diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-03-19 11:17:13 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-03-19 11:17:13 +0000 |
commit | 5d06b6a64918d38be816a764ae7e6144a0e8e38e (patch) | |
tree | a10660eb6aa5840a572128c079eea72c10dd700e | |
parent | 619181e8eaace84aec8e3ea0beec2e1d3f6e2e6a (diff) | |
download | gnutls-5d06b6a64918d38be816a764ae7e6144a0e8e38e.tar.gz |
* Improved the error logging functions, by adding a level, and
by allowing debugging messages just by increasing the level.
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | configure.in | 6 | ||||
-rw-r--r-- | lib/auth_rsa.c | 2 | ||||
-rw-r--r-- | lib/debug.c | 66 | ||||
-rw-r--r-- | lib/debug.h | 4 | ||||
-rw-r--r-- | lib/dh_compat.c | 2 | ||||
-rw-r--r-- | lib/gnutls.h.in.in | 3 | ||||
-rw-r--r-- | lib/gnutls_alert.c | 3 | ||||
-rw-r--r-- | lib/gnutls_alert.h | 1 | ||||
-rw-r--r-- | lib/gnutls_buffers.c | 5 | ||||
-rw-r--r-- | lib/gnutls_constate.c | 7 | ||||
-rw-r--r-- | lib/gnutls_dh_primes.c | 2 | ||||
-rw-r--r-- | lib/gnutls_errors.c | 10 | ||||
-rw-r--r-- | lib/gnutls_errors.h | 116 | ||||
-rw-r--r-- | lib/gnutls_extensions.c | 6 | ||||
-rw-r--r-- | lib/gnutls_global.c | 38 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 14 | ||||
-rw-r--r-- | lib/gnutls_int.h | 6 | ||||
-rw-r--r-- | lib/gnutls_kx.c | 11 | ||||
-rw-r--r-- | lib/gnutls_pk.c | 9 | ||||
-rw-r--r-- | lib/gnutls_sig.c | 6 | ||||
-rw-r--r-- | lib/rsa_compat.c | 2 | ||||
-rw-r--r-- | lib/x509/dn.c | 2 | ||||
-rw-r--r-- | lib/x509/x509.c | 2 | ||||
-rw-r--r-- | libextra/auth_srp.c | 18 | ||||
-rw-r--r-- | libextra/gnutls_openpgp.c | 3 | ||||
-rw-r--r-- | src/cli.c | 4 |
27 files changed, 159 insertions, 191 deletions
@@ -2,6 +2,8 @@ Version 0.9.3 - Support for MD2 was dropped. - Only basic X.509 functionality is included in the gnutls library. The rest was moved to the libgnutls-x509. +- Improved the error logging functions, by adding a level, and + by allowing debugging messages just by increasing the level. Version 0.9.2 (15/03/2003) - Some corrections in the memory mapping code (file is unmapped after diff --git a/configure.in b/configure.in index 194cc0fa71..57f58694b2 100644 --- a/configure.in +++ b/configure.in @@ -76,8 +76,12 @@ AC_MSG_RESULT([*** *** Checking for compilation programs... ]) +SAVED_CFLAGS="${CFLAGS}" + AC_PROG_CC +CFLAGS="${SAVED_CFLAGS}" + AC_PROG_LN_S @@ -114,7 +118,7 @@ affect compiling.]) if test $ac_cv_c_compiler_gnu != no; then if test x$opt_developer_mode = xyes; then - CFLAGS="${CFLAGS} -Wall -Wcast-align -W -Wpointer-arith -Wchar-subscripts -Wformat-security -Wmissing-braces -Wsign-compare -Winline -Wstrict-prototypes" + CFLAGS="${CFLAGS} -g -Wall -Wcast-align -W -Wpointer-arith -Wchar-subscripts -Wformat-security -Wmissing-braces -Wsign-compare -Winline -Wstrict-prototypes" else CFLAGS="${CFLAGS} -O2 -finline-functions" fi diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 961adde5d7..31f26f4e0c 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -248,7 +248,7 @@ int _gnutls_proc_rsa_client_kx(gnutls_session session, opaque * data, size_t _da */ ret = 0; gnutls_assert(); - _gnutls_log("auth_rsa: Possible PKCS-1 format attack\n"); + _gnutls_x509_log("auth_rsa: Possible PKCS-1 format attack\n"); RANDOMIZE_KEY(session->key->key, gnutls_secure_malloc, GNUTLS_WEAK_RANDOM); diff --git a/lib/debug.c b/lib/debug.c index 4cf1da5296..3d2a8e5a54 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -26,15 +26,6 @@ #ifdef DEBUG -void _gnutls_dump_mpi(char* prefix, GNUTLS_MPI a) -{ - char buf[1024]; - size_t n = sizeof buf; - - if (gcry_mpi_print(GCRYMPI_FMT_HEX, buf, &n, a)) - strcpy(buf, "[can't print value]"); /* Flawfinder: ignore */ - _gnutls_debug_log( "GNUTLS_MPI: length: %d\n\t%s%s\n", (n-1)/2, prefix, buf); -} void _gnutls_print_state(gnutls_session session) { @@ -52,72 +43,69 @@ void _gnutls_print_state(gnutls_session session) } +#endif const char* _gnutls_packet2str( int packet) { -static char str[512]; - switch(packet) { case GNUTLS_CHANGE_CIPHER_SPEC: - strcpy(str, "Change Cipher Spec"); - break; + return "Change Cipher Spec"; case GNUTLS_ALERT: - strcpy(str, "Alert"); - break; + return "Alert"; case GNUTLS_HANDSHAKE: - strcpy(str, "Handshake"); - break; + return "Handshake"; case GNUTLS_APPLICATION_DATA: - strcpy(str, "Application Data"); - break; + return "Application Data"; default: - strcpy(str, "Unknown Packet"); - + return "Unknown Packet"; } - return str; - } const char* _gnutls_handshake2str( int handshake) { -static char str[512]; switch(handshake) { case GNUTLS_HELLO_REQUEST: - strcpy(str, "HELLO REQUEST"); - break; + return "HELLO REQUEST"; + break; case GNUTLS_CLIENT_HELLO: - strcpy(str, "CLIENT HELLO"); + return "CLIENT HELLO"; break; case GNUTLS_SERVER_HELLO: - strcpy(str, "SERVER HELLO"); + return "SERVER HELLO"; break; case GNUTLS_CERTIFICATE_PKT: - strcpy(str, "CERTIFICATE"); + return "CERTIFICATE"; break; case GNUTLS_SERVER_KEY_EXCHANGE: - strcpy(str, "SERVER KEY EXCHANGE"); + return "SERVER KEY EXCHANGE"; break; case GNUTLS_CERTIFICATE_REQUEST: - strcpy(str, "CERTIFICATE REQUEST"); + return "CERTIFICATE REQUEST"; break; case GNUTLS_SERVER_HELLO_DONE: - strcpy(str, "SERVER HELLO DONE"); + return "SERVER HELLO DONE"; break; case GNUTLS_CERTIFICATE_VERIFY: - strcpy(str, "CERTIFICATE VERIFY"); + return "CERTIFICATE VERIFY"; break; case GNUTLS_CLIENT_KEY_EXCHANGE: - strcpy(str, "CLIENT KEY EXCHANGE"); + return "CLIENT KEY EXCHANGE"; break; case GNUTLS_FINISHED: - strcpy(str, "FINISHED"); + return "FINISHED"; break; default: - strcpy(str, "Unknown Handshake"); + return "Unknown Handshake packet"; } - return str; - } -#endif +void _gnutls_dump_mpi(char* prefix, GNUTLS_MPI a) +{ + char buf[1024]; + size_t n = sizeof buf; + + if (gcry_mpi_print(GCRYMPI_FMT_HEX, buf, &n, a)) + strcpy(buf, "[can't print value]"); /* Flawfinder: ignore */ + _gnutls_hard_log( "GNUTLS_MPI: length: %d\n\t%s%s\n", (n-1)/2, prefix, buf); +} diff --git a/lib/debug.h b/lib/debug.h index 63779a75a8..c7db8bf09c 100644 --- a/lib/debug.h +++ b/lib/debug.h @@ -20,7 +20,7 @@ #ifdef DEBUG void _gnutls_print_state(gnutls_session session); -void _gnutls_dump_mpi(char* prefix,MPI a); +#endif const char* _gnutls_packet2str( int packet); const char* _gnutls_handshake2str( int handshake); -#endif +void _gnutls_dump_mpi(char* prefix, GNUTLS_MPI a); diff --git a/lib/dh_compat.c b/lib/dh_compat.c index 5394035bd1..f1bec80adf 100644 --- a/lib/dh_compat.c +++ b/lib/dh_compat.c @@ -136,7 +136,7 @@ int gnutls_dh_params_generate(gnutls_datum * prime, { opaque buffer[512]; - _gnutls_log + _gnutls_debug_log ("dh_params_generate: Generated %d bits prime %s, generator %s.\n", bits, _gnutls_bin2hex(prime->data, prime->size, buffer, sizeof(buffer)), _gnutls_bin2hex(generator->data, generator->size, buffer, sizeof(buffer))); diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index b3ac25f277..b1b521f512 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -343,8 +343,9 @@ extern gnutls_alloc_function gnutls_malloc; extern gnutls_calloc_function gnutls_calloc; extern gnutls_free_function gnutls_free; -typedef void (*gnutls_log_func)( const char*); +typedef void (*gnutls_log_func)( int, const char*); void gnutls_global_set_log_function( gnutls_log_func log_func); +void gnutls_global_set_log_level( int level); /* Diffie Hellman parameter handling. */ diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c index 7740d121e0..704024c23f 100644 --- a/lib/gnutls_alert.c +++ b/lib/gnutls_alert.c @@ -76,7 +76,8 @@ static const gnutls_alert_entry sup_alerts[] = { * See. gnutls_alert_get(). * **/ -const char* gnutls_alert_get_name( gnutls_alert_level alert) { +const char* gnutls_alert_get_name( gnutls_alert_level alert) +{ const char* ret = NULL; GNUTLS_ALERT_ID_LOOP( ret = p->desc); diff --git a/lib/gnutls_alert.h b/lib/gnutls_alert.h index 4dce992a7d..ba815c889a 100644 --- a/lib/gnutls_alert.h +++ b/lib/gnutls_alert.h @@ -19,3 +19,4 @@ typedef enum AlertDescription { gnutls_alert_description gnutls_alert_get( gnutls_session session); int gnutls_alert_send( gnutls_session session, gnutls_alert_level level, gnutls_alert_description desc); +const char* gnutls_alert_get_name( gnutls_alert_level alert); diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index 11746fa3f8..03d8ca63e6 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -401,7 +401,8 @@ ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t /* copy fresh data to our buffer. */ if (ret > 0) { - _gnutls_read_log("RB: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", session->internals.record_recv_buffer.length, ret, sizeOfPtr); + _gnutls_read_log("RB: Have %d bytes into buffer. Adding %d bytes.\n", session->internals.record_recv_buffer.length, ret); + _gnutls_read_log("RB: Requested %d bytes\n", sizeOfPtr); session->internals.record_recv_buffer.length += ret; } @@ -937,7 +938,7 @@ int _gnutls_handshake_buffer_get_ptr( gnutls_session session, char **data_ptr, s if (length!=NULL) *length = session->internals.handshake_hash_buffer.length; - _gnutls_buffers_log( "BUF[HSK]: Peeded %d bytes of Data\n", length); + _gnutls_buffers_log( "BUF[HSK]: Peeked %d bytes of Data\n", *length); if (data_ptr!=NULL) *data_ptr = session->internals.handshake_hash_buffer.data; diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index fc75d27832..feffe96b6b 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -62,6 +62,7 @@ int _gnutls_set_keys(gnutls_session session, int hash_size, int IV_size, char rrandom[2 * TLS_RANDOM_SIZE]; int pos, ret; int block_size; + char buf[64]; if (session->cipher_specs.generated_keys != 0) { /* keys have already been generated. @@ -114,7 +115,7 @@ int _gnutls_set_keys(gnutls_session session, int hash_size, int IV_size, } _gnutls_hard_log("INT: KEY BLOCK[%d]: %s\n", block_size, - _gnutls_bin2hex(key_block, block_size)); + _gnutls_bin2hex(key_block, block_size, buf, sizeof(buf))); pos = 0; if (hash_size > 0) { @@ -240,7 +241,7 @@ int _gnutls_set_keys(gnutls_session session, int hash_size, int IV_size, _gnutls_hard_log("INT: CLIENT WRITE KEY [%d]: %s\n", client_write_key_size, _gnutls_bin2hex(client_write_key, - client_write_key_size)); + client_write_key_size, buf, sizeof(buf))); if (_gnutls_sset_datum (&session->cipher_specs.server_write_key, @@ -254,7 +255,7 @@ int _gnutls_set_keys(gnutls_session session, int hash_size, int IV_size, _gnutls_hard_log("INT: SERVER WRITE KEY [%d]: %s\n", server_write_key_size, _gnutls_bin2hex(server_write_key, - server_write_key_size)); + server_write_key_size, buf, sizeof(buf))); if (free_keys != 0) { gnutls_free(server_write_key); diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index f8635509d9..a966e33378 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -280,7 +280,7 @@ int gnutls_dh_params_import_pkcs3(gnutls_dh_params params, if (result != ASN1_SUCCESS) { /* couldn't decode DER */ - _gnutls_log("DHParams: Decoding error %d\n", result); + _gnutls_x509_log("DHParams: Decoding error %d\n", result); gnutls_assert(); asn1_delete_structure(&c2); return _gnutls_asn2err(result); diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index 68cb2c85cd..7f775e5758 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -26,7 +26,7 @@ # include <stdarg.h> #endif -extern void (*_gnutls_log_func)( const char*); +extern void (*_gnutls_log_func)( int, const char*); #define ERROR_ENTRY(desc, name, fatal) \ { desc, #name, name, fatal} @@ -251,18 +251,18 @@ int _gnutls_asn2err( int asn_err) { /* this function will output a message using the * caller provided function */ -void _gnutls_log( const char *fmt, ...) { +void _gnutls_log( int level, const char *fmt, ...) { va_list args; char str[MAX_LOG_SIZE]; - void (*log_func)(const char*) = _gnutls_log_func; + void (*log_func)(int, const char*) = _gnutls_log_func; if (_gnutls_log_func==NULL) return; va_start(args,fmt); - vsprintf( str,fmt,args); /* Flawfinder: ignore */ + vsnprintf( str, MAX_LOG_SIZE - 1, fmt, args); /* Flawfinder: ignore */ va_end(args); - log_func( str); + log_func( level, str); return; } diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h index 58fd9a0419..922447cfc1 100644 --- a/lib/gnutls_errors.h +++ b/lib/gnutls_errors.h @@ -18,19 +18,16 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ +#include <defines.h> #include "gnutls_errors_int.h" -#ifdef DEBUG -# ifdef __FILE__ -# ifdef __LINE__ -# define gnutls_assert() _gnutls_debug_log( "GNUTLS_ASSERT: %s:%d\n", __FILE__,__LINE__); -# else -# define gnutls_assert() -# endif -# else /* __FILE__ defined */ +#ifdef __FILE__ +# ifdef __LINE__ +# define gnutls_assert() _gnutls_debug_log( "ASSERT: %s:%d\n", __FILE__,__LINE__); +# else # define gnutls_assert() # endif -#else /* no debug */ +#else /* __FILE__ not defined */ # define gnutls_assert() #endif @@ -39,87 +36,38 @@ const char* gnutls_strerror(int error); void gnutls_perror(int error); int gnutls_error_is_fatal( int error); -void _gnutls_log( const char *fmt, ...); - -#ifdef DEBUG -# define _gnutls_debug_log _gnutls_log - -# ifdef HANDSHAKE_DEBUG -# define _gnutls_handshake_log _gnutls_log -# else -# define _gnutls_handshake_log( ...) -# endif - -# ifdef IO_DEBUG -# define _gnutls_io_log _gnutls_log -# else -# define _gnutls_io_log( ...) -# endif +void _gnutls_log( int, const char *fmt, ...); -# ifdef BUFFERS_DEBUG -# define _gnutls_buffers_log _gnutls_log -# else -# define _gnutls_buffers_log( ...) -# endif +extern int _gnutls_log_level; -# ifdef HARD_DEBUG -# define _gnutls_hard_log _gnutls_log -# else -# define _gnutls_hard_log( ...) -# endif +#ifdef C99_MACROS +#define LEVEL(l, ...) if (_gnutls_log_level >= l || _gnutls_log_level > 9) \ + _gnutls_log( l, __VA_ARGS__) -# ifdef RECORD_DEBUG -# define _gnutls_record_log _gnutls_log -# else -# define _gnutls_record_log( ...) -# endif - -# ifdef READ_DEBUG -# define _gnutls_read_log _gnutls_log -# else -# define _gnutls_read_log( ...) -# endif - -# ifdef WRITE_DEBUG -# define _gnutls_write_log _gnutls_log -# else -# define _gnutls_write_log( ...) -# endif - -# ifdef X509_DEBUG -# define _gnutls_x509_log _gnutls_log -# else -# define _gnutls_x509_log( ...) -# endif +#define LEVEL_EQ(l, ...) if (_gnutls_log_level == l || _gnutls_log_level > 9) \ + _gnutls_log( l, __VA_ARGS__) +# define _gnutls_debug_log(...) LEVEL(2, __VA_ARGS__) +# define _gnutls_handshake_log(...) LEVEL(3, __VA_ARGS__) +# define _gnutls_io_log(...) LEVEL_EQ(5, __VA_ARGS__) +# define _gnutls_buffers_log(...) LEVEL_EQ(6, __VA_ARGS__) +# define _gnutls_hard_log(...) LEVEL(9, __VA_ARGS__) +# define _gnutls_record_log(...) LEVEL(4, __VA_ARGS__) +# define _gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__) +# define _gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__) +# define _gnutls_x509_log(...) LEVEL(1, __VA_ARGS__) #else - -/* FIXME: These macros only work with C99 compliant compilers - */ -# ifdef C99_MACROS -# define _gnutls_debug_log(...) -# define _gnutls_handshake_log( ...) -# define _gnutls_io_log( ...) -# define _gnutls_buffers_log( ...) -# define _gnutls_hard_log( ...) -# define _gnutls_record_log( ...) -# define _gnutls_read_log( ...) -# define _gnutls_write_log( ...) -# define _gnutls_x509_log( ...) -# else -# define _gnutls_debug_log _gnutls_null_log -# define _gnutls_handshake_log _gnutls_null_log -# define _gnutls_io_log _gnutls_null_log -# define _gnutls_buffers_log _gnutls_null_log -# define _gnutls_hard_log _gnutls_null_log -# define _gnutls_record_log _gnutls_null_log -# define _gnutls_read_log _gnutls_null_log -# define _gnutls_write_log _gnutls_null_log -# define _gnutls_x509_log _gnutls_null_log +# define _gnutls_debug_log _gnutls_null_log +# define _gnutls_handshake_log _gnutls_null_log +# define _gnutls_io_log _gnutls_null_log +# define _gnutls_buffers_log _gnutls_null_log +# define _gnutls_hard_log _gnutls_null_log +# define _gnutls_record_log _gnutls_null_log +# define _gnutls_read_log _gnutls_null_log +# define _gnutls_write_log _gnutls_null_log +# define _gnutls_x509_log _gnutls_null_log void _gnutls_null_log( void*, ...); -# endif /* C99_MACROS */ - -#endif /* DEBUG */ +#endif /* C99_MACROS */ diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index cd24fad671..d0177f5709 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -111,7 +111,7 @@ int i; if (session->security_parameters.entity==GNUTLS_CLIENT) for (i=0;i<session->internals.extensions_sent_size;i++) { - _gnutls_log("extensions: expecting extension %d\n", session->internals.extensions_sent[i]); + _gnutls_debug_log("extensions: expecting extension %d\n", session->internals.extensions_sent[i]); } #endif @@ -163,9 +163,7 @@ static void _gnutls_extension_list_add( gnutls_session session, uint16 type) { session->internals.extensions_sent[session->internals.extensions_sent_size] = type; session->internals.extensions_sent_size++; } else { -#ifdef DEBUG - _gnutls_log("extensions: Increase MAX_EXT_TYPES\n"); -#endif + _gnutls_debug_log("extensions: Increase MAX_EXT_TYPES\n"); } } diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c index 0b7bd55c81..237d1b0df5 100644 --- a/lib/gnutls_global.c +++ b/lib/gnutls_global.c @@ -24,14 +24,15 @@ #include <libtasn1.h> #include <gnutls_dh.h> -typedef void (*LOG_FUNC)( const char*); -#define GNUTLS_LOG_FUNC LOG_FUNC +typedef void (*LOG_FUNC)( int, const char*); +#define gnutls_log_func LOG_FUNC /* created by asn1c */ extern const ASN1_ARRAY_TYPE gnutls_asn1_tab[]; extern const ASN1_ARRAY_TYPE pkix_asn1_tab[]; LOG_FUNC _gnutls_log_func; +int _gnutls_log_level = 2; /* default log level */ static ASN1_TYPE PKIX1_ASN; static ASN1_TYPE GNUTLS_ASN; @@ -49,21 +50,40 @@ ASN1_TYPE _gnutls_get_gnutls_asn(void) { * gnutls_global_set_log_function - This function sets the logging function * @log_func: it's a log function * - * This is the function were you set the logging function gnutls + * This is the function where you set the logging function gnutls * is going to use. This function only accepts a character array. - * Normaly you may not use this function since - * it is only used for debugging reasons. - * LOG_FUNC is of the form, - * void (*LOG_FUNC)( const char*); + * Normaly you may not use this function since it is only used + * for debugging purposes. + * + * gnutls_log_func is of the form, + * void (*gnutls_log_func)( int level, const char*); **/ -void gnutls_global_set_log_function( GNUTLS_LOG_FUNC log_func) { +void gnutls_global_set_log_function( gnutls_log_func log_func) +{ _gnutls_log_func = log_func; } +/** + * gnutls_global_set_log_level - This function sets the logging level + * @level: it's an integer from 0 to 9. + * + * This is the function that allows you to set the log level. + * The level is an integer between 0 and 9. Higher values mean + * more verbosity. The default value is 2. Larger values should + * only be used with care, since they may reveal sensitive information. + * + * Use the log level '0' to disable logging. + * + **/ +void gnutls_global_set_log_level( int level) +{ + _gnutls_log_level = level; +} + #ifdef DEBUG /* default logging function */ -static void dlog( const char* str) { +static void dlog( int level, const char* str) { fputs( str, stderr); } #endif diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 4eff808aa9..244fc1ca2f 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1181,10 +1181,11 @@ static int _gnutls_client_check_if_resuming(gnutls_session session, opaque * session_id, int session_id_len) { +char buf[64]; _gnutls_handshake_log("HSK: SessionID length: %d\n", session_id_len); _gnutls_handshake_log("HSK: SessionID: %s\n", - _gnutls_bin2hex(session_id, session_id_len)); + _gnutls_bin2hex(session_id, session_id_len, buf, sizeof(buf))); if ((session->internals.resumed_security_parameters. session_id_size > 0) @@ -1605,6 +1606,7 @@ static int _gnutls_send_server_hello(gnutls_session session, int again) uint8 comp; opaque *SessionID = session->security_parameters.session_id; uint8 session_id_len = session->security_parameters.session_id_size; + char buf[64]; if (SessionID == NULL) session_id_len = 0; @@ -1647,7 +1649,7 @@ static int _gnutls_send_server_hello(gnutls_session session, int again) pos += session_id_len; _gnutls_handshake_log("HSK: SessionID: %s\n", - _gnutls_bin2hex(SessionID, session_id_len)); + _gnutls_bin2hex(SessionID, session_id_len, buf, sizeof(buf))); memcpy(&data[pos], session->security_parameters. @@ -1902,6 +1904,8 @@ int _gnutls_handshake_client(gnutls_session session) int ret = 0; #ifdef HANDSHAKE_DEBUG + char buf[64]; + if (session->internals.resumed_security_parameters. session_id_size > 0) _gnutls_handshake_log("HSK: Ask to resume: %s\n", @@ -1910,7 +1914,7 @@ int _gnutls_handshake_client(gnutls_session session) session_id, session->internals. resumed_security_parameters. - session_id_size)); + session_id_size, buf, sizeof(buf))); #endif switch (STATE) { @@ -2246,7 +2250,9 @@ int _gnutls_handshake_common(gnutls_session session) int _gnutls_generate_session_id(char *session_id, uint8 * len) { + char buf[64]; opaque rand[TLS_RANDOM_SIZE]; + if (_gnutls_get_random(rand, TLS_RANDOM_SIZE, GNUTLS_WEAK_RANDOM) < 0) { gnutls_assert(); @@ -2256,7 +2262,7 @@ int _gnutls_generate_session_id(char *session_id, uint8 * len) *len = TLS_RANDOM_SIZE; _gnutls_handshake_log("HSK: Generated SessionID: %s\n", - _gnutls_bin2hex(session_id, TLS_RANDOM_SIZE)); + _gnutls_bin2hex(session_id, TLS_RANDOM_SIZE, buf, sizeof(buf))); return 0; } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 1e3ad64860..95ceadeac7 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -26,14 +26,14 @@ #include <defines.h> /* + * They are not needed any more. You can simply enable + * the gnutls_log callback to get error descriptions. + #define IO_DEBUG 3 // define this to check non blocking behaviour #define BUFFERS_DEBUG -#define HARD_DEBUG #define WRITE_DEBUG #define READ_DEBUG #define HANDSHAKE_DEBUG // Prints some information on handshake -#define X509_DEBUG -#define RECORD_DEBUG #define COMPRESSION_DEBUG #define DEBUG */ diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index 395b5019c6..18f06f8129 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -54,13 +54,14 @@ int _gnutls_generate_master( gnutls_session session) { static int generate_normal_master( gnutls_session session) { int ret = 0; char random[2*TLS_RANDOM_SIZE]; +char buf[64]; memcpy(random, session->security_parameters.client_random, TLS_RANDOM_SIZE); memcpy(&random[TLS_RANDOM_SIZE], session->security_parameters.server_random, TLS_RANDOM_SIZE); - _gnutls_hard_log( "INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, _gnutls_bin2hex(PREMASTER.data, PREMASTER.size)); - _gnutls_hard_log( "INT: CLIENT RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(session->security_parameters.client_random,32)); - _gnutls_hard_log( "INT: SERVER RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(session->security_parameters.server_random,32)); + _gnutls_hard_log( "INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, _gnutls_bin2hex(PREMASTER.data, PREMASTER.size, buf, sizeof(buf))); + _gnutls_hard_log( "INT: CLIENT RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(session->security_parameters.client_random,32, buf, sizeof(buf))); + _gnutls_hard_log( "INT: SERVER RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(session->security_parameters.server_random,32, buf, sizeof(buf))); if ( gnutls_protocol_get_version( session) == GNUTLS_SSL3) { ret = @@ -78,8 +79,8 @@ char random[2*TLS_RANDOM_SIZE]; _gnutls_free_datum(&PREMASTER); if (ret<0) return ret; - - _gnutls_hard_log( "INT: MASTER SECRET: %s\n", _gnutls_bin2hex(session->security_parameters.master_secret, TLS_MASTER_SIZE)); + + _gnutls_hard_log( "INT: MASTER SECRET: %s\n", _gnutls_bin2hex(session->security_parameters.master_secret, TLS_MASTER_SIZE, buf, sizeof(buf))); return ret; } diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 48205210ea..ac8eab67dc 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -642,7 +642,9 @@ int _gnutls_pk_sign(int algo, GNUTLS_MPI* data, GNUTLS_MPI hash, GNUTLS_MPI * pk "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", pkey[0], pkey[1], pkey[2], pkey[3], pkey[4]); - else gnutls_assert(); + else { + gnutls_assert(); + } break; case GCRY_PK_RSA: @@ -650,8 +652,9 @@ int _gnutls_pk_sign(int algo, GNUTLS_MPI* data, GNUTLS_MPI hash, GNUTLS_MPI * pk rc = gcry_sexp_build(&s_key, NULL, "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", pkey[0], pkey[1], pkey[2], pkey[3], pkey[4], pkey[5]); - else gnutls_assert(); - + else { + gnutls_assert(); + } break; default: diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 07f4b80825..f13ca6372a 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -79,8 +79,9 @@ GNUTLS_MAC_HANDLE td_sha; return GNUTLS_E_INTERNAL_ERROR; } ret = _gnutls_tls_sign( cert, pkey, &dconcat, signature); - if (ret < 0) + if (ret < 0) { gnutls_assert(); + } return ret; @@ -137,8 +138,9 @@ opaque concat[36]; return GNUTLS_E_INTERNAL_ERROR; } ret = _gnutls_tls_sign( cert, pkey, &dconcat, signature); - if (ret < 0) + if (ret < 0) { gnutls_assert(); + } return ret; diff --git a/lib/rsa_compat.c b/lib/rsa_compat.c index 43922e1a50..5539d5e6c8 100644 --- a/lib/rsa_compat.c +++ b/lib/rsa_compat.c @@ -279,7 +279,7 @@ int gnutls_rsa_params_generate(gnutls_datum * m, gnutls_datum *e, { opaque buffer[512]; - _gnutls_log("rsa_params_generate: Generated %d bits modulus %s, exponent %s.\n", + _gnutls_debug_log("rsa_params_generate: Generated %d bits modulus %s, exponent %s.\n", bits, _gnutls_bin2hex(m->data, m->size, buffer, sizeof(buffer)), _gnutls_bin2hex( e->data, e->size, buffer, sizeof(buffer))); } diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 5803e582fa..e471dea70b 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -242,7 +242,7 @@ int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, &sizeof_string)) < 0) { gnutls_assert(); - _gnutls_log("Found OID: '%s' with value '%s'\n", + _gnutls_x509_log("Found OID: '%s' with value '%s'\n", oid, _gnutls_bin2hex(value, len, escaped, sizeof(escaped)) ); goto cleanup; } diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 00f4f2757b..39daebe038 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -582,7 +582,7 @@ int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt cert, if (result != ASN1_SUCCESS) { /* couldn't decode DER */ - _gnutls_log("X509 certificate: Decoding error %d\n", result); + _gnutls_x509_log("X509 certificate: Decoding error %d\n", result); gnutls_assert(); asn1_delete_structure(&c2); return _gnutls_asn2err(result); diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c index 3e4d84c9f8..8e4208e854 100644 --- a/libextra/auth_srp.c +++ b/libextra/auth_srp.c @@ -78,6 +78,7 @@ int _gnutls_gen_srp_server_kx(gnutls_session state, opaque ** data) SRP_SERVER_AUTH_INFO info; ssize_t data_size; size_t n_b, tmp_size; + char buf[64]; uint8 *data_b; if (state->security_parameters.extensions.srp_username[0] == 0) { @@ -175,7 +176,7 @@ int _gnutls_gen_srp_server_kx(gnutls_session state, opaque ** data) return GNUTLS_E_MPI_PRINT_FAILED; _gnutls_write_uint16( n_b, data_b); - _gnutls_hard_log( "INT: SRP B[%d]: %s\n", n_b, _gnutls_bin2hex(&data_b[2], n_b)); + _gnutls_hard_log( "INT: SRP B[%d]: %s\n", n_b, _gnutls_bin2hex(&data_b[2], n_b, buf, sizeof(buf))); _gnutls_srp_entry_free( pwd_entry); @@ -189,6 +190,7 @@ int _gnutls_gen_srp_client_kx(gnutls_session state, opaque ** data) int ret; uint8 *data_a; char *username; + char buf[64]; char *password; const gnutls_srp_client_credentials cred = _gnutls_get_cred(state->key, GNUTLS_CRD_SRP, NULL); @@ -229,9 +231,7 @@ int _gnutls_gen_srp_client_kx(gnutls_session state, opaque ** data) return GNUTLS_E_MEMORY_ERROR; } -#ifdef HARD_DEBUG _gnutls_dump_mpi( "SRP U: ", state->key->u); -#endif /* S = (B - g^x) ^ (a + u * x) % N */ S = _gnutls_calc_srp_S2( B, G, state->key->x, _a, state->key->u, N); @@ -240,9 +240,7 @@ int _gnutls_gen_srp_client_kx(gnutls_session state, opaque ** data) return GNUTLS_E_MEMORY_ERROR; } -#ifdef HARD_DEBUG _gnutls_dump_mpi( "SRP B: ", B); -#endif _gnutls_mpi_release(&_b); _gnutls_mpi_release(&V); @@ -272,7 +270,7 @@ int _gnutls_gen_srp_client_kx(gnutls_session state, opaque ** data) gnutls_free( *data); return GNUTLS_E_MPI_PRINT_FAILED; } - _gnutls_hard_log( "INT: SRP A[%d]: %s\n", n_a, _gnutls_bin2hex(&data_a[2], n_a)); + _gnutls_hard_log( "INT: SRP A[%d]: %s\n", n_a, _gnutls_bin2hex(&data_a[2], n_a, buf, sizeof(buf))); _gnutls_mpi_release(&A); @@ -298,12 +296,8 @@ int _gnutls_proc_srp_client_kx(gnutls_session state, opaque * data, size_t _data return GNUTLS_E_MPI_SCAN_FAILED; } -#ifdef HARD_DEBUG _gnutls_dump_mpi( "SRP A: ", A); -#endif -#ifdef HARD_DEBUG _gnutls_dump_mpi( "SRP B: ", B); -#endif /* Start the SRP calculations. * - Calculate u @@ -314,9 +308,7 @@ int _gnutls_proc_srp_client_kx(gnutls_session state, opaque * data, size_t _data return GNUTLS_E_MEMORY_ERROR; } -#ifdef HARD_DEBUG _gnutls_dump_mpi( "SRP U: ", state->key->u); -#endif /* S = (A * v^u) ^ b % N */ @@ -326,9 +318,7 @@ int _gnutls_proc_srp_client_kx(gnutls_session state, opaque * data, size_t _data return GNUTLS_E_MEMORY_ERROR; } -#ifdef HARD_DEBUG _gnutls_dump_mpi( "SRP S: ", S); -#endif _gnutls_mpi_release(&A); _gnutls_mpi_release(&_b); diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c index bd7341bd51..3ee8b9b897 100644 --- a/libextra/gnutls_openpgp.c +++ b/libextra/gnutls_openpgp.c @@ -1184,8 +1184,9 @@ leave: kbx_blob_release( blob ); cdk_free( hd ); cdk_kbnode_release( knode ); - if( rc ) + if( rc ) { gnutls_assert(); + } return rc; } @@ -562,9 +562,9 @@ int do_handshake(socket_st* socket) } -static void tls_log_func( const char* str) +static void tls_log_func( int level, const char* str) { - fprintf(stderr, "|** %s", str); + fprintf(stderr, "|<%d>| %s", level, str); } void init_global_tls_stuff() |