[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Matt Caswell
matt at openssl.org
Tue May 9 16:23:05 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 410ab527b38ea99e1d897cc60c45aad0d9bac913 (commit)
from d5b139e497d90962abd51a2f4354c7cae6d1c64d (commit)
- Log -----------------------------------------------------------------
commit 410ab527b38ea99e1d897cc60c45aad0d9bac913
Author: Matt Caswell <matt at openssl.org>
Date: Mon May 8 09:32:58 2017 +0100
Remove support for OPENSSL_SSL_TRACE_CRYPTO
This trace option does not appear in Configure as a separate option and is
undocumented. It can be switched on using "-DOPENSSL_SSL_TRACE_CRYPTO",
however this does not compile in master or in any 1.1.0 released version.
(cherry picked from commit eee2750bd3d25265bb44d029877434d2cc80970c)
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3413)
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_enc.c | 35 -----------------------------------
ssl/t1_enc.c | 35 -----------------------------------
ssl/t1_trce.c | 21 ---------------------
3 files changed, 91 deletions(-)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 093e527..e08857d 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -228,23 +228,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)))
goto err2;
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
- if (s->msg_callback) {
-
- int wh = which & SSL3_CC_WRITE ?
- TLS1_RT_CRYPTO_WRITE : TLS1_RT_CRYPTO_READ;
- s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
- mac_secret, EVP_MD_size(m), s, s->msg_callback_arg);
- if (c->key_len)
- s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
- key, c->key_len, s, s->msg_callback_arg);
- if (k) {
- s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_IV,
- iv, k, s, s->msg_callback_arg);
- }
- }
-#endif
-
OPENSSL_cleanse(exp_key, sizeof(exp_key));
OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return (1);
@@ -462,9 +445,6 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
int i, ret = 0;
unsigned int n;
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
- unsigned char *tmpout = out;
-#endif
if (ctx == NULL) {
SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
@@ -493,21 +473,6 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
}
EVP_MD_CTX_free(ctx);
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
- if (ret > 0 && s->msg_callback) {
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
- p, len, s, s->msg_callback_arg);
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
- s->s3->client_random, SSL3_RANDOM_SIZE,
- s, s->msg_callback_arg);
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
- s->s3->server_random, SSL3_RANDOM_SIZE,
- s, s->msg_callback_arg);
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
- tmpout, SSL3_MASTER_SECRET_SIZE,
- s, s->msg_callback_arg);
- }
-#endif
OPENSSL_cleanse(buf, sizeof(buf));
return (ret);
}
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 0fb88af..235c5e4 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -313,25 +313,6 @@ int tls1_change_cipher_state(SSL *s, int which)
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
- if (s->msg_callback) {
- int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0;
- if (*mac_secret_size)
- s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
- mac_secret, *mac_secret_size,
- s, s->msg_callback_arg);
- if (c->key_len)
- s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
- key, c->key_len, s, s->msg_callback_arg);
- if (k) {
- if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
- wh |= TLS1_RT_CRYPTO_FIXED_IV;
- else
- wh |= TLS1_RT_CRYPTO_IV;
- s->msg_callback(2, s->version, wh, iv, k, s, s->msg_callback_arg);
- }
- }
-#endif
#ifdef SSL_DEBUG
printf("which = %04X\nkey=", which);
@@ -528,22 +509,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
SSL3_MASTER_SECRET_SIZE);
#endif
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
- if (s->msg_callback) {
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
- p, len, s, s->msg_callback_arg);
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
- s->s3->client_random, SSL3_RANDOM_SIZE,
- s, s->msg_callback_arg);
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
- s->s3->server_random, SSL3_RANDOM_SIZE,
- s, s->msg_callback_arg);
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
- s->session->master_key,
- SSL3_MASTER_SECRET_SIZE, s, s->msg_callback_arg);
- }
-#endif
-
return (SSL3_MASTER_SECRET_SIZE);
}
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 4577f03..52d3611 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -547,21 +547,6 @@ static ssl_trace_tbl ssl_ctype_tbl[] = {
{66, "ecdsa_fixed_ecdh"}
};
-static ssl_trace_tbl ssl_crypto_tbl[] = {
- {TLS1_RT_CRYPTO_PREMASTER, "Premaster Secret"},
- {TLS1_RT_CRYPTO_CLIENT_RANDOM, "Client Random"},
- {TLS1_RT_CRYPTO_SERVER_RANDOM, "Server Random"},
- {TLS1_RT_CRYPTO_MASTER, "Master Secret"},
- {TLS1_RT_CRYPTO_MAC | TLS1_RT_CRYPTO_WRITE, "Write Mac Secret"},
- {TLS1_RT_CRYPTO_MAC | TLS1_RT_CRYPTO_READ, "Read Mac Secret"},
- {TLS1_RT_CRYPTO_KEY | TLS1_RT_CRYPTO_WRITE, "Write Key"},
- {TLS1_RT_CRYPTO_KEY | TLS1_RT_CRYPTO_READ, "Read Key"},
- {TLS1_RT_CRYPTO_IV | TLS1_RT_CRYPTO_WRITE, "Write IV"},
- {TLS1_RT_CRYPTO_IV | TLS1_RT_CRYPTO_READ, "Read IV"},
- {TLS1_RT_CRYPTO_FIXED_IV | TLS1_RT_CRYPTO_WRITE, "Write IV (fixed part)"},
- {TLS1_RT_CRYPTO_FIXED_IV | TLS1_RT_CRYPTO_READ, "Read IV (fixed part)"}
-};
-
static void ssl_print_hex(BIO *bio, int indent, const char *name,
const unsigned char *msg, size_t msglen)
{
@@ -1283,12 +1268,6 @@ void SSL_trace(int write_p, int version, int content_type,
const unsigned char *msg = buf;
BIO *bio = arg;
- if (write_p == 2) {
- BIO_puts(bio, "Session ");
- ssl_print_hex(bio, 0,
- ssl_trace_str(content_type, ssl_crypto_tbl), msg, msglen);
- return;
- }
switch (content_type) {
case SSL3_RT_HEADER:
{
More information about the openssl-commits
mailing list