1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
From be4d8fa77ddb1aff903b770980b79e02671d79b9 Mon Sep 17 00:00:00 2001
From: Peter Wu <lekensteyn@gmail.com>
Date: Tue, 3 Dec 2013 18:14:43 +0100
Subject: [PATCH] Implement SSLKEYLOGFILE support for ClientRandom
Based on NSS code, the format of the SSLKEYLOGFILE file is documented at
https://developer.mozilla.org/en-US/docs/NSS_Key_Log_Format
This debugging facility allows the master-key established in a SSL
handshake to be saved to a file specified by the SSLKEYLOGFILE.
---
src/internal.c | 43 +++++++++++++++++++++++++++++++++++++++++++
src/ssl.c | 16 ++++++++++++++++
2 files changed, 59 insertions(+)
diff --git a/src/internal.c b/src/internal.c
index 85e64f9..acb2a52 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -5423,6 +5423,47 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
return sz;
}
+static void hexEncode(byte* dst_str, const byte* src_bytes, size_t src_len)
+{
+ const byte hex[] = "0123456789abcdef";
+ size_t n;
+
+ for (n = 0; n < src_len; ++n) {
+ byte val = *src_bytes++;
+ *dst_str++ = hex[val >> 4];
+ *dst_str++ = hex[val & 0xf];
+ }
+}
+
+/* defined in src/ssl.c */
+extern FILE* ssl_keylog_iob;
+
+static void RecordKeyLog(CYASSL* ssl)
+{
+ byte buf[14 /* "CLIENT_RANDOM " */ +
+ RAN_LEN*2 /* client_random */ +
+ 1 /* " " */ +
+ SECRET_LEN*2 /* master secret */ +
+ 1 /* new line */];
+ unsigned int j;
+
+ if (!ssl_keylog_iob)
+ return;
+
+ memcpy(buf, "CLIENT_RANDOM ", 14);
+ j = 14;
+ hexEncode(buf + j, ssl->arrays->clientRandom, RAN_LEN);
+ j += RAN_LEN*2;
+ buf[j++] = ' ';
+ hexEncode(buf + j, ssl->arrays->masterSecret, SECRET_LEN);
+ j += SECRET_LEN*2;
+ buf[j] = '\n';
+
+ if (fwrite(buf, sizeof(buf), 1, ssl_keylog_iob) != 1)
+ return;
+ fflush(ssl_keylog_iob);
+}
+
int SendFinished(CYASSL* ssl)
{
@@ -5529,6 +5570,8 @@ int SendFinished(CYASSL* ssl)
ssl->buffers.outputBuffer.length += sendSz;
+ RecordKeyLog(ssl);
+
return SendBuffered(ssl);
}
diff --git a/src/ssl.c b/src/ssl.c
index 827369f..1332839 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1496,9 +1496,12 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
#endif /* NO_SESSION_CACHE */
+FILE* ssl_keylog_iob;
+
int CyaSSL_Init(void)
{
int ret = SSL_SUCCESS;
+ char* keylogfile;
CYASSL_ENTER("CyaSSL_Init");
@@ -1519,6 +1522,19 @@ int CyaSSL_Init(void)
UnLockMutex(&count_mutex);
}
+ /* used in src/internal.c, format is described at
+ * https://developer.mozilla.org/en-US/docs/NSS_Key_Log_Format */
+ keylogfile = getenv("SSLKEYLOGFILE");
+ if (keylogfile && keylogfile[0]) {
+ ssl_keylog_iob = fopen(keylogfile, "a");
+ if (ssl_keylog_iob) {
+ if (ftell(ssl_keylog_iob) == 0) {
+ fputs("# SSL/TLS secrets log file, generated by CyaSSL\n",
+ ssl_keylog_iob);
+ }
+ }
+ }
+
return ret;
}
--
1.8.4.2
|