зеркало из https://github.com/mozilla/gecko-dev.git
re-enable SSLTRACE for keys and (pre)master secrets. Bug 349966. r=rrelyea
This commit is contained in:
Родитель
af075ee352
Коммит
e356cbee97
|
@ -36,7 +36,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: derive.c,v 1.3 2005/11/08 22:00:46 wtchang%redhat.com Exp $ */
|
||||
/* $Id: derive.c,v 1.4 2006/08/24 22:10:03 nelson%bolyard.com Exp $ */
|
||||
|
||||
#include "ssl.h" /* prereq to sslimpl.h */
|
||||
#include "certt.h" /* prereq to sslimpl.h */
|
||||
|
@ -52,6 +52,7 @@ buildSSLKey(unsigned char * keyBlock, unsigned int keyLen, SECItem * result)
|
|||
result->type = siBuffer;
|
||||
result->data = keyBlock;
|
||||
result->len = keyLen;
|
||||
PRINT_BUF(100, (NULL, "key value", keyBlock, keyLen));
|
||||
}
|
||||
#else
|
||||
#define buildSSLKey(keyBlock, keyLen, result) \
|
||||
|
@ -59,6 +60,7 @@ buildSSLKey(unsigned char * keyBlock, unsigned int keyLen, SECItem * result)
|
|||
(result)->type = siBuffer; \
|
||||
(result)->data = keyBlock; \
|
||||
(result)->len = keyLen; \
|
||||
PRINT_BUF(100, (NULL, "key value", keyBlock, keyLen)); \
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -122,6 +124,9 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
return rv;
|
||||
}
|
||||
|
||||
PRINT_BUF(100, (NULL, "Master Secret", pwSpec->msItem.data,
|
||||
pwSpec->msItem.len));
|
||||
|
||||
/* figure out how much is needed */
|
||||
macSize = pwSpec->mac_size;
|
||||
keySize = cipher_def->key_size;
|
||||
|
@ -153,6 +158,7 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
crsr.len = sizeof crsrdata;
|
||||
PORT_Memcpy(crsrdata, cr, SSL3_RANDOM_LENGTH);
|
||||
PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH, sr, SSL3_RANDOM_LENGTH);
|
||||
PRINT_BUF(100, (NULL, "Key & MAC CRSR", crsr.data, crsr.len));
|
||||
|
||||
/*
|
||||
* generate the key material:
|
||||
|
@ -203,6 +209,7 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
}
|
||||
PORT_Assert(block_bytes >= block_needed);
|
||||
PORT_Assert(block_bytes <= sizeof pwSpec->key_block);
|
||||
PRINT_BUF(100, (NULL, "key block", key_block, block_bytes));
|
||||
|
||||
/*
|
||||
* Put the key material where it goes.
|
||||
|
@ -395,7 +402,9 @@ key_and_mac_derive_fail:
|
|||
|
||||
|
||||
/* derive the Master Secret from the PMS */
|
||||
/* Presently, this is only done wtih RSA PMS, os isRSA is always true. */
|
||||
/* Presently, this is only done wtih RSA PMS, and only on the server side,
|
||||
* so isRSA is always true.
|
||||
*/
|
||||
SECStatus
|
||||
ssl3_MasterKeyDeriveBypass(
|
||||
ssl3CipherSpec * pwSpec,
|
||||
|
@ -434,6 +443,7 @@ ssl3_MasterKeyDeriveBypass(
|
|||
crsr.len = sizeof crsrdata;
|
||||
PORT_Memcpy(crsrdata, cr, SSL3_RANDOM_LENGTH);
|
||||
PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH, sr, SSL3_RANDOM_LENGTH);
|
||||
PRINT_BUF(100, (NULL, "Master Secret CRSR", crsr.data, crsr.len));
|
||||
|
||||
/* finally do the key gen */
|
||||
if (isTLS) {
|
||||
|
@ -474,6 +484,8 @@ ssl3_MasterKeyDeriveBypass(
|
|||
SSL3_MASTER_SECRET_LENGTH);
|
||||
pwSpec->msItem.data = pwSpec->raw_master_secret;
|
||||
pwSpec->msItem.len = SSL3_MASTER_SECRET_LENGTH;
|
||||
PRINT_BUF(100, (NULL, "Master Secret", pwSpec->msItem.data,
|
||||
pwSpec->msItem.len));
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: ssl3con.c,v 1.95 2006/07/20 00:17:23 nelson%bolyard.com Exp $ */
|
||||
/* $Id: ssl3con.c,v 1.96 2006/08/24 22:10:03 nelson%bolyard.com Exp $ */
|
||||
|
||||
#include "nssrenam.h"
|
||||
#include "cert.h"
|
||||
|
@ -4102,6 +4102,19 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
|
|||
goto loser;
|
||||
}
|
||||
|
||||
#if defined(TRACE)
|
||||
if (ssl_trace >= 100) {
|
||||
SECStatus extractRV = PK11_ExtractKeyValue(pms);
|
||||
if (extractRV == SECSuccess) {
|
||||
SECItem * keyData = PK11_GetKeyData(pms);
|
||||
if (keyData && keyData->data && keyData->len) {
|
||||
ssl_PrintBuf(ss, "Pre-Master Secret",
|
||||
keyData->data, keyData->len);
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Get the wrapped (encrypted) pre-master secret, enc_pms */
|
||||
enc_pms.len = SECKEY_PublicKeyStrength(svrPubKey);
|
||||
enc_pms.data = (unsigned char*)PORT_Alloc(enc_pms.len);
|
||||
|
|
Загрузка…
Ссылка в новой задаче