-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathsslkeylog.c
151 lines (128 loc) · 3.76 KB
/
sslkeylog.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
/*
* Copyright (C) 2014 Peter Wu <[email protected]>
* 2021 wpbrown
* Licensed under the terms of GPLv3 (or any later version) at your choice.
*/
#define _GNU_SOURCE /* for RTLD_NEXT */
#include <dlfcn.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#if __GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 30)
#include <sys/syscall.h>
#endif
#define OPENSSL_SONAME1 "libssl.so.1.1"
#define OPENSSL_SONAME3 "libssl.so.3"
#define MAX_PATH 512
#define FIRSTLINE "# SSL key logfile generated by sslkeylog.c\n"
#define FIRSTLINE_LEN (sizeof(FIRSTLINE) - 1)
typedef struct ssl_st SSL;
typedef struct ssl_ctx_st SSL_CTX;
static __thread int keylog_file_fd = -1;
static __thread int thread_id = -1;
void *real_dlsym(void *handle, const char *name);
static void init_keylog_file(void)
{
char filename_pid[MAX_PATH];
if (keylog_file_fd >= 0)
return;
const char *filename = getenv("HOOKED_SSLKEYLOGFILE");
if (!filename)
filename = getenv("SSLKEYLOGFILE");
if (!filename)
return;
size_t filename_len = strlen(filename);
if (filename_len < MAX_PATH - 32)
{
#if __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 30)
thread_id = (int)gettid();
#else
thread_id = (int)syscall(SYS_gettid);
#endif
strcpy(filename_pid, filename);
snprintf(&filename_pid[filename_len], MAX_PATH - filename_len, ".%d.%d", (int)getpid(), thread_id);
keylog_file_fd = open(filename_pid, O_WRONLY | O_APPEND | O_CREAT, 0644);
if (keylog_file_fd >= 0 && lseek(keylog_file_fd, 0, SEEK_END) == 0)
{
/* file is opened successfully and there is no data (pos == 0) */
write(keylog_file_fd, FIRSTLINE, FIRSTLINE_LEN);
}
}
}
static inline void *lookup_symbol(const char *sym)
{
void *func = real_dlsym(RTLD_NEXT, sym);
if (!func)
{
void *handle = dlopen(OPENSSL_SONAME1, RTLD_LAZY);
if (!handle)
{
handle = dlopen(OPENSSL_SONAME3, RTLD_LAZY);
if (!handle)
{
fprintf(stderr, "Lookup error for %s: %s\n", sym, dlerror());
abort();
}
}
func = real_dlsym(handle, sym);
if (!func)
{
fprintf(stderr, "Cannot lookup %s\n", sym);
abort();
}
dlclose(handle);
}
return func;
}
static void keylog_callback(const SSL *ssl, const char *line)
{
init_keylog_file();
if (keylog_file_fd >= 0)
{
write(keylog_file_fd, line, strlen(line));
write(keylog_file_fd, "\n", 1);
}
}
SSL *SSL_new(SSL_CTX *ctx)
{
static SSL *(*func)();
static void (*set_keylog_cb)();
if (!func)
{
// fprintf(stderr, "[SSLKEYLOG] INIT\n");
func = lookup_symbol(__func__);
set_keylog_cb = lookup_symbol("SSL_CTX_set_keylog_callback");
}
if (set_keylog_cb)
{
// fprintf(stderr, "[SSLKEYLOG] ENABLING\n");
/* Override any previous key log callback. */
set_keylog_cb(ctx, keylog_callback);
}
return func(ctx);
}
extern void *dlsym(void *handle, const char *name)
{
if (!strcmp(name, "dlsym"))
return dlsym;
if (!strcmp(name, "SSL_new"))
{
// fprintf(stderr, "[SSLKEYLOG] DLSYM\n");
return SSL_new;
}
return real_dlsym(handle, name);
}
#if __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 34)
#define GLIBC_API_VERSION "GLIBC_2.34"
#else
#define GLIBC_API_VERSION "GLIBC_2.2.5"
#endif
void *real_dlsym(void *handle, const char *name)
{
static void *(*real_dlsym)(void *, const char *) = NULL;
if (real_dlsym == NULL)
real_dlsym = dlvsym(RTLD_NEXT, "dlsym", GLIBC_API_VERSION);
return real_dlsym(handle, name);
}