httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastian Biedermann <biederm...@seceng.informatik.tu-darmstadt.de>
Subject Re: symmetric aes key
Date Fri, 06 Dec 2013 13:50:00 GMT
Works perfect, thank you!!!

Am 06.12.2013 12:21, schrieb Yann Ylavic:
> Maybe the patch below can help.
>
> Disclaimer: this is just a POC, it is not thread safe (a single file
> is used)!!!
> You'll have to adjust that to your needs.
>
> SSL_SESSION_print will write all the session infos (including the
> master key) to the file.
> If you need the master key only, you could use session->master_key
> (with session->master_key_length).
>
> Using the ssl_callback_info() (in the SSL_CB_HANDSHAKE_DONE state)
> allows you to catch any (re)negotiation when finished.
>
> Regards,
> Yann.
>
>
> Index: modules/ssl/ssl_engine_kernel.c
> ===================================================================
> --- modules/ssl/ssl_engine_kernel.c    (revision 1548486)
> +++ modules/ssl/ssl_engine_kernel.c    (working copy)
> @@ -1989,6 +1989,15 @@ void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE ssl
>          scr->reneg_state = RENEG_REJECT;
>      }
>  
> +    if ((where & SSL_CB_HANDSHAKE_DONE)) {
> +        SSL_SESSION *session = SSL_get_session((SSL *)ssl);
> +        if (session) {
> +            BIO *bio = BIO_new_file("/path/to/sessions/file", "a");
> +            SSL_SESSION_print(bio, session);
> +            BIO_free(bio);
> +        }
> +    }
> +
>      s = mySrvFromConn(c);
>      if (s && s->loglevel >= APLOG_DEBUG) {
>          log_tracing_state(ssl, c, s, where, rc);
> [END OF PATCH]
>
>
>
> On Fri, Dec 6, 2013 at 11:19 AM, Sebastian Biedermann
> <biedermann@seceng.informatik.tu-darmstadt.de
> <mailto:biedermann@seceng.informatik.tu-darmstadt.de>> wrote:
>
>     Dear developers,
>
>     I work on a research project about SSL security.
>     Currently, I'm trying to identify and write the negotiated
>     symmetric AES key of a session to a file just by modifying the
>     apache2-2.4.6 source code. Until now, I was not able to identify
>     and locate the variable which temporary stores this key.
>
>     In apache2-2.4.6/modules/ssl/*mod_ssl.c*
>     a new ssl connection is initiated in
>     int *ssl_init_ssl_connection*(conn_rec *c, request_rec *r)
>     and there are several structs, I guess one of them stores the key:
>
>     SSLSrvConfigRec *sc;
>     SSLConnRec *sslconn
>     modssl_ctx_t *mctx;
>     server_rec *server;
>
>     Unfortunately, there is very less information about this on the
>     Internet
>     and I don't really know where to start.
>     Can anyone give my a hint or tell me which variable stores the aes
>     key?
>
>     Thank you!
>
>
>     -- 
>     Sebastian
>
>


-- 
Sebastian Biedermann
Security Engineering Group
Technische Universit├Ąt Darmstadt
biedermann@seceng.informatik.tu-darmstadt.de

This email and any files transmitted with it are confidential 
and intended solely for the use of the individual or entity 
to whom they are addressed. If you have received this email 
in error please notify the sender.



Mime
View raw message