1=pod
2
3=for openssl foreign manual atexit(3)
4
5=head1 NAME
6
7OSSL_trace_set_channel, OSSL_trace_set_prefix, OSSL_trace_set_suffix,
8OSSL_trace_set_callback, OSSL_trace_cb - Enabling trace output
9
10=head1 SYNOPSIS
11
12 #include <openssl/trace.h>
13
14 typedef size_t (*OSSL_trace_cb)(const char *buf, size_t cnt,
15                                 int category, int cmd, void *data);
16
17 void OSSL_trace_set_channel(int category, BIO *bio);
18 void OSSL_trace_set_prefix(int category, const char *prefix);
19 void OSSL_trace_set_suffix(int category, const char *suffix);
20 void OSSL_trace_set_callback(int category, OSSL_trace_cb cb, void  *data);
21
22=head1 DESCRIPTION
23
24If available (see L</Configure Tracing> below), the application can request
25internal trace output.
26This output comes in form of free text for humans to read.
27
28The trace output is divided into categories which can be
29enabled individually.
30Every category can be enabled individually by attaching a so-called
31I<trace channel> to it, which in the simplest case is just a BIO object
32to which the application can write the tracing output for this category.
33Alternatively, the application can provide a tracer callback in order to
34get more finegrained trace information. This callback will be wrapped
35internally by a dedicated BIO object.
36
37For the tracing code, both trace channel types are indistinguishable.
38These are called a I<simple trace channel> and a I<callback trace channel>,
39respectively.
40
41L<OSSL_TRACE_ENABLED(3)> can be used to check whether tracing is currently
42enabled for the given category.
43Functions like L<OSSL_TRACE1(3)> and macros like L<OSSL_TRACE_BEGIN(3)>
44can be used for producing free-text trace output.
45
46=head2 Functions
47
48OSSL_trace_set_channel() is used to enable the given trace C<category>
49by attaching the B<BIO> I<bio> object as (simple) trace channel.
50On success the ownership of the BIO is transferred to the channel,
51so the caller must not free it directly.
52
53OSSL_trace_set_prefix() and OSSL_trace_set_suffix() can be used to add
54an extra line for each channel, to be output before and after group of
55tracing output.
56What constitutes an output group is decided by the code that produces
57the output.
58The lines given here are considered immutable; for more dynamic
59tracing prefixes, consider setting a callback with
60OSSL_trace_set_callback() instead.
61
62OSSL_trace_set_callback() is used to enable the given trace
63I<category> by giving it the tracer callback I<cb> with the associated
64data I<data>, which will simply be passed through to I<cb> whenever
65it's called. The callback function is internally wrapped by a
66dedicated BIO object, the so-called I<callback trace channel>.
67This should be used when it's desirable to do form the trace output to
68something suitable for application needs where a prefix and suffix
69line aren't enough.
70
71OSSL_trace_set_channel() and OSSL_trace_set_callback() are mutually
72exclusive, calling one of them will clear whatever was set by the
73previous call.
74
75Calling OSSL_trace_set_channel() with NULL for I<channel> or
76OSSL_trace_set_callback() with NULL for I<cb> disables tracing for
77the given I<category>.
78
79=head2 Trace callback
80
81The tracer callback must return a B<size_t>, which must be zero on
82error and otherwise return the number of bytes that were output.
83It receives a text buffer I<buf> with I<cnt> bytes of text, as well as
84the I<category>, a control number I<cmd>, and the I<data> that was
85passed to OSSL_trace_set_callback().
86
87The possible control numbers are:
88
89=over 4
90
91=item B<OSSL_TRACE_CTRL_BEGIN>
92
93The callback is called from OSSL_trace_begin(), which gives the
94callback the possibility to output a dynamic starting line, or set a
95prefix that should be output at the beginning of each line, or
96something other.
97
98=item B<OSSL_TRACE_CTRL_WRITE>
99
100This callback is called whenever data is written to the BIO by some
101regular BIO output routine.
102An arbitrary number of B<OSSL_TRACE_CTRL_WRITE> callbacks can occur
103inside a group marked by a pair of B<OSSL_TRACE_CTRL_BEGIN> and
104B<OSSL_TRACE_CTRL_END> calls, but never outside such a group.
105
106=item B<OSSL_TRACE_CTRL_END>
107
108The callback is called from OSSL_trace_end(), which gives the callback
109the possibility to output a dynamic ending line, or reset the line
110prefix that was set with B<OSSL_TRACE_CTRL_BEGIN>, or something other.
111
112=back
113
114=head2 Trace categories
115
116The trace categories are simple numbers available through macros.
117
118=over 4
119
120=item B<OSSL_TRACE_CATEGORY_TRACE>
121
122Traces the OpenSSL trace API itself.
123
124More precisely, this will generate trace output any time a new
125trace hook is set.
126
127=item B<OSSL_TRACE_CATEGORY_INIT>
128
129Traces OpenSSL library initialization and cleanup.
130
131This needs special care, as OpenSSL will do automatic cleanup after
132exit from C<main()>, and any tracing output done during this cleanup
133will be lost if the tracing channel or callback were cleaned away
134prematurely.
135A suggestion is to make such cleanup part of a function that's
136registered very early with L<atexit(3)>.
137
138=item B<OSSL_TRACE_CATEGORY_TLS>
139
140Traces the TLS/SSL protocol.
141
142=item B<OSSL_TRACE_CATEGORY_TLS_CIPHER>
143
144Traces the ciphers used by the TLS/SSL protocol.
145
146=item B<OSSL_TRACE_CATEGORY_CONF>
147
148Traces details about the provider and engine configuration.
149
150=item B<OSSL_TRACE_CATEGORY_ENGINE_TABLE>
151
152Traces the ENGINE algorithm table selection.
153
154More precisely, functions like ENGINE_get_pkey_asn1_meth_engine(),
155ENGINE_get_pkey_meth_engine(), ENGINE_get_cipher_engine(),
156ENGINE_get_digest_engine(), will generate trace summaries of the
157handling of internal tables.
158
159=item B<OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT>
160
161Traces the ENGINE reference counting.
162
163More precisely, both reference counts in the ENGINE structure will be
164monitored with a line of trace output generated for each change.
165
166=item B<OSSL_TRACE_CATEGORY_PKCS5V2>
167
168Traces PKCS#5 v2 key generation.
169
170=item B<OSSL_TRACE_CATEGORY_PKCS12_KEYGEN>
171
172Traces PKCS#12 key generation.
173
174=item B<OSSL_TRACE_CATEGORY_PKCS12_DECRYPT>
175
176Traces PKCS#12 decryption.
177
178=item B<OSSL_TRACE_CATEGORY_X509V3_POLICY>
179
180Traces X509v3 policy processing.
181
182More precisely, this generates the complete policy tree at various
183point during evaluation.
184
185=item B<OSSL_TRACE_CATEGORY_BN_CTX>
186
187Traces BIGNUM context operations.
188
189=item B<OSSL_TRACE_CATEGORY_CMP>
190
191Traces CMP client and server activity.
192
193=item B<OSSL_TRACE_CATEGORY_STORE>
194
195Traces STORE operations.
196
197=item B<OSSL_TRACE_CATEGORY_DECODER>
198
199Traces decoder operations.
200
201=item B<OSSL_TRACE_CATEGORY_ENCODER>
202
203Traces encoder operations.
204
205=item B<OSSL_TRACE_CATEGORY_REF_COUNT>
206
207Traces decrementing certain ASN.1 structure references.
208
209=item B<OSSL_TRACE_CATEGORY_HTTP>
210
211Traces the HTTP client, such as message headers being sent and received.
212
213=back
214
215There is also B<OSSL_TRACE_CATEGORY_ALL>, which works as a fallback
216and can be used to get I<all> trace output.
217
218Note, however, that in this case all trace output will effectively be
219associated with the 'ALL' category, which is undesirable if the
220application intends to include the category name in the trace output.
221In this case it is better to register separate channels for each
222trace category instead.
223
224=head1 RETURN VALUES
225
226OSSL_trace_set_channel(), OSSL_trace_set_prefix(),
227OSSL_trace_set_suffix(), and OSSL_trace_set_callback() return 1 on
228success, or 0 on failure.
229
230=head1 EXAMPLES
231
232In all examples below, the trace producing code is assumed to be
233the following:
234
235 int foo = 42;
236 const char bar[] = { 0,  1,  2,  3,  4,  5,  6,  7,
237                      8,  9, 10, 11, 12, 13, 14, 15 };
238
239 OSSL_TRACE_BEGIN(TLS) {
240     BIO_puts(trc_out, "foo: ");
241     BIO_printf(trc_out, "%d\n", foo);
242     BIO_dump(trc_out, bar, sizeof(bar));
243 } OSSL_TRACE_END(TLS);
244
245=head2 Simple example
246
247An example with just a channel and constant prefix / suffix.
248
249 int main(int argc, char *argv[])
250 {
251     BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
252     OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_SSL, err);
253     OSSL_trace_set_prefix(OSSL_TRACE_CATEGORY_SSL, "BEGIN TRACE[TLS]");
254     OSSL_trace_set_suffix(OSSL_TRACE_CATEGORY_SSL, "END TRACE[TLS]");
255
256     /* ... work ... */
257 }
258
259When the trace producing code above is performed, this will be output
260on standard error:
261
262 BEGIN TRACE[TLS]
263 foo: 42
264 0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f   ................
265 END TRACE[TLS]
266
267=head2 Advanced example
268
269This example uses the callback, and depends on pthreads functionality.
270
271 static size_t cb(const char *buf, size_t cnt,
272                 int category, int cmd, void *vdata)
273 {
274     BIO *bio = vdata;
275     const char *label = NULL;
276
277     switch (cmd) {
278     case OSSL_TRACE_CTRL_BEGIN:
279         label = "BEGIN";
280         break;
281     case OSSL_TRACE_CTRL_END:
282         label = "END";
283         break;
284     }
285
286     if (label != NULL) {
287         union {
288             pthread_t tid;
289             unsigned long ltid;
290         } tid;
291
292         tid.tid = pthread_self();
293         BIO_printf(bio, "%s TRACE[%s]:%lx\n",
294                    label, OSSL_trace_get_category_name(category), tid.ltid);
295     }
296     return (size_t)BIO_puts(bio, buf);
297 }
298
299 int main(int argc, char *argv[])
300 {
301     BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
302     OSSL_trace_set_callback(OSSL_TRACE_CATEGORY_SSL, cb, err);
303
304     /* ... work ... */
305 }
306
307The output is almost the same as for the simple example above.
308
309 BEGIN TRACE[TLS]:7f9eb0193b80
310 foo: 42
311 0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f   ................
312 END TRACE[TLS]:7f9eb0193b80
313
314=head1 NOTES
315
316=head2 Configure Tracing
317
318By default, the OpenSSL library is built with tracing disabled. To
319use the tracing functionality documented here, it is therefore
320necessary to configure and build OpenSSL with the 'enable-trace' option.
321
322When the library is built with tracing disabled, the macro
323B<OPENSSL_NO_TRACE> is defined in F<< <openssl/opensslconf.h> >> and all
324functions described here are inoperational, i.e. will do nothing.
325
326=head1 SEE ALSO
327
328L<OSSL_TRACE_ENABLED(3)>, L<OSSL_TRACE_BEGIN(3)>, L<OSSL_TRACE1(3)>,
329L<atexit(3)>
330
331=head1 HISTORY
332
333OSSL_trace_set_channel(), OSSL_trace_set_prefix(),
334OSSL_trace_set_suffix(), and OSSL_trace_set_callback() were all added
335in OpenSSL 3.0.
336
337=head1 COPYRIGHT
338
339Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
340
341Licensed under the Apache License 2.0 (the "License").  You may not use
342this file except in compliance with the License.  You can obtain a copy
343in the file LICENSE in the source distribution or at
344L<https://www.openssl.org/source/license.html>.
345
346=cut
347