[tor-commits] [tor-browser/tor-browser-45.1.0esr-6.0-1] Bug 18885: Disable possible logging of TLS key material
gk at torproject.org
gk at torproject.org
Wed May 18 19:42:50 UTC 2016
commit f5c58c88029648b608d75cdb06d82b06f0d30953
Author: Georg Koppen <gk at torproject.org>
Date: Tue May 17 18:30:08 2016 +0000
Bug 18885: Disable possible logging of TLS key material
This is a backport of the bugfix for #1183318
(https://hg.mozilla.org/projects/nss/rev/68d0b829490f).
This is working for us as we are building Tor Browser optimized for
all the platforms we support.
---
security/nss/lib/ssl/Makefile | 7 +++++++
security/nss/lib/ssl/ssl3con.c | 6 ++++++
security/nss/lib/ssl/sslsock.c | 6 ++++++
3 files changed, 19 insertions(+)
diff --git a/security/nss/lib/ssl/Makefile b/security/nss/lib/ssl/Makefile
index d56cbf2..abf54c9 100644
--- a/security/nss/lib/ssl/Makefile
+++ b/security/nss/lib/ssl/Makefile
@@ -39,6 +39,13 @@ CSRCS += unix_err.c
endif
endif
+# Enable key logging by default in debug builds, but not opt builds.
+# Logging still needs to be enabled at runtime through env vars.
+NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1)
+ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE))
+DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1
+endif
+
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index 8f1c547..ac57812 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -6029,6 +6029,7 @@ done:
return unwrappedWrappingKey;
}
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
/* hexEncode hex encodes |length| bytes from |in| and writes it as |length*2|
* bytes to |out|. */
static void
@@ -6042,6 +6043,7 @@ hexEncode(char *out, const unsigned char *in, unsigned int length)
*(out++) = hextable[in[i] & 15];
}
}
+#endif
/* Called from ssl3_SendClientKeyExchange(). */
/* Presently, this always uses PKCS11. There is no bypass for this. */
@@ -6081,6 +6083,7 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
goto loser;
}
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
if (ssl_keylog_iob) {
SECStatus extractRV = PK11_ExtractKeyValue(pms);
if (extractRV == SECSuccess) {
@@ -6112,6 +6115,7 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
}
}
}
+#endif
rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
isTLS ? enc_pms.len + 2 : enc_pms.len);
@@ -10989,6 +10993,7 @@ ssl3_SendNextProto(sslSocket *ss)
static void
ssl3_RecordKeyLog(sslSocket *ss)
{
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
SECStatus rv;
SECItem *keyData;
char buf[14 /* "CLIENT_RANDOM " */ +
@@ -11039,6 +11044,7 @@ ssl3_RecordKeyLog(sslSocket *ss)
return;
fflush(ssl_keylog_iob);
return;
+#endif
}
/* called from ssl3_SendClientSecondRound
diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
index f735009..de9a1315 100644
--- a/security/nss/lib/ssl/sslsock.c
+++ b/security/nss/lib/ssl/sslsock.c
@@ -118,7 +118,11 @@ int ssl_lock_readers = 1; /* default true. */
char ssl_debug;
char ssl_trace;
FILE * ssl_trace_iob;
+
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
FILE * ssl_keylog_iob;
+#endif
+
char lockStatus[] = "Locks are ENABLED. ";
#define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
@@ -3118,6 +3122,7 @@ ssl_SetDefaultsFromEnvironment(void)
SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
}
#endif /* DEBUG */
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
ev = getenv("SSLKEYLOGFILE");
if (ev && ev[0]) {
ssl_keylog_iob = fopen(ev, "a");
@@ -3131,6 +3136,7 @@ ssl_SetDefaultsFromEnvironment(void)
SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
}
}
+#endif
#ifndef NO_PKCS11_BYPASS
ev = getenv("SSLBYPASS");
if (ev && ev[0]) {
More information about the tor-commits
mailing list