From befe0f77dd2246e437e61cefb861bf9a6d4ff82b Mon Sep 17 00:00:00 2001 From: Peter Wu Date: Tue, 3 Dec 2013 18:36:16 +0100 Subject: cyassl patch for AES-CCM testing See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9499 --- notes.txt | 8 ++ ...nt-SSLKEYLOGFILE-support-for-ClientRandom.patch | 116 +++++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 patches/cyassl-Implement-SSLKEYLOGFILE-support-for-ClientRandom.patch diff --git a/notes.txt b/notes.txt index 04c9e60..68c527d 100644 --- a/notes.txt +++ b/notes.txt @@ -13,6 +13,14 @@ make install # for libgcrypt-config test in wireshark ./configure PATH=/tmp/libgcrypt/prefix/bin:$PATH +# Build cyassl for AES-CCM testing +patch -p1 < cyassl-Implement-SSLKEYLOGFILE-support-for-ClientRandom.patch +autoreconf -fiv +./configure --enable-{opensslextra,dtls,ipv6,sniffer,aes{c,g}cm,camellia,md2,dsa,ecc,psk,webserver,sni} +make +examples/server/server -p 4433 +SSLKEYLOGFILE=premaster.txt examples/client/client -l AES256-SHA -p 4433 + # find which suites are not supported yet (unsupported.txt) awk -vsrc=/tmp/wireshark/epan/dissectors/packet-ssl-utils.c -F'[ {,]+' 'BEGIN{while(getline +Date: Tue, 3 Dec 2013 18:14:43 +0100 +Subject: [PATCH] Implement SSLKEYLOGFILE support for ClientRandom + +Based on NSS code, the format of the SSLKEYLOGFILE file is documented at +https://developer.mozilla.org/en-US/docs/NSS_Key_Log_Format + +This debugging facility allows the master-key established in a SSL +handshake to be saved to a file specified by the SSLKEYLOGFILE. +--- + src/internal.c | 43 +++++++++++++++++++++++++++++++++++++++++++ + src/ssl.c | 16 ++++++++++++++++ + 2 files changed, 59 insertions(+) + +diff --git a/src/internal.c b/src/internal.c +index 85e64f9..acb2a52 100644 +--- a/src/internal.c ++++ b/src/internal.c +@@ -5423,6 +5423,47 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz, + return sz; + } + ++static void hexEncode(byte* dst_str, const byte* src_bytes, size_t src_len) ++{ ++ const byte hex[] = "0123456789abcdef"; ++ size_t n; ++ ++ for (n = 0; n < src_len; ++n) { ++ byte val = *src_bytes++; ++ *dst_str++ = hex[val >> 4]; ++ *dst_str++ = hex[val & 0xf]; ++ } ++} ++ ++/* defined in src/ssl.c */ ++extern FILE* ssl_keylog_iob; ++ ++static void RecordKeyLog(CYASSL* ssl) ++{ ++ byte buf[14 /* "CLIENT_RANDOM " */ + ++ RAN_LEN*2 /* client_random */ + ++ 1 /* " " */ + ++ SECRET_LEN*2 /* master secret */ + ++ 1 /* new line */]; ++ unsigned int j; ++ ++ if (!ssl_keylog_iob) ++ return; ++ ++ memcpy(buf, "CLIENT_RANDOM ", 14); ++ j = 14; ++ hexEncode(buf + j, ssl->arrays->clientRandom, RAN_LEN); ++ j += RAN_LEN*2; ++ buf[j++] = ' '; ++ hexEncode(buf + j, ssl->arrays->masterSecret, SECRET_LEN); ++ j += SECRET_LEN*2; ++ buf[j] = '\n'; ++ ++ if (fwrite(buf, sizeof(buf), 1, ssl_keylog_iob) != 1) ++ return; ++ fflush(ssl_keylog_iob); ++} ++ + + int SendFinished(CYASSL* ssl) + { +@@ -5529,6 +5570,8 @@ int SendFinished(CYASSL* ssl) + + ssl->buffers.outputBuffer.length += sendSz; + ++ RecordKeyLog(ssl); ++ + return SendBuffered(ssl); + } + +diff --git a/src/ssl.c b/src/ssl.c +index 827369f..1332839 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -1496,9 +1496,12 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) + #endif /* NO_SESSION_CACHE */ + + ++FILE* ssl_keylog_iob; ++ + int CyaSSL_Init(void) + { + int ret = SSL_SUCCESS; ++ char* keylogfile; + + CYASSL_ENTER("CyaSSL_Init"); + +@@ -1519,6 +1522,19 @@ int CyaSSL_Init(void) + UnLockMutex(&count_mutex); + } + ++ /* used in src/internal.c, format is described at ++ * https://developer.mozilla.org/en-US/docs/NSS_Key_Log_Format */ ++ keylogfile = getenv("SSLKEYLOGFILE"); ++ if (keylogfile && keylogfile[0]) { ++ ssl_keylog_iob = fopen(keylogfile, "a"); ++ if (ssl_keylog_iob) { ++ if (ftell(ssl_keylog_iob) == 0) { ++ fputs("# SSL/TLS secrets log file, generated by CyaSSL\n", ++ ssl_keylog_iob); ++ } ++ } ++ } ++ + return ret; + } + +-- +1.8.4.2 + -- cgit v1.2.1