diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2015-01-29 10:29:16 +0100 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2015-01-29 10:29:16 +0100 |
| commit | cdbf377eab497d18b12641ca7c968b121af84436 (patch) | |
| tree | 9ff050091d5909271f940081601f42e2df0bbb41 /src | |
| parent | 85171f30c274c8f6c0d2d9bb77460908d6c6ba9c (diff) | |
| download | wireshark-notes-cdbf377eab497d18b12641ca7c968b121af84436.tar.gz | |
sslkeylog: skip writing duplicate entries
SSL_connect is somehow called multiple times on the same connection
by curl, this may result in duplicate keylog file entries. Detect when
the state changes, and only print the keys if it has changed.
Diffstat (limited to 'src')
| -rw-r--r-- | src/sslkeylog.c | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/src/sslkeylog.c b/src/sslkeylog.c index 2a3ff9b..065a717 100644 --- a/src/sslkeylog.c +++ b/src/sslkeylog.c @@ -71,12 +71,40 @@ static void init_keylog_file(void) } } -static void tap_ssl_key(SSL *ssl) +typedef struct ssl_tap_state { + int master_key_length; + unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; + +} ssl_tap_state_t; + +/* Copies SSL state for later comparison in tap_ssl_key. */ +static void ssl_tap_state_init(ssl_tap_state_t *state, SSL *ssl) +{ + memset(state, 0, sizeof(ssl_tap_state_t)); + if (ssl->session && ssl->session->master_key_length > 0) { + state->master_key_length = ssl->session->master_key_length; + memcpy(state->master_key, ssl->session->master_key, + ssl->session->master_key_length); + } +} + +#define SSL_TAP_STATE(state, ssl) \ + ssl_tap_state_t state; \ + ssl_tap_state_init(&state, ssl) + +static void tap_ssl_key(SSL *ssl, ssl_tap_state_t *state) { /* SSLv2 is not supported (Wireshark does not support it either). Write the * logfile when the master key is available for SSLv3/TLSv1. */ if (ssl->s3 != NULL && ssl->session != NULL && ssl->session->master_key_length > 0) { + /* Skip writing keys if it did not change. */ + if (state->master_key_length == ssl->session->master_key_length && + memcmp(state->master_key, ssl->session->master_key, + state->master_key_length) == 0) { + return; + } + init_keylog_file(); if (keylog_file_fd >= 0) { dump_to_fd(ssl, keylog_file_fd); @@ -90,8 +118,9 @@ int SSL_connect(SSL *ssl) if (!func) { func = dlsym(RTLD_NEXT, __func__); } + SSL_TAP_STATE(state, ssl); int ret = func(ssl); - tap_ssl_key(ssl); + tap_ssl_key(ssl, &state); return ret; } @@ -101,8 +130,9 @@ int SSL_do_handshake(SSL *ssl) if (!func) { func = dlsym(RTLD_NEXT, __func__); } + SSL_TAP_STATE(state, ssl); int ret = func(ssl); - tap_ssl_key(ssl); + tap_ssl_key(ssl, &state); return ret; } @@ -112,7 +142,8 @@ int SSL_accept(SSL *ssl) if (!func) { func = dlsym(RTLD_NEXT, __func__); } + SSL_TAP_STATE(state, ssl); int ret = func(ssl); - tap_ssl_key(ssl); + tap_ssl_key(ssl, &state); return ret; } |