wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 00:42:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9171 from effbiae/ss-callback

Browse Source 
refactor SessionSecret_callback*
This commit is contained in:
Sean Parkinson
2025-09-12 08:02:51 +10:00
committed by GitHub
parent f5a735a184 2332347ca1
commit a17b10ef10
1 changed files with 82 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

198
src/internal.c
View File

@@ -315,6 +315,82 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
const unsigned char* secret, int secretSz, void* ctx);
#endif
/*
* This function builds up string for key-logging then call user's
* key-log-callback to pass the string.
* The user's key-logging callback has been set via
* wolfSSL_CTX_set_keylog_callback function. The logging string format is:
* "<Label> <hex-encoded client random> <hex-encoded secret>"
*
* parameter
* - ssl: WOLFSSL object
* - secret: pointer to the buffer holding secret
* - secretSz: size of secret
* - label: for logging string
* - labelSz: label size
* returns 0 on success, negative value on failure.
*/
static int SessionSecret_callback_common(const WOLFSSL* ssl,
const unsigned char* secret, int secretSz,
const char* label, int labelSz)
{
wolfSSL_CTX_keylog_cb_func logCb = NULL;
int buffSz;
byte* log = NULL;
word32 outSz;
int idx;
int ret;
if (ssl == NULL || secret == NULL || secretSz == 0 ||
label == NULL || labelSz == 0)
return BAD_FUNC_ARG;
if (ssl->arrays == NULL || ssl->ctx == NULL)
return BAD_FUNC_ARG;
/* get the user-callback func from CTX */
logCb = ssl->ctx->keyLogCb;
if (logCb == NULL)
return 0;
/* prepare a log string for passing user callback
* "<Label> <hex-encoded client random> <hex-encoded secret>" */
buffSz = labelSz + (RAN_LEN * 2) + 1 + secretSz * 2 + 1;
log = XMALLOC(buffSz, ssl->heap, DYNAMIC_TYPE_SECRET);
if (log == NULL)
return MEMORY_E;
#ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Add("SessionSecret log", log, buffSz);
#endif
XMEMSET(log, 0, buffSz);
XMEMCPY(log, label, labelSz - 1); /* put label w/o terminator */
log[labelSz - 1] = ' '; /* '\0' -> ' ' */
idx = labelSz;
outSz = buffSz - idx;
if ((ret = Base16_Encode(ssl->arrays->clientRandom, RAN_LEN,
log + idx, &outSz)) == 0) {
idx += (outSz - 1); /* reduce terminator byte */
outSz = buffSz - idx;
if (outSz > 1) {
log[idx++] = ' '; /* add space*/
outSz = buffSz - idx;
if ((ret = Base16_Encode((byte*)secret, secretSz,
log + idx, &outSz)) == 0) {
logCb(ssl, (char*)log);
ret = 0;
}
}
else
ret = MEMORY_E;
}
/* Zero out Base16 encoded secret and other data. */
ForceZero(log, buffSz);
XFREE(log, ssl->heap, DYNAMIC_TYPE_SECRET);
return ret;
}
/* Label string for client random. */
#define SSC_CR "CLIENT_RANDOM"
@@ -335,34 +411,16 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
static int SessionSecret_callback(WOLFSSL* ssl, void* secret,
int* secretSz, void* ctx)
{
wolfSSL_CTX_keylog_cb_func logCb = NULL;
int msSz;
int invalidCount;
int i;
const char* label = SSC_CR;
int labelSz = sizeof(SSC_CR);
int buffSz;
byte* log = NULL;
word32 outSz;
int idx;
int ret;
(void)ctx;
if (ssl == NULL || secret == NULL || secretSz == NULL || *secretSz == 0)
if (secret == NULL || secretSz == NULL || *secretSz == 0)
return BAD_FUNC_ARG;
if (ssl->arrays == NULL)
return BAD_FUNC_ARG;
/* get the user-callback func from CTX */
logCb = ssl->ctx->keyLogCb;
if (logCb == NULL) {
return 0; /* no logging callback */
}
/* make sure the given master-secret has a meaningful value */
msSz = *secretSz;
invalidCount = 0;
for (i = 0; i < msSz; i++) {
for (i = 0; i < *secretSz; i++) {
if (((byte*)secret)[i] == 0) {
invalidCount++;
}
@@ -372,47 +430,8 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
return 0; /* ignore error */
}
/* build up a hex-decoded keylog string
* "CLIENT_RANDOM <hex-encoded client rand> <hex-encoded master-secret>"
* note that each keylog string does not have CR/LF.
*/
buffSz = labelSz + (RAN_LEN * 2) + 1 + ((*secretSz) * 2) + 1;
log = XMALLOC(buffSz, ssl->heap, DYNAMIC_TYPE_SECRET);
if (log == NULL)
return MEMORY_E;
#ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Add("SessionSecret log", log, buffSz);
#endif
XMEMSET(log, 0, buffSz);
XMEMCPY(log, label, labelSz -1); /* put label w/o terminator */
log[labelSz - 1] = ' '; /* '\0' -> ' ' */
idx = labelSz;
outSz = buffSz - idx;
if ((ret = Base16_Encode(ssl->arrays->clientRandom, RAN_LEN,
log + idx, &outSz)) == 0) {
idx += (outSz - 1); /* reduce terminator byte */
outSz = buffSz - idx;
if (outSz > 1) {
log[idx++] = ' '; /* add space*/
outSz = buffSz - idx;
if ((ret = Base16_Encode((byte*)secret, *secretSz,
log + idx, &outSz)) == 0) {
/* pass the log to the client callback*/
logCb(ssl, (char*)log);
ret = 0;
}
}
else {
ret = BUFFER_E;
}
}
/* Zero out Base16 encoded secret and other data. */
ForceZero(log, buffSz);
XFREE(log, ssl->heap, DYNAMIC_TYPE_SECRET);
return ret;
return SessionSecret_callback_common(ssl, secret, *secretSz,
SSC_CR, sizeof(SSC_CR));
}
#if defined(WOLFSSL_TLS13)
@@ -450,27 +469,10 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
static int SessionSecret_callback_Tls13(WOLFSSL* ssl, int id,
const unsigned char* secret, int secretSz, void* ctx)
{
wolfSSL_CTX_keylog_cb_func logCb = NULL;
const char* label;
int labelSz = 0;
int buffSz = 0;
byte* log = NULL;
word32 outSz;
int idx;
int ret;
(void)ctx;
if (ssl == NULL || secret == NULL || secretSz == 0)
return BAD_FUNC_ARG;
if (ssl->arrays == NULL)
return BAD_FUNC_ARG;
/* get the user-callback func from CTX*/
logCb = ssl->ctx->keyLogCb;
if (logCb == NULL)
return 0;
switch (id) {
case CLIENT_EARLY_TRAFFIC_SECRET:
labelSz = sizeof(SSC_TLS13_CETS);
@@ -510,44 +512,8 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
default:
return BAD_FUNC_ARG;
}
/* prepare a log string for passing user callback
* "<Label> <hex-encoded client random> <hex-encoded secret>" */
buffSz = labelSz + (RAN_LEN * 2) + 1 + secretSz * 2 + 1;
log = XMALLOC(buffSz, ssl->heap, DYNAMIC_TYPE_SECRET);
if (log == NULL)
return MEMORY_E;
#ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Add("SessionSecret log", log, buffSz);
#endif
XMEMSET(log, 0, buffSz);
XMEMCPY(log, label, labelSz - 1); /* put label w/o terminator */
log[labelSz - 1] = ' '; /* '\0' -> ' ' */
idx = labelSz;
outSz = buffSz - idx;
if ((ret = Base16_Encode(ssl->arrays->clientRandom, RAN_LEN,
log + idx, &outSz)) == 0) {
idx += (outSz - 1); /* reduce terminator byte */
outSz = buffSz - idx;
if (outSz >1) {
log[idx++] = ' '; /* add space*/
outSz = buffSz - idx;
if ((ret = Base16_Encode((byte*)secret, secretSz,
log + idx, &outSz)) == 0) {
logCb(ssl, (char*)log);
ret = 0;
}
}
else
ret = MEMORY_E;
}
/* Zero out Base16 encoded secret and other data. */
ForceZero(log, buffSz);
XFREE(log, ssl->heap, DYNAMIC_TYPE_SECRET);
return ret;
return SessionSecret_callback_common(ssl, secret, secretSz,
label, labelSz);
}
#endif /* WOLFSSL_TLS13*/
#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK*/