wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adapt CIPHER_DEBUG to the new generic trace API

Browse source 
Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8198)
This commit is contained in:
Richard Levitte 2018-12-12 23:57:48 +01:00
parent 49b26f54f4
commit 77359d22c9
6 changed files with 60 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
crypto/trace.c
View file

@ -121,6 +121,7 @@ struct trace_category_st {
static const struct trace_category_st trace_categories[] = {
TRACE_CATEGORY_(ANY),
TRACE_CATEGORY_(TLS),
TRACE_CATEGORY_(TLS_CIPHER),
};
const char *OSSL_trace_get_category_name(int num)

3
include/openssl/trace.h
View file

@ -34,7 +34,8 @@ extern "C" {
*/
# define OSSL_TRACE_CATEGORY_ANY 0 /* The fallback */
# define OSSL_TRACE_CATEGORY_TLS 1
# define OSSL_TRACE_CATEGORY_NUM 2
# define OSSL_TRACE_CATEGORY_TLS_CIPHER 2
# define OSSL_TRACE_CATEGORY_NUM 3
/* Returns the trace category number for the given |name| */
int OSSL_trace_get_category_num(const char *name);

36
ssl/s3_lib.c
View file

@ -16,6 +16,7 @@
#include <openssl/md5.h>
#include <openssl/dh.h>
#include <openssl/rand.h>
#include <openssl/trace.h>
#include "internal/cryptlib.h"
#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
@ -4153,20 +4154,20 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
* pay with the price of sk_SSL_CIPHER_dup().
*/
#ifdef CIPHER_DEBUG
fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
(void *)srvr);
for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
c = sk_SSL_CIPHER_value(srvr, i);
fprintf(stderr, "%p:%s\n", (void *)c, c->name);
}
fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
(void *)clnt);
for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
c = sk_SSL_CIPHER_value(clnt, i);
fprintf(stderr, "%p:%s\n", (void *)c, c->name);
}
#endif
OSSL_TRACE_BEGIN(TLS_CIPHER) {
BIO_printf(trc_out, "Server has %d from %p:\n",
sk_SSL_CIPHER_num(srvr), (void *)srvr);
for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
c = sk_SSL_CIPHER_value(srvr, i);
BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
}
BIO_printf(trc_out, "Client sent %d from %p:\n",
sk_SSL_CIPHER_num(clnt), (void *)clnt);
for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
c = sk_SSL_CIPHER_value(clnt, i);
BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
}
} OSSL_TRACE_END(TLS_CIPHER);
/* SUITE-B takes precedence over server preference and ChaCha priortiy */
if (tls1_suiteb(s)) {
@ -4280,10 +4281,9 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#endif /* OPENSSL_NO_PSK */
ok = (alg_k & mask_k) && (alg_a & mask_a);
#ifdef CIPHER_DEBUG
fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
alg_a, mask_k, mask_a, (void *)c, c->name);
#endif
OSSL_TRACE7(TLS_CIPHER,
"%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
#ifndef OPENSSL_NO_EC
/*

45
ssl/ssl_ciph.c
View file

@ -16,6 +16,7 @@
#include <openssl/engine.h>
#include <openssl/crypto.h>
#include <openssl/conf.h>
#include <openssl/trace.h>
#include "internal/nelem.h"
#include "ssl_locl.h"
#include "internal/thread_once.h"
@ -781,12 +782,12 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
const SSL_CIPHER *cp;
int reverse = 0;
#ifdef CIPHER_DEBUG
fprintf(stderr,
"Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
algo_strength, strength_bits);
#endif
OSSL_TRACE_BEGIN(TLS_CIPHER){
BIO_printf(trc_out,
"Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
algo_strength, strength_bits);
}
if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
reverse = 1; /* needed to maintain sorting between currently
@ -825,13 +826,14 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
if (strength_bits != cp->strength_bits)
continue;
} else {
#ifdef CIPHER_DEBUG
fprintf(stderr,
"\nName: %s:\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",
cp->name, cp->algorithm_mkey, cp->algorithm_auth,
cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,
cp->algo_strength);
#endif
if (trc_out != NULL) {
BIO_printf(trc_out,
"\nName: %s:"
"\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",
cp->name, cp->algorithm_mkey, cp->algorithm_auth,
cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,
cp->algo_strength);
}
if (cipher_id != 0 && (cipher_id != cp->id))
continue;
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
@ -852,9 +854,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
continue;
}
#ifdef CIPHER_DEBUG
fprintf(stderr, "Action = %d\n", rule);
#endif
if (trc_out != NULL)
BIO_printf(trc_out, "Action = %d\n", rule);
/* add the cipher if it has not been added yet. */
if (rule == CIPHER_ADD) {
@ -904,6 +905,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
*head_p = head;
*tail_p = tail;
OSSL_TRACE_END(TLS_CIPHER);
}
static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
@ -1605,6 +1608,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
}
}
OSSL_TRACE_BEGIN(TLS_CIPHER) {
BIO_printf(trc_out, "cipher selection:\n");
}
/*
* The cipher selection for the list is done. The ciphers are added
* to the resulting precedence to the STACK_OF(SSL_CIPHER).
@ -1614,14 +1620,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
OPENSSL_free(co_list);
sk_SSL_CIPHER_free(cipherstack);
OSSL_TRACE_CANCEL(TLS_CIPHER);
return NULL;
}
#ifdef CIPHER_DEBUG
fprintf(stderr, "<%s>\n", curr->cipher->name);
#endif
if (trc_out != NULL)
BIO_printf(trc_out, "<%s>\n", curr->cipher->name);
}
}
OPENSSL_free(co_list); /* Not needed any longer */
OSSL_TRACE_END(TLS_CIPHER);
if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) {
sk_SSL_CIPHER_free(cipherstack);

7
ssl/ssl_lib.c
View file

@ -20,6 +20,7 @@
#include <openssl/engine.h>
#include <openssl/async.h>
#include <openssl/ct.h>
#include <openssl/trace.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"
#include "internal/ktls.h"
@ -3329,10 +3330,8 @@ void ssl_set_masks(SSL *s)
mask_k = 0;
mask_a = 0;
#ifdef CIPHER_DEBUG
fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",
dh_tmp, rsa_enc, rsa_sign, dsa_sign);
#endif
OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n",
dh_tmp, rsa_enc, rsa_sign, dsa_sign);
#ifndef OPENSSL_NO_GOST
if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {

17
ssl/statem/statem_srvr.c
View file

@ -23,6 +23,7 @@
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <openssl/md5.h>
#include <openssl/trace.h>
#define TICKET_NONCE_SIZE 8
@ -1835,15 +1836,15 @@ static int tls_early_post_process_client_hello(SSL *s)
j = 0;
id = s->session->cipher->id;
#ifdef CIPHER_DEBUG
fprintf(stderr, "client sent %d ciphers\n", sk_SSL_CIPHER_num(ciphers));
#endif
OSSL_TRACE_BEGIN(TLS_CIPHER) {
BIO_printf(trc_out, "client sent %d ciphers\n",
sk_SSL_CIPHER_num(ciphers));
}
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
c = sk_SSL_CIPHER_value(ciphers, i);
#ifdef CIPHER_DEBUG
fprintf(stderr, "client [%2d of %2d]:%s\n",
i, sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c));
#endif
if (trc_out != NULL)
BIO_printf(trc_out, "client [%2d of %2d]:%s\n", i,
sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c));
if (c->id == id) {
j = 1;
break;
@ -1857,8 +1858,10 @@ static int tls_early_post_process_client_hello(SSL *s)
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
SSL_R_REQUIRED_CIPHER_MISSING);
OSSL_TRACE_CANCEL(TLS_CIPHER);
goto err;
}
OSSL_TRACE_END(TLS_CIPHER);
}
for (loop = 0; loop < clienthello->compressions_len; loop++) {