Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(257)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/keylog.patch

Issue 10509009: Export key logging in normal builds. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/ssl/ssl3con.c » ('j') | net/third_party/nss/ssl/sslsock.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con .c
2 index 6780a84..4cf011b 100644
3 --- a/net/third_party/nss/ssl/ssl3con.c
4 +++ b/net/third_party/nss/ssl/ssl3con.c
5 @@ -4793,6 +4793,17 @@ done:
6 return unwrappedWrappingKey;
7 }
8
9 +/* hexEncode hex encodes |length| bytes from |in| and writes it as |length*2|
10 + * bytes to |out|. */
11 +static void hexEncode(char *out, const unsigned char *in, size_t length) {
12 + static const char hextable[] = "0123456789abcdef";
13 + size_t i;
14 +
15 + for (i = 0; i < length; i++) {
16 + *(out++) = hextable[in[i] >> 4];
17 + *(out++) = hextable[in[i] & 15];
18 + }
19 +}
20
21 /* Called from ssl3_SendClientKeyExchange(). */
22 /* Presently, this always uses PKCS11. There is no bypass for this. */
23 @@ -4832,16 +4843,17 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
24 goto loser;
25 }
26
27 -#if defined(TRACE)
28 - if (ssl_trace >= 100 || ssl_keylog_iob) {
29 + if (ssl_keylog_iob) {
30 SECStatus extractRV = PK11_ExtractKeyValue(pms);
31 if (extractRV == SECSuccess) {
32 SECItem * keyData = PK11_GetKeyData(pms);
33 if (keyData && keyData->data && keyData->len) {
34 +#ifdef TRACE
35 if (ssl_trace >= 100) {
36 ssl_PrintBuf(ss, "Pre-Master Secret",
37 keyData->data, keyData->len);
38 }
39 +#endif
40 if (ssl_keylog_iob && enc_pms.len >= 8 && keyData->len == 48) {
41 /* https://developer.mozilla.org/en/NSS_Key_Log_Format */
42
43 @@ -4849,21 +4861,11 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
44 * keylog, so we have to do everything in a single call to
45 * fwrite. */
46 char buf[4 + 8*2 + 1 + 48*2 + 1];
47 - static const char hextable[16] = "0123456789abcdef";
48 - unsigned int i;
49
50 strcpy(buf, "RSA ");
51 -
52 - for (i = 0; i < 8; i++) {
53 - buf[4 + i*2] = hextable[enc_pms.data[i] >> 4];
54 - buf[4 + i*2 + 1] = hextable[enc_pms.data[i] & 15];
55 - }
56 + hexEncode(buf + 4, enc_pms.data, 8);
57 buf[20] = ' ';
58 -
59 - for (i = 0; i < 48; i++) {
60 - buf[21 + i*2] = hextable[keyData->data[i] >> 4];
61 - buf[21 + i*2 + 1] = hextable[keyData->data[i] & 15];
62 - }
63 + hexEncode(buf + 21, keyData->data, 48);
64 buf[sizeof(buf) - 1] = '\n';
65
66 fwrite(buf, sizeof(buf), 1, ssl_keylog_iob);
67 @@ -4872,7 +4874,6 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
68 }
69 }
70 }
71 -#endif
72
73 rv = ssl3_InitPendingCipherSpec(ss, pms);
74 PK11_FreeSymKey(pms); pms = NULL;
75 @@ -9046,6 +9047,69 @@ ssl3_RestartHandshakeAfterChannelIDReq(sslSocket *ss,
76 return SECSuccess;
77 }
78
79 +/* called from ssl3_SendFinished
80 + *
81 + * Caller must already hold the SpecReadLock. (wish we could assert that!).
82 + * This function is simply a debugging aid and therefore does not return a
83 + * SECStatus. */
84 +static void
85 +ssl3_RecordKeyLog(sslSocket *ss)
86 +{
87 + sslSessionID *sid;
88 + SECStatus rv;
89 + SECItem *keyData;
90 + char buf[14 /* "CLIENT_RANDOM " */ +
91 + SSL3_RANDOM_LENGTH*2 /* client_random */ +
92 + 1 /* " " */ +
93 + 48*2 /* master secret */ +
94 + 1 /* new line */];
95 + unsigned int j;
96 +
97 + PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
98 +
99 + sid = ss->sec.ci.sid;
100 +
101 + if (!ssl_keylog_iob)
102 + return;
103 +
104 + rv = PK11_ExtractKeyValue(ss->ssl3.cwSpec->master_secret);
105 + if (rv != SECSuccess)
106 + return;
107 +
108 + ssl_GetSpecReadLock(ss);
109 +
110 + /* keyData does not need to be freed. */
111 + keyData = PK11_GetKeyData(ss->ssl3.cwSpec->master_secret);
112 + if (!keyData || !keyData->data || keyData->len != 48) {
113 + ssl_ReleaseSpecReadLock(ss);
114 + return;
115 + }
116 +
117 + /* https://developer.mozilla.org/en/NSS_Key_Log_Format */
118 +
119 + /* There could be multiple, concurrent writers to the
120 + * keylog, so we have to do everything in a single call to
121 + * fwrite. */
122 +
123 + memcpy(buf, "CLIENT_RANDOM ", 14);
124 + j = 14;
125 + hexEncode(buf + j, ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
126 + j += SSL3_RANDOM_LENGTH*2;
127 + buf[j++] = ' ';
128 + hexEncode(buf + j, keyData->data, 48);
129 + j += 48*2;
130 + buf[j++] = '\n';
131 +
132 + PORT_Assert(j == sizeof(buf));
133 +
134 + ssl_ReleaseSpecReadLock(ss);
135 +
136 + if (fwrite(buf, sizeof(buf), 1, ssl_keylog_iob) != 1)
137 + return;
138 + fflush(ssl_keylog_iob);
139 + return;
140 +}
141 +
142 /* called from ssl3_HandleServerHelloDone
143 * ssl3_HandleClientHello
144 * ssl3_HandleFinished
145 @@ -9107,6 +9171,9 @@ ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
146 if (rv != SECSuccess) {
147 goto fail; /* error code set by ssl3_FlushHandshake */
148 }
149 +
150 + ssl3_RecordKeyLog(ss);
151 +
152 return SECSuccess;
153
154 fail:
155 diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock .c
156 index c61ab44..3bd11d2 100644
157 --- a/net/third_party/nss/ssl/sslsock.c
158 +++ b/net/third_party/nss/ssl/sslsock.c
159 @@ -2903,6 +2903,13 @@ ssl_SetDefaultsFromEnvironment(void)
160 ssl_trace = atoi(ev);
161 SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
162 }
163 +#endif /* TRACE */
164 + ev = getenv("SSLDEBUG");
165 + if (ev && ev[0]) {
166 + ssl_debug = atoi(ev);
167 + SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
168 + }
169 +#endif /* DEBUG */
170 ev = getenv("SSLKEYLOGFILE");
171 if (ev && ev[0]) {
172 ssl_keylog_iob = fopen(ev, "a");
173 @@ -2912,13 +2919,6 @@ ssl_SetDefaultsFromEnvironment(void)
174 }
175 SSL_TRACE(("SSL: logging pre-master secrets to %s", ev));
176 }
177 -#endif /* TRACE */
178 - ev = getenv("SSLDEBUG");
179 - if (ev && ev[0]) {
180 - ssl_debug = atoi(ev);
181 - SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
182 - }
183 -#endif /* DEBUG */
184 ev = getenv("SSLBYPASS");
185 if (ev && ev[0]) {
186 ssl_defaults.bypassPKCS11 = (ev[0] == '1');
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/ssl/ssl3con.c » ('j') | net/third_party/nss/ssl/sslsock.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698