From: Richard Levitte Date: Tue, 11 Dec 2018 23:04:44 +0000 (+0100) Subject: Adapt SSL_DEBUG to the new generic trace API X-Git-Tag: openssl-3.0.0-alpha1~2437 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=49b26f54f4c182d6a860c91d01994bdf2bba20de Adapt SSL_DEBUG to the new generic trace API Co-authored-by: Dr. Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8198) --- diff --git a/apps/s_client.c b/apps/s_client.c index 687e755380..7a41d831e9 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -38,6 +38,7 @@ typedef unsigned int u_int; #include #include #include +#include #include #ifndef OPENSSL_NO_SRP # include @@ -1521,6 +1522,7 @@ int s_client_main(int argc, char **argv) break; } } + if (count4or6 >= 2) { BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog); goto opthelp; @@ -3321,8 +3323,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio_err, "Using Kernel TLS for sending\n"); #endif -#ifdef SSL_DEBUG - { + if (OSSL_TRACE_ENABLED(TLS)) { /* Print out local port of connection: useful for debugging */ int sock; union BIO_sock_info_u info; @@ -3335,7 +3336,6 @@ static void print_stuff(BIO *bio, SSL *s, int full) } BIO_ADDR_free(info.addr); } -#endif #if !defined(OPENSSL_NO_NEXTPROTONEG) if (next_proto.status != -1) { diff --git a/crypto/trace.c b/crypto/trace.c index a451d657f9..1b1e73d87f 100644 --- a/crypto/trace.c +++ b/crypto/trace.c @@ -120,6 +120,7 @@ struct trace_category_st { static const struct trace_category_st trace_categories[] = { TRACE_CATEGORY_(ANY), + TRACE_CATEGORY_(TLS), }; const char *OSSL_trace_get_category_name(int num) diff --git a/include/openssl/trace.h b/include/openssl/trace.h index df79478b78..f25cd69342 100644 --- a/include/openssl/trace.h +++ b/include/openssl/trace.h @@ -33,7 +33,8 @@ extern "C" { * The ANY category is used as a fallback category. */ # define OSSL_TRACE_CATEGORY_ANY 0 /* The fallback */ -# define OSSL_TRACE_CATEGORY_NUM 1 +# define OSSL_TRACE_CATEGORY_TLS 1 +# define OSSL_TRACE_CATEGORY_NUM 2 /* Returns the trace category number for the given |name| */ int OSSL_trace_get_category_num(const char *name); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 3f5f7968b9..e1231d2453 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -9,6 +9,7 @@ #include "../ssl_locl.h" #include "internal/constant_time_locl.h" +#include #include #include "record_locl.h" #include "internal/cryptlib.h" @@ -563,15 +564,10 @@ int ssl3_get_record(SSL *s) SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); return -1; } -#ifdef SSL_DEBUG - printf("dec %lu\n", (unsigned long)rr[0].length); - { - size_t z; - for (z = 0; z < rr[0].length; z++) - printf("%02X%c", rr[0].data[z], ((z + 1) % 16) ? ' ' : '\n'); - } - printf("\n"); -#endif + OSSL_TRACE_BEGIN(TLS) { + BIO_printf(trc_out, "dec %lu\n", (unsigned long)rr[0].length); + BIO_dump_indent(trc_out, rr[0].data, rr[0].length, 4); + } OSSL_TRACE_END(TLS); /* r->length is now the compressed data plus mac */ if ((sess != NULL) && @@ -1361,22 +1357,12 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) EVP_MD_CTX_free(hmac); -#ifdef SSL_DEBUG - fprintf(stderr, "seq="); - { - int z; - for (z = 0; z < 8; z++) - fprintf(stderr, "%02X ", seq[z]); - fprintf(stderr, "\n"); - } - fprintf(stderr, "rec="); - { - size_t z; - for (z = 0; z < rec->length; z++) - fprintf(stderr, "%02X ", rec->data[z]); - fprintf(stderr, "\n"); - } -#endif + OSSL_TRACE_BEGIN(TLS) { + BIO_printf(trc_out, "seq:\n"); + BIO_dump_indent(trc_out, seq, 8, 4); + BIO_printf(trc_out, "rec:\n"); + BIO_dump_indent(trc_out, rec->data, rec->length, 4); + } OSSL_TRACE_END(TLS); if (!SSL_IS_DTLS(ssl)) { for (i = 7; i >= 0; i--) { @@ -1385,14 +1371,10 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) break; } } -#ifdef SSL_DEBUG - { - unsigned int z; - for (z = 0; z < md_size; z++) - fprintf(stderr, "%02X ", md[z]); - fprintf(stderr, "\n"); - } -#endif + OSSL_TRACE_BEGIN(TLS) { + BIO_printf(trc_out, "md:\n"); + BIO_dump_indent(trc_out, md, md_size, 4); + } OSSL_TRACE_END(TLS); return 1; } @@ -1683,15 +1665,10 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) RECORD_LAYER_reset_packet_length(&s->rlayer); return 0; } -#ifdef SSL_DEBUG - printf("dec %ld\n", rr->length); - { - size_t z; - for (z = 0; z < rr->length; z++) - printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n'); - } - printf("\n"); -#endif + OSSL_TRACE_BEGIN(TLS) { + BIO_printf(trc_out, "dec %ld\n", rr->length); + BIO_dump_indent(trc_out, rr->data, rr->length, 4); + } OSSL_TRACE_END(TLS); /* r->length is now the compressed data plus mac */ if ((sess != NULL) && !SSL_READ_ETM(s) && diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 2a9b737752..356dc89aeb 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -22,6 +22,7 @@ #include #include #include +#include #include static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt); @@ -2347,11 +2348,9 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) ERR_R_INTERNAL_ERROR); goto err; } -#ifdef SSL_DEBUG if (SSL_USE_SIGALGS(s)) - fprintf(stderr, "USING TLSv1.2 HASH %s\n", - md == NULL ? "n/a" : EVP_MD_name(md)); -#endif + OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n", + md == NULL ? "n/a" : EVP_MD_name(md)); if (!PACKET_get_length_prefixed_2(pkt, &signature) || PACKET_remaining(pkt) != 0) { diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index a18c5cccf4..10cf635303 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -18,6 +18,7 @@ #include #include #include +#include /* * Map error codes to TLS/SSL alart types. @@ -394,11 +395,9 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) goto err; } -#ifdef SSL_DEBUG if (SSL_USE_SIGALGS(s)) - fprintf(stderr, "USING TLSv1.2 HASH %s\n", - md == NULL ? "n/a" : EVP_MD_name(md)); -#endif + OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n", + md == NULL ? "n/a" : EVP_MD_name(md)); /* Check for broken implementations of GOST ciphersuites */ /* @@ -439,10 +438,9 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) goto err; } -#ifdef SSL_DEBUG - fprintf(stderr, "Using client verify alg %s\n", - md == NULL ? "n/a" : EVP_MD_name(md)); -#endif + OSSL_TRACE1(TLS, "Using client verify alg %s\n", + md == NULL ? "n/a" : EVP_MD_name(md)); + if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, pkey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 9b58bd8684..fe4ba9386d 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -18,6 +18,7 @@ #include #include #include +#include /* seed1 through seed5 are concatenated */ static int tls1_PRF(SSL *s, @@ -276,14 +277,11 @@ int tls1_change_cipher_state(SSL *s, int which) } EVP_PKEY_free(mac_key); } -#ifdef SSL_DEBUG - printf("which = %04X\nmac key=", which); - { - size_t z; - for (z = 0; z < i; z++) - printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n'); - } -#endif + + OSSL_TRACE_BEGIN(TLS) { + BIO_printf(trc_out, "which = %04X, mac key:\n", which); + BIO_dump_indent(trc_out, ms, i, 4); + } OSSL_TRACE_END(TLS); if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) @@ -388,21 +386,12 @@ int tls1_change_cipher_state(SSL *s, int which) #endif /* OPENSSL_NO_KTLS */ s->statem.enc_write_state = ENC_WRITE_STATE_VALID; -#ifdef SSL_DEBUG - printf("which = %04X\nkey=", which); - { - int z; - for (z = 0; z < EVP_CIPHER_key_length(c); z++) - printf("%02X%c", key[z], ((z + 1) % 16) ? ' ' : '\n'); - } - printf("\niv="); - { - size_t z; - for (z = 0; z < k; z++) - printf("%02X%c", iv[z], ((z + 1) % 16) ? ' ' : '\n'); - } - printf("\n"); -#endif + OSSL_TRACE_BEGIN(TLS) { + BIO_printf(trc_out, "which = %04X, key:\n", which); + BIO_dump_indent(trc_out, key, EVP_CIPHER_key_length(c), 4); + BIO_printf(trc_out, "iv:\n"); + BIO_dump_indent(trc_out, iv, k, 4); + } OSSL_TRACE_END(TLS); return 1; err: @@ -447,41 +436,26 @@ int tls1_setup_key_block(SSL *s) s->s3->tmp.key_block_length = num; s->s3->tmp.key_block = p; -#ifdef SSL_DEBUG - printf("client random\n"); - { - int z; - for (z = 0; z < SSL3_RANDOM_SIZE; z++) - printf("%02X%c", s->s3->client_random[z], - ((z + 1) % 16) ? ' ' : '\n'); - } - printf("server random\n"); - { - int z; - for (z = 0; z < SSL3_RANDOM_SIZE; z++) - printf("%02X%c", s->s3->server_random[z], - ((z + 1) % 16) ? ' ' : '\n'); - } - printf("master key\n"); - { - size_t z; - for (z = 0; z < s->session->master_key_length; z++) - printf("%02X%c", s->session->master_key[z], - ((z + 1) % 16) ? ' ' : '\n'); - } -#endif + OSSL_TRACE_BEGIN(TLS) { + BIO_printf(trc_out, "client random\n"); + BIO_dump_indent(trc_out, s->s3->client_random, SSL3_RANDOM_SIZE, 4); + BIO_printf(trc_out, "server random\n"); + BIO_dump_indent(trc_out, s->s3->server_random, SSL3_RANDOM_SIZE, 4); + BIO_printf(trc_out, "master key\n"); + BIO_dump_indent(trc_out, + s->session->master_key, + s->session->master_key_length, 4); + } OSSL_TRACE_END(TLS); + if (!tls1_generate_key_block(s, p, num)) { /* SSLfatal() already called */ goto err; } -#ifdef SSL_DEBUG - printf("\nkey block\n"); - { - size_t z; - for (z = 0; z < num; z++) - printf("%02X%c", p[z], ((z + 1) % 16) ? ' ' : '\n'); - } -#endif + + OSSL_TRACE_BEGIN(TLS) { + BIO_printf(trc_out, "key block\n"); + BIO_dump_indent(trc_out, p, num, 4); + } OSSL_TRACE_END(TLS); if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && s->method->version <= TLS1_VERSION) { @@ -549,10 +523,10 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, /* SSLfatal() already called */ return 0; } -#ifdef SSL_DEBUG - fprintf(stderr, "Handshake hashes:\n"); - BIO_dump_fp(stderr, (char *)hash, hashlen); -#endif + OSSL_TRACE_BEGIN(TLS) { + BIO_printf(trc_out, "Handshake hashes:\n"); + BIO_dump(trc_out, (char *)hash, hashlen); + } OSSL_TRACE_END(TLS); if (!tls1_PRF(s, TLS_MD_EXTENDED_MASTER_SECRET_CONST, TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE, @@ -578,17 +552,19 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, return 0; } } -#ifdef SSL_DEBUG - fprintf(stderr, "Premaster Secret:\n"); - BIO_dump_fp(stderr, (char *)p, len); - fprintf(stderr, "Client Random:\n"); - BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE); - fprintf(stderr, "Server Random:\n"); - BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE); - fprintf(stderr, "Master Secret:\n"); - BIO_dump_fp(stderr, (char *)s->session->master_key, - SSL3_MASTER_SECRET_SIZE); -#endif + + OSSL_TRACE_BEGIN(TLS) { + BIO_printf(trc_out, "Premaster Secret:\n"); + BIO_dump_indent(trc_out, p, len, 4); + BIO_printf(trc_out, "Client Random:\n"); + BIO_dump_indent(trc_out, s->s3->client_random, SSL3_RANDOM_SIZE, 4); + BIO_printf(trc_out, "Server Random:\n"); + BIO_dump_indent(trc_out, s->s3->server_random, SSL3_RANDOM_SIZE, 4); + BIO_printf(trc_out, "Master Secret:\n"); + BIO_dump_indent(trc_out, + s->session->master_key, + SSL3_MASTER_SECRET_SIZE, 4); + } OSSL_TRACE_END(TLS); *secret_size = SSL3_MASTER_SECRET_SIZE; return 1;