summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2018-12-12 23:57:48 +0100
committerRichard Levitte <levitte@openssl.org>2019-03-06 11:15:13 +0100
commit77359d22c97d1636eccf1fa583dc295228835144 (patch)
tree00edc17ddeb1ceca9828151e89c009d9863b14fd
parentAdapt SSL_DEBUG to the new generic trace API (diff)
downloadopenssl-77359d22c97d1636eccf1fa583dc295228835144.tar.xz
openssl-77359d22c97d1636eccf1fa583dc295228835144.zip
Adapt CIPHER_DEBUG to the new generic trace API
Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8198)
-rw-r--r--crypto/trace.c1
-rw-r--r--include/openssl/trace.h3
-rw-r--r--ssl/s3_lib.c36
-rw-r--r--ssl/ssl_ciph.c45
-rw-r--r--ssl/ssl_lib.c7
-rw-r--r--ssl/statem/statem_srvr.c17
6 files changed, 60 insertions, 49 deletions
diff --git a/crypto/trace.c b/crypto/trace.c
index 1b1e73d87f..61eba6abe7 100644
--- a/crypto/trace.c
+++ b/crypto/trace.c
@@ -121,6 +121,7 @@ struct trace_category_st {
static const struct trace_category_st trace_categories[] = {
TRACE_CATEGORY_(ANY),
TRACE_CATEGORY_(TLS),
+ TRACE_CATEGORY_(TLS_CIPHER),
};
const char *OSSL_trace_get_category_name(int num)
diff --git a/include/openssl/trace.h b/include/openssl/trace.h
index f25cd69342..d96a91bb7a 100644
--- a/include/openssl/trace.h
+++ b/include/openssl/trace.h
@@ -34,7 +34,8 @@ extern "C" {
*/
# define OSSL_TRACE_CATEGORY_ANY 0 /* The fallback */
# define OSSL_TRACE_CATEGORY_TLS 1
-# define OSSL_TRACE_CATEGORY_NUM 2
+# define OSSL_TRACE_CATEGORY_TLS_CIPHER 2
+# define OSSL_TRACE_CATEGORY_NUM 3
/* Returns the trace category number for the given |name| */
int OSSL_trace_get_category_num(const char *name);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a5b3dbbfd5..a3639fd18c 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -16,6 +16,7 @@
#include <openssl/md5.h>
#include <openssl/dh.h>
#include <openssl/rand.h>
+#include <openssl/trace.h>
#include "internal/cryptlib.h"
#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
@@ -4153,20 +4154,20 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
* pay with the price of sk_SSL_CIPHER_dup().
*/
-#ifdef CIPHER_DEBUG
- fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
- (void *)srvr);
- for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
- c = sk_SSL_CIPHER_value(srvr, i);
- fprintf(stderr, "%p:%s\n", (void *)c, c->name);
- }
- fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
- (void *)clnt);
- for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
- c = sk_SSL_CIPHER_value(clnt, i);
- fprintf(stderr, "%p:%s\n", (void *)c, c->name);
- }
-#endif
+ OSSL_TRACE_BEGIN(TLS_CIPHER) {
+ BIO_printf(trc_out, "Server has %d from %p:\n",
+ sk_SSL_CIPHER_num(srvr), (void *)srvr);
+ for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
+ c = sk_SSL_CIPHER_value(srvr, i);
+ BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
+ }
+ BIO_printf(trc_out, "Client sent %d from %p:\n",
+ sk_SSL_CIPHER_num(clnt), (void *)clnt);
+ for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
+ c = sk_SSL_CIPHER_value(clnt, i);
+ BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
+ }
+ } OSSL_TRACE_END(TLS_CIPHER);
/* SUITE-B takes precedence over server preference and ChaCha priortiy */
if (tls1_suiteb(s)) {
@@ -4280,10 +4281,9 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#endif /* OPENSSL_NO_PSK */
ok = (alg_k & mask_k) && (alg_a & mask_a);
-#ifdef CIPHER_DEBUG
- fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
- alg_a, mask_k, mask_a, (void *)c, c->name);
-#endif
+ OSSL_TRACE7(TLS_CIPHER,
+ "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
+ ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
#ifndef OPENSSL_NO_EC
/*
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 461a9debab..5aa04dbd53 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -16,6 +16,7 @@
#include <openssl/engine.h>
#include <openssl/crypto.h>
#include <openssl/conf.h>
+#include <openssl/trace.h>
#include "internal/nelem.h"
#include "ssl_locl.h"
#include "internal/thread_once.h"
@@ -781,12 +782,12 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
const SSL_CIPHER *cp;
int reverse = 0;
-#ifdef CIPHER_DEBUG
- fprintf(stderr,
- "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
- rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
- algo_strength, strength_bits);
-#endif
+ OSSL_TRACE_BEGIN(TLS_CIPHER){
+ BIO_printf(trc_out,
+ "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
+ rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
+ algo_strength, strength_bits);
+ }
if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
reverse = 1; /* needed to maintain sorting between currently
@@ -825,13 +826,14 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
if (strength_bits != cp->strength_bits)
continue;
} else {
-#ifdef CIPHER_DEBUG
- fprintf(stderr,
- "\nName: %s:\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",
- cp->name, cp->algorithm_mkey, cp->algorithm_auth,
- cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,
- cp->algo_strength);
-#endif
+ if (trc_out != NULL) {
+ BIO_printf(trc_out,
+ "\nName: %s:"
+ "\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",
+ cp->name, cp->algorithm_mkey, cp->algorithm_auth,
+ cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,
+ cp->algo_strength);
+ }
if (cipher_id != 0 && (cipher_id != cp->id))
continue;
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
@@ -852,9 +854,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
continue;
}
-#ifdef CIPHER_DEBUG
- fprintf(stderr, "Action = %d\n", rule);
-#endif
+ if (trc_out != NULL)
+ BIO_printf(trc_out, "Action = %d\n", rule);
/* add the cipher if it has not been added yet. */
if (rule == CIPHER_ADD) {
@@ -904,6 +905,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
*head_p = head;
*tail_p = tail;
+
+ OSSL_TRACE_END(TLS_CIPHER);
}
static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
@@ -1605,6 +1608,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
}
}
+ OSSL_TRACE_BEGIN(TLS_CIPHER) {
+ BIO_printf(trc_out, "cipher selection:\n");
+ }
/*
* The cipher selection for the list is done. The ciphers are added
* to the resulting precedence to the STACK_OF(SSL_CIPHER).
@@ -1614,14 +1620,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
OPENSSL_free(co_list);
sk_SSL_CIPHER_free(cipherstack);
+ OSSL_TRACE_CANCEL(TLS_CIPHER);
return NULL;
}
-#ifdef CIPHER_DEBUG
- fprintf(stderr, "<%s>\n", curr->cipher->name);
-#endif
+ if (trc_out != NULL)
+ BIO_printf(trc_out, "<%s>\n", curr->cipher->name);
}
}
OPENSSL_free(co_list); /* Not needed any longer */
+ OSSL_TRACE_END(TLS_CIPHER);
if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) {
sk_SSL_CIPHER_free(cipherstack);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 322a4381b0..f63e16b592 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -20,6 +20,7 @@
#include <openssl/engine.h>
#include <openssl/async.h>
#include <openssl/ct.h>
+#include <openssl/trace.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"
#include "internal/ktls.h"
@@ -3329,10 +3330,8 @@ void ssl_set_masks(SSL *s)
mask_k = 0;
mask_a = 0;
-#ifdef CIPHER_DEBUG
- fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",
- dh_tmp, rsa_enc, rsa_sign, dsa_sign);
-#endif
+ OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n",
+ dh_tmp, rsa_enc, rsa_sign, dsa_sign);
#ifndef OPENSSL_NO_GOST
if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index bf1819d356..e482e2d074 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -23,6 +23,7 @@
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <openssl/md5.h>
+#include <openssl/trace.h>
#define TICKET_NONCE_SIZE 8
@@ -1835,15 +1836,15 @@ static int tls_early_post_process_client_hello(SSL *s)
j = 0;
id = s->session->cipher->id;
-#ifdef CIPHER_DEBUG
- fprintf(stderr, "client sent %d ciphers\n", sk_SSL_CIPHER_num(ciphers));
-#endif
+ OSSL_TRACE_BEGIN(TLS_CIPHER) {
+ BIO_printf(trc_out, "client sent %d ciphers\n",
+ sk_SSL_CIPHER_num(ciphers));
+ }
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
c = sk_SSL_CIPHER_value(ciphers, i);
-#ifdef CIPHER_DEBUG
- fprintf(stderr, "client [%2d of %2d]:%s\n",
- i, sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c));
-#endif
+ if (trc_out != NULL)
+ BIO_printf(trc_out, "client [%2d of %2d]:%s\n", i,
+ sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c));
if (c->id == id) {
j = 1;
break;
@@ -1857,8 +1858,10 @@ static int tls_early_post_process_client_hello(SSL *s)
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
SSL_R_REQUIRED_CIPHER_MISSING);
+ OSSL_TRACE_CANCEL(TLS_CIPHER);
goto err;
}
+ OSSL_TRACE_END(TLS_CIPHER);
}
for (loop = 0; loop < clienthello->compressions_len; loop++) {