Add support to SSL_trace() for inner content types

When using the -trace option with TLSv1.3 all records appear as "application data". This adds the ability to see the inner content type too. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3408)
2017-05-05 11:55:55 +01:00 · 2017-05-05 11:55:55 +01:00 · ad5100bc41
commit ad5100bc41
parent eee2750bd3
4 changed files with 18 additions and 6 deletions
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@ -223,8 +223,9 @@ extern "C" {
 # define TLS1_RT_CRYPTO_IV               (TLS1_RT_CRYPTO | 0x7)
 # define TLS1_RT_CRYPTO_FIXED_IV         (TLS1_RT_CRYPTO | 0x8)

-/* Pseudo content type for SSL/TLS header info */
+/* Pseudo content types for SSL/TLS header info */
 # define SSL3_RT_HEADER                  0x100
+# define SSL3_RT_INNER_CONTENT_TYPE      0x101

 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@ -995,6 +995,13 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
            s->msg_callback(1, 0, SSL3_RT_HEADER, recordstart,
                            SSL3_RT_HEADER_LENGTH, s,
                            s->msg_callback_arg);
+
+            if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) {
+                unsigned char ctype = type;
+
+                s->msg_callback(1, s->version, SSL3_RT_INNER_CONTENT_TYPE,
+                                &ctype, 1, s, s->msg_callback_arg);
+            }
        }

        if (!WPACKET_finish(thispkt)) {
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@ -247,11 +247,6 @@ int ssl3_get_record(SSL *s)
                }
            } else {
                /* SSLv3+ style record */
-                /*
-                 * TODO(TLS1.3): This callback only provides the "outer" record
-                 * type to the callback. Somehow we need to pass the "inner"
-                 * record type
-                 */
                if (s->msg_callback)
                    s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s,
                                    s->msg_callback_arg);
@ -643,6 +638,9 @@ int ssl3_get_record(SSL *s)
                SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
                goto f_err;
            }
+            if (s->msg_callback)
+                s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE,
+                                &thisrr->data[end], 1, s, s->msg_callback_arg);
        }

        if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@ -1494,6 +1494,12 @@ void SSL_trace(int write_p, int version, int content_type,
                       msg[msglen - 2] << 8 | msg[msglen - 1]);
        }
        break;
+
+    case SSL3_RT_INNER_CONTENT_TYPE:
+        BIO_printf(bio, "  Inner Content Type = %s (%d)",
+                   ssl_trace_str(msg[0], ssl_content_tbl), msg[0]);
+        break;
+
    case SSL3_RT_HANDSHAKE:
        if (!ssl_print_handshake(bio, ssl, ssl->server ? write_p : !write_p,
                                 msg, msglen, 4))