Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Add SSLKEYLOGFILE support to S2N
diff --git a/tls/s2n_handshake_io.c b/tls/s2n_handshake_io.c
index 40a8fb0..0c7c2b4 100644
--- a/third-party-src/tls/s2n_handshake_io.c
+++ b/third-party-src/tls/s2n_handshake_io.c
@@ -16,6 +16,7 @@
#include <sys/param.h>
#include <errno.h>
+#include <stdio.h>
#include <s2n.h>
#include "error/s2n_errno.h"
@@ -635,6 +636,42 @@ static int handshake_read_io(struct s2n_connection *conn)
return 0;
}
+static void s2n_write_keylog(struct s2n_connection *conn)
+{
+ char *keylog_fn;
+ FILE *keylog_fp;
+
+ keylog_fn = getenv("SSLKEYLOGFILE");
+ if (!keylog_fn) {
+ return;
+ }
+
+ keylog_fp = fopen(keylog_fn, "a");
+ if (!keylog_fp) {
+ return;
+ }
+
+ fprintf(keylog_fp, "CLIENT_RANDOM ");
+ for(size_t i=0; i<sizeof(conn->secure.client_random); i++) {
+ uint8_t unibble = conn->secure.client_random[i] >> 4;
+ uint8_t lnibble = conn->secure.client_random[i] & 15;
+ unibble += (unibble < 10) ? '0' : ('a' - 10);
+ lnibble += (lnibble < 10) ? '0' : ('a' - 10);
+ fprintf(keylog_fp, "%c%c", unibble, lnibble);
+ }
+ fprintf(keylog_fp, " ");
+ for(size_t i=0; i<sizeof(conn->secure.master_secret); i++) {
+ uint8_t unibble = conn->secure.master_secret[i] >> 4;
+ uint8_t lnibble = conn->secure.master_secret[i] & 15;
+ unibble += (unibble < 10) ? '0' : ('a' - 10);
+ lnibble += (lnibble < 10) ? '0' : ('a' - 10);
+ fprintf(keylog_fp, "%c%c", unibble, lnibble);
+ }
+ fprintf(keylog_fp, "\n");
+
+ fclose(keylog_fp);
+}
+
int s2n_negotiate(struct s2n_connection *conn, s2n_blocked_status * blocked)
{
char this = 'S';
@@ -677,6 +714,8 @@ int s2n_negotiate(struct s2n_connection *conn, s2n_blocked_status * blocked)
}
}
+ s2n_write_keylog(conn);
+
*blocked = S2N_NOT_BLOCKED;
return 0;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment