Add SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callback

Some things in ports care about calling these functions. Since we will not provide private key logging functionality they are documented as being for compatibility and that they don't do anything. ok tb@
author: beck <> 2021-10-23 11:41:52 +0000
committer: beck <> 2021-10-23 11:41:52 +0000
commit: 7585b0231596c5d2015f31d0be70147c37b7f771 (patch)
tree: fcc6827eb234fa77e1891d55e0878cd73d50c58d /src
parent: a5f888f12a4a0e150b9d5d12d42393211132e830 (diff)
download: openbsd-7585b0231596c5d2015f31d0be70147c37b7f771.tar.gz
openbsd-7585b0231596c5d2015f31d0be70147c37b7f771.tar.bz2
openbsd-7585b0231596c5d2015f31d0be70147c37b7f771.zip
5 files changed, 67 insertions, 4 deletions
diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile
index 1dbe53751f..c524a22493 100644
--- a/src/lib/libssl/man/Makefile
+++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.73 2021/09/14 14:30:57 schwarze Exp $
+# $OpenBSD: Makefile,v 1.74 2021/10/23 11:41:52 beck Exp $
 .include <bsd.own.mk>
@@ -32,6 +32,7 @@ MAN =	BIO_f_ssl.3 \
        SSL_CTX_set_default_passwd_cb.3 \
        SSL_CTX_set_generate_session_id.3 \
        SSL_CTX_set_info_callback.3 \
+        SSL_CTX_set_keylog_callback.3 \
        SSL_CTX_set_max_cert_list.3 \
        SSL_CTX_set_min_proto_version.3 \
        SSL_CTX_set_mode.3 \
diff --git a/src/lib/libssl/man/SSL_CTX_set_keylog_callback.3 b/src/lib/libssl/man/SSL_CTX_set_keylog_callback.3
new file mode 100644
index 0000000000..023643d8ee
--- /dev/null
+++ b/src/lib/libssl/man/SSL_CTX_set_keylog_callback.3
@@ -0,0 +1,44 @@
+.\" $OpenBSD: SSL_CTX_set_keylog_callback.3,v 1.1 2021/10/23 11:41:52 beck Exp $
+.\" Copyright (c) 2021, Bob Beck <beck@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: October 23 2021 $
+.Dt SSL_CTX_SET_KEYLOG_CALLBACK 3
+.Os
+.Sh NAME
+.Nm SSL_CTX_set_keylog_callback ,
+.Nm SSL_CTX_get_keylog_callback
+.Nd set and get the unused key logging callback
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Bd -literal
+typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line)
+.Ed
+.Ft void
+.Fn SSL_CTX_set_keylog_callback "SSL_CTX *ctx" "SSL_CTX_keylog_cb_func cb"
+.Ft SSL_CTX_keylog_cb_func
+.Fn SSL_CTX_get_keylog_callback "const SSL_CTX *ctx"
+.Sh DESCRIPTION
+.Fn SSL_CTX_set_keylog_callback
+sets the TLS key logging callback.
+This callback is never called in LibreSSL.
+.Pp
+.Fn SSL_CTX_set_keylog_callback
+retrieves the previously set TLS key logging callback.
+.Pp
+These functions are provided only for compatibility with OpenSSL.
+.Sh RETURN VALUES
+.Fn SSL_CTX_get_keylog_callback
+returns the previously set TLS key logging callback, or NULL
+if no callback has been set.
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 2a55cf0efb..09d68beb0b 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.210 2021/10/15 16:48:46 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.211 2021/10/23 11:41:51 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -505,6 +505,11 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
    int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
 #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
+#if defined(LIBRESSL_NEW_API)
+void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
+SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
+#endif
 #ifndef LIBRESSL_INTERNAL
 struct ssl_aead_ctx_st;
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 0f86238d5e..cb8c02844c 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.268 2021/09/10 08:59:56 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.269 2021/10/23 11:41:52 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -770,6 +770,18 @@ int
        return (s->internal->verify_callback);
 }
+void
+SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
+{
+        ctx->internal->keylog_callback = cb;
+}
+SSL_CTX_keylog_cb_func
+SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
+{
+        return (ctx->internal->keylog_callback);
+}
 int
 SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
 {
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 62f874061e..b41a5d803f 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.361 2021/10/23 08:34:36 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.362 2021/10/23 11:41:52 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -843,6 +843,7 @@ typedef struct ssl_ctx_internal_st {
        uint8_t *tlsext_ecpointformatlist; /* our list */
        size_t tlsext_supportedgroups_length;
        uint16_t *tlsext_supportedgroups; /* our list */
+        SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */
 } SSL_CTX_INTERNAL;
 struct ssl_ctx_st {
author	beck <>	2021-10-23 11:41:52 +0000
committer	beck <>	2021-10-23 11:41:52 +0000
commit	7585b0231596c5d2015f31d0be70147c37b7f771 (patch)
tree	fcc6827eb234fa77e1891d55e0878cd73d50c58d /src
parent	a5f888f12a4a0e150b9d5d12d42393211132e830 (diff)
download	openbsd-7585b0231596c5d2015f31d0be70147c37b7f771.tar.gz openbsd-7585b0231596c5d2015f31d0be70147c37b7f771.tar.bz2 openbsd-7585b0231596c5d2015f31d0be70147c37b7f771.zip

diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile index 1dbe53751f..c524a22493 100644 --- a/src/lib/libssl/man/Makefile +++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.73 2021/09/14 14:30:57 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.74 2021/10/23 11:41:52 beck Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -32,6 +32,7 @@ MAN = BIO_f_ssl.3 \
32	SSL_CTX_set_default_passwd_cb.3 \	32	SSL_CTX_set_default_passwd_cb.3 \
33	SSL_CTX_set_generate_session_id.3 \	33	SSL_CTX_set_generate_session_id.3 \
34	SSL_CTX_set_info_callback.3 \	34	SSL_CTX_set_info_callback.3 \
		35	SSL_CTX_set_keylog_callback.3 \
35	SSL_CTX_set_max_cert_list.3 \	36	SSL_CTX_set_max_cert_list.3 \
36	SSL_CTX_set_min_proto_version.3 \	37	SSL_CTX_set_min_proto_version.3 \
37	SSL_CTX_set_mode.3 \	38	SSL_CTX_set_mode.3 \


diff --git a/src/lib/libssl/man/SSL_CTX_set_keylog_callback.3 b/src/lib/libssl/man/SSL_CTX_set_keylog_callback.3 new file mode 100644 index 0000000000..023643d8ee --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_keylog_callback.3
@@ -0,0 +1,44 @@
		1	.\" $OpenBSD: SSL_CTX_set_keylog_callback.3,v 1.1 2021/10/23 11:41:52 beck Exp $
		2	.\" Copyright (c) 2021, Bob Beck <beck@openbsd.org>
		3	.\"
		4	.\" Permission to use, copy, modify, and distribute this software for any
		5	.\" purpose with or without fee is hereby granted, provided that the above
		6	.\" copyright notice and this permission notice appear in all copies.
		7	.\"
		8	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		9	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		10	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		11	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		12	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		13	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		14	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		15	.\"
		16	.Dd $Mdocdate: October 23 2021 $
		17	.Dt SSL_CTX_SET_KEYLOG_CALLBACK 3
		18	.Os
		19	.Sh NAME
		20	.Nm SSL_CTX_set_keylog_callback ,
		21	.Nm SSL_CTX_get_keylog_callback
		22	.Nd set and get the unused key logging callback
		23	.Sh SYNOPSIS
		24	.In openssl/ssl.h
		25	.Bd -literal
		26	typedef void (SSL_CTX_keylog_cb_func)(const SSL ssl, const char *line)
		27	.Ed
		28	.Ft void
		29	.Fn SSL_CTX_set_keylog_callback "SSL_CTX *ctx" "SSL_CTX_keylog_cb_func cb"
		30	.Ft SSL_CTX_keylog_cb_func
		31	.Fn SSL_CTX_get_keylog_callback "const SSL_CTX *ctx"
		32	.Sh DESCRIPTION
		33	.Fn SSL_CTX_set_keylog_callback
		34	sets the TLS key logging callback.
		35	This callback is never called in LibreSSL.
		36	.Pp
		37	.Fn SSL_CTX_set_keylog_callback
		38	retrieves the previously set TLS key logging callback.
		39	.Pp
		40	These functions are provided only for compatibility with OpenSSL.
		41	.Sh RETURN VALUES
		42	.Fn SSL_CTX_get_keylog_callback
		43	returns the previously set TLS key logging callback, or NULL
		44	if no callback has been set.


diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 2a55cf0efb..09d68beb0b 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.210 2021/10/15 16:48:46 jsing Exp $ */	1	/* $OpenBSD: ssl.h,v 1.211 2021/10/23 11:41:51 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -505,6 +505,11 @@ void SSL_set_msg_callback(SSL ssl, void (cb)(int write_p, int version,
505	int content_type, const void buf, size_t len, SSL ssl, void *arg));	505	int content_type, const void buf, size_t len, SSL ssl, void *arg));
506	#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))	506	#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
507	#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))	507	#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
		508	typedef void (SSL_CTX_keylog_cb_func)(const SSL ssl, const char *line);
		509	#if defined(LIBRESSL_NEW_API)
		510	void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
		511	SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
		512	#endif
508		513
509	#ifndef LIBRESSL_INTERNAL	514	#ifndef LIBRESSL_INTERNAL
510	struct ssl_aead_ctx_st;	515	struct ssl_aead_ctx_st;


diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 0f86238d5e..cb8c02844c 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.268 2021/09/10 08:59:56 tb Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.269 2021/10/23 11:41:52 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -770,6 +770,18 @@ int
770	return (s->internal->verify_callback);	770	return (s->internal->verify_callback);
771	}	771	}
772		772
		773	void
		774	SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
		775	{
		776	ctx->internal->keylog_callback = cb;
		777	}
		778
		779	SSL_CTX_keylog_cb_func
		780	SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
		781	{
		782	return (ctx->internal->keylog_callback);
		783	}
		784
773	int	785	int
774	SSL_CTX_get_verify_mode(const SSL_CTX *ctx)	786	SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
775	{	787	{


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 62f874061e..b41a5d803f 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.361 2021/10/23 08:34:36 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.362 2021/10/23 11:41:52 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -843,6 +843,7 @@ typedef struct ssl_ctx_internal_st {
843	uint8_t tlsext_ecpointformatlist; / our list */	843	uint8_t tlsext_ecpointformatlist; / our list */
844	size_t tlsext_supportedgroups_length;	844	size_t tlsext_supportedgroups_length;
845	uint16_t tlsext_supportedgroups; / our list */	845	uint16_t tlsext_supportedgroups; / our list */
		846	SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */
846	} SSL_CTX_INTERNAL;	847	} SSL_CTX_INTERNAL;
847		848
848	struct ssl_ctx_st {	849	struct ssl_ctx_st {