Age | Commit message (Collapse) | Author | Files | Lines |
|
Since the previous OpenSSL 1.1.0 compatibility patch, addition of the
SSL_get_session and SSL_SESSION_get_master_key required them to be
available at load time. Since applications are not necessarily linked
with -lssl, this can fail.
Avoid this dependency by looking up the symbols at runtime. Tested with
OpenSSL 1.0.2.k (using python+requests) and
OpenSSL_1_1_0-pre6-1439-g0e2c7b3ee (openssl s_client).
|
|
OpenSSL 1.1.0 makes some structures opaque, but luckily it provides new
functions to extract the client random and master secret which is all we
need from the structures.
Tested with OpenSSL 1.1.0-pre6 using openssl s_client and
OpenSSL 1.0.2.h using curl.
|
|
This solves a null deref in python ssl module in SSL_do_handshake.
|
|
These functions can trigger a renegotiation which changes the key
material (detected by using `curl` and `openssl s_server` and pressing
`R` in `openssl s_server`).
|
|
SSL_connect is somehow called multiple times on the same connection
by curl, this may result in duplicate keylog file entries. Detect when
the state changes, and only print the keys if it has changed.
|
|
Also intercept SSL_do_handshake (nginx) and SSL_accept (s_server).
|
|
Try to dump as many keys as possible, even if a fatal alert occurred.
Wireshark does not support SSLv2, so check that a successful connection
does not use SSLv2 before dumping keys (this fixes a crash).
|
|
This follows the preference name ssl.keylog_file.
|
|
For a gdb function, see http://security.stackexchange.com/a/80174/2630
To generate the line assuming you have a context with a SSL structure
(named "s") run this:
python
def read_as_hex(name, size):
addr = gdb.parse_and_eval(name).address
data = gdb.selected_inferior().read_memory(addr, size)
return ''.join('%02X' % ord(x) for x in data)
def pm(ssl='s'):
mk = read_as_hex('%s->session->master_key' % ssl, 48)
cr = read_as_hex('%s->s3->client_random' % ssl, 32)
print('CLIENT_RANDOM %s %s' % (cr, mk))
end
python pm()
|