1*e7be843bSPierre Pronchery#! /usr/bin/env perl 2*e7be843bSPierre Pronchery# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. 3*e7be843bSPierre Pronchery# 4*e7be843bSPierre Pronchery# Licensed under the Apache License 2.0 (the "License"). You may not use 5*e7be843bSPierre Pronchery# this file except in compliance with the License. You can obtain a copy 6*e7be843bSPierre Pronchery# in the file LICENSE in the source distribution or at 7*e7be843bSPierre Pronchery# https://www.openssl.org/source/license.html 8*e7be843bSPierre Pronchery 9*e7be843bSPierre Proncheryuse strict; 10*e7be843bSPierre Proncheryuse warnings; 11*e7be843bSPierre Pronchery 12*e7be843bSPierre Proncheryuse IPC::Open3; 13*e7be843bSPierre Proncheryuse OpenSSL::Test qw/:DEFAULT result_dir srctop_file bldtop_file/; 14*e7be843bSPierre Proncheryuse OpenSSL::Test::Utils; 15*e7be843bSPierre Pronchery 16*e7be843bSPierre Proncherymy $test_name = "test_sslkeylogfile"; 17*e7be843bSPierre Proncherysetup($test_name); 18*e7be843bSPierre Pronchery 19*e7be843bSPierre Proncheryplan skip_all => "$test_name requires SSLKEYLOGFILE support" 20*e7be843bSPierre Pronchery if disabled("sslkeylog"); 21*e7be843bSPierre Pronchery 22*e7be843bSPierre Proncherymy $tests = 1; 23*e7be843bSPierre Proncheryif ($^O =~ /^(linux)$/) { 24*e7be843bSPierre Pronchery $tests = 2; 25*e7be843bSPierre Pronchery} 26*e7be843bSPierre Pronchery 27*e7be843bSPierre Proncheryplan tests => $tests; 28*e7be843bSPierre Pronchery 29*e7be843bSPierre Pronchery 30*e7be843bSPierre Proncherymy $shlib_wrap = srctop_file("util", "wrap.pl"); 31*e7be843bSPierre Proncherymy $apps_openssl = srctop_file("apps", "openssl"); 32*e7be843bSPierre Proncherymy $server_pem = srctop_file("test", "certs", "servercert.pem"); 33*e7be843bSPierre Proncherymy $server_key = srctop_file("test", "certs", "serverkey.pem"); 34*e7be843bSPierre Pronchery 35*e7be843bSPierre Proncherymy $resultdir = result_dir(); 36*e7be843bSPierre Proncherymy $sslkeylogfile = "$resultdir/sslkeylog.keys"; 37*e7be843bSPierre Proncherymy $trace_file = "$resultdir/keylog.keys"; 38*e7be843bSPierre Pronchery 39*e7be843bSPierre Pronchery# Start s_server 40*e7be843bSPierre Proncherymy @s_server_cmd = ("s_server", "-accept", "0", "-naccept", "1", 41*e7be843bSPierre Pronchery "-cert", $server_pem, "-key", $server_key); 42*e7be843bSPierre Proncherymy $s_server_pid = open3(my $s_server_i, my $s_server_o, my $s_server_e, $shlib_wrap, $apps_openssl, @s_server_cmd); 43*e7be843bSPierre Pronchery 44*e7be843bSPierre Pronchery# expected outputs from the server 45*e7be843bSPierre Pronchery# ACCEPT 0.0.0.0:<port> 46*e7be843bSPierre Pronchery# ACCEPT [::]:<port> 47*e7be843bSPierre Proncherymy $port = "0"; 48*e7be843bSPierre Pronchery# Figure out what port its listening on 49*e7be843bSPierre Proncherywhile (<$s_server_o>) { 50*e7be843bSPierre Pronchery print($_); 51*e7be843bSPierre Pronchery chomp; 52*e7be843bSPierre Pronchery if (/^ACCEPT 0.0.0.0:(\d+)/) { 53*e7be843bSPierre Pronchery $port = $1; 54*e7be843bSPierre Pronchery last; 55*e7be843bSPierre Pronchery } elsif (/^ACCEPT \[::\]:(\d+)/) { 56*e7be843bSPierre Pronchery $port = $1; 57*e7be843bSPierre Pronchery last; 58*e7be843bSPierre Pronchery } elsif (/^Using default/) { 59*e7be843bSPierre Pronchery ; 60*e7be843bSPierre Pronchery } else { 61*e7be843bSPierre Pronchery last; 62*e7be843bSPierre Pronchery } 63*e7be843bSPierre Pronchery} 64*e7be843bSPierre Proncherymy $server_port = $port; 65*e7be843bSPierre Pronchery 66*e7be843bSPierre Proncheryprint("s_server ready, listening on port $server_port\n"); 67*e7be843bSPierre Pronchery 68*e7be843bSPierre Pronchery# Use SSLKEYLOGFILE to record keylogging 69*e7be843bSPierre Pronchery$ENV{SSLKEYLOGFILE} = $sslkeylogfile; 70*e7be843bSPierre Pronchery 71*e7be843bSPierre Pronchery# Start a client and use the -keylogfile option to independently trace keylog messages 72*e7be843bSPierre Proncherymy @s_client_cmd = ("s_client", "-connect", "localhost:$server_port", "-keylogfile", $trace_file); 73*e7be843bSPierre Proncherymy $s_client_pid = open3(my $s_client_i, my $s_client_o, my $s_client_e, $shlib_wrap, $apps_openssl, @s_client_cmd); 74*e7be843bSPierre Pronchery 75*e7be843bSPierre Pronchery# Issue a quit command to terminate the client after connect 76*e7be843bSPierre Proncheryprint $s_client_i "Q\n"; 77*e7be843bSPierre Proncherywaitpid($s_client_pid, 0); 78*e7be843bSPierre Proncherykill 'HUP', $s_server_pid; 79*e7be843bSPierre Pronchery 80*e7be843bSPierre Pronchery# Test 1: Compare the output of -keylogfile and SSLKEYLOGFILE, and make sure they match 81*e7be843bSPierre Pronchery# Note, the former adds a comment, that the latter does not, so ignore comments with -I in diff 82*e7be843bSPierre Proncheryok(run(cmd(["diff", "-I" ,"^#.*\$", $sslkeylogfile, $trace_file]))); 83*e7be843bSPierre Pronchery 84*e7be843bSPierre Pronchery# Test 2, linux-specific: the keylog file should have permission 0600 85*e7be843bSPierre Proncheryif ($^O =~ /^(linux)$/) { 86*e7be843bSPierre Pronchery my $mode = sprintf("%04o", (stat($sslkeylogfile))[2] & 07777); 87*e7be843bSPierre Pronchery ok($mode eq "0600"); 88*e7be843bSPierre Pronchery} 89