diff options
| author | Matt Caswell <matt@openssl.org> | 2017-05-05 11:55:55 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-05-08 11:42:37 +0100 |
| commit | ad5100bc41876a9e81b23dfa89899e640d5d1996 (patch) | |
| tree | 9d443fa81882fb99aa5860c9b09f53ff8d2757a3 | |
| parent | eee2750bd3d25265bb44d029877434d2cc80970c (diff) | |
Add support to SSL_trace() for inner content types
When using the -trace option with TLSv1.3 all records appear as "application
data". This adds the ability to see the inner content type too.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3408)
| -rw-r--r-- | include/openssl/ssl3.h | 3 | ||||
| -rw-r--r-- | ssl/record/rec_layer_s3.c | 7 | ||||
| -rw-r--r-- | ssl/record/ssl3_record.c | 8 | ||||
| -rw-r--r-- | ssl/t1_trce.c | 6 |
4 files changed, 18 insertions, 6 deletions
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 13de6b7b7b..01131c75ef 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -223,8 +223,9 @@ extern "C" { # define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) # define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) -/* Pseudo content type for SSL/TLS header info */ +/* Pseudo content types for SSL/TLS header info */ # define SSL3_RT_HEADER 0x100 +# define SSL3_RT_INNER_CONTENT_TYPE 0x101 # define SSL3_AL_WARNING 1 # define SSL3_AL_FATAL 2 diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index bff93ebfff..60bfd3c798 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -995,6 +995,13 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, s->msg_callback(1, 0, SSL3_RT_HEADER, recordstart, SSL3_RT_HEADER_LENGTH, s, s->msg_callback_arg); + + if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) { + unsigned char ctype = type; + + s->msg_callback(1, s->version, SSL3_RT_INNER_CONTENT_TYPE, + &ctype, 1, s, s->msg_callback_arg); + } } if (!WPACKET_finish(thispkt)) { diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 3d1bcc1f70..806ef43469 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -247,11 +247,6 @@ int ssl3_get_record(SSL *s) } } else { /* SSLv3+ style record */ - /* - * TODO(TLS1.3): This callback only provides the "outer" record - * type to the callback. Somehow we need to pass the "inner" - * record type - */ if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s, s->msg_callback_arg); @@ -643,6 +638,9 @@ int ssl3_get_record(SSL *s) SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE); goto f_err; } + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE, + &thisrr->data[end], 1, s, s->msg_callback_arg); } if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH) { diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 8b6433054e..891310d270 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1494,6 +1494,12 @@ void SSL_trace(int write_p, int version, int content_type, msg[msglen - 2] << 8 | msg[msglen - 1]); } break; + + case SSL3_RT_INNER_CONTENT_TYPE: + BIO_printf(bio, " Inner Content Type = %s (%d)", + ssl_trace_str(msg[0], ssl_content_tbl), msg[0]); + break; + case SSL3_RT_HANDSHAKE: if (!ssl_print_handshake(bio, ssl, ssl->server ? write_p : !write_p, msg, msglen, 4)) |