summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2003-03-19 11:17:13 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2003-03-19 11:17:13 +0000
commit5d06b6a64918d38be816a764ae7e6144a0e8e38e (patch)
treea10660eb6aa5840a572128c079eea72c10dd700e
parent619181e8eaace84aec8e3ea0beec2e1d3f6e2e6a (diff)
downloadgnutls-5d06b6a64918d38be816a764ae7e6144a0e8e38e.tar.gz
* Improved the error logging functions, by adding a level, and
by allowing debugging messages just by increasing the level.
Diffstat
-rw-r--r--NEWS2
-rw-r--r--configure.in6
-rw-r--r--lib/auth_rsa.c2
-rw-r--r--lib/debug.c66
-rw-r--r--lib/debug.h4
-rw-r--r--lib/dh_compat.c2
-rw-r--r--lib/gnutls.h.in.in3
-rw-r--r--lib/gnutls_alert.c3
-rw-r--r--lib/gnutls_alert.h1
-rw-r--r--lib/gnutls_buffers.c5
-rw-r--r--lib/gnutls_constate.c7
-rw-r--r--lib/gnutls_dh_primes.c2
-rw-r--r--lib/gnutls_errors.c10
-rw-r--r--lib/gnutls_errors.h116
-rw-r--r--lib/gnutls_extensions.c6
-rw-r--r--lib/gnutls_global.c38
-rw-r--r--lib/gnutls_handshake.c14
-rw-r--r--lib/gnutls_int.h6
-rw-r--r--lib/gnutls_kx.c11
-rw-r--r--lib/gnutls_pk.c9
-rw-r--r--lib/gnutls_sig.c6
-rw-r--r--lib/rsa_compat.c2
-rw-r--r--lib/x509/dn.c2
-rw-r--r--lib/x509/x509.c2
-rw-r--r--libextra/auth_srp.c18
-rw-r--r--libextra/gnutls_openpgp.c3
-rw-r--r--src/cli.c4
27 files changed, 159 insertions, 191 deletions
diff --git a/NEWS b/NEWS
index f868290f8e..0efd0302a4 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ Version 0.9.3
- Support for MD2 was dropped.
- Only basic X.509 functionality is included in the gnutls library.
The rest was moved to the libgnutls-x509.
+- Improved the error logging functions, by adding a level, and
+ by allowing debugging messages just by increasing the level.
Version 0.9.2 (15/03/2003)
- Some corrections in the memory mapping code (file is unmapped after
diff --git a/configure.in b/configure.in
index 194cc0fa71..57f58694b2 100644
--- a/configure.in
+++ b/configure.in
@@ -76,8 +76,12 @@ AC_MSG_RESULT([***
*** Checking for compilation programs...
])
+SAVED_CFLAGS="${CFLAGS}"
+
AC_PROG_CC
+CFLAGS="${SAVED_CFLAGS}"
+
AC_PROG_LN_S
@@ -114,7 +118,7 @@ affect compiling.])
if test $ac_cv_c_compiler_gnu != no; then
if test x$opt_developer_mode = xyes; then
- CFLAGS="${CFLAGS} -Wall -Wcast-align -W -Wpointer-arith -Wchar-subscripts -Wformat-security -Wmissing-braces -Wsign-compare -Winline -Wstrict-prototypes"
+ CFLAGS="${CFLAGS} -g -Wall -Wcast-align -W -Wpointer-arith -Wchar-subscripts -Wformat-security -Wmissing-braces -Wsign-compare -Winline -Wstrict-prototypes"
else
CFLAGS="${CFLAGS} -O2 -finline-functions"
fi
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index 961adde5d7..31f26f4e0c 100644
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -248,7 +248,7 @@ int _gnutls_proc_rsa_client_kx(gnutls_session session, opaque * data, size_t _da
*/
ret = 0;
gnutls_assert();
- _gnutls_log("auth_rsa: Possible PKCS-1 format attack\n");
+ _gnutls_x509_log("auth_rsa: Possible PKCS-1 format attack\n");
RANDOMIZE_KEY(session->key->key,
gnutls_secure_malloc, GNUTLS_WEAK_RANDOM);
diff --git a/lib/debug.c b/lib/debug.c
index 4cf1da5296..3d2a8e5a54 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -26,15 +26,6 @@
#ifdef DEBUG
-void _gnutls_dump_mpi(char* prefix, GNUTLS_MPI a)
-{
- char buf[1024];
- size_t n = sizeof buf;
-
- if (gcry_mpi_print(GCRYMPI_FMT_HEX, buf, &n, a))
- strcpy(buf, "[can't print value]"); /* Flawfinder: ignore */
- _gnutls_debug_log( "GNUTLS_MPI: length: %d\n\t%s%s\n", (n-1)/2, prefix, buf);
-}
void _gnutls_print_state(gnutls_session session)
{
@@ -52,72 +43,69 @@ void _gnutls_print_state(gnutls_session session)
}
+#endif
const char* _gnutls_packet2str( int packet) {
-static char str[512];
-
switch(packet) {
case GNUTLS_CHANGE_CIPHER_SPEC:
- strcpy(str, "Change Cipher Spec");
- break;
+ return "Change Cipher Spec";
case GNUTLS_ALERT:
- strcpy(str, "Alert");
- break;
+ return "Alert";
case GNUTLS_HANDSHAKE:
- strcpy(str, "Handshake");
- break;
+ return "Handshake";
case GNUTLS_APPLICATION_DATA:
- strcpy(str, "Application Data");
- break;
+ return "Application Data";
default:
- strcpy(str, "Unknown Packet");
-
+ return "Unknown Packet";
}
- return str;
-
}
const char* _gnutls_handshake2str( int handshake) {
-static char str[512];
switch(handshake) {
case GNUTLS_HELLO_REQUEST:
- strcpy(str, "HELLO REQUEST");
- break;
+ return "HELLO REQUEST";
+ break;
case GNUTLS_CLIENT_HELLO:
- strcpy(str, "CLIENT HELLO");
+ return "CLIENT HELLO";
break;
case GNUTLS_SERVER_HELLO:
- strcpy(str, "SERVER HELLO");
+ return "SERVER HELLO";
break;
case GNUTLS_CERTIFICATE_PKT:
- strcpy(str, "CERTIFICATE");
+ return "CERTIFICATE";
break;
case GNUTLS_SERVER_KEY_EXCHANGE:
- strcpy(str, "SERVER KEY EXCHANGE");
+ return "SERVER KEY EXCHANGE";
break;
case GNUTLS_CERTIFICATE_REQUEST:
- strcpy(str, "CERTIFICATE REQUEST");
+ return "CERTIFICATE REQUEST";
break;
case GNUTLS_SERVER_HELLO_DONE:
- strcpy(str, "SERVER HELLO DONE");
+ return "SERVER HELLO DONE";
break;
case GNUTLS_CERTIFICATE_VERIFY:
- strcpy(str, "CERTIFICATE VERIFY");
+ return "CERTIFICATE VERIFY";
break;
case GNUTLS_CLIENT_KEY_EXCHANGE:
- strcpy(str, "CLIENT KEY EXCHANGE");
+ return "CLIENT KEY EXCHANGE";
break;
case GNUTLS_FINISHED:
- strcpy(str, "FINISHED");
+ return "FINISHED";
break;
default:
- strcpy(str, "Unknown Handshake");
+ return "Unknown Handshake packet";
}
- return str;
-
}
-#endif
+void _gnutls_dump_mpi(char* prefix, GNUTLS_MPI a)
+{
+ char buf[1024];
+ size_t n = sizeof buf;
+
+ if (gcry_mpi_print(GCRYMPI_FMT_HEX, buf, &n, a))
+ strcpy(buf, "[can't print value]"); /* Flawfinder: ignore */
+ _gnutls_hard_log( "GNUTLS_MPI: length: %d\n\t%s%s\n", (n-1)/2, prefix, buf);
+}
diff --git a/lib/debug.h b/lib/debug.h
index 63779a75a8..c7db8bf09c 100644
--- a/lib/debug.h
+++ b/lib/debug.h
@@ -20,7 +20,7 @@
#ifdef DEBUG
void _gnutls_print_state(gnutls_session session);
-void _gnutls_dump_mpi(char* prefix,MPI a);
+#endif
const char* _gnutls_packet2str( int packet);
const char* _gnutls_handshake2str( int handshake);
-#endif
+void _gnutls_dump_mpi(char* prefix, GNUTLS_MPI a);
diff --git a/lib/dh_compat.c b/lib/dh_compat.c
index 5394035bd1..f1bec80adf 100644
--- a/lib/dh_compat.c
+++ b/lib/dh_compat.c
@@ -136,7 +136,7 @@ int gnutls_dh_params_generate(gnutls_datum * prime,
{
opaque buffer[512];
- _gnutls_log
+ _gnutls_debug_log
("dh_params_generate: Generated %d bits prime %s, generator %s.\n",
bits, _gnutls_bin2hex(prime->data, prime->size, buffer, sizeof(buffer)),
_gnutls_bin2hex(generator->data, generator->size, buffer, sizeof(buffer)));
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in
index b3ac25f277..b1b521f512 100644
--- a/lib/gnutls.h.in.in
+++ b/lib/gnutls.h.in.in
@@ -343,8 +343,9 @@ extern gnutls_alloc_function gnutls_malloc;
extern gnutls_calloc_function gnutls_calloc;
extern gnutls_free_function gnutls_free;
-typedef void (*gnutls_log_func)( const char*);
+typedef void (*gnutls_log_func)( int, const char*);
void gnutls_global_set_log_function( gnutls_log_func log_func);
+void gnutls_global_set_log_level( int level);
/* Diffie Hellman parameter handling.
*/
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index 7740d121e0..704024c23f 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -76,7 +76,8 @@ static const gnutls_alert_entry sup_alerts[] = {
* See. gnutls_alert_get().
*
**/
-const char* gnutls_alert_get_name( gnutls_alert_level alert) {
+const char* gnutls_alert_get_name( gnutls_alert_level alert)
+{
const char* ret = NULL;
GNUTLS_ALERT_ID_LOOP( ret = p->desc);
diff --git a/lib/gnutls_alert.h b/lib/gnutls_alert.h
index 4dce992a7d..ba815c889a 100644
--- a/lib/gnutls_alert.h
+++ b/lib/gnutls_alert.h
@@ -19,3 +19,4 @@ typedef enum AlertDescription {
gnutls_alert_description gnutls_alert_get( gnutls_session session);
int gnutls_alert_send( gnutls_session session, gnutls_alert_level level, gnutls_alert_description desc);
+const char* gnutls_alert_get_name( gnutls_alert_level alert);
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 11746fa3f8..03d8ca63e6 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -401,7 +401,8 @@ ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t
/* copy fresh data to our buffer.
*/
if (ret > 0) {
- _gnutls_read_log("RB: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", session->internals.record_recv_buffer.length, ret, sizeOfPtr);
+ _gnutls_read_log("RB: Have %d bytes into buffer. Adding %d bytes.\n", session->internals.record_recv_buffer.length, ret);
+ _gnutls_read_log("RB: Requested %d bytes\n", sizeOfPtr);
session->internals.record_recv_buffer.length += ret;
}
@@ -937,7 +938,7 @@ int _gnutls_handshake_buffer_get_ptr( gnutls_session session, char **data_ptr, s
if (length!=NULL)
*length = session->internals.handshake_hash_buffer.length;
- _gnutls_buffers_log( "BUF[HSK]: Peeded %d bytes of Data\n", length);
+ _gnutls_buffers_log( "BUF[HSK]: Peeked %d bytes of Data\n", *length);
if (data_ptr!=NULL)
*data_ptr = session->internals.handshake_hash_buffer.data;
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index fc75d27832..feffe96b6b 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -62,6 +62,7 @@ int _gnutls_set_keys(gnutls_session session, int hash_size, int IV_size,
char rrandom[2 * TLS_RANDOM_SIZE];
int pos, ret;
int block_size;
+ char buf[64];
if (session->cipher_specs.generated_keys != 0) {
/* keys have already been generated.
@@ -114,7 +115,7 @@ int _gnutls_set_keys(gnutls_session session, int hash_size, int IV_size,
}
_gnutls_hard_log("INT: KEY BLOCK[%d]: %s\n", block_size,
- _gnutls_bin2hex(key_block, block_size));
+ _gnutls_bin2hex(key_block, block_size, buf, sizeof(buf)));
pos = 0;
if (hash_size > 0) {
@@ -240,7 +241,7 @@ int _gnutls_set_keys(gnutls_session session, int hash_size, int IV_size,
_gnutls_hard_log("INT: CLIENT WRITE KEY [%d]: %s\n",
client_write_key_size,
_gnutls_bin2hex(client_write_key,
- client_write_key_size));
+ client_write_key_size, buf, sizeof(buf)));
if (_gnutls_sset_datum
(&session->cipher_specs.server_write_key,
@@ -254,7 +255,7 @@ int _gnutls_set_keys(gnutls_session session, int hash_size, int IV_size,
_gnutls_hard_log("INT: SERVER WRITE KEY [%d]: %s\n",
server_write_key_size,
_gnutls_bin2hex(server_write_key,
- server_write_key_size));
+ server_write_key_size, buf, sizeof(buf)));
if (free_keys != 0) {
gnutls_free(server_write_key);
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index f8635509d9..a966e33378 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -280,7 +280,7 @@ int gnutls_dh_params_import_pkcs3(gnutls_dh_params params,
if (result != ASN1_SUCCESS) {
/* couldn't decode DER */
- _gnutls_log("DHParams: Decoding error %d\n", result);
+ _gnutls_x509_log("DHParams: Decoding error %d\n", result);
gnutls_assert();
asn1_delete_structure(&c2);
return _gnutls_asn2err(result);
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 68cb2c85cd..7f775e5758 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -26,7 +26,7 @@
# include <stdarg.h>
#endif
-extern void (*_gnutls_log_func)( const char*);
+extern void (*_gnutls_log_func)( int, const char*);
#define ERROR_ENTRY(desc, name, fatal) \
{ desc, #name, name, fatal}
@@ -251,18 +251,18 @@ int _gnutls_asn2err( int asn_err) {
/* this function will output a message using the
* caller provided function
*/
-void _gnutls_log( const char *fmt, ...) {
+void _gnutls_log( int level, const char *fmt, ...) {
va_list args;
char str[MAX_LOG_SIZE];
- void (*log_func)(const char*) = _gnutls_log_func;
+ void (*log_func)(int, const char*) = _gnutls_log_func;
if (_gnutls_log_func==NULL) return;
va_start(args,fmt);
- vsprintf( str,fmt,args); /* Flawfinder: ignore */
+ vsnprintf( str, MAX_LOG_SIZE - 1, fmt, args); /* Flawfinder: ignore */
va_end(args);
- log_func( str);
+ log_func( level, str);
return;
}
diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h
index 58fd9a0419..922447cfc1 100644
--- a/lib/gnutls_errors.h
+++ b/lib/gnutls_errors.h
@@ -18,19 +18,16 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
+#include <defines.h>
#include "gnutls_errors_int.h"
-#ifdef DEBUG
-# ifdef __FILE__
-# ifdef __LINE__
-# define gnutls_assert() _gnutls_debug_log( "GNUTLS_ASSERT: %s:%d\n", __FILE__,__LINE__);
-# else
-# define gnutls_assert()
-# endif
-# else /* __FILE__ defined */
+#ifdef __FILE__
+# ifdef __LINE__
+# define gnutls_assert() _gnutls_debug_log( "ASSERT: %s:%d\n", __FILE__,__LINE__);
+# else
# define gnutls_assert()
# endif
-#else /* no debug */
+#else /* __FILE__ not defined */
# define gnutls_assert()
#endif
@@ -39,87 +36,38 @@ const char* gnutls_strerror(int error);
void gnutls_perror(int error);
int gnutls_error_is_fatal( int error);
-void _gnutls_log( const char *fmt, ...);
-
-#ifdef DEBUG
-# define _gnutls_debug_log _gnutls_log
-
-# ifdef HANDSHAKE_DEBUG
-# define _gnutls_handshake_log _gnutls_log
-# else
-# define _gnutls_handshake_log( ...)
-# endif
-
-# ifdef IO_DEBUG
-# define _gnutls_io_log _gnutls_log
-# else
-# define _gnutls_io_log( ...)
-# endif
+void _gnutls_log( int, const char *fmt, ...);
-# ifdef BUFFERS_DEBUG
-# define _gnutls_buffers_log _gnutls_log
-# else
-# define _gnutls_buffers_log( ...)
-# endif
+extern int _gnutls_log_level;
-# ifdef HARD_DEBUG
-# define _gnutls_hard_log _gnutls_log
-# else
-# define _gnutls_hard_log( ...)
-# endif
+#ifdef C99_MACROS
+#define LEVEL(l, ...) if (_gnutls_log_level >= l || _gnutls_log_level > 9) \
+ _gnutls_log( l, __VA_ARGS__)
-# ifdef RECORD_DEBUG
-# define _gnutls_record_log _gnutls_log
-# else
-# define _gnutls_record_log( ...)
-# endif
-
-# ifdef READ_DEBUG
-# define _gnutls_read_log _gnutls_log
-# else
-# define _gnutls_read_log( ...)
-# endif
-
-# ifdef WRITE_DEBUG
-# define _gnutls_write_log _gnutls_log
-# else
-# define _gnutls_write_log( ...)
-# endif
-
-# ifdef X509_DEBUG
-# define _gnutls_x509_log _gnutls_log
-# else
-# define _gnutls_x509_log( ...)
-# endif
+#define LEVEL_EQ(l, ...) if (_gnutls_log_level == l || _gnutls_log_level > 9) \
+ _gnutls_log( l, __VA_ARGS__)
+# define _gnutls_debug_log(...) LEVEL(2, __VA_ARGS__)
+# define _gnutls_handshake_log(...) LEVEL(3, __VA_ARGS__)
+# define _gnutls_io_log(...) LEVEL_EQ(5, __VA_ARGS__)
+# define _gnutls_buffers_log(...) LEVEL_EQ(6, __VA_ARGS__)
+# define _gnutls_hard_log(...) LEVEL(9, __VA_ARGS__)
+# define _gnutls_record_log(...) LEVEL(4, __VA_ARGS__)
+# define _gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__)
+# define _gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__)
+# define _gnutls_x509_log(...) LEVEL(1, __VA_ARGS__)
#else
-
-/* FIXME: These macros only work with C99 compliant compilers
- */
-# ifdef C99_MACROS
-# define _gnutls_debug_log(...)
-# define _gnutls_handshake_log( ...)
-# define _gnutls_io_log( ...)
-# define _gnutls_buffers_log( ...)
-# define _gnutls_hard_log( ...)
-# define _gnutls_record_log( ...)
-# define _gnutls_read_log( ...)
-# define _gnutls_write_log( ...)
-# define _gnutls_x509_log( ...)
-# else
-# define _gnutls_debug_log _gnutls_null_log
-# define _gnutls_handshake_log _gnutls_null_log
-# define _gnutls_io_log _gnutls_null_log
-# define _gnutls_buffers_log _gnutls_null_log
-# define _gnutls_hard_log _gnutls_null_log
-# define _gnutls_record_log _gnutls_null_log
-# define _gnutls_read_log _gnutls_null_log
-# define _gnutls_write_log _gnutls_null_log
-# define _gnutls_x509_log _gnutls_null_log
+# define _gnutls_debug_log _gnutls_null_log
+# define _gnutls_handshake_log _gnutls_null_log
+# define _gnutls_io_log _gnutls_null_log
+# define _gnutls_buffers_log _gnutls_null_log
+# define _gnutls_hard_log _gnutls_null_log
+# define _gnutls_record_log _gnutls_null_log
+# define _gnutls_read_log _gnutls_null_log
+# define _gnutls_write_log _gnutls_null_log
+# define _gnutls_x509_log _gnutls_null_log
void _gnutls_null_log( void*, ...);
-# endif /* C99_MACROS */
-
-#endif /* DEBUG */
+#endif /* C99_MACROS */
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index cd24fad671..d0177f5709 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -111,7 +111,7 @@ int i;
if (session->security_parameters.entity==GNUTLS_CLIENT)
for (i=0;i<session->internals.extensions_sent_size;i++) {
- _gnutls_log("extensions: expecting extension %d\n", session->internals.extensions_sent[i]);
+ _gnutls_debug_log("extensions: expecting extension %d\n", session->internals.extensions_sent[i]);
}
#endif
@@ -163,9 +163,7 @@ static void _gnutls_extension_list_add( gnutls_session session, uint16 type) {
session->internals.extensions_sent[session->internals.extensions_sent_size] = type;
session->internals.extensions_sent_size++;
} else {
-#ifdef DEBUG
- _gnutls_log("extensions: Increase MAX_EXT_TYPES\n");
-#endif
+ _gnutls_debug_log("extensions: Increase MAX_EXT_TYPES\n");
}
}
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index 0b7bd55c81..237d1b0df5 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -24,14 +24,15 @@
#include <libtasn1.h>
#include <gnutls_dh.h>
-typedef void (*LOG_FUNC)( const char*);
-#define GNUTLS_LOG_FUNC LOG_FUNC
+typedef void (*LOG_FUNC)( int, const char*);
+#define gnutls_log_func LOG_FUNC
/* created by asn1c */
extern const ASN1_ARRAY_TYPE gnutls_asn1_tab[];
extern const ASN1_ARRAY_TYPE pkix_asn1_tab[];
LOG_FUNC _gnutls_log_func;
+int _gnutls_log_level = 2; /* default log level */
static ASN1_TYPE PKIX1_ASN;
static ASN1_TYPE GNUTLS_ASN;
@@ -49,21 +50,40 @@ ASN1_TYPE _gnutls_get_gnutls_asn(void) {
* gnutls_global_set_log_function - This function sets the logging function
* @log_func: it's a log function
*
- * This is the function were you set the logging function gnutls
+ * This is the function where you set the logging function gnutls
* is going to use. This function only accepts a character array.
- * Normaly you may not use this function since
- * it is only used for debugging reasons.
- * LOG_FUNC is of the form,
- * void (*LOG_FUNC)( const char*);
+ * Normaly you may not use this function since it is only used
+ * for debugging purposes.
+ *
+ * gnutls_log_func is of the form,
+ * void (*gnutls_log_func)( int level, const char*);
**/
-void gnutls_global_set_log_function( GNUTLS_LOG_FUNC log_func) {
+void gnutls_global_set_log_function( gnutls_log_func log_func)
+{
_gnutls_log_func = log_func;
}
+/**
+ * gnutls_global_set_log_level - This function sets the logging level
+ * @level: it's an integer from 0 to 9.
+ *
+ * This is the function that allows you to set the log level.
+ * The level is an integer between 0 and 9. Higher values mean
+ * more verbosity. The default value is 2. Larger values should
+ * only be used with care, since they may reveal sensitive information.
+ *
+ * Use the log level '0' to disable logging.
+ *
+ **/
+void gnutls_global_set_log_level( int level)
+{
+ _gnutls_log_level = level;
+}
+
#ifdef DEBUG
/* default logging function */
-static void dlog( const char* str) {
+static void dlog( int level, const char* str) {
fputs( str, stderr);
}
#endif
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 4eff808aa9..244fc1ca2f 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1181,10 +1181,11 @@ static int _gnutls_client_check_if_resuming(gnutls_session session,
opaque * session_id,
int session_id_len)
{
+char buf[64];
_gnutls_handshake_log("HSK: SessionID length: %d\n", session_id_len);
_gnutls_handshake_log("HSK: SessionID: %s\n",
- _gnutls_bin2hex(session_id, session_id_len));
+ _gnutls_bin2hex(session_id, session_id_len, buf, sizeof(buf)));
if ((session->internals.resumed_security_parameters.
session_id_size > 0)
@@ -1605,6 +1606,7 @@ static int _gnutls_send_server_hello(gnutls_session session, int again)
uint8 comp;
opaque *SessionID = session->security_parameters.session_id;
uint8 session_id_len = session->security_parameters.session_id_size;
+ char buf[64];
if (SessionID == NULL)
session_id_len = 0;
@@ -1647,7 +1649,7 @@ static int _gnutls_send_server_hello(gnutls_session session, int again)
pos += session_id_len;
_gnutls_handshake_log("HSK: SessionID: %s\n",
- _gnutls_bin2hex(SessionID, session_id_len));
+ _gnutls_bin2hex(SessionID, session_id_len, buf, sizeof(buf)));
memcpy(&data[pos],
session->security_parameters.
@@ -1902,6 +1904,8 @@ int _gnutls_handshake_client(gnutls_session session)
int ret = 0;
#ifdef HANDSHAKE_DEBUG
+ char buf[64];
+
if (session->internals.resumed_security_parameters.
session_id_size > 0)
_gnutls_handshake_log("HSK: Ask to resume: %s\n",
@@ -1910,7 +1914,7 @@ int _gnutls_handshake_client(gnutls_session session)
session_id,
session->internals.
resumed_security_parameters.
- session_id_size));
+ session_id_size, buf, sizeof(buf)));
#endif
switch (STATE) {
@@ -2246,7 +2250,9 @@ int _gnutls_handshake_common(gnutls_session session)
int _gnutls_generate_session_id(char *session_id, uint8 * len)
{
+ char buf[64];
opaque rand[TLS_RANDOM_SIZE];
+
if (_gnutls_get_random(rand, TLS_RANDOM_SIZE, GNUTLS_WEAK_RANDOM) <
0) {
gnutls_assert();
@@ -2256,7 +2262,7 @@ int _gnutls_generate_session_id(char *session_id, uint8 * len)
*len = TLS_RANDOM_SIZE;
_gnutls_handshake_log("HSK: Generated SessionID: %s\n",
- _gnutls_bin2hex(session_id, TLS_RANDOM_SIZE));
+ _gnutls_bin2hex(session_id, TLS_RANDOM_SIZE, buf, sizeof(buf)));
return 0;
}
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 1e3ad64860..95ceadeac7 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -26,14 +26,14 @@
#include <defines.h>
/*
+ * They are not needed any more. You can simply enable
+ * the gnutls_log callback to get error descriptions.
+
#define IO_DEBUG 3 // define this to check non blocking behaviour
#define BUFFERS_DEBUG
-#define HARD_DEBUG
#define WRITE_DEBUG
#define READ_DEBUG
#define HANDSHAKE_DEBUG // Prints some information on handshake
-#define X509_DEBUG
-#define RECORD_DEBUG
#define COMPRESSION_DEBUG
#define DEBUG
*/
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index 395b5019c6..18f06f8129 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -54,13 +54,14 @@ int _gnutls_generate_master( gnutls_session session) {
static int generate_normal_master( gnutls_session session) {
int ret = 0;
char random[2*TLS_RANDOM_SIZE];
+char buf[64];
memcpy(random, session->security_parameters.client_random, TLS_RANDOM_SIZE);
memcpy(&random[TLS_RANDOM_SIZE], session->security_parameters.server_random, TLS_RANDOM_SIZE);
- _gnutls_hard_log( "INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, _gnutls_bin2hex(PREMASTER.data, PREMASTER.size));
- _gnutls_hard_log( "INT: CLIENT RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(session->security_parameters.client_random,32));
- _gnutls_hard_log( "INT: SERVER RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(session->security_parameters.server_random,32));
+ _gnutls_hard_log( "INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, _gnutls_bin2hex(PREMASTER.data, PREMASTER.size, buf, sizeof(buf)));
+ _gnutls_hard_log( "INT: CLIENT RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(session->security_parameters.client_random,32, buf, sizeof(buf)));
+ _gnutls_hard_log( "INT: SERVER RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(session->security_parameters.server_random,32, buf, sizeof(buf)));
if ( gnutls_protocol_get_version( session) == GNUTLS_SSL3) {
ret =
@@ -78,8 +79,8 @@ char random[2*TLS_RANDOM_SIZE];
_gnutls_free_datum(&PREMASTER);
if (ret<0) return ret;
-
- _gnutls_hard_log( "INT: MASTER SECRET: %s\n", _gnutls_bin2hex(session->security_parameters.master_secret, TLS_MASTER_SIZE));
+
+ _gnutls_hard_log( "INT: MASTER SECRET: %s\n", _gnutls_bin2hex(session->security_parameters.master_secret, TLS_MASTER_SIZE, buf, sizeof(buf)));
return ret;
}
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 48205210ea..ac8eab67dc 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -642,7 +642,9 @@ int _gnutls_pk_sign(int algo, GNUTLS_MPI* data, GNUTLS_MPI hash, GNUTLS_MPI * pk
"(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
pkey[0], pkey[1], pkey[2],
pkey[3], pkey[4]);
- else gnutls_assert();
+ else {
+ gnutls_assert();
+ }
break;
case GCRY_PK_RSA:
@@ -650,8 +652,9 @@ int _gnutls_pk_sign(int algo, GNUTLS_MPI* data, GNUTLS_MPI hash, GNUTLS_MPI * pk
rc = gcry_sexp_build(&s_key, NULL,
"(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
pkey[0], pkey[1], pkey[2], pkey[3], pkey[4], pkey[5]);
- else gnutls_assert();
-
+ else {
+ gnutls_assert();
+ }
break;
default:
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 07f4b80825..f13ca6372a 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -79,8 +79,9 @@ GNUTLS_MAC_HANDLE td_sha;
return GNUTLS_E_INTERNAL_ERROR;
}
ret = _gnutls_tls_sign( cert, pkey, &dconcat, signature);
- if (ret < 0)
+ if (ret < 0) {
gnutls_assert();
+ }
return ret;
@@ -137,8 +138,9 @@ opaque concat[36];
return GNUTLS_E_INTERNAL_ERROR;
}
ret = _gnutls_tls_sign( cert, pkey, &dconcat, signature);
- if (ret < 0)
+ if (ret < 0) {
gnutls_assert();
+ }
return ret;
diff --git a/lib/rsa_compat.c b/lib/rsa_compat.c
index 43922e1a50..5539d5e6c8 100644
--- a/lib/rsa_compat.c
+++ b/lib/rsa_compat.c
@@ -279,7 +279,7 @@ int gnutls_rsa_params_generate(gnutls_datum * m, gnutls_datum *e,
{
opaque buffer[512];
- _gnutls_log("rsa_params_generate: Generated %d bits modulus %s, exponent %s.\n",
+ _gnutls_debug_log("rsa_params_generate: Generated %d bits modulus %s, exponent %s.\n",
bits, _gnutls_bin2hex(m->data, m->size, buffer, sizeof(buffer)),
_gnutls_bin2hex( e->data, e->size, buffer, sizeof(buffer)));
}
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 5803e582fa..e471dea70b 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -242,7 +242,7 @@ int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
&sizeof_string))
< 0) {
gnutls_assert();
- _gnutls_log("Found OID: '%s' with value '%s'\n",
+ _gnutls_x509_log("Found OID: '%s' with value '%s'\n",
oid, _gnutls_bin2hex(value, len, escaped, sizeof(escaped)) );
goto cleanup;
}
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 00f4f2757b..39daebe038 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -582,7 +582,7 @@ int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt cert,
if (result != ASN1_SUCCESS) {
/* couldn't decode DER */
- _gnutls_log("X509 certificate: Decoding error %d\n", result);
+ _gnutls_x509_log("X509 certificate: Decoding error %d\n", result);
gnutls_assert();
asn1_delete_structure(&c2);
return _gnutls_asn2err(result);
diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c
index 3e4d84c9f8..8e4208e854 100644
--- a/libextra/auth_srp.c
+++ b/libextra/auth_srp.c
@@ -78,6 +78,7 @@ int _gnutls_gen_srp_server_kx(gnutls_session state, opaque ** data)
SRP_SERVER_AUTH_INFO info;
ssize_t data_size;
size_t n_b, tmp_size;
+ char buf[64];
uint8 *data_b;
if (state->security_parameters.extensions.srp_username[0] == 0) {
@@ -175,7 +176,7 @@ int _gnutls_gen_srp_server_kx(gnutls_session state, opaque ** data)
return GNUTLS_E_MPI_PRINT_FAILED;
_gnutls_write_uint16( n_b, data_b);
- _gnutls_hard_log( "INT: SRP B[%d]: %s\n", n_b, _gnutls_bin2hex(&data_b[2], n_b));
+ _gnutls_hard_log( "INT: SRP B[%d]: %s\n", n_b, _gnutls_bin2hex(&data_b[2], n_b, buf, sizeof(buf)));
_gnutls_srp_entry_free( pwd_entry);
@@ -189,6 +190,7 @@ int _gnutls_gen_srp_client_kx(gnutls_session state, opaque ** data)
int ret;
uint8 *data_a;
char *username;
+ char buf[64];
char *password;
const gnutls_srp_client_credentials cred =
_gnutls_get_cred(state->key, GNUTLS_CRD_SRP, NULL);
@@ -229,9 +231,7 @@ int _gnutls_gen_srp_client_kx(gnutls_session state, opaque ** data)
return GNUTLS_E_MEMORY_ERROR;
}
-#ifdef HARD_DEBUG
_gnutls_dump_mpi( "SRP U: ", state->key->u);
-#endif
/* S = (B - g^x) ^ (a + u * x) % N */
S = _gnutls_calc_srp_S2( B, G, state->key->x, _a, state->key->u, N);
@@ -240,9 +240,7 @@ int _gnutls_gen_srp_client_kx(gnutls_session state, opaque ** data)
return GNUTLS_E_MEMORY_ERROR;
}
-#ifdef HARD_DEBUG
_gnutls_dump_mpi( "SRP B: ", B);
-#endif
_gnutls_mpi_release(&_b);
_gnutls_mpi_release(&V);
@@ -272,7 +270,7 @@ int _gnutls_gen_srp_client_kx(gnutls_session state, opaque ** data)
gnutls_free( *data);
return GNUTLS_E_MPI_PRINT_FAILED;
}
- _gnutls_hard_log( "INT: SRP A[%d]: %s\n", n_a, _gnutls_bin2hex(&data_a[2], n_a));
+ _gnutls_hard_log( "INT: SRP A[%d]: %s\n", n_a, _gnutls_bin2hex(&data_a[2], n_a, buf, sizeof(buf)));
_gnutls_mpi_release(&A);
@@ -298,12 +296,8 @@ int _gnutls_proc_srp_client_kx(gnutls_session state, opaque * data, size_t _data
return GNUTLS_E_MPI_SCAN_FAILED;
}
-#ifdef HARD_DEBUG
_gnutls_dump_mpi( "SRP A: ", A);
-#endif
-#ifdef HARD_DEBUG
_gnutls_dump_mpi( "SRP B: ", B);
-#endif
/* Start the SRP calculations.
* - Calculate u
@@ -314,9 +308,7 @@ int _gnutls_proc_srp_client_kx(gnutls_session state, opaque * data, size_t _data
return GNUTLS_E_MEMORY_ERROR;
}
-#ifdef HARD_DEBUG
_gnutls_dump_mpi( "SRP U: ", state->key->u);
-#endif
/* S = (A * v^u) ^ b % N
*/
@@ -326,9 +318,7 @@ int _gnutls_proc_srp_client_kx(gnutls_session state, opaque * data, size_t _data
return GNUTLS_E_MEMORY_ERROR;
}
-#ifdef HARD_DEBUG
_gnutls_dump_mpi( "SRP S: ", S);
-#endif
_gnutls_mpi_release(&A);
_gnutls_mpi_release(&_b);
diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c
index bd7341bd51..3ee8b9b897 100644
--- a/libextra/gnutls_openpgp.c
+++ b/libextra/gnutls_openpgp.c
@@ -1184,8 +1184,9 @@ leave:
kbx_blob_release( blob );
cdk_free( hd );
cdk_kbnode_release( knode );
- if( rc )
+ if( rc ) {
gnutls_assert();
+ }
return rc;
}
diff --git a/src/cli.c b/src/cli.c
index 1949d1b2e5..ffa3392c2c 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -562,9 +562,9 @@ int do_handshake(socket_st* socket)
}
-static void tls_log_func( const char* str)
+static void tls_log_func( int level, const char* str)
{
- fprintf(stderr, "|** %s", str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
void init_global_tls_stuff()
View Lorry Controller Status