Commit 77359d22 authored by Richard Levitte's avatar Richard Levitte
Browse files

Adapt CIPHER_DEBUG to the new generic trace API 



Co-authored-by: default avatarDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8198)
parent 49b26f54

crypto/trace.c

+1 −0
Original line number Diff line number Diff line
@@ -121,6 +121,7 @@ struct trace_category_st { 
static const struct trace_category_st trace_categories[] = {

    TRACE_CATEGORY_(ANY),

    TRACE_CATEGORY_(TLS),

    TRACE_CATEGORY_(TLS_CIPHER),

};



const char *OSSL_trace_get_category_name(int num)

include/openssl/trace.h

+2 −1
Original line number Diff line number Diff line
@@ -34,7 +34,8 @@ extern "C" { 
 */

# define OSSL_TRACE_CATEGORY_ANY                 0 /* The fallback */

# define OSSL_TRACE_CATEGORY_TLS                 1

# define OSSL_TRACE_CATEGORY_NUM                 2

# define OSSL_TRACE_CATEGORY_TLS_CIPHER          2

# define OSSL_TRACE_CATEGORY_NUM                 3



/* Returns the trace category number for the given |name| */

int OSSL_trace_get_category_num(const char *name);

ssl/s3_lib.c

+18 −18
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 
#include <openssl/md5.h>

#include <openssl/dh.h>

#include <openssl/rand.h>

#include <openssl/trace.h>

#include "internal/cryptlib.h"



#define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
@@ -4153,20 +4154,20 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 
     * pay with the price of sk_SSL_CIPHER_dup().

     */



#ifdef CIPHER_DEBUG

    fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),

            (void *)srvr);

    OSSL_TRACE_BEGIN(TLS_CIPHER) {

        BIO_printf(trc_out, "Server has %d from %p:\n",

                   sk_SSL_CIPHER_num(srvr), (void *)srvr);

        for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {

            c = sk_SSL_CIPHER_value(srvr, i);

        fprintf(stderr, "%p:%s\n", (void *)c, c->name);

            BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);

        }

    fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),

            (void *)clnt);

        BIO_printf(trc_out, "Client sent %d from %p:\n",

                   sk_SSL_CIPHER_num(clnt), (void *)clnt);

        for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {

            c = sk_SSL_CIPHER_value(clnt, i);

        fprintf(stderr, "%p:%s\n", (void *)c, c->name);

            BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);

        }

#endif

    } OSSL_TRACE_END(TLS_CIPHER);



    /* SUITE-B takes precedence over server preference and ChaCha priortiy */

    if (tls1_suiteb(s)) {
@@ -4280,10 +4281,9 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 
#endif                          /* OPENSSL_NO_PSK */



            ok = (alg_k & mask_k) && (alg_a & mask_a);

#ifdef CIPHER_DEBUG

            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,

                    alg_a, mask_k, mask_a, (void *)c, c->name);

#endif

            OSSL_TRACE7(TLS_CIPHER,

                        "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",

                        ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);



#ifndef OPENSSL_NO_EC

            /*

ssl/ssl_ciph.c

+26 −19
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 
#include <openssl/engine.h>

#include <openssl/crypto.h>

#include <openssl/conf.h>

#include <openssl/trace.h>

#include "internal/nelem.h"

#include "ssl_locl.h"

#include "internal/thread_once.h"
@@ -781,12 +782,12 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, 
    const SSL_CIPHER *cp;

    int reverse = 0;



#ifdef CIPHER_DEBUG

    fprintf(stderr,

    OSSL_TRACE_BEGIN(TLS_CIPHER){

        BIO_printf(trc_out,

                   "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",

                   rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,

                   algo_strength, strength_bits);

#endif

    }



    if (rule == CIPHER_DEL || rule == CIPHER_BUMP)

        reverse = 1;            /* needed to maintain sorting between currently
@@ -825,13 +826,14 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, 
            if (strength_bits != cp->strength_bits)

                continue;

        } else {

#ifdef CIPHER_DEBUG

            fprintf(stderr,

                    "\nName: %s:\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",

            if (trc_out != NULL) {

                BIO_printf(trc_out,

                           "\nName: %s:"

                           "\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",

                           cp->name, cp->algorithm_mkey, cp->algorithm_auth,

                           cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,

                           cp->algo_strength);

#endif

            }

            if (cipher_id != 0 && (cipher_id != cp->id))

                continue;

            if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
@@ -852,9 +854,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, 
                continue;

        }



#ifdef CIPHER_DEBUG

        fprintf(stderr, "Action = %d\n", rule);

#endif

        if (trc_out != NULL)

            BIO_printf(trc_out, "Action = %d\n", rule);



        /* add the cipher if it has not been added yet. */

        if (rule == CIPHER_ADD) {
@@ -904,6 +905,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, 


    *head_p = head;

    *tail_p = tail;



    OSSL_TRACE_END(TLS_CIPHER);

}



static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
@@ -1605,6 +1608,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, 
        }

    }



    OSSL_TRACE_BEGIN(TLS_CIPHER) {

        BIO_printf(trc_out, "cipher selection:\n");

    }

    /*

     * The cipher selection for the list is done. The ciphers are added

     * to the resulting precedence to the STACK_OF(SSL_CIPHER).
@@ -1614,14 +1620,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, 
            if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {

                OPENSSL_free(co_list);

                sk_SSL_CIPHER_free(cipherstack);

                OSSL_TRACE_CANCEL(TLS_CIPHER);

                return NULL;

            }

#ifdef CIPHER_DEBUG

            fprintf(stderr, "<%s>\n", curr->cipher->name);

#endif

            if (trc_out != NULL)

                BIO_printf(trc_out, "<%s>\n", curr->cipher->name);

        }

    }

    OPENSSL_free(co_list);      /* Not needed any longer */

    OSSL_TRACE_END(TLS_CIPHER);



    if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) {

        sk_SSL_CIPHER_free(cipherstack);

ssl/ssl_lib.c

+3 −4
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ 
#include <openssl/engine.h>

#include <openssl/async.h>

#include <openssl/ct.h>

#include <openssl/trace.h>

#include "internal/cryptlib.h"

#include "internal/refcount.h"

#include "internal/ktls.h"
@@ -3329,10 +3330,8 @@ void ssl_set_masks(SSL *s) 
    mask_k = 0;

    mask_a = 0;



#ifdef CIPHER_DEBUG

    fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",

    OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n",

               dh_tmp, rsa_enc, rsa_sign, dsa_sign);

#endif



#ifndef OPENSSL_NO_GOST

    if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {