mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 03:07:29 +02:00
Cleanup of the SHOW_SECRET debugging. Use only latest wolf API's (not older Cyassl names).
This commit is contained in:
David Garske
@ -599,7 +599,7 @@ static void FreeSnifferServer(SnifferServer* srv)
|
|||||||
wc_UnLockMutex(&srv->namedKeysMutex);
|
wc_UnLockMutex(&srv->namedKeysMutex);
|
||||||
wc_FreeMutex(&srv->namedKeysMutex);
|
wc_FreeMutex(&srv->namedKeysMutex);
|
||||||
#endif
|
#endif
|
||||||
SSL_CTX_free(srv->ctx);
|
wolfSSL_CTX_free(srv->ctx);
|
||||||
}
|
}
|
||||||
XFREE(srv, NULL, DYNAMIC_TYPE_SNIFFER_SERVER);
|
XFREE(srv, NULL, DYNAMIC_TYPE_SNIFFER_SERVER);
|
||||||
}
|
}
|
||||||
@ -635,8 +635,8 @@ static void FreePacketList(PacketBuffer* in)
|
|||||||
static void FreeSnifferSession(SnifferSession* session)
|
static void FreeSnifferSession(SnifferSession* session)
|
||||||
{
|
{
|
||||||
if (session) {
|
if (session) {
|
||||||
SSL_free(session->sslClient);
|
wolfSSL_free(session->sslClient);
|
||||||
SSL_free(session->sslServer);
|
wolfSSL_free(session->sslServer);
|
||||||
|
|
||||||
FreePacketList(session->cliReassemblyList);
|
FreePacketList(session->cliReassemblyList);
|
||||||
FreePacketList(session->srvReassemblyList);
|
FreePacketList(session->srvReassemblyList);
|
||||||
@ -1501,7 +1501,7 @@ static int CreateWatchSnifferServer(char* error)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
InitSnifferServer(sniffer);
|
InitSnifferServer(sniffer);
|
||||||
sniffer->ctx = SSL_CTX_new(SSLv23_client_method());
|
sniffer->ctx = wolfSSL_CTX_new(SSLv23_client_method());
|
||||||
if (!sniffer->ctx) {
|
if (!sniffer->ctx) {
|
||||||
SetError(MEMORY_STR, error, NULL, 0);
|
SetError(MEMORY_STR, error, NULL, 0);
|
||||||
FreeSnifferServer(sniffer);
|
FreeSnifferServer(sniffer);
|
||||||
@ -1592,7 +1592,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
|
|||||||
sniffer->server = serverIp;
|
sniffer->server = serverIp;
|
||||||
sniffer->port = port;
|
sniffer->port = port;
|
||||||
|
|
||||||
sniffer->ctx = SSL_CTX_new(SSLv23_client_method());
|
sniffer->ctx = wolfSSL_CTX_new(SSLv23_client_method());
|
||||||
if (!sniffer->ctx) {
|
if (!sniffer->ctx) {
|
||||||
SetError(MEMORY_STR, error, NULL, 0);
|
SetError(MEMORY_STR, error, NULL, 0);
|
||||||
#ifdef HAVE_SNI
|
#ifdef HAVE_SNI
|
||||||
@ -1606,8 +1606,8 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
|
|||||||
if (name == NULL) {
|
if (name == NULL) {
|
||||||
if (password) {
|
if (password) {
|
||||||
#ifdef WOLFSSL_ENCRYPTED_KEYS
|
#ifdef WOLFSSL_ENCRYPTED_KEYS
|
||||||
SSL_CTX_set_default_passwd_cb(sniffer->ctx, SetPassword);
|
wolfSSL_CTX_set_default_passwd_cb(sniffer->ctx, SetPassword);
|
||||||
SSL_CTX_set_default_passwd_cb_userdata(
|
wolfSSL_CTX_set_default_passwd_cb_userdata(
|
||||||
sniffer->ctx, (void*)password);
|
sniffer->ctx, (void*)password);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@ -1625,7 +1625,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
|
|||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
if (keySz == 0) {
|
if (keySz == 0) {
|
||||||
ret = SSL_CTX_use_PrivateKey_file(sniffer->ctx, keyFile, type);
|
ret = wolfSSL_CTX_use_PrivateKey_file(sniffer->ctx, keyFile, type);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
ret = wolfSSL_CTX_use_PrivateKey_buffer(sniffer->ctx,
|
ret = wolfSSL_CTX_use_PrivateKey_buffer(sniffer->ctx,
|
||||||
@ -2027,23 +2027,24 @@ static void CallConnectionCb(SnifferSession* session)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SHOW_SECRETS
|
#ifdef SHOW_SECRETS
|
||||||
static void ShowTlsSecrets(SnifferSession* session)
|
static void PrintSecret(const char* desc, const byte* buf, int sz)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
printf("server master secret: ");
|
printf("%s: ", desc);
|
||||||
for (i = 0; i < SECRET_LEN; i++)
|
for (i = 0; i < sz; i++) {
|
||||||
printf("%02x", session->sslServer->arrays->masterSecret[i]);
|
printf("%02x", buf[i]);
|
||||||
printf("\n");
|
}
|
||||||
|
|
||||||
printf("client master secret: ");
|
|
||||||
for (i = 0; i < SECRET_LEN; i++)
|
|
||||||
printf("%02x", session->sslClient->arrays->masterSecret[i]);
|
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
static void ShowTlsSecrets(SnifferSession* session)
|
||||||
|
{
|
||||||
|
PrintSecret("server master secret", session->sslServer->arrays->masterSecret, SECRET_LEN);
|
||||||
|
PrintSecret("client master secret", session->sslClient->arrays->masterSecret, SECRET_LEN);
|
||||||
printf("server suite = %d\n", session->sslServer->options.cipherSuite);
|
printf("server suite = %d\n", session->sslServer->options.cipherSuite);
|
||||||
printf("client suite = %d\n", session->sslClient->options.cipherSuite);
|
printf("client suite = %d\n", session->sslClient->options.cipherSuite);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* SHOW_SECRETS */
|
||||||
|
|
||||||
|
|
||||||
/* Process Keys */
|
/* Process Keys */
|
||||||
@ -2290,13 +2291,9 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
|
|||||||
session->sslServer->arrays->preMasterSz;
|
session->sslServer->arrays->preMasterSz;
|
||||||
|
|
||||||
#ifdef SHOW_SECRETS
|
#ifdef SHOW_SECRETS
|
||||||
{
|
PrintSecret("pre master secret",
|
||||||
word32 i;
|
session->sslServer->arrays->preMasterSecret,
|
||||||
printf("pre master secret: ");
|
session->sslServer->arrays->preMasterSz);
|
||||||
for (i = 0; i < session->sslServer->arrays->preMasterSz; i++)
|
|
||||||
printf("%02x", session->sslServer->arrays->preMasterSecret[i]);
|
|
||||||
printf("\n");
|
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (SetCipherSpecs(session->sslServer) != 0) {
|
if (SetCipherSpecs(session->sslServer) != 0) {
|
||||||
@ -2874,15 +2871,8 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SHOW_SECRETS
|
#ifdef SHOW_SECRETS
|
||||||
{
|
printf("cipher suite = 0x%02x\n", session->sslServer->options.cipherSuite);
|
||||||
int i;
|
PrintSecret("server random", session->sslServer->arrays->serverRandom, RAN_LEN);
|
||||||
printf("cipher suite = 0x%02x\n",
|
|
||||||
session->sslServer->options.cipherSuite);
|
|
||||||
printf("server random: ");
|
|
||||||
for (i = 0; i < RAN_LEN; i++)
|
|
||||||
printf("%02x", session->sslServer->arrays->serverRandom[i]);
|
|
||||||
printf("\n");
|
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
@ -3011,14 +3001,9 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
|
|||||||
XMEMCPY(session->sslClient->arrays->sessionID, input, ID_LEN);
|
XMEMCPY(session->sslClient->arrays->sessionID, input, ID_LEN);
|
||||||
session->sslClient->options.haveSessionId = 1;
|
session->sslClient->options.haveSessionId = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SHOW_SECRETS
|
#ifdef SHOW_SECRETS
|
||||||
{
|
PrintSecret("client random", ssl->arrays->clientRandom, RAN_LEN);
|
||||||
int i;
|
|
||||||
printf("client random: ");
|
|
||||||
for (i = 0; i < RAN_LEN; i++)
|
|
||||||
printf("%02x", ssl->arrays->clientRandom[i]);
|
|
||||||
printf("\n");
|
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
input += bLen;
|
input += bLen;
|
||||||
@ -3385,6 +3370,9 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
|
|||||||
/* copy resumption secret to server */
|
/* copy resumption secret to server */
|
||||||
XMEMCPY(session->sslServer->session.masterSecret,
|
XMEMCPY(session->sslServer->session.masterSecret,
|
||||||
session->sslClient->session.masterSecret, SECRET_LEN);
|
session->sslClient->session.masterSecret, SECRET_LEN);
|
||||||
|
#ifdef SHOW_SECRETS
|
||||||
|
PrintSecret("resumption secret", session->sslClient->session.masterSecret, SECRET_LEN);
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -3841,15 +3829,15 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
session->sslServer = SSL_new(session->context->ctx);
|
session->sslServer = wolfSSL_new(session->context->ctx);
|
||||||
if (session->sslServer == NULL) {
|
if (session->sslServer == NULL) {
|
||||||
SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
|
SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
|
||||||
XFREE(session, NULL, DYNAMIC_TYPE_SNIFFER_SESSION);
|
XFREE(session, NULL, DYNAMIC_TYPE_SNIFFER_SESSION);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
session->sslClient = SSL_new(session->context->ctx);
|
session->sslClient = wolfSSL_new(session->context->ctx);
|
||||||
if (session->sslClient == NULL) {
|
if (session->sslClient == NULL) {
|
||||||
SSL_free(session->sslServer);
|
wolfSSL_free(session->sslServer);
|
||||||
session->sslServer = 0;
|
session->sslServer = 0;
|
||||||
|
|
||||||
SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
|
SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
|
||||||
|
|||||||
@ -24958,9 +24958,9 @@ long wolfSSL_set_tlsext_debug_arg(WOLFSSL* ssl, void *arg)
|
|||||||
#endif /* HAVE_PK_CALLBACKS */
|
#endif /* HAVE_PK_CALLBACKS */
|
||||||
|
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)
|
||||||
const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length)
|
const unsigned char *SSL_SESSION_get0_id_context(const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length)
|
||||||
{
|
{
|
||||||
const byte *c = wolfSSL_SESSION_get_id((SSL_SESSION *)sess, sid_ctx_length);
|
const byte *c = wolfSSL_SESSION_get_id((WOLFSSL_SESSION *)sess, sid_ctx_length);
|
||||||
return c;
|
return c;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Reference in New Issue
Block a user