From: Alan T. DeKok <aland@freeradius.org>
Date: Sat, 19 Jun 2021 12:48:13 +0000 (-0400)
Subject: log information needed by Wireshark to decode TLS sessions
X-Git-Tag: release_3_0_24~193
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aeb2761b7f054a1d581da931000e4c338b18c425;p=thirdparty%2Ffreeradius-server.git

log information needed by Wireshark to decode TLS sessions
---

diff --git a/src/modules/rlm_eap/libeap/mppe_keys.c b/src/modules/rlm_eap/libeap/mppe_keys.c
index 1998af6c06d..237c671d978 100644
--- a/src/modules/rlm_eap/libeap/mppe_keys.c
+++ b/src/modules/rlm_eap/libeap/mppe_keys.c
@@ -178,6 +178,35 @@ void eaptls_gen_mppe_keys(REQUEST *request, SSL *s, char const *label, uint8_t c
 		ERROR("Failed generating keying material");
 		return;
 	}
+
+	if (RDEBUG_ENABLED4) {
+		size_t i, client_len, master_len;
+		uint8_t client_random[SSL3_RANDOM_SIZE];
+		uint8_t master_key[SSL_MAX_MASTER_KEY_LENGTH];
+		char *q, buffer[64 + 2*SSL3_RANDOM_SIZE + 2*SSL_MAX_MASTER_KEY_LENGTH];
+
+		client_len = SSL_get_client_random(s, client_random, sizeof(client_random));
+		master_len = SSL_SESSION_get_master_key(SSL_get_session(s), master_key, sizeof(master_key));
+
+		strcpy(buffer, "CLIENT_RANDOM ");
+		q = buffer + 14;
+
+		for (i = 0; i < client_len; i++) {
+			sprintf(q, "%02X", client_random[i]);
+			q += 2;
+		}
+		*(q++) = ' ';
+
+		for (i = 0; i < master_len; i++) {
+			sprintf(q, "%02X", master_key[i]);
+			q += 2;
+		}
+		*q = '\0';
+
+		RDEBUG("(TLS) KEYLOG: %s", buffer);
+
+	}
+
 #else
 	{
 		uint8_t seed[64 + (2 * SSL3_RANDOM_SIZE) + (context ? 2 + context_size : 0)];
@@ -210,6 +239,33 @@ void eaptls_gen_mppe_keys(REQUEST *request, SSL *s, char const *label, uint8_t c
 		PRF(s->session->master_key, s->session->master_key_length,
 		    seed, len, out, buf, sizeof(out));
 	}
+
+	if (RDEBUG_ENABLED4) {
+		size_t i, master_len;
+		char *q, buffer[64 + 2*SSL3_RANDOM_SIZE + 2*SSL_MAX_MASTER_KEY_LENGTH];
+
+		client_len = SSL_get_client_random(s, client_random, sizeof(client_random));
+		master_len = s->session->master_key_length;
+		if (master_len > SSL_MAX_MASTER_KEY_LENGTH) master_len = SSL_MAX_MASTER_KEY_LENGTH;
+
+		strcpy(buffer, "CLIENT_RANDOM ");
+		q = buffer + 14;
+
+		for (i = 0; i < SSL3_RANDOM_SIZE; i++) {
+			sprintf(q, "%02X", s->s3->client_random[i]);
+			q += 2;
+		}
+		*(q++) = ' ';
+
+		for (i = 0; i < master_len; i++) {
+			sprintf(q, "%02X", s->session->master_key[i]);
+			q += 2;
+		}
+		*q = '\0';
+
+		RDEBUG("(TLS) KEYLOG: %s", buffer);
+
+	}
 #endif
 
 	p = out;