Home Explore Help
Register Sign In
OWEALs
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
2
0
Fork 0
Files Issues 8 Wiki
Browse Source

Merge pull request #7372 from julek-wolfssl/zd/17435

Add secret logging callback to TLS <= 1.2
Sean Parkinson 1 week ago
parent
5ee0e34d89 c62faa048c
commit
c8e51112c3
6 changed files with 91 additions and 40 deletions
Split View Show Diff Stats
  1. 3 0
      src/internal.c
  2. 69 0
      src/ssl.c
  3. 6 40
      src/tls.c
  4. 1 0
      src/tls13.c
  5. 7 0
      wolfssl/internal.h
  6. 5 0
      wolfssl/ssl.h

+ 3 - 0
src/internal.c
View File 

@@ -7583,6 +7583,9 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 
     defined(WOLFSSL_SSLKEYLOGFILE) && defined(WOLFSSL_TLS13)
 
     (void)wolfSSL_set_tls13_secret_cb(ssl, tls13ShowSecrets, NULL);
 
 #endif
 
+#if defined(HAVE_SECRET_CALLBACK) && defined(SHOW_SECRETS)
 
+    (void)wolfSSL_set_secret_cb(ssl, tlsShowSecrets, NULL);
 
+#endif
 
 #ifdef WOLFSSL_DUAL_ALG_CERTS
 
     ssl->sigSpec = ctx->sigSpec;
 
     ssl->sigSpecSz = ctx->sigSpecSz;

+ 69 - 0
src/ssl.c
View File 

@@ -8236,6 +8236,75 @@ int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx)
 
     return WOLFSSL_SUCCESS;
 
 }
 
 
+int wolfSSL_set_secret_cb(WOLFSSL* ssl, TlsSecretCb cb, void* ctx)
 
+{
 
+    WOLFSSL_ENTER("wolfSSL_set_secret_cb");
 
+    if (ssl == NULL)
 
+        return WOLFSSL_FATAL_ERROR;
 
+
 
+    ssl->tlsSecretCb = cb;
 
+    ssl->tlsSecretCtx = ctx;
 
+
 
+    return WOLFSSL_SUCCESS;
 
+}
 
+
 
+#ifdef SHOW_SECRETS
 
+int tlsShowSecrets(WOLFSSL* ssl, void* secret, int secretSz,
 
+        void* ctx)
 
+{
 
+    /* Wireshark Pre-Master-Secret Format:
 
+     *  CLIENT_RANDOM <clientrandom> <mastersecret>
 
+     */
 
+    const char* CLIENT_RANDOM_LABEL = "CLIENT_RANDOM";
 
+    int i, pmsPos = 0;
 
+    char pmsBuf[13 + 1 + 64 + 1 + 96 + 1 + 1];
 
+    byte clientRandom[RAN_LEN];
 
+    int clientRandomSz;
 
+
 
+    (void)ctx;
 
+
 
+    clientRandomSz = (int)wolfSSL_get_client_random(ssl, clientRandom,
 
+        sizeof(clientRandom));
 
+
 
+    if (clientRandomSz <= 0) {
 
+        printf("Error getting server random %d\n", clientRandomSz);
 
+        return BAD_FUNC_ARG;
 
+    }
 
+
 
+    XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%s ",
 
+        CLIENT_RANDOM_LABEL);
 
+    pmsPos += XSTRLEN(CLIENT_RANDOM_LABEL) + 1;
 
+    for (i = 0; i < clientRandomSz; i++) {
 
+        XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
 
+            clientRandom[i]);
 
+        pmsPos += 2;
 
+    }
 
+    XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, " ");
 
+    pmsPos += 1;
 
+    for (i = 0; i < secretSz; i++) {
 
+        XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
 
+            ((byte*)secret)[i]);
 
+        pmsPos += 2;
 
+    }
 
+    XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "\n");
 
+    pmsPos += 1;
 
+
 
+    /* print master secret */
 
+    puts(pmsBuf);
 
+
 
+    #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
 
+    {
 
+        FILE* f = XFOPEN(WOLFSSL_SSLKEYLOGFILE_OUTPUT, "a");
 
+        if (f != XBADFILE) {
 
+            XFWRITE(pmsBuf, 1, pmsPos, f);
 
+            XFCLOSE(f);
 
+        }
 
+    }
 
+    #endif
 
+    return 0;
 
+}
 
+#endif /* SHOW_SECRETS */
 
+
 
 #endif

+ 6 - 40
src/tls.c
View File 

@@ -586,47 +586,13 @@ int MakeTlsMasterSecret(WOLFSSL* ssl)
 
                       ssl->specs.mac_algorithm, ssl->heap, ssl->devId);
 
         }
 
     }
 
+#ifdef HAVE_SECRET_CALLBACK
 
+    if (ret == 0 && ssl->tlsSecretCb != NULL) {
 
+        ret = ssl->tlsSecretCb(ssl, ssl->arrays->masterSecret,
 
+                SECRET_LEN, ssl->tlsSecretCtx);
 
+    }
 
+#endif /* HAVE_SECRET_CALLBACK */
 
     if (ret == 0) {
 
-    #ifdef SHOW_SECRETS
 
-        /* Wireshark Pre-Master-Secret Format:
 
-         *  CLIENT_RANDOM <clientrandom> <mastersecret>
 
-         */
 
-        const char* CLIENT_RANDOM_LABEL = "CLIENT_RANDOM";
 
-        int i, pmsPos = 0;
 
-        char pmsBuf[13 + 1 + 64 + 1 + 96 + 1 + 1];
 
-
 
-        XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%s ",
 
-            CLIENT_RANDOM_LABEL);
 
-        pmsPos += XSTRLEN(CLIENT_RANDOM_LABEL) + 1;
 
-        for (i = 0; i < RAN_LEN; i++) {
 
-            XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
 
-                ssl->arrays->clientRandom[i]);
 
-            pmsPos += 2;
 
-        }
 
-        XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, " ");
 
-        pmsPos += 1;
 
-        for (i = 0; i < SECRET_LEN; i++) {
 
-            XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
 
-                ssl->arrays->masterSecret[i]);
 
-            pmsPos += 2;
 
-        }
 
-        XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "\n");
 
-        pmsPos += 1;
 
-
 
-        /* print master secret */
 
-        puts(pmsBuf);
 
-
 
-        #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
 
-        {
 
-            FILE* f = XFOPEN(WOLFSSL_SSLKEYLOGFILE_OUTPUT, "a");
 
-            if (f != XBADFILE) {
 
-                XFWRITE(pmsBuf, 1, pmsPos, f);
 
-                XFCLOSE(f);
 
-            }
 
-        }
 
-        #endif
 
-    #endif /* SHOW_SECRETS */
 
-
 
         ret = DeriveTlsKeys(ssl);
 
     }

+ 1 - 0
src/tls13.c
View File 

@@ -14776,6 +14776,7 @@ int tls13ShowSecrets(WOLFSSL* ssl, int id, const unsigned char* secret,
 
 
     if (clientRandomSz <= 0) {
 
         printf("Error getting server random %d\n", clientRandomSz);
 
+        return BAD_FUNC_ARG;
 
     }
 
 
 #if 0

+ 7 - 0
wolfssl/internal.h
View File 

@@ -5869,6 +5869,8 @@ struct WOLFSSL {
 
 #ifdef HAVE_SECRET_CALLBACK
 
         SessionSecretCb sessionSecretCb;
 
         void*           sessionSecretCtx;
 
+        TlsSecretCb     tlsSecretCb;
 
+        void*           tlsSecretCtx;
 
     #ifdef WOLFSSL_TLS13
 
         Tls13SecretCb   tls13SecretCb;
 
         void*           tls13SecretCtx;
 
@@ -6749,6 +6751,11 @@ WOLFSSL_LOCAL int tls13ShowSecrets(WOLFSSL* ssl, int id, const unsigned char* se
 
     int secretSz, void* ctx);
 
 #endif
 
 
+#if defined(SHOW_SECRETS)
 
+WOLFSSL_LOCAL int tlsShowSecrets(WOLFSSL* ssl, void* secret,
 
+        int secretSz, void* ctx);
 
+#endif
 
+
 
 /* Optional Pre-Master-Secret logging for Wireshark */
 
 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
 
 #ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT

+ 5 - 0
wolfssl/ssl.h
View File 

@@ -1365,8 +1365,13 @@ WOLFSSL_ABI WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx
 
 #ifdef HAVE_SECRET_CALLBACK
 
 typedef int (*SessionSecretCb)(WOLFSSL* ssl, void* secret, int* secretSz,
 
                                void* ctx);
 
+/* This callback is used to set the master secret during resumption */
 
 WOLFSSL_API int  wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb,
 
                                                void*);
 
+typedef int (*TlsSecretCb)(WOLFSSL* ssl, void* secret, int secretSz,
 
+                               void* ctx);
 
+/* This callback is used to log the secret for TLS <= 1.2 */
 
+WOLFSSL_API int wolfSSL_set_secret_cb(WOLFSSL* ssl, TlsSecretCb cb, void* ctx);
 
 #ifdef WOLFSSL_TLS13
 
 typedef int (*Tls13SecretCb)(WOLFSSL* ssl, int id, const unsigned char* secret,
 
                              int secretSz, void* ctx);