Export key logging in normal builds.

net/third_party/nss/ssl/ssl3con.c

 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /*
  * SSL3 Protocol
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
@@ skipping 4775 matching lines @@
     if (unwrappedWrappingKey) {
         *pSymWrapKey = PK11_ReferenceSymKey(unwrappedWrappingKey);
     }
 
 loser:
 done:
     PZ_Unlock(symWrapKeysLock);
     return unwrappedWrappingKey;
 }
 
+/* hexEncode hex encodes |length| bytes from |in| and writes it as |length*2|
+ * bytes to |out|. */
+static hexEncode(char *out, const unsigned char *in, size_t length) {
+  static const char hextable[] = "0123456789abcdef";
+  size_t i;
+
+  for (i = 0; i < length; i++) {
+    *(out++) = hextable[in[i] >> 4];
+    *(out++) = hextable[in[i] & 15];
+  }
+}
+

[wtc, 2012/06/06 21:29:18]

Nit: delete one blank line here.

Nit: use indentation level of 4 spaces inside the function.

I think *out++ is quite common in low-level C code, but the
parentheses help clarify the operator precedence.

[agl, 2012/06/07 15:31:42]

Done.

 
 /* Called from ssl3_SendClientKeyExchange(). */
 /* Presently, this always uses PKCS11.  There is no bypass for this. */
 static SECStatus
 sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
 {
     PK11SymKey *        pms             = NULL;
     SECStatus           rv              = SECFailure;
     SECItem             enc_pms         = {siBuffer, NULL, 0};
     PRBool              isTLS;
@@ skipping 19 matching lines @@
         goto loser;     /* err set by PORT_Alloc */
     }
 
     /* wrap pre-master secret in server's public key. */
     rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, svrPubKey, pms, &enc_pms);
     if (rv != SECSuccess) {
         ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
         goto loser;
     }
 
-#if defined(TRACE)
-    if (ssl_trace >= 100 || ssl_keylog_iob) {
+    if (ssl_keylog_iob) {
         SECStatus extractRV = PK11_ExtractKeyValue(pms);
         if (extractRV == SECSuccess) {
             SECItem * keyData = PK11_GetKeyData(pms);
             if (keyData && keyData->data && keyData->len) {
+#ifdef TRACE
                 if (ssl_trace >= 100) {
                     ssl_PrintBuf(ss, "Pre-Master Secret",
                                  keyData->data, keyData->len);
                 }
+#endif
                 if (ssl_keylog_iob && enc_pms.len >= 8 && keyData->len == 48) {
                     /* https://developer.mozilla.org/en/NSS_Key_Log_Format */
 
                     /* There could be multiple, concurrent writers to the
                      * keylog, so we have to do everything in a single call to
                      * fwrite. */
                     char buf[4 + 8*2 + 1 + 48*2 + 1];
-                    static const char hextable[16] = "0123456789abcdef";
-                    unsigned int i;
 
                     strcpy(buf, "RSA ");
-
-                    for (i = 0; i < 8; i++) {
-                        buf[4 + i*2] = hextable[enc_pms.data[i] >> 4];
-                        buf[4 + i*2 + 1] = hextable[enc_pms.data[i] & 15];
-                    }
+                    hexEncode(buf + 4, enc_pms.data, 8);
                     buf[20] = ' ';
-
-                    for (i = 0; i < 48; i++) {
-                        buf[21 + i*2] = hextable[keyData->data[i] >> 4];
-                        buf[21 + i*2 + 1] = hextable[keyData->data[i] & 15];
-                    }
+                    hexEncode(buf + 21, keyData->data, 48);
                     buf[sizeof(buf) - 1] = '\n';
 
                     fwrite(buf, sizeof(buf), 1, ssl_keylog_iob);
                     fflush(ssl_keylog_iob);
                 }
             }
         }
     }
-#endif
 
     rv = ssl3_InitPendingCipherSpec(ss,  pms);
     PK11_FreeSymKey(pms); pms = NULL;
 
     if (rv != SECSuccess) {
         ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
         goto loser;
     }
 
     rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, 
@@ skipping 4153 matching lines @@
     if (ss->ssl3.channelIDPub)
         SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
 
     ss->handshake = ssl_GatherRecord1stHandshake;
     ss->ssl3.channelID = channelID;
     ss->ssl3.channelIDPub = channelIDPub;
 
     return SECSuccess;
 }
 
+/* called from ssl3_SendFinished
+ *
+ * Caller must already hold the SpecReadLock. (wish we could assert that!).
+ * This function is simply a debugging aid and therefore does not return a
+ * SECStatus. */
+static void
+ssl3_RecordKeyLog(sslSocket *ss)
+{
+    sslSessionID *sid;
+    SECStatus rv;
+    SECItem *keyData;
+    char buf[14 /* "CLIENT_RANDOM " */ +
+             SSL3_RANDOM_LENGTH*2 /* client_random */ +
+             1 /* " " */ +
+             48*2 /* master secret */ +
+             1 /* new line */];
+    unsigned int j;
+
+    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    sid = ss->sec.ci.sid;
+
+    if (!ssl_keylog_iob)
+        return;
+
+    rv = PK11_ExtractKeyValue(ss->ssl3.cwSpec->master_secret);
+    if (rv != SECSuccess)
+        return;
+
+    ssl_GetSpecReadLock(ss);
+
+    /* keyData does not need to be freed. */
+    keyData = PK11_GetKeyData(ss->ssl3.cwSpec->master_secret);
+    if (!keyData || !keyData->data || keyData->len != 48) {
+        ssl_ReleaseSpecReadLock(ss);
+        return;
+    }
+
+    /* https://developer.mozilla.org/en/NSS_Key_Log_Format */
+
+    /* There could be multiple, concurrent writers to the
+     * keylog, so we have to do everything in a single call to
+     * fwrite. */
+
+    memcpy(buf, "CLIENT_RANDOM ", 14);
+    j = 14;
+    hexEncode(buf + j, ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
+    j += SSL3_RANDOM_LENGTH*2;
+    buf[j++] = ' ';
+    hexEncode(buf + j, keyData->data, 48);
+    j += 48*2;
+    buf[j++] = '\n';
+
+    PORT_Assert(j == sizeof(buf));
+
+    ssl_ReleaseSpecReadLock(ss);
+
+    if (fwrite(buf, sizeof(buf), 1, ssl_keylog_iob) != 1)
+        return;
+    fflush(ssl_keylog_iob);
+    return;
+}
+
 /* called from ssl3_HandleServerHelloDone
  *             ssl3_HandleClientHello
  *             ssl3_HandleFinished
  */
 static SECStatus
 ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
 {
     ssl3CipherSpec *cwSpec;
     PRBool          isTLS;
     PRBool          isServer = ss->sec.isServer;
@@ skipping 41 matching lines @@
         if (rv != SECSuccess) 
             goto fail;          /* err set by AppendHandshake. */
         rv = ssl3_AppendHandshake(ss, &hashes, sizeof hashes);
         if (rv != SECSuccess) 
             goto fail;          /* err set by AppendHandshake. */
     }
     rv = ssl3_FlushHandshake(ss, flags);
     if (rv != SECSuccess) {
         goto fail;      /* error code set by ssl3_FlushHandshake */
     }
+
+    ssl3_RecordKeyLog(ss);
+
     return SECSuccess;
 
 fail:
     return rv;
 }
 
 /* wrap the master secret, and put it into the SID.
  * Caller holds the Spec read lock.
  */
 SECStatus
@@ skipping 1506 matching lines @@
             PORT_Free(ss->ssl3.hs.recvdFragments.buf);
         }
     }
 
     ss->ssl3.initialized = PR_FALSE;
 
     SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
 }
 
 /* End of ssl3con.c */