Index: net/third_party/nss/ssl/ssl3con.c |
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c |
index f714a98cd142218c446cb1de4a87166a65724e2b..886d45b4a7056300528a3d09a4adb68ff13c04e5 100644 |
--- a/net/third_party/nss/ssl/ssl3con.c |
+++ b/net/third_party/nss/ssl/ssl3con.c |
@@ -4832,16 +4832,17 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) |
goto loser; |
} |
-#if defined(TRACE) |
- if (ssl_trace >= 100 || ssl_keylog_iob) { |
+ if (ssl_keylog_iob) { |
SECStatus extractRV = PK11_ExtractKeyValue(pms); |
if (extractRV == SECSuccess) { |
SECItem * keyData = PK11_GetKeyData(pms); |
if (keyData && keyData->data && keyData->len) { |
+#ifdef TRACE |
if (ssl_trace >= 100) { |
ssl_PrintBuf(ss, "Pre-Master Secret", |
keyData->data, keyData->len); |
} |
+#endif |
if (ssl_keylog_iob && enc_pms.len >= 8 && keyData->len == 48) { |
/* https://developer.mozilla.org/en/NSS_Key_Log_Format */ |
@@ -4872,7 +4873,6 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) |
} |
} |
} |
-#endif |
rv = ssl3_InitPendingCipherSpec(ss, pms); |
PK11_FreeSymKey(pms); pms = NULL; |
@@ -8984,6 +8984,74 @@ loser: |
return rv; |
} |
+/* called from ssl3_SendFinished |
+ * |
+ * Caller must already hold the SpecReadLock. (wish we could assert that!). |
+ * This function is simply a debugging aid and therefore does not return a |
+ * SECStatus. */ |
+static void |
+ssl3_RecordKeyLog(sslSocket *ss) |
+{ |
+ sslSessionID *sid; |
+ SECStatus rv; |
+ SECItem *keyData; |
+ char buf[14 /* "CLIENT_RANDOM " */ + |
+ 32*2 /* client_random */ + |
wtc
2012/06/05 23:45:22
Nit: 32 => SSL3_RANDOM_LENGTH
agl
2012/06/06 19:17:13
Done.
|
+ 1 /* " " */ + |
+ 48*2 /* master secret */ + |
+ 1 /* new line */]; |
+ static const char hextable[16] = "0123456789abcdef"; |
+ unsigned int i, j; |
+ |
+ PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
wtc
2012/06/05 23:45:22
The XmitBufLock should be unnecessary for this fun
agl
2012/06/06 19:17:13
Done.
|
+ PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
+ |
+ sid = ss->sec.ci.sid; |
+ |
+ if (!ssl_keylog_iob) |
+ return; |
+ |
+ rv = PK11_ExtractKeyValue(ss->ssl3.cwSpec->master_secret); |
wtc
2012/06/05 23:45:22
Should this function call ssl_GetSpecReadLock?
agl
2012/06/06 19:17:13
Done.
|
+ if (rv != SECSuccess) |
+ return; |
+ |
+ /* keyData does not need to be freed. */ |
+ keyData = PK11_GetKeyData(ss->ssl3.cwSpec->master_secret); |
+ if (!keyData || !keyData->data || keyData->len != 48) |
+ return; |
+ |
+ /* https://developer.mozilla.org/en/NSS_Key_Log_Format */ |
+ |
+ /* There could be multiple, concurrent writers to the |
+ * keylog, so we have to do everything in a single call to |
+ * fwrite. */ |
+ |
+ memcpy(buf, "CLIENT_RANDOM ", 14); |
wtc
2012/06/05 23:45:22
I guess the CLIENT_RANDOM is just for identificati
agl
2012/06/06 19:17:13
Yes, having the CLIENT_RANDOM simply allows Wiresh
|
+ j = 14; |
+ for (i = 0; i < SSL3_RANDOM_LENGTH; i++) { |
+ buf[j + 2*i] = hextable[ss->ssl3.hs.client_random.rand[i] >> 4]; |
+ buf[j + 2*i + 1] = hextable[ss->ssl3.hs.client_random.rand[i] & 15]; |
+ } |
+ j += SSL3_RANDOM_LENGTH*2; |
+ buf[j++] = ' '; |
+ |
+ for (i = 0; i < 48; i++) { |
+ buf[j + 2*i] = hextable[keyData->data[i] >> 4]; |
+ buf[j + 2*i + 1] = hextable[keyData->data[i] & 15]; |
+ } |
+ j += 48*2; |
+ buf[j++] = '\n'; |
+ |
+ PORT_Assert(j == sizeof(buf)); |
+ |
+ if (fwrite(buf, sizeof(buf), 1, ssl_keylog_iob) != 1 || |
+ fflush(ssl_keylog_iob) != 0) { |
+ return; |
+ } |
+ |
+ return; |
wtc
2012/06/05 23:45:22
Nit: write the last few lines like this:
if (
agl
2012/06/06 19:17:13
Done.
|
+} |
+ |
/* called from ssl3_HandleServerHelloDone |
* ssl3_HandleClientHello |
* ssl3_HandleFinished |
@@ -9045,6 +9113,9 @@ ssl3_SendFinished(sslSocket *ss, PRInt32 flags) |
if (rv != SECSuccess) { |
goto fail; /* error code set by ssl3_FlushHandshake */ |
} |
+ |
+ ssl3_RecordKeyLog(ss); |
+ |
return SECSuccess; |
fail: |