1 /* 2 * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "ssl_locl.h" 11 12 #ifndef OPENSSL_NO_SSL_TRACE 13 14 /* Packet trace support for OpenSSL */ 15 16 typedef struct { 17 int num; 18 const char *name; 19 } ssl_trace_tbl; 20 21 # define ssl_trace_str(val, tbl) \ 22 do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl)) 23 24 # define ssl_trace_list(bio, indent, msg, msglen, value, table) \ 25 do_ssl_trace_list(bio, indent, msg, msglen, value, \ 26 table, OSSL_NELEM(table)) 27 28 static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl) 29 { 30 size_t i; 31 for (i = 0; i < ntbl; i++, tbl++) { 32 if (tbl->num == val) 33 return tbl->name; 34 } 35 return "UNKNOWN"; 36 } 37 38 static int do_ssl_trace_list(BIO *bio, int indent, 39 const unsigned char *msg, size_t msglen, 40 size_t vlen, ssl_trace_tbl *tbl, size_t ntbl) 41 { 42 int val; 43 if (msglen % vlen) 44 return 0; 45 while (msglen) { 46 val = msg[0]; 47 if (vlen == 2) 48 val = (val << 8) | msg[1]; 49 BIO_indent(bio, indent, 80); 50 BIO_printf(bio, "%s (%d)\n", do_ssl_trace_str(val, tbl, ntbl), val); 51 msg += vlen; 52 msglen -= vlen; 53 } 54 return 1; 55 } 56 57 /* Version number */ 58 59 static ssl_trace_tbl ssl_version_tbl[] = { 60 {SSL3_VERSION, "SSL 3.0"}, 61 {TLS1_VERSION, "TLS 1.0"}, 62 {TLS1_1_VERSION, "TLS 1.1"}, 63 {TLS1_2_VERSION, "TLS 1.2"}, 64 {DTLS1_VERSION, "DTLS 1.0"}, 65 {DTLS1_2_VERSION, "DTLS 1.2"}, 66 {DTLS1_BAD_VER, "DTLS 1.0 (bad)"} 67 }; 68 69 static ssl_trace_tbl ssl_content_tbl[] = { 70 {SSL3_RT_CHANGE_CIPHER_SPEC, "ChangeCipherSpec"}, 71 {SSL3_RT_ALERT, "Alert"}, 72 {SSL3_RT_HANDSHAKE, "Handshake"}, 73 {SSL3_RT_APPLICATION_DATA, "ApplicationData"}, 74 {DTLS1_RT_HEARTBEAT, "HeartBeat"} 75 }; 76 77 /* Handshake types */ 78 static ssl_trace_tbl ssl_handshake_tbl[] = { 79 {SSL3_MT_HELLO_REQUEST, "HelloRequest"}, 80 {SSL3_MT_CLIENT_HELLO, "ClientHello"}, 81 {SSL3_MT_SERVER_HELLO, "ServerHello"}, 82 {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"}, 83 {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"}, 84 {SSL3_MT_CERTIFICATE, "Certificate"}, 85 {SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange"}, 86 {SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest"}, 87 {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, 88 {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}, 89 {SSL3_MT_SERVER_DONE, "ServerHelloDone"}, 90 {SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"}, 91 {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, 92 {SSL3_MT_FINISHED, "Finished"}, 93 {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"} 94 }; 95 96 /* Cipher suites */ 97 static ssl_trace_tbl ssl_ciphers_tbl[] = { 98 {0x0000, "SSL_NULL_WITH_NULL_NULL"}, 99 {0x0001, "SSL_RSA_WITH_NULL_MD5"}, 100 {0x0002, "SSL_RSA_WITH_NULL_SHA"}, 101 {0x0003, "SSL_RSA_EXPORT_WITH_RC4_40_MD5"}, 102 {0x0004, "SSL_RSA_WITH_RC4_128_MD5"}, 103 {0x0005, "SSL_RSA_WITH_RC4_128_SHA"}, 104 {0x0006, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, 105 {0x0007, "SSL_RSA_WITH_IDEA_CBC_SHA"}, 106 {0x0008, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"}, 107 {0x0009, "SSL_RSA_WITH_DES_CBC_SHA"}, 108 {0x000A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA"}, 109 {0x000B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, 110 {0x000C, "SSL_DH_DSS_WITH_DES_CBC_SHA"}, 111 {0x000D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, 112 {0x000E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, 113 {0x000F, "SSL_DH_RSA_WITH_DES_CBC_SHA"}, 114 {0x0010, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, 115 {0x0011, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, 116 {0x0012, "SSL_DHE_DSS_WITH_DES_CBC_SHA"}, 117 {0x0013, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, 118 {0x0014, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, 119 {0x0015, "SSL_DHE_RSA_WITH_DES_CBC_SHA"}, 120 {0x0016, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, 121 {0x0017, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"}, 122 {0x0018, "SSL_DH_anon_WITH_RC4_128_MD5"}, 123 {0x0019, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, 124 {0x001A, "SSL_DH_anon_WITH_DES_CBC_SHA"}, 125 {0x001B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"}, 126 {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"}, 127 {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"}, 128 {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"}, 129 {0x0020, "TLS_KRB5_WITH_RC4_128_SHA"}, 130 {0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA"}, 131 {0x0022, "TLS_KRB5_WITH_DES_CBC_MD5"}, 132 {0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"}, 133 {0x0024, "TLS_KRB5_WITH_RC4_128_MD5"}, 134 {0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5"}, 135 {0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"}, 136 {0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"}, 137 {0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"}, 138 {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"}, 139 {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"}, 140 {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"}, 141 {0x002C, "TLS_PSK_WITH_NULL_SHA"}, 142 {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"}, 143 {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"}, 144 {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"}, 145 {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"}, 146 {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"}, 147 {0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"}, 148 {0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"}, 149 {0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA"}, 150 {0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA"}, 151 {0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"}, 152 {0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"}, 153 {0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"}, 154 {0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"}, 155 {0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA"}, 156 {0x003B, "TLS_RSA_WITH_NULL_SHA256"}, 157 {0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256"}, 158 {0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256"}, 159 {0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"}, 160 {0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"}, 161 {0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"}, 162 {0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"}, 163 {0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"}, 164 {0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"}, 165 {0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"}, 166 {0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"}, 167 {0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"}, 168 {0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"}, 169 {0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"}, 170 {0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"}, 171 {0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"}, 172 {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"}, 173 {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"}, 174 {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"}, 175 {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"}, 176 {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"}, 177 {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"}, 178 {0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"}, 179 {0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"}, 180 {0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"}, 181 {0x008A, "TLS_PSK_WITH_RC4_128_SHA"}, 182 {0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA"}, 183 {0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA"}, 184 {0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA"}, 185 {0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA"}, 186 {0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"}, 187 {0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"}, 188 {0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"}, 189 {0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA"}, 190 {0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"}, 191 {0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"}, 192 {0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"}, 193 {0x0096, "TLS_RSA_WITH_SEED_CBC_SHA"}, 194 {0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA"}, 195 {0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA"}, 196 {0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA"}, 197 {0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA"}, 198 {0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA"}, 199 {0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256"}, 200 {0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384"}, 201 {0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"}, 202 {0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"}, 203 {0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"}, 204 {0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"}, 205 {0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"}, 206 {0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"}, 207 {0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"}, 208 {0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"}, 209 {0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256"}, 210 {0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384"}, 211 {0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256"}, 212 {0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384"}, 213 {0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"}, 214 {0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"}, 215 {0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"}, 216 {0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"}, 217 {0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256"}, 218 {0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384"}, 219 {0x00B0, "TLS_PSK_WITH_NULL_SHA256"}, 220 {0x00B1, "TLS_PSK_WITH_NULL_SHA384"}, 221 {0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"}, 222 {0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"}, 223 {0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256"}, 224 {0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384"}, 225 {0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"}, 226 {0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"}, 227 {0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256"}, 228 {0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384"}, 229 {0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 230 {0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"}, 231 {0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 232 {0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"}, 233 {0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 234 {0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"}, 235 {0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, 236 {0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"}, 237 {0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, 238 {0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"}, 239 {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, 240 {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"}, 241 {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"}, 242 {0x5600, "TLS_FALLBACK_SCSV"}, 243 {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"}, 244 {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"}, 245 {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"}, 246 {0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"}, 247 {0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"}, 248 {0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"}, 249 {0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}, 250 {0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"}, 251 {0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"}, 252 {0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"}, 253 {0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA"}, 254 {0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA"}, 255 {0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"}, 256 {0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"}, 257 {0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"}, 258 {0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA"}, 259 {0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"}, 260 {0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"}, 261 {0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}, 262 {0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}, 263 {0xC015, "TLS_ECDH_anon_WITH_NULL_SHA"}, 264 {0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA"}, 265 {0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"}, 266 {0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"}, 267 {0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"}, 268 {0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"}, 269 {0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"}, 270 {0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"}, 271 {0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"}, 272 {0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"}, 273 {0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"}, 274 {0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"}, 275 {0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"}, 276 {0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"}, 277 {0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"}, 278 {0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"}, 279 {0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"}, 280 {0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"}, 281 {0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}, 282 {0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"}, 283 {0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"}, 284 {0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"}, 285 {0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}, 286 {0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}, 287 {0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"}, 288 {0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"}, 289 {0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}, 290 {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, 291 {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"}, 292 {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"}, 293 {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"}, 294 {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"}, 295 {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"}, 296 {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"}, 297 {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"}, 298 {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"}, 299 {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"}, 300 {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"}, 301 {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"}, 302 {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"}, 303 {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"}, 304 {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"}, 305 {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"}, 306 {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"}, 307 {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"}, 308 {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"}, 309 {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"}, 310 {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"}, 311 {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"}, 312 {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"}, 313 {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"}, 314 {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"}, 315 {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"}, 316 {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"}, 317 {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"}, 318 {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"}, 319 {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"}, 320 {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"}, 321 {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"}, 322 {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"}, 323 {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"}, 324 {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"}, 325 {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"}, 326 {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"}, 327 {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"}, 328 {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"}, 329 {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"}, 330 {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"}, 331 {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"}, 332 {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"}, 333 {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"}, 334 {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"}, 335 {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"}, 336 {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"}, 337 {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"}, 338 {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"}, 339 {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"}, 340 {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"}, 341 {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"}, 342 {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"}, 343 {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"}, 344 {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"}, 345 {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"}, 346 {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"}, 347 {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"}, 348 {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"}, 349 {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"}, 350 {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"}, 351 {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"}, 352 {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"}, 353 {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"}, 354 {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"}, 355 {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"}, 356 {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, 357 {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, 358 {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, 359 {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, 360 {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 361 {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, 362 {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, 363 {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, 364 {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 365 {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 366 {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 367 {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 368 {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 369 {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 370 {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, 371 {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, 372 {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, 373 {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, 374 {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"}, 375 {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"}, 376 {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, 377 {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, 378 {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, 379 {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, 380 {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 381 {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 382 {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, 383 {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, 384 {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, 385 {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, 386 {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, 387 {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, 388 {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, 389 {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, 390 {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, 391 {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, 392 {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, 393 {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, 394 {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, 395 {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, 396 {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, 397 {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, 398 {0xC09C, "TLS_RSA_WITH_AES_128_CCM"}, 399 {0xC09D, "TLS_RSA_WITH_AES_256_CCM"}, 400 {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"}, 401 {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"}, 402 {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"}, 403 {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"}, 404 {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"}, 405 {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"}, 406 {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"}, 407 {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"}, 408 {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"}, 409 {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"}, 410 {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"}, 411 {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"}, 412 {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"}, 413 {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"}, 414 {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"}, 415 {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"}, 416 {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"}, 417 {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"}, 418 {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, 419 {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}, 420 {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, 421 {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"}, 422 {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, 423 {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, 424 {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"}, 425 {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, 426 {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, 427 }; 428 429 /* Compression methods */ 430 static ssl_trace_tbl ssl_comp_tbl[] = { 431 {0x0000, "No Compression"}, 432 {0x0001, "Zlib Compression"} 433 }; 434 435 /* Extensions */ 436 static ssl_trace_tbl ssl_exts_tbl[] = { 437 {TLSEXT_TYPE_server_name, "server_name"}, 438 {TLSEXT_TYPE_max_fragment_length, "max_fragment_length"}, 439 {TLSEXT_TYPE_client_certificate_url, "client_certificate_url"}, 440 {TLSEXT_TYPE_trusted_ca_keys, "trusted_ca_keys"}, 441 {TLSEXT_TYPE_truncated_hmac, "truncated_hmac"}, 442 {TLSEXT_TYPE_status_request, "status_request"}, 443 {TLSEXT_TYPE_user_mapping, "user_mapping"}, 444 {TLSEXT_TYPE_client_authz, "client_authz"}, 445 {TLSEXT_TYPE_server_authz, "server_authz"}, 446 {TLSEXT_TYPE_cert_type, "cert_type"}, 447 {TLSEXT_TYPE_elliptic_curves, "elliptic_curves"}, 448 {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"}, 449 {TLSEXT_TYPE_srp, "srp"}, 450 {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"}, 451 {TLSEXT_TYPE_use_srtp, "use_srtp"}, 452 {TLSEXT_TYPE_heartbeat, "heartbeat"}, 453 {TLSEXT_TYPE_session_ticket, "session_ticket"}, 454 {TLSEXT_TYPE_renegotiate, "renegotiate"}, 455 # ifndef OPENSSL_NO_NEXTPROTONEG 456 {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"}, 457 # endif 458 {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"}, 459 {TLSEXT_TYPE_padding, "padding"}, 460 {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"}, 461 {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"} 462 }; 463 464 static ssl_trace_tbl ssl_curve_tbl[] = { 465 {1, "sect163k1 (K-163)"}, 466 {2, "sect163r1"}, 467 {3, "sect163r2 (B-163)"}, 468 {4, "sect193r1"}, 469 {5, "sect193r2"}, 470 {6, "sect233k1 (K-233)"}, 471 {7, "sect233r1 (B-233)"}, 472 {8, "sect239k1"}, 473 {9, "sect283k1 (K-283)"}, 474 {10, "sect283r1 (B-283)"}, 475 {11, "sect409k1 (K-409)"}, 476 {12, "sect409r1 (B-409)"}, 477 {13, "sect571k1 (K-571)"}, 478 {14, "sect571r1 (B-571)"}, 479 {15, "secp160k1"}, 480 {16, "secp160r1"}, 481 {17, "secp160r2"}, 482 {18, "secp192k1"}, 483 {19, "secp192r1 (P-192)"}, 484 {20, "secp224k1"}, 485 {21, "secp224r1 (P-224)"}, 486 {22, "secp256k1"}, 487 {23, "secp256r1 (P-256)"}, 488 {24, "secp384r1 (P-384)"}, 489 {25, "secp521r1 (P-521)"}, 490 {26, "brainpoolP256r1"}, 491 {27, "brainpoolP384r1"}, 492 {28, "brainpoolP512r1"}, 493 {29, "ecdh_x25519"}, 494 {0xFF01, "arbitrary_explicit_prime_curves"}, 495 {0xFF02, "arbitrary_explicit_char2_curves"} 496 }; 497 498 static ssl_trace_tbl ssl_point_tbl[] = { 499 {0, "uncompressed"}, 500 {1, "ansiX962_compressed_prime"}, 501 {2, "ansiX962_compressed_char2"} 502 }; 503 504 static ssl_trace_tbl ssl_md_tbl[] = { 505 {TLSEXT_hash_none, "none"}, 506 {TLSEXT_hash_md5, "md5"}, 507 {TLSEXT_hash_sha1, "sha1"}, 508 {TLSEXT_hash_sha224, "sha224"}, 509 {TLSEXT_hash_sha256, "sha256"}, 510 {TLSEXT_hash_sha384, "sha384"}, 511 {TLSEXT_hash_sha512, "sha512"}, 512 {TLSEXT_hash_gostr3411, "md_gost94"}, 513 {TLSEXT_hash_gostr34112012_256, "md_gost2012_256"}, 514 {TLSEXT_hash_gostr34112012_512, "md_gost2012_512"} 515 }; 516 517 static ssl_trace_tbl ssl_sig_tbl[] = { 518 {TLSEXT_signature_anonymous, "anonymous"}, 519 {TLSEXT_signature_rsa, "rsa"}, 520 {TLSEXT_signature_dsa, "dsa"}, 521 {TLSEXT_signature_ecdsa, "ecdsa"}, 522 {TLSEXT_signature_gostr34102001, "gost2001"}, 523 {TLSEXT_signature_gostr34102012_256, "gost2012_256"}, 524 {TLSEXT_signature_gostr34102012_512, "gost2012_512"} 525 }; 526 527 static ssl_trace_tbl ssl_hb_tbl[] = { 528 {1, "peer_allowed_to_send"}, 529 {2, "peer_not_allowed_to_send"} 530 }; 531 532 static ssl_trace_tbl ssl_hb_type_tbl[] = { 533 {1, "heartbeat_request"}, 534 {2, "heartbeat_response"} 535 }; 536 537 static ssl_trace_tbl ssl_ctype_tbl[] = { 538 {1, "rsa_sign"}, 539 {2, "dss_sign"}, 540 {3, "rsa_fixed_dh"}, 541 {4, "dss_fixed_dh"}, 542 {5, "rsa_ephemeral_dh"}, 543 {6, "dss_ephemeral_dh"}, 544 {20, "fortezza_dms"}, 545 {64, "ecdsa_sign"}, 546 {65, "rsa_fixed_ecdh"}, 547 {66, "ecdsa_fixed_ecdh"} 548 }; 549 550 static void ssl_print_hex(BIO *bio, int indent, const char *name, 551 const unsigned char *msg, size_t msglen) 552 { 553 size_t i; 554 BIO_indent(bio, indent, 80); 555 BIO_printf(bio, "%s (len=%d): ", name, (int)msglen); 556 for (i = 0; i < msglen; i++) 557 BIO_printf(bio, "%02X", msg[i]); 558 BIO_puts(bio, "\n"); 559 } 560 561 static int ssl_print_hexbuf(BIO *bio, int indent, 562 const char *name, size_t nlen, 563 const unsigned char **pmsg, size_t *pmsglen) 564 { 565 size_t blen; 566 const unsigned char *p = *pmsg; 567 if (*pmsglen < nlen) 568 return 0; 569 blen = p[0]; 570 if (nlen > 1) 571 blen = (blen << 8) | p[1]; 572 if (*pmsglen < nlen + blen) 573 return 0; 574 p += nlen; 575 ssl_print_hex(bio, indent, name, p, blen); 576 *pmsg += blen + nlen; 577 *pmsglen -= blen + nlen; 578 return 1; 579 } 580 581 static int ssl_print_version(BIO *bio, int indent, const char *name, 582 const unsigned char **pmsg, size_t *pmsglen) 583 { 584 int vers; 585 if (*pmsglen < 2) 586 return 0; 587 vers = ((*pmsg)[0] << 8) | (*pmsg)[1]; 588 BIO_indent(bio, indent, 80); 589 BIO_printf(bio, "%s=0x%x (%s)\n", 590 name, vers, ssl_trace_str(vers, ssl_version_tbl)); 591 *pmsg += 2; 592 *pmsglen -= 2; 593 return 1; 594 } 595 596 static int ssl_print_random(BIO *bio, int indent, 597 const unsigned char **pmsg, size_t *pmsglen) 598 { 599 unsigned int tm; 600 const unsigned char *p = *pmsg; 601 if (*pmsglen < 32) 602 return 0; 603 tm = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; 604 p += 4; 605 BIO_indent(bio, indent, 80); 606 BIO_puts(bio, "Random:\n"); 607 BIO_indent(bio, indent + 2, 80); 608 BIO_printf(bio, "gmt_unix_time=0x%08X\n", tm); 609 ssl_print_hex(bio, indent + 2, "random_bytes", p, 28); 610 *pmsg += 32; 611 *pmsglen -= 32; 612 return 1; 613 } 614 615 static int ssl_print_signature(BIO *bio, int indent, SSL *s, 616 const unsigned char **pmsg, size_t *pmsglen) 617 { 618 if (*pmsglen < 2) 619 return 0; 620 if (SSL_USE_SIGALGS(s)) { 621 const unsigned char *p = *pmsg; 622 BIO_indent(bio, indent, 80); 623 BIO_printf(bio, "Signature Algorithm %s+%s (%d+%d)\n", 624 ssl_trace_str(p[0], ssl_md_tbl), 625 ssl_trace_str(p[1], ssl_sig_tbl), p[0], p[1]); 626 *pmsg += 2; 627 *pmsglen -= 2; 628 } 629 return ssl_print_hexbuf(bio, indent, "Signature", 2, pmsg, pmsglen); 630 } 631 632 static int ssl_print_extension(BIO *bio, int indent, int server, int extype, 633 const unsigned char *ext, size_t extlen) 634 { 635 size_t xlen; 636 BIO_indent(bio, indent, 80); 637 BIO_printf(bio, "extension_type=%s(%d), length=%d\n", 638 ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen); 639 switch (extype) { 640 case TLSEXT_TYPE_ec_point_formats: 641 if (extlen < 1) 642 return 0; 643 xlen = ext[0]; 644 if (extlen != xlen + 1) 645 return 0; 646 return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl); 647 648 case TLSEXT_TYPE_elliptic_curves: 649 if (extlen < 2) 650 return 0; 651 xlen = (ext[0] << 8) | ext[1]; 652 if (extlen != xlen + 2) 653 return 0; 654 return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_curve_tbl); 655 656 case TLSEXT_TYPE_signature_algorithms: 657 658 if (extlen < 2) 659 return 0; 660 xlen = (ext[0] << 8) | ext[1]; 661 if (extlen != xlen + 2) 662 return 0; 663 if (xlen & 1) 664 return 0; 665 ext += 2; 666 while (xlen > 0) { 667 BIO_indent(bio, indent + 2, 80); 668 BIO_printf(bio, "%s+%s (%d+%d)\n", 669 ssl_trace_str(ext[0], ssl_md_tbl), 670 ssl_trace_str(ext[1], ssl_sig_tbl), ext[0], ext[1]); 671 xlen -= 2; 672 ext += 2; 673 } 674 break; 675 676 case TLSEXT_TYPE_renegotiate: 677 if (extlen < 1) 678 return 0; 679 xlen = ext[0]; 680 if (xlen + 1 != extlen) 681 return 0; 682 ext++; 683 if (xlen) { 684 if (server) { 685 if (xlen & 1) 686 return 0; 687 xlen >>= 1; 688 } 689 ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen); 690 if (server) { 691 ext += xlen; 692 ssl_print_hex(bio, indent + 4, "server_verify_data", ext, xlen); 693 } 694 } else { 695 BIO_indent(bio, indent + 4, 80); 696 BIO_puts(bio, "<EMPTY>\n"); 697 } 698 break; 699 700 case TLSEXT_TYPE_heartbeat: 701 if (extlen != 1) 702 return 0; 703 BIO_indent(bio, indent + 2, 80); 704 BIO_printf(bio, "HeartbeatMode: %s\n", 705 ssl_trace_str(ext[0], ssl_hb_tbl)); 706 break; 707 708 case TLSEXT_TYPE_session_ticket: 709 if (extlen != 0) 710 ssl_print_hex(bio, indent + 4, "ticket", ext, extlen); 711 break; 712 713 default: 714 BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2); 715 } 716 return 1; 717 } 718 719 static int ssl_print_extensions(BIO *bio, int indent, int server, 720 const unsigned char *msg, size_t msglen) 721 { 722 size_t extslen; 723 BIO_indent(bio, indent, 80); 724 if (msglen == 0) { 725 BIO_puts(bio, "No Extensions\n"); 726 return 1; 727 } 728 extslen = (msg[0] << 8) | msg[1]; 729 if (extslen != msglen - 2) 730 return 0; 731 msg += 2; 732 msglen = extslen; 733 BIO_printf(bio, "extensions, length = %d\n", (int)msglen); 734 while (msglen > 0) { 735 int extype; 736 size_t extlen; 737 if (msglen < 4) 738 return 0; 739 extype = (msg[0] << 8) | msg[1]; 740 extlen = (msg[2] << 8) | msg[3]; 741 if (msglen < extlen + 4) 742 return 0; 743 msg += 4; 744 if (!ssl_print_extension(bio, indent + 2, server, extype, msg, extlen)) 745 return 0; 746 msg += extlen; 747 msglen -= extlen + 4; 748 } 749 return 1; 750 } 751 752 static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent, 753 const unsigned char *msg, size_t msglen) 754 { 755 size_t len; 756 unsigned int cs; 757 if (!ssl_print_version(bio, indent, "client_version", &msg, &msglen)) 758 return 0; 759 if (!ssl_print_random(bio, indent, &msg, &msglen)) 760 return 0; 761 if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) 762 return 0; 763 if (SSL_IS_DTLS(ssl)) { 764 if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) 765 return 0; 766 } 767 if (msglen < 2) 768 return 0; 769 len = (msg[0] << 8) | msg[1]; 770 msg += 2; 771 msglen -= 2; 772 BIO_indent(bio, indent, 80); 773 BIO_printf(bio, "cipher_suites (len=%d)\n", (int)len); 774 if (msglen < len || len & 1) 775 return 0; 776 while (len > 0) { 777 cs = (msg[0] << 8) | msg[1]; 778 BIO_indent(bio, indent + 2, 80); 779 BIO_printf(bio, "{0x%02X, 0x%02X} %s\n", 780 msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); 781 msg += 2; 782 msglen -= 2; 783 len -= 2; 784 } 785 if (msglen < 1) 786 return 0; 787 len = msg[0]; 788 msg++; 789 msglen--; 790 if (msglen < len) 791 return 0; 792 BIO_indent(bio, indent, 80); 793 BIO_printf(bio, "compression_methods (len=%d)\n", (int)len); 794 while (len > 0) { 795 BIO_indent(bio, indent + 2, 80); 796 BIO_printf(bio, "%s (0x%02X)\n", 797 ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); 798 msg++; 799 msglen--; 800 len--; 801 } 802 if (!ssl_print_extensions(bio, indent, 0, msg, msglen)) 803 return 0; 804 return 1; 805 } 806 807 static int dtls_print_hello_vfyrequest(BIO *bio, int indent, 808 const unsigned char *msg, size_t msglen) 809 { 810 if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen)) 811 return 0; 812 if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) 813 return 0; 814 return 1; 815 } 816 817 static int ssl_print_server_hello(BIO *bio, int indent, 818 const unsigned char *msg, size_t msglen) 819 { 820 unsigned int cs; 821 if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen)) 822 return 0; 823 if (!ssl_print_random(bio, indent, &msg, &msglen)) 824 return 0; 825 if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) 826 return 0; 827 if (msglen < 2) 828 return 0; 829 cs = (msg[0] << 8) | msg[1]; 830 BIO_indent(bio, indent, 80); 831 BIO_printf(bio, "cipher_suite {0x%02X, 0x%02X} %s\n", 832 msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); 833 msg += 2; 834 msglen -= 2; 835 if (msglen < 1) 836 return 0; 837 BIO_indent(bio, indent, 80); 838 BIO_printf(bio, "compression_method: %s (0x%02X)\n", 839 ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); 840 msg++; 841 msglen--; 842 if (!ssl_print_extensions(bio, indent, 1, msg, msglen)) 843 return 0; 844 return 1; 845 } 846 847 static int ssl_get_keyex(const char **pname, SSL *ssl) 848 { 849 unsigned long alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey; 850 if (alg_k & SSL_kRSA) { 851 *pname = "rsa"; 852 return SSL_kRSA; 853 } 854 if (alg_k & SSL_kDHE) { 855 *pname = "DHE"; 856 return SSL_kDHE; 857 } 858 if (alg_k & SSL_kECDHE) { 859 *pname = "ECDHE"; 860 return SSL_kECDHE; 861 } 862 if (alg_k & SSL_kPSK) { 863 *pname = "PSK"; 864 return SSL_kPSK; 865 } 866 if (alg_k & SSL_kRSAPSK) { 867 *pname = "RSAPSK"; 868 return SSL_kRSAPSK; 869 } 870 if (alg_k & SSL_kDHEPSK) { 871 *pname = "DHEPSK"; 872 return SSL_kDHEPSK; 873 } 874 if (alg_k & SSL_kECDHEPSK) { 875 *pname = "ECDHEPSK"; 876 return SSL_kECDHEPSK; 877 } 878 if (alg_k & SSL_kSRP) { 879 *pname = "SRP"; 880 return SSL_kSRP; 881 } 882 if (alg_k & SSL_kGOST) { 883 *pname = "GOST"; 884 return SSL_kGOST; 885 } 886 *pname = "UNKNOWN"; 887 return 0; 888 } 889 890 static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl, 891 const unsigned char *msg, size_t msglen) 892 { 893 const char *algname; 894 int id; 895 id = ssl_get_keyex(&algname, ssl); 896 BIO_indent(bio, indent, 80); 897 BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); 898 if (id & SSL_PSK) { 899 if (!ssl_print_hexbuf(bio, indent + 2, 900 "psk_identity", 2, &msg, &msglen)) 901 return 0; 902 } 903 switch (id) { 904 905 case SSL_kRSA: 906 case SSL_kRSAPSK: 907 if (TLS1_get_version(ssl) == SSL3_VERSION) { 908 ssl_print_hex(bio, indent + 2, 909 "EncyptedPreMasterSecret", msg, msglen); 910 } else { 911 if (!ssl_print_hexbuf(bio, indent + 2, 912 "EncyptedPreMasterSecret", 2, &msg, &msglen)) 913 return 0; 914 } 915 break; 916 917 case SSL_kDHE: 918 case SSL_kDHEPSK: 919 if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2, &msg, &msglen)) 920 return 0; 921 break; 922 923 case SSL_kECDHE: 924 case SSL_kECDHEPSK: 925 if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, &msg, &msglen)) 926 return 0; 927 break; 928 929 } 930 931 return !msglen; 932 } 933 934 static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, 935 const unsigned char *msg, size_t msglen) 936 { 937 const char *algname; 938 int id; 939 id = ssl_get_keyex(&algname, ssl); 940 BIO_indent(bio, indent, 80); 941 BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); 942 if (id & SSL_PSK) { 943 if (!ssl_print_hexbuf(bio, indent + 2, 944 "psk_identity_hint", 2, &msg, &msglen)) 945 return 0; 946 } 947 switch (id) { 948 case SSL_kRSA: 949 950 if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, &msg, &msglen)) 951 return 0; 952 if (!ssl_print_hexbuf(bio, indent + 2, "rsa_exponent", 2, 953 &msg, &msglen)) 954 return 0; 955 break; 956 957 case SSL_kDHE: 958 case SSL_kDHEPSK: 959 if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2, &msg, &msglen)) 960 return 0; 961 if (!ssl_print_hexbuf(bio, indent + 2, "dh_g", 2, &msg, &msglen)) 962 return 0; 963 if (!ssl_print_hexbuf(bio, indent + 2, "dh_Ys", 2, &msg, &msglen)) 964 return 0; 965 break; 966 967 # ifndef OPENSSL_NO_EC 968 case SSL_kECDHE: 969 case SSL_kECDHEPSK: 970 if (msglen < 1) 971 return 0; 972 BIO_indent(bio, indent + 2, 80); 973 if (msg[0] == EXPLICIT_PRIME_CURVE_TYPE) 974 BIO_puts(bio, "explicit_prime\n"); 975 else if (msg[0] == EXPLICIT_CHAR2_CURVE_TYPE) 976 BIO_puts(bio, "explicit_char2\n"); 977 else if (msg[0] == NAMED_CURVE_TYPE) { 978 int curve; 979 if (msglen < 3) 980 return 0; 981 curve = (msg[1] << 8) | msg[2]; 982 BIO_printf(bio, "named_curve: %s (%d)\n", 983 ssl_trace_str(curve, ssl_curve_tbl), curve); 984 msg += 3; 985 msglen -= 3; 986 if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen)) 987 return 0; 988 } else { 989 BIO_printf(bio, "UNKNOWN CURVE PARAMETER TYPE %d\n", msg[0]); 990 return 0; 991 } 992 break; 993 # endif 994 995 case SSL_kPSK: 996 case SSL_kRSAPSK: 997 break; 998 } 999 if (!(id & SSL_PSK)) 1000 ssl_print_signature(bio, indent, ssl, &msg, &msglen); 1001 return !msglen; 1002 } 1003 1004 static int ssl_print_certificate(BIO *bio, int indent, 1005 const unsigned char **pmsg, size_t *pmsglen) 1006 { 1007 size_t msglen = *pmsglen; 1008 size_t clen; 1009 X509 *x; 1010 const unsigned char *p = *pmsg, *q; 1011 if (msglen < 3) 1012 return 0; 1013 clen = (p[0] << 16) | (p[1] << 8) | p[2]; 1014 if (msglen < clen + 3) 1015 return 0; 1016 q = p + 3; 1017 BIO_indent(bio, indent, 80); 1018 BIO_printf(bio, "ASN.1Cert, length=%d", (int)clen); 1019 x = d2i_X509(NULL, &q, clen); 1020 if (!x) 1021 BIO_puts(bio, "<UNPARSEABLE CERTIFICATE>\n"); 1022 else { 1023 BIO_puts(bio, "\n------details-----\n"); 1024 X509_print_ex(bio, x, XN_FLAG_ONELINE, 0); 1025 PEM_write_bio_X509(bio, x); 1026 /* Print certificate stuff */ 1027 BIO_puts(bio, "------------------\n"); 1028 X509_free(x); 1029 } 1030 if (q != p + 3 + clen) { 1031 BIO_puts(bio, "<TRAILING GARBAGE AFTER CERTIFICATE>\n"); 1032 } 1033 *pmsg += clen + 3; 1034 *pmsglen -= clen + 3; 1035 return 1; 1036 } 1037 1038 static int ssl_print_certificates(BIO *bio, int indent, 1039 const unsigned char *msg, size_t msglen) 1040 { 1041 size_t clen; 1042 if (msglen < 3) 1043 return 0; 1044 clen = (msg[0] << 16) | (msg[1] << 8) | msg[2]; 1045 if (msglen != clen + 3) 1046 return 0; 1047 msg += 3; 1048 BIO_indent(bio, indent, 80); 1049 BIO_printf(bio, "certificate_list, length=%d\n", (int)clen); 1050 while (clen > 0) { 1051 if (!ssl_print_certificate(bio, indent + 2, &msg, &clen)) 1052 return 0; 1053 } 1054 return 1; 1055 } 1056 1057 static int ssl_print_cert_request(BIO *bio, int indent, SSL *s, 1058 const unsigned char *msg, size_t msglen) 1059 { 1060 size_t xlen; 1061 if (msglen < 1) 1062 return 0; 1063 xlen = msg[0]; 1064 if (msglen < xlen + 1) 1065 return 0; 1066 msg++; 1067 BIO_indent(bio, indent, 80); 1068 BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen); 1069 if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl)) 1070 return 0; 1071 msg += xlen; 1072 msglen -= xlen + 1; 1073 if (!SSL_USE_SIGALGS(s)) 1074 goto skip_sig; 1075 if (msglen < 2) 1076 return 0; 1077 xlen = (msg[0] << 8) | msg[1]; 1078 if (msglen < xlen + 2 || (xlen & 1)) 1079 return 0; 1080 msg += 2; 1081 BIO_indent(bio, indent, 80); 1082 BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen); 1083 while (xlen > 0) { 1084 BIO_indent(bio, indent + 2, 80); 1085 BIO_printf(bio, "%s+%s (%d+%d)\n", 1086 ssl_trace_str(msg[0], ssl_md_tbl), 1087 ssl_trace_str(msg[1], ssl_sig_tbl), msg[0], msg[1]); 1088 xlen -= 2; 1089 msg += 2; 1090 } 1091 msg += xlen; 1092 msglen -= xlen + 2; 1093 1094 skip_sig: 1095 xlen = (msg[0] << 8) | msg[1]; 1096 BIO_indent(bio, indent, 80); 1097 if (msglen < xlen + 2) 1098 return 0; 1099 msg += 2; 1100 msglen -= 2; 1101 BIO_printf(bio, "certificate_authorities (len=%d)\n", (int)xlen); 1102 while (xlen > 0) { 1103 size_t dlen; 1104 X509_NAME *nm; 1105 const unsigned char *p; 1106 if (xlen < 2) 1107 return 0; 1108 dlen = (msg[0] << 8) | msg[1]; 1109 if (xlen < dlen + 2) 1110 return 0; 1111 msg += 2; 1112 BIO_indent(bio, indent + 2, 80); 1113 BIO_printf(bio, "DistinguishedName (len=%d): ", (int)dlen); 1114 p = msg; 1115 nm = d2i_X509_NAME(NULL, &p, dlen); 1116 if (!nm) { 1117 BIO_puts(bio, "<UNPARSEABLE DN>\n"); 1118 } else { 1119 X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE); 1120 BIO_puts(bio, "\n"); 1121 X509_NAME_free(nm); 1122 } 1123 xlen -= dlen + 2; 1124 msg += dlen; 1125 } 1126 return 1; 1127 } 1128 1129 static int ssl_print_ticket(BIO *bio, int indent, 1130 const unsigned char *msg, size_t msglen) 1131 { 1132 unsigned int tick_life; 1133 if (msglen == 0) { 1134 BIO_indent(bio, indent + 2, 80); 1135 BIO_puts(bio, "No Ticket\n"); 1136 return 1; 1137 } 1138 if (msglen < 4) 1139 return 0; 1140 tick_life = (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3]; 1141 msglen -= 4; 1142 msg += 4; 1143 BIO_indent(bio, indent + 2, 80); 1144 BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life); 1145 if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen)) 1146 return 0; 1147 if (msglen) 1148 return 0; 1149 return 1; 1150 } 1151 1152 static int ssl_print_handshake(BIO *bio, SSL *ssl, 1153 const unsigned char *msg, size_t msglen, 1154 int indent) 1155 { 1156 size_t hlen; 1157 unsigned char htype; 1158 if (msglen < 4) 1159 return 0; 1160 htype = msg[0]; 1161 hlen = (msg[1] << 16) | (msg[2] << 8) | msg[3]; 1162 BIO_indent(bio, indent, 80); 1163 BIO_printf(bio, "%s, Length=%d\n", 1164 ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen); 1165 msg += 4; 1166 msglen -= 4; 1167 if (SSL_IS_DTLS(ssl)) { 1168 if (msglen < 8) 1169 return 0; 1170 BIO_indent(bio, indent, 80); 1171 BIO_printf(bio, "message_seq=%d, fragment_offset=%d, " 1172 "fragment_length=%d\n", 1173 (msg[0] << 8) | msg[1], 1174 (msg[2] << 16) | (msg[3] << 8) | msg[4], 1175 (msg[5] << 16) | (msg[6] << 8) | msg[7]); 1176 msg += 8; 1177 msglen -= 8; 1178 } 1179 if (msglen < hlen) 1180 return 0; 1181 switch (htype) { 1182 case SSL3_MT_CLIENT_HELLO: 1183 if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen)) 1184 return 0; 1185 break; 1186 1187 case DTLS1_MT_HELLO_VERIFY_REQUEST: 1188 if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen)) 1189 return 0; 1190 break; 1191 1192 case SSL3_MT_SERVER_HELLO: 1193 if (!ssl_print_server_hello(bio, indent + 2, msg, msglen)) 1194 return 0; 1195 break; 1196 1197 case SSL3_MT_SERVER_KEY_EXCHANGE: 1198 if (!ssl_print_server_keyex(bio, indent + 2, ssl, msg, msglen)) 1199 return 0; 1200 break; 1201 1202 case SSL3_MT_CLIENT_KEY_EXCHANGE: 1203 if (!ssl_print_client_keyex(bio, indent + 2, ssl, msg, msglen)) 1204 return 0; 1205 break; 1206 1207 case SSL3_MT_CERTIFICATE: 1208 if (!ssl_print_certificates(bio, indent + 2, msg, msglen)) 1209 return 0; 1210 break; 1211 1212 case SSL3_MT_CERTIFICATE_VERIFY: 1213 if (!ssl_print_signature(bio, indent + 2, ssl, &msg, &msglen)) 1214 return 0; 1215 break; 1216 1217 case SSL3_MT_CERTIFICATE_REQUEST: 1218 if (!ssl_print_cert_request(bio, indent + 2, ssl, msg, msglen)) 1219 return 0; 1220 break; 1221 1222 case SSL3_MT_FINISHED: 1223 ssl_print_hex(bio, indent + 2, "verify_data", msg, msglen); 1224 break; 1225 1226 case SSL3_MT_SERVER_DONE: 1227 if (msglen != 0) 1228 ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen); 1229 break; 1230 1231 case SSL3_MT_NEWSESSION_TICKET: 1232 if (!ssl_print_ticket(bio, indent + 2, msg, msglen)) 1233 return 0; 1234 break; 1235 1236 default: 1237 BIO_indent(bio, indent + 2, 80); 1238 BIO_puts(bio, "Unsupported, hex dump follows:\n"); 1239 BIO_dump_indent(bio, (const char *)msg, msglen, indent + 4); 1240 } 1241 return 1; 1242 } 1243 1244 static int ssl_print_heartbeat(BIO *bio, int indent, 1245 const unsigned char *msg, size_t msglen) 1246 { 1247 if (msglen < 3) 1248 return 0; 1249 BIO_indent(bio, indent, 80); 1250 BIO_printf(bio, "HeartBeatMessageType: %s\n", 1251 ssl_trace_str(msg[0], ssl_hb_type_tbl)); 1252 msg++; 1253 msglen--; 1254 if (!ssl_print_hexbuf(bio, indent, "payload", 2, &msg, &msglen)) 1255 return 0; 1256 ssl_print_hex(bio, indent, "padding", msg, msglen); 1257 return 1; 1258 } 1259 1260 const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c) 1261 { 1262 return ssl_trace_str(c->id & 0xFFFF, ssl_ciphers_tbl); 1263 } 1264 1265 void SSL_trace(int write_p, int version, int content_type, 1266 const void *buf, size_t msglen, SSL *ssl, void *arg) 1267 { 1268 const unsigned char *msg = buf; 1269 BIO *bio = arg; 1270 1271 switch (content_type) { 1272 case SSL3_RT_HEADER: 1273 { 1274 int hvers = msg[1] << 8 | msg[2]; 1275 BIO_puts(bio, write_p ? "Sent" : "Received"); 1276 BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n", 1277 ssl_trace_str(hvers, ssl_version_tbl), hvers); 1278 if (SSL_IS_DTLS(ssl)) { 1279 BIO_printf(bio, 1280 " epoch=%d, sequence_number=%04x%04x%04x\n", 1281 (msg[3] << 8 | msg[4]), 1282 (msg[5] << 8 | msg[6]), 1283 (msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10])); 1284 } 1285 1286 BIO_printf(bio, " Content Type = %s (%d)\n Length = %d", 1287 ssl_trace_str(msg[0], ssl_content_tbl), msg[0], 1288 msg[msglen - 2] << 8 | msg[msglen - 1]); 1289 } 1290 break; 1291 case SSL3_RT_HANDSHAKE: 1292 if (!ssl_print_handshake(bio, ssl, msg, msglen, 4)) 1293 BIO_printf(bio, "Message length parse error!\n"); 1294 break; 1295 1296 case SSL3_RT_CHANGE_CIPHER_SPEC: 1297 if (msglen == 1 && msg[0] == 1) 1298 BIO_puts(bio, " change_cipher_spec (1)\n"); 1299 else 1300 ssl_print_hex(bio, 4, "unknown value", msg, msglen); 1301 break; 1302 1303 case SSL3_RT_ALERT: 1304 if (msglen != 2) { 1305 BIO_puts(bio, " Illegal Alert Length\n"); 1306 } else { 1307 BIO_printf(bio, " Level=%s(%d), description=%s(%d)\n", 1308 SSL_alert_type_string_long(msg[0] << 8), 1309 msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); 1310 } 1311 break; 1312 1313 case DTLS1_RT_HEARTBEAT: 1314 ssl_print_heartbeat(bio, 4, msg, msglen); 1315 break; 1316 1317 } 1318 1319 BIO_puts(bio, "\n"); 1320 } 1321 1322 #endif 1323