Switch the keylog BIO to a callback.

The keylog BIO is internally synchronized by the SSL_CTX lock, but an
application may wish to log keys from multiple SSL_CTXs. This is in
preparation for switching Chromium to use a separate SSL_CTX per profile
to more naturally split up the session caches.

It will also be useful for routing up SSLKEYLOGFILE in WebRTC. There,
each log line must be converted to an IPC up from the renderer
processes.

This will require changes in Chromium when we roll BoringSSL.

BUG=458365,webrtc:4417

Change-Id: I2945bdb4def0a9c36e751eab3d5b06c330d66b54
Reviewed-on: https://boringssl-review.googlesource.com/6514
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 13 insertions, 4 deletions

diff --git a/tool/client.cc b/tool/client.cc
index cd8353bc..c09f4576 100644
--- a/tool/client.cc
+++ b/tool/client.cc
@@ -14,6 +14,8 @@
 
 #include <openssl/base.h>
 
+#include <stdio.h>
+
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
@@ -119,6 +121,13 @@ static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen,
   return SSL_TLSEXT_ERR_OK;
 }
 
+static FILE *g_keylog_file = nullptr;
+
+static void KeyLogCallback(const SSL *ssl, const char *line) {
+  fprintf(g_keylog_file, "%s\n", line);
+  fflush(g_keylog_file);
+}
+
 bool Client(const std::vector<std::string> &args) {
   if (!InitSocketLibrary()) {
     return false;
@@ -135,12 +144,12 @@ bool Client(const std::vector<std::string> &args) {
 
   const char *keylog_file = getenv("SSLKEYLOGFILE");
   if (keylog_file) {
-    BIO *keylog_bio = BIO_new_file(keylog_file, "a");
-    if (!keylog_bio) {
-      ERR_print_errors_cb(PrintErrorCallback, stderr);
+    g_keylog_file = fopen(keylog_file, "a");
+    if (g_keylog_file == nullptr) {
+      perror("fopen");
       return false;
     }
-    SSL_CTX_set_keylog_bio(ctx.get(), keylog_bio);
+    SSL_CTX_set_keylog_callback(ctx.get(), KeyLogCallback);
   }
 
   if (args_map.count("-cipher") != 0 &&