LibTLS: Remove key-logging debug feature

This attempted to save data into /home/anon even on Linux
2025-12-22 09:19:03 +00:00 · 2024-06-23 17:38:00 +02:00
parent f03e6fddf1
commit 9f7f6aa80c
5 changed files with 2 additions and 25 deletions
--- a/AK/Debug.h.in
+++ b/AK/Debug.h.in
@@ -242,10 +242,6 @@
 #    cmakedefine01 TLS_DEBUG
 #endif
 #ifndef TLS_SSL_KEYLOG_DEBUG
 #    cmakedefine01 TLS_SSL_KEYLOG_DEBUG
 #endif
 #ifndef TOKENIZER_TRACE_DEBUG
 #    cmakedefine01 TOKENIZER_TRACE_DEBUG
 #endif
--- a/Meta/CMake/all_the_debug_macros.cmake
+++ b/Meta/CMake/all_the_debug_macros.cmake
@@ -56,7 +56,6 @@ set(TEXTEDITOR_DEBUG ON)
 set(TIFF_DEBUG ON)
 set(TIME_ZONE_DEBUG ON)
 set(TLS_DEBUG ON)
 set(TLS_SSL_KEYLOG_DEBUG ON)
 set(TOKENIZER_TRACE_DEBUG ON)
 set(URL_PARSER_DEBUG ON)
 set(UTF8_DEBUG ON)
--- a/Meta/gn/secondary/AK/BUILD.gn
+++ b/Meta/gn/secondary/AK/BUILD.gn
@@ -268,7 +268,6 @@ write_cmake_config("ak_debug_gen") {
    "TIFF_DEBUG=",
    "TIME_ZONE_DEBUG=",
    "TLS_DEBUG=",
    "TLS_SSL_KEYLOG_DEBUG=",
    "TOKENIZER_TRACE_DEBUG=",
    "URL_PARSER_DEBUG=",
    "UTF8_DEBUG=",
--- a/Userland/Libraries/LibTLS/HandshakeClient.cpp
+++ b/Userland/Libraries/LibTLS/HandshakeClient.cpp
@@ -151,15 +151,6 @@ bool TLSv12::compute_master_secret_from_pre_master_secret(size_t length)
        print_buffer(m_context.master_key);
    }
    if constexpr (TLS_SSL_KEYLOG_DEBUG) {
        auto file = MUST(Core::File::open("/home/anon/ssl_keylog"sv, Core::File::OpenMode::Append | Core::File::OpenMode::Write));
        MUST(file->write_until_depleted("CLIENT_RANDOM "sv));
        MUST(file->write_until_depleted(encode_hex({ m_context.local_random, 32 })));
        MUST(file->write_until_depleted(" "sv));
        MUST(file->write_until_depleted(encode_hex(m_context.master_key)));
        MUST(file->write_until_depleted("\n"sv));
    }
    expand_key();
    return true;
 }
--- a/Userland/Services/RequestServer/main.cpp
+++ b/Userland/Services/RequestServer/main.cpp
@@ -18,19 +18,13 @@
 ErrorOr<int> serenity_main(Main::Arguments)
 {
-    if constexpr (TLS_SSL_KEYLOG_DEBUG)
+    TRY(Core::System::pledge("stdio inet accept thread unix rpath sendfd recvfd sigaction"));
        TRY(Core::System::pledge("stdio inet accept thread unix cpath wpath rpath sendfd recvfd sigaction"));
    else
        TRY(Core::System::pledge("stdio inet accept thread unix rpath sendfd recvfd sigaction"));
 #ifdef SIGINFO
    signal(SIGINFO, [](int) { RequestServer::ConnectionCache::dump_jobs(); });
 #endif
-    if constexpr (TLS_SSL_KEYLOG_DEBUG)
+    TRY(Core::System::pledge("stdio inet accept thread unix rpath sendfd recvfd"));
        TRY(Core::System::pledge("stdio inet accept thread unix cpath wpath rpath sendfd recvfd"));
    else
        TRY(Core::System::pledge("stdio inet accept thread unix rpath sendfd recvfd"));
    // Ensure the certificates are read out here.
    // FIXME: Allow specifying extra certificates on the command line, or in other configuration.
@@ -41,8 +35,6 @@ ErrorOr<int> serenity_main(Main::Arguments)
    TRY(Core::System::unveil("/tmp/portal/lookup", "rw"));
    TRY(Core::System::unveil("/etc/cacert.pem", "rw"));
    TRY(Core::System::unveil("/etc/timezone", "r"));
    if constexpr (TLS_SSL_KEYLOG_DEBUG)
        TRY(Core::System::unveil("/home/anon", "rwc"));
    TRY(Core::System::unveil(nullptr, nullptr));
    RequestServer::HttpProtocol::install();