Created
July 26, 2018 12:29
-
-
Save phillipberndt/d608bddcd7537f8d84a50128494d0424 to your computer and use it in GitHub Desktop.
Add SSLKEYLOGFILE support to S2N
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/tls/s2n_handshake_io.c b/tls/s2n_handshake_io.c | |
| index 40a8fb0..0c7c2b4 100644 | |
| --- a/third-party-src/tls/s2n_handshake_io.c | |
| +++ b/third-party-src/tls/s2n_handshake_io.c | |
| @@ -16,6 +16,7 @@ | |
| #include <sys/param.h> | |
| #include <errno.h> | |
| +#include <stdio.h> | |
| #include <s2n.h> | |
| #include "error/s2n_errno.h" | |
| @@ -635,6 +636,42 @@ static int handshake_read_io(struct s2n_connection *conn) | |
| return 0; | |
| } | |
| +static void s2n_write_keylog(struct s2n_connection *conn) | |
| +{ | |
| + char *keylog_fn; | |
| + FILE *keylog_fp; | |
| + | |
| + keylog_fn = getenv("SSLKEYLOGFILE"); | |
| + if (!keylog_fn) { | |
| + return; | |
| + } | |
| + | |
| + keylog_fp = fopen(keylog_fn, "a"); | |
| + if (!keylog_fp) { | |
| + return; | |
| + } | |
| + | |
| + fprintf(keylog_fp, "CLIENT_RANDOM "); | |
| + for(size_t i=0; i<sizeof(conn->secure.client_random); i++) { | |
| + uint8_t unibble = conn->secure.client_random[i] >> 4; | |
| + uint8_t lnibble = conn->secure.client_random[i] & 15; | |
| + unibble += (unibble < 10) ? '0' : ('a' - 10); | |
| + lnibble += (lnibble < 10) ? '0' : ('a' - 10); | |
| + fprintf(keylog_fp, "%c%c", unibble, lnibble); | |
| + } | |
| + fprintf(keylog_fp, " "); | |
| + for(size_t i=0; i<sizeof(conn->secure.master_secret); i++) { | |
| + uint8_t unibble = conn->secure.master_secret[i] >> 4; | |
| + uint8_t lnibble = conn->secure.master_secret[i] & 15; | |
| + unibble += (unibble < 10) ? '0' : ('a' - 10); | |
| + lnibble += (lnibble < 10) ? '0' : ('a' - 10); | |
| + fprintf(keylog_fp, "%c%c", unibble, lnibble); | |
| + } | |
| + fprintf(keylog_fp, "\n"); | |
| + | |
| + fclose(keylog_fp); | |
| +} | |
| + | |
| int s2n_negotiate(struct s2n_connection *conn, s2n_blocked_status * blocked) | |
| { | |
| char this = 'S'; | |
| @@ -677,6 +714,8 @@ int s2n_negotiate(struct s2n_connection *conn, s2n_blocked_status * blocked) | |
| } | |
| } | |
| + s2n_write_keylog(conn); | |
| + | |
| *blocked = S2N_NOT_BLOCKED; | |
| return 0; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment