From: Hugo Landau <hlandau@openssl.org>
Date: Tue, 6 Feb 2024 08:15:27 +0000 (+0000)
Subject: QUIC RADIX: Add keylogging support
X-Git-Tag: openssl-3.5.0-alpha1~428
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=05f0960e1f5d00ef7800cfb0f0656192a5e4fd91;p=thirdparty%2Fopenssl.git

QUIC RADIX: Add keylogging support

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23487)
---

diff --git a/test/radix/quic_bindings.c b/test/radix/quic_bindings.c
index d90148e03d3..03d8e48a8b1 100644
--- a/test/radix/quic_bindings.c
+++ b/test/radix/quic_bindings.c
@@ -64,9 +64,10 @@ typedef struct radix_process_st {
     STACK_OF(RADIX_THREAD)  *threads;
 
     /* Process-global state. */
-    CRYPTO_MUTEX            *gm;        /* global mutex */
-    LHASH_OF(RADIX_OBJ)     *objs;      /* protected by gm */
-    OSSL_TIME               time_slip;  /* protected by gm */
+    CRYPTO_MUTEX            *gm;            /* global mutex */
+    LHASH_OF(RADIX_OBJ)     *objs;          /* protected by gm */
+    OSSL_TIME               time_slip;      /* protected by gm */
+    BIO                     *keylog_out;    /* protected by gm */
 
     int                     done_join_all_threads;
 
@@ -142,6 +143,8 @@ static int RADIX_OBJ_cmp(const RADIX_OBJ *a, const RADIX_OBJ *b)
 
 static int RADIX_PROCESS_init(RADIX_PROCESS *rp, size_t node_idx, size_t process_idx)
 {
+    const char *keylog_path;
+
 #if defined(OPENSSL_THREADS)
     if (!TEST_ptr(rp->gm = ossl_crypto_mutex_new()))
         goto err;
@@ -153,6 +156,12 @@ static int RADIX_PROCESS_init(RADIX_PROCESS *rp, size_t node_idx, size_t process
     if (!TEST_ptr(rp->threads = sk_RADIX_THREAD_new(NULL)))
         goto err;
 
+    rp->keylog_out = NULL;
+    keylog_path = ossl_safe_getenv("SSLKEYLOGFILE");
+    if (keylog_path != NULL && *keylog_path != '\0'
+        && !TEST_ptr(rp->keylog_out = BIO_new_file(keylog_path, "a")))
+        goto err;
+
     rp->node_idx                = node_idx;
     rp->process_idx             = process_idx;
     rp->done_join_all_threads   = 0;
@@ -412,6 +421,8 @@ static void RADIX_PROCESS_cleanup(RADIX_PROCESS *rp)
     lh_RADIX_OBJ_free(rp->objs);
     rp->objs = NULL;
 
+    BIO_free_all(rp->keylog_out);
+    rp->keylog_out = NULL;
     ossl_crypto_mutex_free(&rp->gm);
 }
 
diff --git a/test/radix/quic_ops.c b/test/radix/quic_ops.c
index 7289066419d..0a601765908 100644
--- a/test/radix/quic_ops.c
+++ b/test/radix/quic_ops.c
@@ -31,6 +31,14 @@ static int ssl_ctx_select_alpn(SSL *ssl,
     return SSL_TLSEXT_ERR_OK;
 }
 
+static void keylog_cb(const SSL *ssl, const char *line)
+{
+    ossl_crypto_mutex_lock(RP()->gm);
+    BIO_printf(RP()->keylog_out, "%s", line);
+    (void)BIO_flush(RP()->keylog_out);
+    ossl_crypto_mutex_unlock(RP()->gm);
+}
+
 static int ssl_ctx_configure(SSL_CTX *ctx, int is_server)
 {
     if (!TEST_true(ossl_quic_set_diag_title(ctx, "quic_radix_test")))
@@ -39,6 +47,9 @@ static int ssl_ctx_configure(SSL_CTX *ctx, int is_server)
     if (!is_server)
         return 1;
 
+    if (RP()->keylog_out != NULL)
+        SSL_CTX_set_keylog_callback(ctx, keylog_cb);
+
     if (!TEST_int_eq(SSL_CTX_use_certificate_file(ctx, cert_file,
                                                   SSL_FILETYPE_PEM), 1)
         || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, key_file,