OSSL_trace_set_channel.pod 9.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313
  1. =pod
  2. =for openssl foreign manual atexit(3)
  3. =head1 NAME
  4. OSSL_trace_set_channel, OSSL_trace_set_prefix, OSSL_trace_set_suffix,
  5. OSSL_trace_set_callback, OSSL_trace_cb - Enabling trace output
  6. =head1 SYNOPSIS
  7. #include <openssl/trace.h>
  8. typedef size_t (*OSSL_trace_cb)(const char *buf, size_t cnt,
  9. int category, int cmd, void *data);
  10. void OSSL_trace_set_channel(int category, BIO *bio);
  11. void OSSL_trace_set_prefix(int category, const char *prefix);
  12. void OSSL_trace_set_suffix(int category, const char *suffix);
  13. void OSSL_trace_set_callback(int category, OSSL_trace_cb cb, void *data);
  14. =head1 DESCRIPTION
  15. If available (see L</NOTES> below), the application can request
  16. internal trace output.
  17. This output comes in form of free text for humans to read.
  18. The trace output is divided into categories which can be
  19. enabled individually.
  20. Every category can be enabled individually by attaching a so called
  21. I<trace channel> to it, which in the simplest case is just a BIO object
  22. to which the application can write the tracing output for this category.
  23. Alternatively, the application can provide a tracer callback in order to
  24. get more finegrained trace information. This callback will be wrapped
  25. internally by a dedicated BIO object.
  26. For the tracing code, both trace channel types are indistinguishable.
  27. These are called a I<simple trace channel> and a I<callback trace channel>,
  28. respectively.
  29. =head2 Functions
  30. OSSL_trace_set_channel() is used to enable the given trace C<category>
  31. by attaching the B<BIO> C<bio> object as (simple) trace channel.
  32. OSSL_trace_set_prefix() and OSSL_trace_set_suffix() can be used to add
  33. an extra line for each channel, to be output before and after group of
  34. tracing output.
  35. What constitues an output group is decided by the code that produces
  36. the output.
  37. The lines given here are considered immutable; for more dynamic
  38. tracing prefixes, consider setting a callback with
  39. OSSL_trace_set_callback() instead.
  40. OSSL_trace_set_callback() is used to enable the given trace
  41. C<category> by giving it the tracer callback C<cb> with the associated
  42. data C<data>, which will simply be passed through to C<cb> whenever
  43. it's called. The callback function is internally wrapped by a
  44. dedicated BIO object, the so called I<callback trace channel>.
  45. This should be used when it's desirable to do form the trace output to
  46. something suitable for application needs where a prefix and suffix
  47. line aren't enough.
  48. OSSL_trace_set_channel() and OSSL_trace_set_callback() are mutually
  49. exclusive, calling one of them will clear whatever was set by the
  50. previous call.
  51. Calling OSSL_trace_set_channel() with C<NULL> for C<channel> or
  52. OSSL_trace_set_callback() with C<NULL> for C<cb> disables tracing for
  53. the given C<category>
  54. =head2 Trace callback
  55. The tracer callback must return a C<size_t>, which must be zero on
  56. error and otherwise return the number of bytes that were output.
  57. It receives a text buffer C<buf> with C<cnt> bytes of text, as well as
  58. the C<category>, a control number C<cmd>, and the C<data> that was
  59. passed to OSSL_trace_set_callback().
  60. The possible control numbers are:
  61. =over 4
  62. =item C<OSSL_TRACE_CTRL_BEGIN>
  63. The callback is called from OSSL_trace_begin(), which gives the
  64. callback the possibility to output a dynamic starting line, or set a
  65. prefix that should be output at the beginning of each line, or
  66. something other.
  67. =item C<OSSL_TRACE_CTRL_WRITE>
  68. This callback is called whenever data is written to the BIO by some
  69. regular BIO output routine.
  70. An arbitrary number of C<OSSL_TRACE_CTRL_WRITE> callbacks can occur
  71. inside a group marked by a pair of C<OSSL_TRACE_CTRL_BEGIN> and
  72. C<OSSL_TRACE_CTRL_END> calls, but never outside such a group.
  73. =item C<OSSL_TRACE_CTRL_END>
  74. The callback is called from OSSL_trace_end(), which gives the callback
  75. the possibility to output a dynamic ending line, or reset the line
  76. prefix that was set with OSSL_TRACE_CTRL_BEGIN, or something other.
  77. =back
  78. =head2 Trace categories
  79. The trace categories are simple numbers available through macros.
  80. =over 4
  81. =item C<OSSL_TRACE_CATEGORY_TRACE>
  82. Traces the OpenSSL trace API itself.
  83. More precisely, this will generate trace output any time a new
  84. trace hook is set.
  85. =item C<OSSL_TRACE_CATEGORY_INIT>
  86. Traces OpenSSL library initialization and cleanup.
  87. This needs special care, as OpenSSL will do automatic cleanup after
  88. exit from C<main()>, and any tracing output done during this cleanup
  89. will be lost if the tracing channel or callback were cleaned away
  90. prematurely.
  91. A suggestion is to make such cleanup part of a function that's
  92. registered very early with L<atexit(3)>.
  93. =item C<OSSL_TRACE_CATEGORY_TLS>
  94. Traces the TLS/SSL protocol.
  95. =item C<OSSL_TRACE_CATEGORY_TLS_CIPHER>
  96. Traces the ciphers used by the TLS/SSL protocol.
  97. =item C<OSSL_TRACE_CATEGORY_ENGINE_CONF>
  98. Traces the ENGINE configuration.
  99. =item C<OSSL_TRACE_CATEGORY_ENGINE_TABLE>
  100. Traces the ENGINE algorithm table selection.
  101. More precisely, engine_table_select(), the function that is used by
  102. RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
  103. functional references (etc), will generate trace summaries.
  104. =item C<OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT>
  105. Tracds the ENGINE reference counting.
  106. More precisely, both reference counts in the ENGINE structure will be
  107. monitored with a line of trace output generated for each change.
  108. =item C<OSSL_TRACE_CATEGORY_PKCS5V2>
  109. Traces PKCS#5 v2 key generation.
  110. =item C<OSSL_TRACE_CATEGORY_PKCS12_KEYGEN>
  111. Traces PKCS#12 key generation.
  112. =item C<OSSL_TRACE_CATEGORY_PKCS12_DECRYPT>
  113. Traces PKCS#12 decryption.
  114. =item C<OSSL_TRACE_CATEGORY_X509V3_POLICY>
  115. Traces X509v3 policy processing.
  116. More precisely, this generates the complete policy tree at various
  117. point during evaluation.
  118. =item C<OSSL_TRACE_CATEGORY_BN_CTX>
  119. Traces BIGNUM context operations.
  120. =item C<OSSL_TRACE_CATEGORY_CONF>
  121. Traces details about the provider and engine configuration.
  122. =back
  123. There is also C<OSSL_TRACE_CATEGORY_ALL>, which works as a fallback
  124. and can be used to get I<all> trace output.
  125. Note, however, that in this case all trace output will effectively be
  126. associated with the 'ALL' category, which is undesirable if the
  127. application intends to include the category name in the trace output.
  128. In this case it is better to register separate channels for each
  129. trace category instead.
  130. =head1 RETURN VALUES
  131. OSSL_trace_set_channel(), OSSL_trace_set_prefix(),
  132. OSSL_trace_set_suffix(), and OSSL_trace_set_callback() return 1 on
  133. success, or 0 on failure.
  134. =head1 EXAMPLES
  135. In all examples below, the trace producing code is assumed to be
  136. the following:
  137. int foo = 42;
  138. const char bar[] = { 0, 1, 2, 3, 4, 5, 6, 7,
  139. 8, 9, 10, 11, 12, 13, 14, 15 };
  140. OSSL_TRACE_BEGIN(TLS) {
  141. BIO_puts(trc_out, "foo: ");
  142. BIO_printf(trc_out, "%d\n", foo);
  143. BIO_dump(trc_out, bar, sizeof(bar));
  144. } OSSL_TRACE_END(TLS);
  145. =head2 Simple example
  146. An example with just a channel and constant prefix / suffix.
  147. int main(int argc, char *argv[])
  148. {
  149. BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
  150. OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_SSL, err);
  151. OSSL_trace_set_prefix(OSSL_TRACE_CATEGORY_SSL, "BEGIN TRACE[TLS]");
  152. OSSL_trace_set_suffix(OSSL_TRACE_CATEGORY_SSL, "END TRACE[TLS]");
  153. /* ... work ... */
  154. }
  155. When the trace producing code above is performed, this will be output
  156. on standard error:
  157. BEGIN TRACE[TLS]
  158. foo: 42
  159. 0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f ................
  160. END TRACE[TLS]
  161. =head2 Advanced example
  162. This example uses the callback, and depends on pthreads functionality.
  163. static size_t cb(const char *buf, size_t cnt,
  164. int category, int cmd, void *vdata)
  165. {
  166. BIO *bio = vdata;
  167. const char *label = NULL;
  168. switch (cmd) {
  169. case OSSL_TRACE_CTRL_BEGIN:
  170. label = "BEGIN";
  171. break;
  172. case OSSL_TRACE_CTRL_END:
  173. label = "END";
  174. break;
  175. }
  176. if (label != NULL) {
  177. union {
  178. pthread_t tid;
  179. unsigned long ltid;
  180. } tid;
  181. tid.tid = pthread_self();
  182. BIO_printf(bio, "%s TRACE[%s]:%lx\n",
  183. label, OSSL_trace_get_category_name(category), tid.ltid);
  184. }
  185. return (size_t)BIO_puts(bio, buf);
  186. }
  187. int main(int argc, char *argv[])
  188. {
  189. BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
  190. OSSL_trace_set_callback(OSSL_TRACE_CATEGORY_SSL, cb, err);
  191. /* ... work ... */
  192. }
  193. The output is almost the same as for the simple example above.
  194. BEGIN TRACE[TLS]:7f9eb0193b80
  195. foo: 42
  196. 0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f ................
  197. END TRACE[TLS]:7f9eb0193b80
  198. =head1 NOTES
  199. =head2 Configure Tracing
  200. By default, the OpenSSL library is built with tracing disabled. To
  201. use the tracing functionality documented here, it is therefore
  202. necessary to configure and build OpenSSL with the 'enable-trace' option.
  203. When the library is built with tracing disabled, the macro
  204. C<OPENSSL_NO_TRACE> is defined in C<openssl/opensslconf.h> and all
  205. functions described here are inoperational, i.e. will do nothing.
  206. =head1 HISTORY
  207. OSSL_trace_set_channel(), OSSL_trace_set_prefix(),
  208. OSSL_trace_set_suffix(), and OSSL_trace_set_callback() were all added
  209. in OpenSSL 3.0.
  210. =head1 COPYRIGHT
  211. Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  212. Licensed under the Apache License 2.0 (the "License"). You may not use
  213. this file except in compliance with the License. You can obtain a copy
  214. in the file LICENSE in the source distribution or at
  215. L<https://www.openssl.org/source/license.html>.
  216. =cut