258 if (msglen < 1) 1259 return 0; 1260 BIO_indent(bio, indent + 2, 80); 1261 if (msg[0] == EXPLICIT_PRIME_CURVE_TYPE) 1262 BIO_puts(bio, "explicit_prime\n"); 1263 else if (msg[0] == EXPLICIT_CHAR2_CURVE_TYPE) 1264 BIO_puts(bio, "explicit_char2\n"); 1265 else if (msg[0] == NAMED_CURVE_TYPE) { 1266 int curve; 1267 if (msglen < 3) 1268 return 0; 1269 curve = (msg[1] << 8) | msg[2]; 1270 BIO_printf(bio, "named_curve: %s (%d)\n", 1271 ssl_trace_str(curve, ssl_groups_tbl), curve); 1272 msg += 3; 1273 msglen -= 3; 1274 if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen)) 1275 return 0; 1276 } else { 1277 BIO_printf(bio, "UNKNOWN CURVE PARAMETER TYPE %d\n", msg[0]); 1278 return 0; 1279 } 1280 break; 1281 1282 case SSL_kPSK: 1283 case SSL_kRSAPSK: 1284 break; 1285 } 1286 if (!(id & SSL_PSK)) 1287 ssl_print_signature(bio, indent, sc, &msg, &msglen); 1288 return !msglen; 1289 } 1290 1291 static int ssl_print_certificate(BIO *bio, const SSL_CONNECTION *sc, int indent, 1292 const unsigned char **pmsg, size_t *pmsglen) 1293 { 1294 size_t msglen = *pmsglen; 1295 size_t clen; 1296 X509 *x; 1297 const unsigned char *p = *pmsg, *q; 1298 SSL_CTX *ctx = SSL_CONNECTION_GET_CTX(sc); 1299 1300 if (msglen < 3) 1301 return 0; 1302 clen = (p[0] << 16) | (p[1] << 8) | p[2]; 1303 if (msglen < clen + 3) 1304 return 0; 1305 q = p + 3; 1306 BIO_indent(bio, indent, 80); 1307 BIO_printf(bio, "ASN.1Cert, length=%d", (int)clen); 1308 x = X509_new_ex(ctx->libctx, ctx->propq); 1309 if (x != NULL && d2i_X509(&x, &q, clen) == NULL) { 1310 X509_free(x); 1311 x = NULL; 1312 } 1313 if (x == NULL) 1314 BIO_puts(bio, "<UNPARSABLE CERTIFICATE>\n"); 1315 else { 1316 BIO_puts(bio, "\n------details-----\n"); 1317 X509_print_ex(bio, x, XN_FLAG_ONELINE, 0); 1318 PEM_write_bio_X509(bio, x); 1319 /* Print certificate stuff */ 1320 BIO_puts(bio, "------------------\n"); 1321 X509_free(x); 1322 } 1323 if (q != p + 3 + clen) { 1324 BIO_puts(bio, "<TRAILING GARBAGE AFTER CERTIFICATE>\n"); 1325 } 1326 *pmsg += clen + 3; 1327 *pmsglen -= clen + 3; 1328 return 1; 1329 } 1330 1331 static int ssl_print_raw_public_key(BIO *bio, const SSL *ssl, int server, 1332 int indent, const unsigned char **pmsg, 1333 size_t *pmsglen) 1334 { 1335 EVP_PKEY *pkey; 1336 size_t clen; 1337 const unsigned char *msg = *pmsg; 1338 size_t msglen = *pmsglen; 1339 1340 if (msglen < 3) 1341 return 0; 1342 clen = (msg[0] << 16) | (msg[1] << 8) | msg[2]; 1343 if (msglen < clen + 3) 1344 return 0; 1345 1346 msg += 3; 1347 1348 BIO_indent(bio, indent, 80); 1349 BIO_printf(bio, "raw_public_key, length=%d\n", (int)clen); 1350 1351 pkey = d2i_PUBKEY_ex(NULL, &msg, clen, ssl->ctx->libctx, ssl->ctx->propq); 1352 if (pkey == NULL) 1353 return 0; 1354 EVP_PKEY_print_public(bio, pkey, indent + 2, NULL); 1355 EVP_PKEY_free(pkey); 1356 *pmsg += clen + 3; 1357 *pmsglen -= clen + 3; 1358 return 1; 1359 } 1360 1361 static int ssl_print_certificates(BIO *bio, const SSL_CONNECTION *sc, int server, 1362 int indent, const unsigned char *msg, 1363 size_t msglen) 1364 { 1365 size_t clen; 1366 1367 if (SSL_CONNECTION_IS_TLS13(sc) 1368 && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen)) 1369 return 0; 1370 1371 if (msglen < 3) 1372 return 0; 1373 clen = (msg[0] << 16) | (msg[1] << 8) | msg[2]; 1374 if (msglen != clen + 3) 1375 return 0; 1376 msg += 3; 1377 if ((server && sc->ext.server_cert_type == TLSEXT_cert_type_rpk) 1378 || (!server && sc->ext.client_cert_type == TLSEXT_cert_type_rpk)) { 1379 if (!ssl_print_raw_public_key(bio, &sc->ssl, server, indent, &msg, &clen)) 1380 return 0; 1381 if (SSL_CONNECTION_IS_TLS13(sc) 1382 && !ssl_print_extensions(bio, indent + 2, server, 1383 SSL3_MT_CERTIFICATE, &msg, &clen)) 1384 return 0; 1385 return 1; 1386 } 1387 BIO_indent(bio, indent, 80); 1388 BIO_printf(bio, "certificate_list, length=%d\n", (int)clen); 1389 while (clen > 0) { 1390 if (!ssl_print_certificate(bio, sc, indent + 2, &msg, &clen)) 1391 return 0; 1392 if (SSL_CONNECTION_IS_TLS13(sc) 1393 && !ssl_print_extensions(bio, indent + 2, server, 1394 SSL3_MT_CERTIFICATE, &msg, &clen)) 1395 return 0; 1396 } 1397 return 1; 1398 } 1399 1400 static int ssl_print_compressed_certificates(BIO *bio, const SSL_CONNECTION *sc, 1401 int server, int indent, 1402 const unsigned char *msg, 1403 size_t msglen) 1404 { 1405 size_t uclen; 1406 size_t clen; 1407 unsigned int alg; 1408 int ret = 1; 1409 #ifndef OPENSSL_NO_COMP_ALG 1410 COMP_METHOD *method; 1411 COMP_CTX *comp = NULL; 1412 unsigned char *ucdata = NULL; 1413 #endif 1414 1415 if (msglen < 8) 1416 return 0; 1417 1418 alg = (msg[0] << 8) | msg[1]; 1419 uclen = (msg[2] << 16) | (msg[3] << 8) | msg[4]; 1420 clen = (msg[5] << 16) | (msg[6] << 8) | msg[7]; 1421 if (msglen != clen + 8) 1422 return 0; 1423 1424 msg += 8; 1425 BIO_indent(bio, indent, 80); 1426 BIO_printf(bio, "Compression type=%s (0x%04x)\n", ssl_trace_str(alg, ssl_comp_cert_tbl), alg); 1427 BIO_indent(bio, indent, 80); 1428 BIO_printf(bio, "Uncompressed length=%d\n", (int)uclen); 1429 BIO_indent(bio, indent, 80); 1430 if (clen > 0) 1431 BIO_printf(bio, "Compressed length=%d, Ratio=%f:1\n", (int)clen, (float)uclen / (float)clen); 1432 else 1433 BIO_printf(bio, "Compressed length=%d, Ratio=unknown\n", (int)clen); 1434 1435 BIO_dump_indent(bio, (const char *)msg, clen, indent); 1436 1437 #ifndef OPENSSL_NO_COMP_ALG 1438 if (!ossl_comp_has_alg(alg)) 1439 return 0; 1440 1441 /* Check against certificate maximum size (coverity) */ 1442 if (uclen == 0 || uclen > 0xFFFFFF || (ucdata = OPENSSL_malloc(uclen)) == NULL) 1443 return 0; 1444 1445 switch (alg) { 1446 case TLSEXT_comp_cert_zlib: 1447 method = COMP_zlib(); 1448 break; 1449 case TLSEXT_comp_cert_brotli: 1450 method = COMP_brotli_oneshot(); 1451 break; 1452 case TLSEXT_comp_cert_zstd: 1453 method = COMP_zstd_oneshot(); 1454 break; 1455 default: 1456 goto err; 1457 } 1458 1459 if ((comp = COMP_CTX_new(method)) == NULL 1460 || COMP_expand_block(comp, ucdata, uclen, (unsigned char *)msg, clen) != (int)uclen) 1461 goto err; 1462 1463 ret = ssl_print_certificates(bio, sc, server, indent, ucdata, uclen); 1464 err: 1465 COMP_CTX_free(comp); 1466 OPENSSL_free(ucdata); 1467 #endif 1468 return ret; 1469 } 1470 1471 static int ssl_print_cert_request(BIO *bio, int indent, const SSL_CONNECTION *sc, 1472 const unsigned char *msg, size_t msglen) 1473 { 1474 size_t xlen; 1475 unsigned int sigalg; 1476 1477 if (SSL_CONNECTION_IS_TLS13(sc)) { 1478 if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen)) 1479 return 0; 1480 if (!ssl_print_extensions(bio, indent, 1, 1481 SSL3_MT_CERTIFICATE_REQUEST, &msg, &msglen)) 1482 return 0; 1483 return 1; 1484 } else { 1485 if (msglen < 1) 1486 return 0; 1487 xlen = msg[0]; 1488 if (msglen < xlen + 1) 1489 return 0; 1490 msg++; 1491 BIO_indent(bio, indent, 80); 1492 BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen); 1493 if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl)) 1494 return 0; 1495 msg += xlen; 1496 msglen -= xlen + 1; 1497 } 1498 if (SSL_USE_SIGALGS(sc)) { 1499 if (msglen < 2) 1500 return 0; 1501 xlen = (msg[0] << 8) | msg[1]; 1502 if (msglen < xlen + 2 || (xlen & 1)) 1503 return 0; 1504 msg += 2; 1505 msglen -= xlen + 2; 1506 BIO_indent(bio, indent, 80); 1507 BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen); 1508 while (xlen > 0) { 1509 BIO_indent(bio, indent + 2, 80); 1510 sigalg = (msg[0] << 8) | msg[1]; 1511 BIO_printf(bio, "%s (0x%04x)\n", 1512 ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); 1513 xlen -= 2; 1514 msg += 2; 1515 } 1516 msg += xlen; 1517 } 1518 1519 if (msglen < 2) 1520 return 0; 1521 xlen = (msg[0] << 8) | msg[1]; 1522 BIO_indent(bio, indent, 80); 1523 if (msglen < xlen + 2) 1524 return 0; 1525 msg += 2; 1526 msglen -= 2 + xlen; 1527 BIO_printf(bio, "certificate_authorities (len=%d)\n", (int)xlen); 1528 while (xlen > 0) { 1529 size_t dlen; 1530 X509_NAME *nm; 1531 const unsigned char *p; 1532 if (xlen < 2) 1533 return 0; 1534 dlen = (msg[0] << 8) | msg[1]; 1535 if (xlen < dlen + 2) 1536 return 0; 1537 msg += 2; 1538 BIO_indent(bio, indent + 2, 80); 1539 BIO_printf(bio, "DistinguishedName (len=%d): ", (int)dlen); 1540 p = msg; 1541 nm = d2i_X509_NAME(NULL, &p, dlen); 1542 if (!nm) { 1543 BIO_puts(bio, "<UNPARSABLE DN>\n"); 1544 } else { 1545 X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE); 1546 BIO_puts(bio, "\n"); 1547 X509_NAME_free(nm); 1548 } 1549 xlen -= dlen + 2; 1550 msg += dlen; 1551 } 1552 if (SSL_CONNECTION_IS_TLS13(sc)) { 1553 if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2, 1554 &msg, &msglen)) 1555 return 0; 1556 } 1557 return msglen == 0; 1558 } 1559 1560 static int ssl_print_ticket(BIO *bio, int indent, const SSL_CONNECTION *sc, 1561 const unsigned char *msg, size_t msglen) 1562 { 1563 unsigned int tick_life; 1564 1565 if (msglen == 0) { 1566 BIO_indent(bio, indent + 2, 80); 1567 BIO_puts(bio, "No Ticket\n"); 1568 return 1; 1569 } 1570 if (msglen < 4) 1571 return 0; 1572 tick_life = ((unsigned int)msg[0] << 24) 1573 | ((unsigned int)msg[1] << 16) 1574 | ((unsigned int)msg[2] << 8) 1575 | (unsigned int)msg[3]; 1576 msglen -= 4; 1577 msg += 4; 1578 BIO_indent(bio, indent + 2, 80); 1579 BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life); 1580 if (SSL_CONNECTION_IS_TLS13(sc)) { 1581 unsigned int ticket_age_add; 1582 1583 if (msglen < 4) 1584 return 0; 1585 ticket_age_add = ((unsigned int)msg[0] << 24) 1586 | ((unsigned int)msg[1] << 16) 1587 | ((unsigned int)msg[2] << 8) 1588 | (unsigned int)msg[3]; 1589 msglen -= 4; 1590 msg += 4; 1591 BIO_indent(bio, indent + 2, 80); 1592 BIO_printf(bio, "ticket_age_add=%u\n", ticket_age_add); 1593 if (!ssl_print_hexbuf(bio, indent + 2, "ticket_nonce", 1, &msg, 1594 &msglen)) 1595 return 0; 1596 } 1597 if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen)) 1598 return 0; 1599 if (SSL_CONNECTION_IS_TLS13(sc) 1600 && !ssl_print_extensions(bio, indent + 2, 0, 1601 SSL3_MT_NEWSESSION_TICKET, &msg, &msglen)) 1602 return 0; 1603 if (msglen) 1604 return 0; 1605 return 1; 1606 } 1607 1608 static int ssl_print_handshake(BIO *bio, const SSL_CONNECTION *sc, int server, 1609 const unsigned char *msg, size_t msglen, 1610 int indent) 1611 { 1612 size_t hlen; 1613 unsigned char htype; 1614 1615 if (msglen < 4) 1616 return 0; 1617 htype = msg[0]; 1618 hlen = (msg[1] << 16) | (msg[2] << 8) | msg[3]; 1619 BIO_indent(bio, indent, 80); 1620 BIO_printf(bio, "%s, Length=%d\n", 1621 ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen); 1622 msg += 4; 1623 msglen -= 4; 1624 if (SSL_CONNECTION_IS_DTLS(sc)) { 1625 if (msglen < 8) 1626 return 0; 1627 BIO_indent(bio, indent, 80); 1628 BIO_printf(bio, "message_seq=%d, fragment_offset=%d, " 1629 "fragment_length=%d\n", 1630 (msg[0] << 8) | msg[1], 1631 (msg[2] << 16) | (msg[3] << 8) | msg[4], 1632 (msg[5] << 16) | (msg[6] << 8) | msg[7]); 1633 msg += 8; 1634 msglen -= 8; 1635 } 1636 if (msglen < hlen) 1637 return 0; 1638 switch (htype) { 1639 case SSL3_MT_CLIENT_HELLO: 1640 if (!ssl_print_client_hello(bio, sc, indent + 2, msg, msglen)) 1641 return 0; 1642 break; 1643 1644 case DTLS1_MT_HELLO_VERIFY_REQUEST: 1645 if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen)) 1646 return 0; 1647 break; 1648 1649 case SSL3_MT_SERVER_HELLO: 1650 if (!ssl_print_server_hello(bio, indent + 2, msg, msglen)) 1651 return 0; 1652 break; 1653 1654 case SSL3_MT_SERVER_KEY_EXCHANGE: 1655 if (!ssl_print_server_keyex(bio, indent + 2, sc, msg, msglen)) 1656 return 0; 1657 break; 1658 1659 case SSL3_MT_CLIENT_KEY_EXCHANGE: 1660 if (!ssl_print_client_keyex(bio, indent + 2, sc, msg, msglen)) 1661 return 0; 1662 break; 1663 1664 case SSL3_MT_CERTIFICATE: 1665 if (!ssl_print_certificates(bio, sc, server, indent + 2, msg, msglen)) 1666 return 0; 1667 break; 1668 1669 case SSL3_MT_COMPRESSED_CERTIFICATE: 1670 if (!ssl_print_compressed_certificates(bio, sc, server, indent + 2, msg, msglen)) 1671 return 0; 1672 break; 1673 1674 case SSL3_MT_CERTIFICATE_VERIFY: 1675 if (!ssl_print_signature(bio, indent + 2, sc, &msg, &msglen)) 1676 return 0; 1677 break; 1678 1679 case SSL3_MT_CERTIFICATE_REQUEST: 1680 if (!ssl_print_cert_request(bio, indent + 2, sc, msg, msglen)) 1681 return 0; 1682 break; 1683 1684 case SSL3_MT_FINISHED: 1685 ssl_print_hex(bio, indent + 2, "verify_data", msg, msglen); 1686 break; 1687 1688 case SSL3_MT_END_OF_EARLY_DATA: 1689 case SSL3_MT_SERVER_DONE: 1690 if (msglen != 0) 1691 ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen); 1692 break; 1693 1694 case SSL3_MT_NEWSESSION_TICKET: 1695 if (!ssl_print_ticket(bio, indent + 2, sc, msg, msglen)) 1696 return 0; 1697 break; 1698 1699 case SSL3_MT_ENCRYPTED_EXTENSIONS: 1700 if (!ssl_print_extensions(bio, indent + 2, 1, 1701 SSL3_MT_ENCRYPTED_EXTENSIONS, &msg, &msglen)) 1702 return 0; 1703 break; 1704 1705 case SSL3_MT_KEY_UPDATE: 1706 if (msglen != 1) { 1707 ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen); 1708 return 0; 1709 } 1710 if (!ssl_trace_list(bio, indent + 2, msg, msglen, 1, 1711 ssl_key_update_tbl)) 1712 return 0; 1713 break; 1714 1715 default: 1716 BIO_indent(bio, indent + 2, 80); 1717 BIO_puts(bio, "Unsupported, hex dump follows:\n"); 1718 BIO_dump_indent(bio, (const char *)msg, msglen, indent + 4); 1719 } 1720 return 1; 1721 } 1722 1723 void SSL_trace(int write_p, int version, int content_type, 1724 const void *buf, size_t msglen, SSL *ssl, void *arg) 1725 { 1726 const unsigned char *msg = buf; 1727 BIO *bio = arg; 1728 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); 1729 #ifndef OPENSSL_NO_QUIC 1730 QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(ssl); 1731 1732 if (qc != NULL) { 1733 if (ossl_quic_trace(write_p, version, content_type, buf, msglen, ssl, 1734 arg)) 1735 return; 1736 /* 1737 * Otherwise ossl_quic_trace didn't handle this content_type so we 1738 * fallback to standard TLS handling 1739 */ 1740 } 1741 #endif 1742 1743 if (sc == NULL) 1744 return; 1745 1746 switch (content_type) { 1747 case SSL3_RT_HEADER: { 1748 int hvers; 1749 1750 /* avoid overlapping with length at the end of buffer */ 1751 if (msglen < (size_t)(SSL_CONNECTION_IS_DTLS(sc) ? DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) { 1752 BIO_puts(bio, write_p ? "Sent" : "Received"); 1753 ssl_print_hex(bio, 0, " too short message", msg, msglen); 1754 break; 1755 } 1756 hvers = msg[1] << 8 | msg[2]; 1757 BIO_puts(bio, write_p ? "Sent" : "Received"); 1758 BIO_printf(bio, " TLS Record\nHeader:\n Version = %s (0x%x)\n", 1759 ssl_trace_str(hvers, ssl_version_tbl), hvers); 1760 if (SSL_CONNECTION_IS_DTLS(sc)) { 1761 BIO_printf(bio, 1762 " epoch=%d, sequence_number=%04x%04x%04x\n", 1763 (msg[3] << 8 | msg[4]), 1764 (msg[5] << 8 | msg[6]), 1765 (msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10])); 1766 } 1767 1768 BIO_printf(bio, " Content Type = %s (%d)\n Length = %d", 1769 ssl_trace_str(msg[0], ssl_content_tbl), msg[0], 1770 msg[msglen - 2] << 8 | msg[msglen - 1]); 1771 } break; 1772 1773 case SSL3_RT_INNER_CONTENT_TYPE: 1774 BIO_printf(bio, " Inner Content Type = %s (%d)", 1775 ssl_trace_str(msg[0], ssl_content_tbl), msg[0]); 1776 break; 1777 1778 case SSL3_RT_HANDSHAKE: 1779 if (!ssl_print_handshake(bio, sc, sc->server ? write_p : !write_p, 1780 msg, msglen, 4)) 1781 BIO_printf(bio, "Message length parse error!\n"); 1782 break; 1783 1784 case SSL3_RT_CHANGE_CIPHER_SPEC: 1785 if (msglen == 1 && msg[0] == 1) 1786 BIO_puts(bio, " change_cipher_spec (1)\n"); 1787 else 1788 ssl_print_hex(bio, 4, "unknown value", msg, msglen); 1789 break; 1790 1791 case SSL3_RT_ALERT: 1792 if (msglen != 2) 1793 BIO_puts(bio, " Illegal Alert Length\n"); 1794 else { 1795 BIO_printf(bio, " Level=%s(%d), description=%s(%d)\n", 1796 SSL_alert_type_string_long(msg[0] << 8), 1797 msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); 1798 } 1799 } 1800 1801 BIO_puts(bio, "\n"); 1802 } 1803 1804 #endif 1805
Indexes created Sun Mar 01 05:31:48 UTC 2026