the handshake State judgment is not completely accurate on boringssl with the branch main-with-bazel

[boost2020]

此问题是#552 的后续，背景再叙说一下：
环境：
nginx 版本： nginx/1.19.3
boringssl 版本：https://github.com/google/boringssl/branches main-with-bazel commit id: f1c75347daa2ea81a941e953f2263e0a4d970c8d
静态编译到nginx中，并且没有带-g的编译，因此readelf都看不到符号表信息

 readelf -s /usr/local/openresty/nginx/sbin/nginx |grep SSL_
   179: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND OPENSSL_memory_alloc
   188: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND OPENSSL_memory_get_size
   336: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND OPENSSL_memory_free

这个时候使用ecapture就会报错：

./ecapture-0606 tls --libssl=/usr/local/openresty/nginx/sbin/nginx --ssl_version="boringssl na" -b 2 -m key
2024-06-06T22:05:00+08:00 INF AppName="eCapture(旁观者)"
2024-06-06T22:05:00+08:00 INF HomePage=https://ecapture.cc
2024-06-06T22:05:00+08:00 INF Repository=https://github.com/gojue/ecapture
2024-06-06T22:05:00+08:00 INF Author="CFC4N <cfc4ncs@gmail.com>"
2024-06-06T22:05:00+08:00 INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-06-06T22:05:00+08:00 INF Version=linux_amd64:0.8.2--8e25629:x86_64
2024-06-06T22:05:00+08:00 INF listen=localhost:28256
2024-06-06T22:05:00+08:00 INF https server starting...You can update the configuration file via the HTTP interface.
2024-06-06T22:05:00+08:00 WRN ========== module starting. ==========
2024-06-06T22:05:00+08:00 INF Kernel Info=4.19.132 Pid=36269
2024-06-06T22:05:00+08:00 INF BTF bytecode mode: non-CORE. btfMode=2
2024-06-06T22:05:00+08:00 INF master key keylogger has been set. eBPFProgramType=KeyLog keylogger=ecapture_openssl_key.og
2024-06-06T22:05:00+08:00 INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2024-06-06T22:05:00+08:00 INF Module.Run()
2024-06-06T22:05:00+08:00 INF OpenSSL/BoringSSL version found sslVersion="boringssl na"
2024-06-06T22:05:00+08:00 INF HOOK type:Openssl elf ElfType=2 binrayPath=/usr/local/openresty/nginx/sbin/nginx masterHookFuncs=["SSL_in_init"]
2024-06-06T22:05:00+08:00 INF setupManagers eBPFProgramType=KeyLog
2024-06-06T22:05:00+08:00 INF BPF bytecode file is matched. bpfFileName=user/bytecode/boringssl_na_kern_noncore_less52.o
2024-06-06T22:05:00+08:00 FTL module run failed, skip it. error="couldn't start bootstrap manager error:1 error occurred:\n\t* error:opening uprobe: symbol SSL_in_init: not found , isRet:false, opts:&{0 0 0 0 0 }, {UID:uprobe_smk_SSL_in_init, EbpfFuncName:probe_ssl_master_key}\n\n, probes activation validation failed ." isReload=false

静态编译到nginx时带上-g，加上符号表后,

readelf -s /usr/local/openresty/nginx/sbin/nginx |grep SSL_|grep "^.*14 SSL"

 17035: 00000000002a2966   144 FUNC    LOCAL  DEFAULT   14 SSL_get_certificate
 17043: 0000000000290281    27 FUNC    LOCAL  DEFAULT   14 SSL_free
 17048: 0000000000295cce    15 FUNC    LOCAL  DEFAULT   14 SSL_CTX_sess_accept
 17115: 00000000002931a8    52 FUNC    LOCAL  DEFAULT   14 SSL_get_curve_id
 17126: 0000000000290f33   297 FUNC    LOCAL  DEFAULT   14 SSL_write
 17151: 00000000002a30a4    43 FUNC    LOCAL  DEFAULT   14 SSL_clear_chain_certs
 17167: 0000000000292156   131 FUNC    LOCAL  DEFAULT   14 SSL_set_fd
 17211: 0000000000291576   136 FUNC    LOCAL  DEFAULT   14 SSL_set_quic_early_data_c
 17215: 0000000000295839    92 FUNC    LOCAL  DEFAULT   14 SSL_set_retain_only_sha25
 17218: 0000000000294bf5    18 FUNC    LOCAL  DEFAULT   14 SSL_get_info_callback
 17260: 000000000029989d   171 FUNC    LOCAL  DEFAULT   14 SSL_use_RSAPrivateKey_ASN
 17275: 0000000000294247    94 FUNC    LOCAL  DEFAULT   14 SSL_set_tls_channel_id_en
 17285: 0000000000295d37    15 FUNC    LOCAL  DEFAULT   14 SSL_CTX_sess_cache_full
 17289: 0000000000296201    34 FUNC    LOCAL  DEFAULT   14 SSL_CTX_set_tlsext_status
 17311: 000000000028b771   384 FUNC    LOCAL  DEFAULT   14 SSL_CTX_use_PrivateKey_fi
 17312: 00000000002a2fe8   107 FUNC    LOCAL  DEFAULT   14 SSL_add1_chain_cert
 17377: 0000000000295f0e   361 FUNC    LOCAL  DEFAULT   14 SSL_process_tls13_new_ses
 17400: 00000000002a70d9   124 FUNC    LOCAL  DEFAULT   14 SSL_get_key_block_len
 17418: 0000000000285adf    62 FUNC    LOCAL  DEFAULT   14 SSL_CTX_set_signed_cert_t
 17454: 00000000002bfdd3   165 FUNC    LOCAL  DEFAULT   14 SSL_get0_ech_retry_config
 17458: 00000000002893d9    17 FUNC    LOCAL  DEFAULT   14 SSL_CIPHER_get_id
 17476: 00000000002a33c0   218 FUNC    LOCAL  DEFAULT   14 SSL_get0_chain_certs
 17477: 00000000002c03e4   201 FUNC    LOCAL  DEFAULT   14 SSL_ECH_KEYS_has_duplicat
 17493: 00000000002902ca    46 FUNC    LOCAL  DEFAULT   14 SSL_set_accept_state
 17531: 00000000002857ee   240 FUNC    LOCAL  DEFAULT   14 SSL_use_certificate_ASN1
 17536: 000000000029e780    46 FUNC    LOCAL  DEFAULT   14 SSL_SESSION_get0_id_conte
 17544: 0000000000295d0a    15 FUNC    LOCAL  DEFAULT   14 SSL_CTX_sess_cb_hits
 17551: 000000000029046c    30 FUNC    LOCAL  DEFAULT   14 SSL_get_rbio
 17554: 0000000000289bbb    17 FUNC    LOCAL  DEFAULT   14 SSL_CIPHER_get_version
 17566: 0000000000289746   317 FUNC    LOCAL  DEFAULT   14 SSL_CIPHER_get_kx_name
 17570: 00000000002858de    63 FUNC    LOCAL  DEFAULT   14 SSL_CTX_set_cert_cb
 17590: 0000000000294c8a    52 FUNC    LOCAL  DEFAULT   14 SSL_CTX_set_quic_method
 17605: 00000000002946ce   175 FUNC    LOCAL  DEFAULT   14 SSL_get_privatekey
 17608: 0000000000292b76    72 FUNC    LOCAL  DEFAULT   14 SSL_CTX_set_max_send_frag
 17634: 0000000000294862    19 FUNC    LOCAL  DEFAULT   14 SSL_get_server_tmp_key
 17680: 00000000002947fe    70 FUNC    LOCAL  DEFAULT   14 SSL_session_reused
 17686: 00000000002931dc    19 FUNC    LOCAL  DEFAULT   14 SSL_CTX_set_tmp_dh
 17687: 000000000029592b    94 FUNC    LOCAL  DEFAULT   14 SSL_set_permute_extension
 17689: 0000000000285ddf    31 FUNC    LOCAL  DEFAULT   14 SSL_delegated_credential_
 17690: 000000000028563e   119 FUNC    LOCAL  DEFAULT   14 SSL_set_chain_and_key
 17722: 000000000029574c    86 FUNC    LOCAL  DEFAULT   14 SSL_get_client_random
 17726: 000000000028f7e5  1800 FUNC    LOCAL  DEFAULT   14 SSL_new
 17747: 00000000002949c5    65 FUNC    LOCAL  DEFAULT   14 SSL_get_shutdown
 17789: 0000000000290722   278 FUNC    LOCAL  DEFAULT   14 SSL_do_handshake
 17790: 0000000000290322    42 FUNC    LOCAL  DEFAULT   14 SSL_set0_wbio

ecapture就能正常work了

 ./ecapture-0606 tls --libssl=/usr/local/openresty/nginx/sbin/nginx --ssl_version="boringssl na" -b 2 -m key
2024-06-06T22:10:20+08:00 INF AppName="eCapture(旁观者)"
2024-06-06T22:10:20+08:00 INF HomePage=https://ecapture.cc
2024-06-06T22:10:20+08:00 INF Repository=https://github.com/gojue/ecapture
2024-06-06T22:10:20+08:00 INF Author="CFC4N <cfc4ncs@gmail.com>"
2024-06-06T22:10:20+08:00 INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-06-06T22:10:20+08:00 INF Version=linux_amd64:0.8.2--8e25629:x86_64
2024-06-06T22:10:20+08:00 INF listen=localhost:28256
2024-06-06T22:10:20+08:00 INF https server starting...You can update the configuration file via the HTTP interface.
2024-06-06T22:10:20+08:00 WRN ========== module starting. ==========
2024-06-06T22:10:20+08:00 INF Kernel Info=4.19.132 Pid=38162
2024-06-06T22:10:20+08:00 INF BTF bytecode mode: non-CORE. btfMode=2
2024-06-06T22:10:20+08:00 INF master key keylogger has been set. eBPFProgramType=KeyLog keylogger=ecapture_openssl_key.og
2024-06-06T22:10:20+08:00 INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2024-06-06T22:10:20+08:00 INF Module.Run()
2024-06-06T22:10:20+08:00 INF OpenSSL/BoringSSL version found sslVersion="boringssl na"
2024-06-06T22:10:20+08:00 INF HOOK type:Openssl elf ElfType=2 binrayPath=/usr/local/openresty/nginx/sbin/nginx masterHookFuncs=["SSL_in_init"]
2024-06-06T22:10:20+08:00 INF setupManagers eBPFProgramType=KeyLog
2024-06-06T22:10:20+08:00 INF BPF bytecode file is matched. bpfFileName=user/bytecode/boringssl_na_kern_noncore_less52.o
2024-06-06T22:10:20+08:00 INF perfEventReader created mapSize(MB)=4
2024-06-06T22:10:20+08:00 INF module started successfully. isReload=false moduleName=EBPFProbeOPENSSL

但这里还是有问题：

boringssl_masterkey.h 第299行

        if (ssl3_hs_state.state < 20) {
            // not finished yet.
            return 0;
        }

判断握手状态的值 20不太合适，实际上state 等于18时，握手就完成了

           <...>-37497 [001] .... 25597082.620129: 0: mastersecret->version :771, client_version:771, 
           <...>-37497 [001] .... 25597082.620153: 0: client_version:771, state:18, tls13_state:0
           <...>-37497 [001] .... 25597082.620153: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25597082.620154: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37497 [001] .... 25597082.620155: 0: mastersecret->version :771, client_version:771, 
           <...>-37497 [001] .... 25597082.620157: 0: ssl_st->s3->hs->new_session is not null, address :56077e5c7ba8
           <...>-37497 [001] .... 25597082.620158: 0: s3_address:56077e5cc508, ssl_session_st_addr addr :56077e5c7ba8
           <...>-37497 [001] .... 25597082.620159: 0:  secret_length:48
           <...>-37497 [001] .... 25597082.620160: 0: master_key: 62 e0 2b
           <...>-37497 [001] .... 25597082.620174: 0: client_version:771, state:18, tls13_state:0
           <...>-37497 [001] .... 25597082.620175: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25597082.620176: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37497 [001] .... 25597082.620177: 0: mastersecret->version :771, client_version:771, 
           <...>-37497 [001] .... 25597082.620178: 0: ssl_st->s3->hs->new_session is not null, address :56077e5c7ba8
           <...>-37497 [001] .... 25597082.620179: 0: s3_address:56077e5cc508, ssl_session_st_addr addr :56077e5c7ba8
           <...>-37497 [001] .... 25597082.620180: 0:  secret_length:48
           <...>-37497 [001] .... 25597082.620181: 0: master_key: 62 e0 2b
           <...>-37497 [001] .... 25597082.620191: 0: client_version:771, state:18, tls13_state:0
           <...>-37497 [001] .... 25597082.620192: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25597082.620193: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37497 [001] .... 25597082.620194: 0: mastersecret->version :771, client_version:771, 
           <...>-37497 [001] .... 25597082.620195: 0: ssl_st->s3->hs->new_session is not null, address :56077e5c7ba8
           <...>-37497 [001] .... 25597082.620196: 0: s3_address:56077e5cc508, ssl_session_st_addr addr :56077e5c7ba8
           <...>-37497 [001] .... 25597082.620197: 0:  secret_length:48
           <...>-37497 [001] .... 25597082.620198: 0: master_key: 62 e0 2b
           <...>-37497 [001] .... 25597082.620217: 0: client_version:771, state:18, tls13_state:0
           <...>-37497 [001] .... 25597082.620218: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25597082.620219: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37497 [001] .... 25597082.620220: 0: mastersecret->version :771, client_version:771, 
           <...>-37497 [001] .... 25597082.620221: 0: ssl_st->s3->hs->new_session is not null, address :56077e5c7ba8
           <...>-37497 [001] .... 25597082.620222: 0: s3_address:56077e5cc508, ssl_session_st_addr addr :56077e5c7ba8
           <...>-37497 [001] .... 25597082.620223: 0:  secret_length:48
           <...>-37497 [001] .... 25597082.620224: 0: master_key: 62 e0 2b

所以我这里有2个问题
1） 没有加-g的编译时，也就是没有带上调试信息时，能否也能让ecapture正常work?
2) boringssl 在main-with-bazel 这个分支时 state == 18时就可以正常工作了，这个如何修改适合普适的版本

[cfc4n]

1. He can work normally. However, you need to search for the offer offset of the hooked function, manually enter it into the program, and then compile the program.

https://github.com/gojue/ecapture/blob/4b1c52df6a935886058f08aff3b7acd2e60a872c/user/module/probe_openssl_text.go#L47C3-L52C6

// add Offset
{
    Section:          "uprobe/SSL_write",
    EbpfFuncName:     "probe_entry_SSL_write",
    AttachToFuncName: "SSL_write",
    BinaryPath:       binaryPath,
    UprobeOffset:     0x1234,  // add  offset
},

2. about state == 18

判断握手状态的值 20不太合适，实际上state 等于18时，握手就完成了

Can you provide more detailed information?

[boost2020]

如果用20时 ，debug的信息是如下：

        if (ssl3_hs_state.state < 20) {
            // not finished yet.
            return 0;
        }

cat /sys/kernel/debug/tracing/trace_pipe



           <...>-37497 [001] .... 25640037.438187: 0: client_version:0, state:0, tls13_state:0
           <...>-37497 [001] .... 25640037.438193: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.438194: 0: SSL_HANDSHAKE_ALLBOOL:0, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.438210: 0: client_version:0, state:1, tls13_state:0
           <...>-37497 [001] .... 25640037.438211: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.438212: 0: SSL_HANDSHAKE_ALLBOOL:0, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.438230: 0: client_version:0, state:1, tls13_state:0
           <...>-37497 [001] .... 25640037.438231: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.438232: 0: SSL_HANDSHAKE_ALLBOOL:0, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.438353: 0: client_version:771, state:5, tls13_state:0
           <...>-37497 [001] .... 25640037.438356: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.438357: 0: SSL_HANDSHAKE_ALLBOOL:131600, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.439763: 0: client_version:771, state:12, tls13_state:0
           <...>-37497 [001] .... 25640037.439766: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.439767: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.442391: 0: client_version:771, state:12, tls13_state:0
           <...>-37497 [001] .... 25640037.442394: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.442395: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.442401: 0: client_version:771, state:12, tls13_state:0
           <...>-37497 [001] .... 25640037.442402: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.442403: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.442413: 0: client_version:771, state:12, tls13_state:0
           <...>-37497 [001] .... 25640037.442414: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.442415: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.442422: 0: client_version:771, state:12, tls13_state:0
           <...>-37497 [001] .... 25640037.442423: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.442425: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.442849: 0: client_version:771, state:12, tls13_state:0
           <...>-37497 [001] .... 25640037.442852: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.442853: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.442859: 0: client_version:771, state:15, tls13_state:0
           <...>-37497 [001] .... 25640037.442861: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.442862: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.442869: 0: client_version:771, state:15, tls13_state:0
           <...>-37497 [001] .... 25640037.442870: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.442871: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.442878: 0: client_version:771, state:15, tls13_state:0
           <...>-37497 [001] .... 25640037.442880: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.442881: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.442911: 0: client_version:771, state:18, tls13_state:0
           <...>-37497 [001] .... 25640037.442913: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.442914: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.442922: 0: client_version:771, state:18, tls13_state:0
           <...>-37497 [001] .... 25640037.442930: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.442931: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.442940: 0: client_version:771, state:18, tls13_state:0
           <...>-37497 [001] .... 25640037.442941: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.442942: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077d123958
           <...>-37497 [001] .... 25640037.442961: 0: client_version:771, state:18, tls13_state:0
           <...>-37497 [001] .... 25640037.442964: 0: TLS version :771, hash_len:0, 
           <...>-37497 [001] .... 25640037.442965: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077d123958

将比较值改到18时，就可以取到key了

        if (ssl3_hs_state.state < 18) {
            // not finished yet.
            return 0;
        }

cat /sys/kernel/debug/tracing/trace_pipe
           <...>-37498 [002] .... 25640191.915947: 0: client_version:0, state:0, tls13_state:0
           <...>-37498 [002] .... 25640191.915952: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.915953: 0: SSL_HANDSHAKE_ALLBOOL:0, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.915954: 0: mastersecret->version :771, client_version:0, 
           <...>-37498 [002] .... 25640191.915973: 0: client_version:0, state:1, tls13_state:0
           <...>-37498 [002] .... 25640191.915974: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.915975: 0: SSL_HANDSHAKE_ALLBOOL:0, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.915975: 0: mastersecret->version :771, client_version:0, 
           <...>-37498 [002] .... 25640191.915993: 0: client_version:0, state:1, tls13_state:0
           <...>-37498 [002] .... 25640191.915993: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.915994: 0: SSL_HANDSHAKE_ALLBOOL:0, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.915995: 0: mastersecret->version :771, client_version:0, 
           <...>-37498 [002] .... 25640191.916145: 0: client_version:771, state:5, tls13_state:0
           <...>-37498 [002] .... 25640191.916148: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.916149: 0: SSL_HANDSHAKE_ALLBOOL:131600, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.916151: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.919168: 0: client_version:771, state:12, tls13_state:0
           <...>-37498 [002] .... 25640191.919171: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.919173: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.919173: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.921925: 0: client_version:771, state:12, tls13_state:0
           <...>-37498 [002] .... 25640191.921928: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.921929: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.921929: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.921935: 0: client_version:771, state:12, tls13_state:0
           <...>-37498 [002] .... 25640191.921936: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.921937: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.921937: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.921946: 0: client_version:771, state:12, tls13_state:0
           <...>-37498 [002] .... 25640191.921946: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.921948: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.921948: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.921956: 0: client_version:771, state:12, tls13_state:0
           <...>-37498 [002] .... 25640191.921957: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.921958: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.921959: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.922366: 0: client_version:771, state:12, tls13_state:0
           <...>-37498 [002] .... 25640191.922368: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.922369: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.922370: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.922377: 0: client_version:771, state:15, tls13_state:0
           <...>-37498 [002] .... 25640191.922377: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.922378: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.922378: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.922385: 0: client_version:771, state:15, tls13_state:0
           <...>-37498 [002] .... 25640191.922386: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.922387: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.922388: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.922396: 0: client_version:771, state:15, tls13_state:0
           <...>-37498 [002] .... 25640191.922397: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.922398: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.922399: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.922424: 0: client_version:771, state:18, tls13_state:0
           <...>-37498 [002] .... 25640191.922428: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.922429: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.922432: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.922434: 0: ssl_st->s3->hs->new_session is not null, address :56077e5c7ba8
           <...>-37498 [002] .... 25640191.922435: 0: s3_address:56077e5cc508, ssl_session_st_addr addr :56077e5c7ba8
           <...>-37498 [002] .... 25640191.922436: 0:  secret_length:48
           <...>-37498 [002] .... 25640191.922438: 0: master_key: 34 83 19
           <...>-37498 [002] .... 25640191.922453: 0: client_version:771, state:18, tls13_state:0
           <...>-37498 [002] .... 25640191.922457: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.922458: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.922460: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.922462: 0: ssl_st->s3->hs->new_session is not null, address :56077e5c7ba8
           <...>-37498 [002] .... 25640191.922463: 0: s3_address:56077e5cc508, ssl_session_st_addr addr :56077e5c7ba8
           <...>-37498 [002] .... 25640191.922464: 0:  secret_length:48
           <...>-37498 [002] .... 25640191.922465: 0: master_key: 34 83 19
           <...>-37498 [002] .... 25640191.922474: 0: client_version:771, state:18, tls13_state:0
           <...>-37498 [002] .... 25640191.922475: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.922476: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.922476: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.922477: 0: ssl_st->s3->hs->new_session is not null, address :56077e5c7ba8
           <...>-37498 [002] .... 25640191.922478: 0: s3_address:56077e5cc508, ssl_session_st_addr addr :56077e5c7ba8
           <...>-37498 [002] .... 25640191.922478: 0:  secret_length:48
           <...>-37498 [002] .... 25640191.922479: 0: master_key: 34 83 19
           <...>-37498 [002] .... 25640191.922511: 0: client_version:771, state:18, tls13_state:0
           <...>-37498 [002] .... 25640191.922514: 0: TLS version :771, hash_len:0, 
           <...>-37498 [002] .... 25640191.922515: 0: SSL_HANDSHAKE_ALLBOOL:8520208, ssl_hs_st_addr:56077c9a9088
           <...>-37498 [002] .... 25640191.922515: 0: mastersecret->version :771, client_version:771, 
           <...>-37498 [002] .... 25640191.922517: 0: ssl_st->s3->hs->new_session is not null, address :56077e5c7ba8
           <...>-37498 [002] .... 25640191.922518: 0: s3_address:56077e5cc508, ssl_session_st_addr addr :56077e5c7ba8
           <...>-37498 [002] .... 25640191.922519: 0:  secret_length:48
           <...>-37498 [002] .... 25640191.922520: 0: master_key: 34 83 19

运行环境如开头描述
nginx 静态编译boringssl main-with-bazel 分支 commit id: f1c75347daa2ea81a941e953f2263e0a4d970c8d

[boost2020]

但是确实有点奇怪，从客户端看确实状态到了20

* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [104 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3019 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:

[cfc4n]

20 is more accurate than 18.

enum tls12_server_hs_state_t {
  state12_start_accept = 0,
  state12_read_client_hello,
  state12_read_client_hello_after_ech,
  state12_cert_callback,
  state12_tls13,
  state12_select_parameters,
  state12_send_server_hello,
  state12_send_server_certificate,
  state12_send_server_key_exchange,
  state12_send_server_hello_done,
  state12_read_client_certificate,
  state12_verify_client_certificate,
  state12_read_client_key_exchange,
  state12_read_client_certificate_verify,
  state12_read_change_cipher_spec,
  state12_process_change_cipher_spec,
  state12_read_next_proto,
  state12_read_channel_id,
  state12_read_client_finished,
  state12_send_server_finished,
  state12_finish_server_handshake,
  state12_done,
};

You can carefully read the code related to state12_read_client_finished, state12_send_server_finished, and state12_finish_server_handshake.

[boost2020]

That's right, I changed the max to 18 to output the key. I'll debug it again

[boost2020]

gdb了nginx看了一下，boringssl中ssl_in_init这个貌似只到了18就结束，也就是后面的19，20都没有到ssl_in_init

所以这应该是bosringssl_masterkey.h中我把它改小到18才能输出key的原因。

[boost2020]

再次确认ssl_in_init在state 19后不再调用，确切的证据：

在state 18时调用了3次ssl_in_init，所以在我这种情景下，只能用18，否则无法取到key

   if (ssl3_hs_state.state < 18) {
        // not finished yet.
        return 0;
    }

[cfc4n]

这个问题稍微复杂一些，涉及TLS 协议版本、Client、Server角色，都会影响openssl的TLS链接状态。

eCapture需要更准确的判断分支，我近期会做验证，感谢反馈。

---

This issue is slightly more complex, involving the TLS protocol version and the roles of Client and Server, all of which can affect the OpenSSL TLS connection status.

eCapture requires a more accurate determination of branches; I will conduct verification in the near future. Thank you for your feedback.