jrocha/sslkeylogfile.patch Secret

## sslkeylogfile.patch
Description: Add SSLKEYFILE support direct on OpenSSL
Author: Jorge Rocha Gualtieri <jorge@jrg.com.br>
Last-Update: 2022-08-17

--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -9,7 +9,9 @@
  * https://www.openssl.org/source/license.html
  */

+#include <fcntl.h>
 #include <stdio.h>
+#include <unistd.h>
 #include "ssl_local.h"
 #include <openssl/objects.h>
 #include <openssl/x509v3.h>
@@ -5213,6 +5215,24 @@ SSL_CTX_keylog_cb_func SSL_CTX_get_keylo
     return ctx->keylog_callback;
 }

+static void builtin_keylog(const SSL *ssl, const char *line)
+{
+    static int fd = 0;
+
+    if (fd == 0)
+    {
+        char* sslkeylogfile = getenv("SSLKEYLOGFILE");
+        if (!sslkeylogfile) sslkeylogfile = "/tmp/sslkeylogfile.log";
+        fd = open(sslkeylogfile, O_CREAT | O_WRONLY | O_APPEND, S_IRUSR | S_IWUSR);
+    }
+    if (fd <= 0) return;
+
+    write(fd, line, strlen(line));
+    write(fd, "\n", 1);
+    fsync(fd);
+}
+
 static int nss_keylog_int(const char *prefix,
                           SSL *ssl,
                           const uint8_t *parameter_1,
@@ -5226,9 +5246,6 @@ static int nss_keylog_int(const char *pr
     size_t i;
     size_t prefix_len;

-    if (ssl->ctx->keylog_callback == NULL)
-        return 1;
-
     /*
      * Our output buffer will contain the following strings, rendered with
      * space characters in between, terminated by a NULL character: first the
@@ -5261,7 +5278,10 @@ static int nss_keylog_int(const char *pr
     }
     *cursor = '\0';

-    ssl->ctx->keylog_callback(ssl, (const char *)out);
+    builtin_keylog(ssl, (const char *)out);
+
+    if (ssl->ctx->keylog_callback != NULL) ssl->ctx->keylog_callback(ssl, (const char *)out);
+
     OPENSSL_clear_free(out, out_len);
     return 1;
	Description: Add SSLKEYFILE support direct on OpenSSL
	Author: Jorge Rocha Gualtieri <jorge@jrg.com.br>
	Last-Update: 2022-08-17

	--- a/ssl/ssl_lib.c
	+++ b/ssl/ssl_lib.c
	@@ -9,7 +9,9 @@
	* https://www.openssl.org/source/license.html
	*/

	+#include <fcntl.h>
	#include <stdio.h>
	+#include <unistd.h>
	#include "ssl_local.h"
	#include <openssl/objects.h>
	#include <openssl/x509v3.h>
	@@ -5213,6 +5215,24 @@ SSL_CTX_keylog_cb_func SSL_CTX_get_keylo
	return ctx->keylog_callback;
	}

	+static void builtin_keylog(const SSL ssl, const char line)
	+{
	+ static int fd = 0;
	+
	+ if (fd == 0)
	+ {
	+ char* sslkeylogfile = getenv("SSLKEYLOGFILE");
	+ if (!sslkeylogfile) sslkeylogfile = "/tmp/sslkeylogfile.log";
	+ fd = open(sslkeylogfile, O_CREAT \| O_WRONLY \| O_APPEND, S_IRUSR \| S_IWUSR);
	+ }
	+ if (fd <= 0) return;
	+
	+ write(fd, line, strlen(line));
	+ write(fd, "\n", 1);
	+ fsync(fd);
	+}
	+
	static int nss_keylog_int(const char *prefix,
	SSL *ssl,
	const uint8_t *parameter_1,
	@@ -5226,9 +5246,6 @@ static int nss_keylog_int(const char *pr
	size_t i;
	size_t prefix_len;

	- if (ssl->ctx->keylog_callback == NULL)
	- return 1;
	-
	/*
	* Our output buffer will contain the following strings, rendered with
	* space characters in between, terminated by a NULL character: first the
	@@ -5261,7 +5278,10 @@ static int nss_keylog_int(const char *pr
	}
	*cursor = '\0';

	- ssl->ctx->keylog_callback(ssl, (const char *)out);
	+ builtin_keylog(ssl, (const char *)out);
	+
	+ if (ssl->ctx->keylog_callback != NULL) ssl->ctx->keylog_callback(ssl, (const char *)out);
	+
	OPENSSL_clear_free(out, out_len);
	return 1;