QUIC RADIX: Add keylogging support

Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #23487)
openssl · Mar 26, 2024 · 061a2bc · 061a2bc
1 parent e1df882
commit 061a2bc
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 3 deletions.
diff --git a/test/radix/quic_bindings.c b/test/radix/quic_bindings.c
@@ -64,9 +64,10 @@ typedef struct radix_process_st {
     STACK_OF(RADIX_THREAD)  *threads;
 
     /* Process-global state. */
-    CRYPTO_MUTEX            *gm;        /* global mutex */
-    LHASH_OF(RADIX_OBJ)     *objs;      /* protected by gm */
-    OSSL_TIME               time_slip;  /* protected by gm */
+    CRYPTO_MUTEX            *gm;            /* global mutex */
+    LHASH_OF(RADIX_OBJ)     *objs;          /* protected by gm */
+    OSSL_TIME               time_slip;      /* protected by gm */
+    BIO                     *keylog_out;    /* protected by gm */
 
     int                     done_join_all_threads;
 
@@ -142,6 +143,8 @@ static int RADIX_OBJ_cmp(const RADIX_OBJ *a, const RADIX_OBJ *b)
 
 static int RADIX_PROCESS_init(RADIX_PROCESS *rp, size_t node_idx, size_t process_idx)
 {
+    const char *keylog_path;
+
 #if defined(OPENSSL_THREADS)
     if (!TEST_ptr(rp->gm = ossl_crypto_mutex_new()))
         goto err;
@@ -153,6 +156,12 @@ static int RADIX_PROCESS_init(RADIX_PROCESS *rp, size_t node_idx, size_t process
     if (!TEST_ptr(rp->threads = sk_RADIX_THREAD_new(NULL)))
         goto err;
 
+    rp->keylog_out = NULL;
+    keylog_path = ossl_safe_getenv("SSLKEYLOGFILE");
+    if (keylog_path != NULL && *keylog_path != '\0'
+        && !TEST_ptr(rp->keylog_out = BIO_new_file(keylog_path, "a")))
+        goto err;
+
     rp->node_idx                = node_idx;
     rp->process_idx             = process_idx;
     rp->done_join_all_threads   = 0;
@@ -412,6 +421,8 @@ static void RADIX_PROCESS_cleanup(RADIX_PROCESS *rp)
     lh_RADIX_OBJ_free(rp->objs);
     rp->objs = NULL;
 
+    BIO_free_all(rp->keylog_out);
+    rp->keylog_out = NULL;
     ossl_crypto_mutex_free(&rp->gm);
 }
 

diff --git a/test/radix/quic_ops.c b/test/radix/quic_ops.c
@@ -31,6 +31,14 @@ static int ssl_ctx_select_alpn(SSL *ssl,
     return SSL_TLSEXT_ERR_OK;
 }
 
+static void keylog_cb(const SSL *ssl, const char *line)
+{
+    ossl_crypto_mutex_lock(RP()->gm);
+    BIO_printf(RP()->keylog_out, "%s", line);
+    (void)BIO_flush(RP()->keylog_out);
+    ossl_crypto_mutex_unlock(RP()->gm);
+}
+
 static int ssl_ctx_configure(SSL_CTX *ctx, int is_server)
 {
     if (!TEST_true(ossl_quic_set_diag_title(ctx, "quic_radix_test")))
@@ -39,6 +47,9 @@ static int ssl_ctx_configure(SSL_CTX *ctx, int is_server)
     if (!is_server)
         return 1;
 
+    if (RP()->keylog_out != NULL)
+        SSL_CTX_set_keylog_callback(ctx, keylog_cb);
+
     if (!TEST_int_eq(SSL_CTX_use_certificate_file(ctx, cert_file,
                                                   SSL_FILETYPE_PEM), 1)
         || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, key_file,