Improve SSL tracing of key derivation

RESOLVED FIXED in 3.12.1

Status

NSS
Libraries
P3
enhancement
RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Nelson Bolyard (seldom reads bugmail))

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

Created attachment 306958 [details] [diff] [review]
enhance the labeling of SSL key derivation

When we converted NSS to use PKCS#11 exclusively for crypto, a lot of the 
original tracing capability of NSS, done in the context of libSSL, was lost.
It was no longer possible to trace key values, because they were not seen 
outside of the PKCS#11 token.

When I implemented SSL Bypass, it became possible (again) to trace the 
derived key values.  I put some SSL tracing back into the bypass functions
that derive keys, in lib/ssl/derive.c, but I did a minimal job of it.

Now, there's been a request to restore that tracing back to its former glory.
The attached patch is a start in that direction.

With this patch, I was able to trace an SSL handshake, including key derivation
with the following set of shell commands:

SSLDEBUGFILE=/tmp/sslTrace.txt
SSLBYPASS=1
SSLTRACE=127
SSLDEBUG=127
tstclnt -vvv -2B -h www.microsoft.com -f -c depruvxy < stdin.txt

Where stdin.txt is a two-line file containing these lines:
----- two lines are below ------
GET / HTTP/1.0

---- the two lines are above this one ----
Attachment #306958 - Flags: review?(wtc)
Comment on attachment 306958 [details] [diff] [review]
enhance the labeling of SSL key derivation

Julien, please review
Attachment #306958 - Attachment description: enhance the labelling of SSL key derivation → enhance the labeling of SSL key derivation
Attachment #306958 - Flags: review?(wtc) → review?(julien.pierre.boogz)
(Assignee)

Updated

9 years ago
Status: NEW → ASSIGNED
Priority: -- → P3

Updated

9 years ago
Attachment #306958 - Flags: review?(julien.pierre.boogz) → review+
Thanks for the review.

Checking in lib/ssl/derive.c; new revision: 1.10; previous revision: 1.9
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
(Assignee)

Updated

9 years ago
Target Milestone: 3.12 → 3.12.1
You need to log in before you can comment on or make changes to this bug.