sign_algo = _gnutls_tls_aid_to_sign (&aid);
if (sign_algo == GNUTLS_SIGN_UNKNOWN)
{
- _gnutls_x509_log("unknown signature %d.%d\n", aid.sign_algorithm, aid.hash_algorithm);
+ _gnutls_debug_log("unknown signature %d.%d\n", aid.sign_algorithm, aid.hash_algorithm);
gnutls_assert ();
return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
}
* attack against pkcs-1 formating).
*/
gnutls_assert ();
- _gnutls_x509_log ("auth_rsa: Possible PKCS #1 format attack\n");
+ _gnutls_audit_log ("auth_rsa: Possible PKCS #1 format attack\n");
randomize_key = 1;
}
else
* Ondej Pokorny and Tomas Rosa.
*/
gnutls_assert ();
- _gnutls_x509_log
+ _gnutls_audit_log
("auth_rsa: Possible PKCS #1 version check format attack\n");
}
}
* attack against pkcs-1 formating).
*/
gnutls_assert ();
- _gnutls_x509_log ("auth_rsa: Possible PKCS #1 format attack\n");
+ _gnutls_audit_log ("auth_rsa: Possible PKCS #1 format attack\n");
randomize_key = 1;
}
else
* Ondej Pokorny and Tomas Rosa.
*/
gnutls_assert ();
- _gnutls_x509_log
+ _gnutls_audit_log
("auth_rsa: Possible PKCS #1 version check format attack\n");
}
}
*/
if ((ret = check_g_n (data_g, _n_g, data_n, _n_n)) < 0)
{
- _gnutls_x509_log ("Checking the SRP group parameters.\n");
+ _gnutls_audit_log ("SRP group parameters are not in the white list. Checking validity.\n");
if ((ret = group_check_g_n (session, G, N)) < 0)
{
gnutls_assert ();
if (ret == 0)
{
- _gnutls_x509_log ("Unknown SIGN OID: '%s'\n", oid);
+ _gnutls_debug_log ("Unknown SIGN OID: '%s'\n", oid);
return GNUTLS_SIGN_UNKNOWN;
}
return ret;
{
/* couldn't decode DER */
- _gnutls_x509_log ("DHParams: Decoding error %d\n", result);
+ _gnutls_debug_log ("DHParams: Decoding error %d\n", result);
gnutls_assert ();
asn1_delete_structure (&c2);
return _gnutls_asn2err (result);
;
#endif
- void _gnutls_mpi_log (const char *prefix, bigint_t a);
+void _gnutls_mpi_log (const char *prefix, bigint_t a);
#ifdef C99_MACROS
#define LEVEL(l, ...) do { if (_gnutls_log_level >= l || _gnutls_log_level > 9) \
#define _gnutls_dtls_log(...) LEVEL(6, __VA_ARGS__)
#define _gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__)
#define _gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__)
-#define _gnutls_x509_log(...) LEVEL(1, __VA_ARGS__)
+#define _gnutls_audit_log(...) LEVEL(1, __VA_ARGS__)
#else
#define _gnutls_debug_log _gnutls_null_log
#define _gnutls_handshake_log _gnutls_null_log
#define _gnutls_dtls_log _gnutls_null_log
#define _gnutls_read_log _gnutls_null_log
#define _gnutls_write_log _gnutls_null_log
-#define _gnutls_x509_log _gnutls_null_log
+#define _gnutls_audit_log _gnutls_null_log
- void _gnutls_null_log (void *, ...);
+void _gnutls_null_log (void *, ...);
#endif /* C99_MACROS */
otherwise. Making this a macro has been tried, but it interacts
badly with the do..while in the expansion. Welcome to the dark
side. */
- static inline
+static inline
#ifdef __GNUC__
__attribute__ ((always_inline))
#endif
- int gnutls_assert_val_int (int val, const char *file, int line)
+int gnutls_assert_val_int (int val, const char *file, int line)
{
_gnutls_debug_log ("ASSERT: %s:%d\n", file, line);
return val;
if (ret < 0)
{
gnutls_assert ();
- _gnutls_x509_log ("Could not find an appropriate certificate: %s\n",
+ _gnutls_debug_log ("Could not find an appropriate certificate: %s\n",
gnutls_strerror (ret));
cert_cred = NULL;
}
if (ret < 0)
{
gnutls_assert ();
- _gnutls_x509_log
+ _gnutls_debug_log
("Server did not allow either '%s' or '%s' for signing\n",
gnutls_mac_get_name (hash_algo),
gnutls_mac_get_name (session->internals.handshake_mac_handle.
}
}
- _gnutls_x509_log ("sign handshake cert vrfy: picked %s with %s\n",
+ _gnutls_debug_log ("sign handshake cert vrfy: picked %s with %s\n",
gnutls_sign_algorithm_get_name (sign_algo),
gnutls_mac_get_name (hash_algo));
if (algo == NULL)
{
gnutls_assert ();
- _gnutls_x509_log ("Hash algorithm: %d\n", hash);
+ _gnutls_debug_log ("Hash algorithm: %d has no OID\n", hash);
return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
}
#include "types.h"
#define _cdk_log_debug _gnutls_hard_log
-#define _cdk_log_info _gnutls_x509_log
+#define _cdk_log_info _gnutls_debug_log
#define _cdk_get_log_level() _gnutls_log_level
#define cdk_malloc gnutls_malloc
ret = gnutls_openpgp_crt_get_subkey_idx (key, keyid);
if (ret < 0)
{
- _gnutls_x509_log ("the requested subkey does not exist\n");
+ _gnutls_debug_log ("the requested subkey does not exist\n");
gnutls_assert ();
return ret;
}
}
else if (rc != CDK_Success)
{
- _gnutls_x509_log ("cdk_pk_check_sigs: error %d\n", rc);
+ _gnutls_debug_log ("cdk_pk_check_sigs: error %d\n", rc);
rc = _gnutls_map_cdk_rc (rc);
gnutls_assert ();
return rc;
}
- _gnutls_x509_log ("status: %x\n", status);
+ _gnutls_debug_log ("status: %x\n", status);
if (status & CDK_KEY_INVALID)
*verify |= GNUTLS_CERT_INVALID;
algo = GNUTLS_PK_DSA;
else
{
- _gnutls_x509_log ("Unknown OpenPGP algorithm %d\n", cdk_algo);
+ _gnutls_debug_log ("Unknown OpenPGP algorithm %d\n", cdk_algo);
algo = GNUTLS_PK_UNKNOWN;
}
ret = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
if (ret < 0)
{
- _gnutls_x509_log ("the requested subkey does not exist\n");
+ _gnutls_debug_log ("the requested subkey does not exist\n");
gnutls_assert ();
return ret;
}
asn1_err)) != ASN1_SUCCESS)
{
gnutls_assert ();
- _gnutls_x509_log ("asn1_der_decoding: %s:%s\n", str, asn1_err);
+ _gnutls_debug_log ("asn1_der_decoding: %s:%s\n", str, asn1_err);
asn1_delete_structure (&tmpasn);
return _gnutls_asn2err (result);
}
algo = _gnutls_x509_oid2pk_algorithm (oid);
if (algo == GNUTLS_PK_UNKNOWN)
{
- _gnutls_x509_log
+ _gnutls_debug_log
("%s: unknown public key algorithm: %s\n", __func__, oid);
}
if (result < 0)
{
gnutls_assert ();
- _gnutls_x509_log
+ _gnutls_debug_log
("Found OID: '%s' with value '%s'\n",
oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped,
NULL));
if (val_name == NULL)
{
gnutls_assert ();
- _gnutls_x509_log ("Cannot find OID: %s\n", given_oid);
+ _gnutls_debug_log ("Cannot find OID: %s\n", given_oid);
return GNUTLS_E_X509_UNSUPPORTED_OID;
}
if (result != ASN1_SUCCESS)
{
/* couldn't decode DER */
- _gnutls_x509_log ("ASN.1 Decoding error: %s\n", err);
+ _gnutls_debug_log ("ASN.1 Decoding error: %s\n", err);
gnutls_assert ();
return _gnutls_asn2err (result);
}
if (strcmp (oid, DATA_OID) != 0)
{
gnutls_assert ();
- _gnutls_x509_log ("Unknown PKCS12 Content OID '%s'\n", oid);
+ _gnutls_debug_log ("Unknown PKCS12 Content OID '%s'\n", oid);
return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
}
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
- _gnutls_x509_log ("DER error: %s\n", error_str);
+ _gnutls_debug_log ("DER error: %s\n", error_str);
result = _gnutls_asn2err (result);
goto cleanup;
}
if (result != ASN1_SUCCESS)
{
result = _gnutls_asn2err (result);
- _gnutls_x509_log ("DER error: %s\n", error_str);
+ _gnutls_debug_log ("DER error: %s\n", error_str);
gnutls_assert ();
goto cleanup;
}
{
_gnutls_free_datum (&attr_val);
gnutls_assert ();
- _gnutls_x509_log
+ _gnutls_debug_log
("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
continue;
}
{
_gnutls_free_datum (&attr_val);
gnutls_assert ();
- _gnutls_x509_log
+ _gnutls_debug_log
("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
continue;
}
else
{
_gnutls_free_datum (&attr_val);
- _gnutls_x509_log
+ _gnutls_debug_log
("Unknown PKCS12 Bag Attribute OID '%s'\n", oid);
}
}
if (strcmp (oid, SIGNED_DATA_OID) != 0)
{
gnutls_assert ();
- _gnutls_x509_log ("Unknown PKCS7 Content OID '%s'\n", oid);
+ _gnutls_debug_log ("Unknown PKCS7 Content OID '%s'\n", oid);
return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
}
if (strcmp (oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0)
return PKCS12_RC2_40_SHA1;
- _gnutls_x509_log ("PKCS encryption schema OID '%s' is unsupported.\n", oid);
+ _gnutls_debug_log ("PKCS encryption schema OID '%s' is unsupported.\n", oid);
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
else
{
gnutls_assert ();
- _gnutls_x509_log
+ _gnutls_debug_log
("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
flags);
schema = PKCS12_3DES_SHA1;
else
{
gnutls_assert ();
- _gnutls_x509_log
+ _gnutls_debug_log
("PKCS #8 private key OID '%s' is unsupported.\n", oid);
result = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
goto error;
if (strcmp (oid, PBKDF2_OID) != 0)
{
gnutls_assert ();
- _gnutls_x509_log
+ _gnutls_debug_log
("PKCS #8 key derivation OID '%s' is unsupported.\n", oid);
return _gnutls_asn2err (result);
}
return 0;
}
- _gnutls_x509_log ("PKCS #8 encryption OID '%s' is unsupported.\n", oid);
+ _gnutls_debug_log ("PKCS #8 encryption OID '%s' is unsupported.\n", oid);
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
if (*hash == GNUTLS_MAC_UNKNOWN)
{
- _gnutls_x509_log ("verify.c: HASH OID: %s\n", str);
+ _gnutls_debug_log ("verify.c: HASH OID: %s\n", str);
gnutls_assert ();
asn1_delete_structure (&dinfo);
if (cert->use_extensions == 0)
{
- _gnutls_x509_log ("Disabling X.509 extensions.\n");
+ _gnutls_debug_log ("Disabling X.509 extensions.\n");
asn1_write_value (cert->cert, "tbsCertificate.extensions", NULL, 0);
}
if (kdata == NULL)
{
gnutls_assert ();
- _gnutls_x509_log ("Could not find '%s'\n", ENDSTR);
+ _gnutls_debug_log ("Could not find '%s'\n", ENDSTR);
return GNUTLS_E_BASE64_DECODING_ERROR;
}
data_size -= strlen (ENDSTR);