From: Nikos Mavrogiannopoulos Date: Sun, 20 Feb 2011 11:23:16 +0000 (+0100) Subject: gnutls_x509_log replaced with gnutls_audit_log. X-Git-Tag: gnutls_2_99_0~212 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c3508e2eef3379fcb0259faf05946157004082c4;p=thirdparty%2Fgnutls.git gnutls_x509_log replaced with gnutls_audit_log. --- diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c index fafef62ffc..0180fee6fe 100644 --- a/lib/auth_dhe.c +++ b/lib/auth_dhe.c @@ -253,7 +253,7 @@ proc_dhe_server_kx (gnutls_session_t session, opaque * data, sign_algo = _gnutls_tls_aid_to_sign (&aid); if (sign_algo == GNUTLS_SIGN_UNKNOWN) { - _gnutls_x509_log("unknown signature %d.%d\n", aid.sign_algorithm, aid.hash_algorithm); + _gnutls_debug_log("unknown signature %d.%d\n", aid.sign_algorithm, aid.hash_algorithm); gnutls_assert (); return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; } diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 0ac5bae50f..a98b8ab1fe 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -188,7 +188,7 @@ proc_rsa_client_kx (gnutls_session_t session, opaque * data, * attack against pkcs-1 formating). */ gnutls_assert (); - _gnutls_x509_log ("auth_rsa: Possible PKCS #1 format attack\n"); + _gnutls_audit_log ("auth_rsa: Possible PKCS #1 format attack\n"); randomize_key = 1; } else @@ -206,7 +206,7 @@ proc_rsa_client_kx (gnutls_session_t session, opaque * data, * Ondej Pokorny and Tomas Rosa. */ gnutls_assert (); - _gnutls_x509_log + _gnutls_audit_log ("auth_rsa: Possible PKCS #1 version check format attack\n"); } } diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index 26a0449630..1d109d31af 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -174,7 +174,7 @@ proc_rsa_export_client_kx (gnutls_session_t session, opaque * data, * attack against pkcs-1 formating). */ gnutls_assert (); - _gnutls_x509_log ("auth_rsa: Possible PKCS #1 format attack\n"); + _gnutls_audit_log ("auth_rsa: Possible PKCS #1 format attack\n"); randomize_key = 1; } else @@ -192,7 +192,7 @@ proc_rsa_export_client_kx (gnutls_session_t session, opaque * data, * Ondej Pokorny and Tomas Rosa. */ gnutls_assert (); - _gnutls_x509_log + _gnutls_audit_log ("auth_rsa: Possible PKCS #1 version check format attack\n"); } } diff --git a/lib/auth_srp.c b/lib/auth_srp.c index 5a46a7b904..f5da4dea72 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -814,7 +814,7 @@ _gnutls_proc_srp_server_kx (gnutls_session_t session, opaque * data, */ if ((ret = check_g_n (data_g, _n_g, data_n, _n_n)) < 0) { - _gnutls_x509_log ("Checking the SRP group parameters.\n"); + _gnutls_audit_log ("SRP group parameters are not in the white list. Checking validity.\n"); if ((ret = group_check_g_n (session, G, N)) < 0) { gnutls_assert (); diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 84fb1184d5..f636f6ab01 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -2114,7 +2114,7 @@ _gnutls_x509_oid2sign_algorithm (const char *oid) if (ret == 0) { - _gnutls_x509_log ("Unknown SIGN OID: '%s'\n", oid); + _gnutls_debug_log ("Unknown SIGN OID: '%s'\n", oid); return GNUTLS_SIGN_UNKNOWN; } return ret; diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index c85d9db89b..091388ee2a 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -280,7 +280,7 @@ gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params, { /* couldn't decode DER */ - _gnutls_x509_log ("DHParams: Decoding error %d\n", result); + _gnutls_debug_log ("DHParams: Decoding error %d\n", result); gnutls_assert (); asn1_delete_structure (&c2); return _gnutls_asn2err (result); diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h index 1af2517048..2138555f75 100644 --- a/lib/gnutls_errors.h +++ b/lib/gnutls_errors.h @@ -50,7 +50,7 @@ _gnutls_log (int, const char *fmt, ...) ; #endif - void _gnutls_mpi_log (const char *prefix, bigint_t a); +void _gnutls_mpi_log (const char *prefix, bigint_t a); #ifdef C99_MACROS #define LEVEL(l, ...) do { if (_gnutls_log_level >= l || _gnutls_log_level > 9) \ @@ -68,7 +68,7 @@ _gnutls_log (int, const char *fmt, ...) #define _gnutls_dtls_log(...) LEVEL(6, __VA_ARGS__) #define _gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__) #define _gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__) -#define _gnutls_x509_log(...) LEVEL(1, __VA_ARGS__) +#define _gnutls_audit_log(...) LEVEL(1, __VA_ARGS__) #else #define _gnutls_debug_log _gnutls_null_log #define _gnutls_handshake_log _gnutls_null_log @@ -79,9 +79,9 @@ _gnutls_log (int, const char *fmt, ...) #define _gnutls_dtls_log _gnutls_null_log #define _gnutls_read_log _gnutls_null_log #define _gnutls_write_log _gnutls_null_log -#define _gnutls_x509_log _gnutls_null_log +#define _gnutls_audit_log _gnutls_null_log - void _gnutls_null_log (void *, ...); +void _gnutls_null_log (void *, ...); #endif /* C99_MACROS */ @@ -89,11 +89,11 @@ _gnutls_log (int, const char *fmt, ...) otherwise. Making this a macro has been tried, but it interacts badly with the do..while in the expansion. Welcome to the dark side. */ - static inline +static inline #ifdef __GNUC__ __attribute__ ((always_inline)) #endif - int gnutls_assert_val_int (int val, const char *file, int line) +int gnutls_assert_val_int (int val, const char *file, int line) { _gnutls_debug_log ("ASSERT: %s:%d\n", file, line); return val; diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 454232b26f..0547075ac5 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -3515,7 +3515,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, if (ret < 0) { gnutls_assert (); - _gnutls_x509_log ("Could not find an appropriate certificate: %s\n", + _gnutls_debug_log ("Could not find an appropriate certificate: %s\n", gnutls_strerror (ret)); cert_cred = NULL; } diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 7aa02a3cb5..fe42ebc313 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -643,7 +643,7 @@ _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, if (ret < 0) { gnutls_assert (); - _gnutls_x509_log + _gnutls_debug_log ("Server did not allow either '%s' or '%s' for signing\n", gnutls_mac_get_name (hash_algo), gnutls_mac_get_name (session->internals.handshake_mac_handle. @@ -652,7 +652,7 @@ _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, } } - _gnutls_x509_log ("sign handshake cert vrfy: picked %s with %s\n", + _gnutls_debug_log ("sign handshake cert vrfy: picked %s with %s\n", gnutls_sign_algorithm_get_name (sign_algo), gnutls_mac_get_name (hash_algo)); @@ -850,7 +850,7 @@ encode_ber_digest_info (gnutls_digest_algorithm_t hash, if (algo == NULL) { gnutls_assert (); - _gnutls_x509_log ("Hash algorithm: %d\n", hash); + _gnutls_debug_log ("Hash algorithm: %d has no OID\n", hash); return GNUTLS_E_UNKNOWN_PK_ALGORITHM; } diff --git a/lib/opencdk/main.h b/lib/opencdk/main.h index 271b9d7124..b11a3c4741 100644 --- a/lib/opencdk/main.h +++ b/lib/opencdk/main.h @@ -28,7 +28,7 @@ #include "types.h" #define _cdk_log_debug _gnutls_hard_log -#define _cdk_log_info _gnutls_x509_log +#define _cdk_log_info _gnutls_debug_log #define _cdk_get_log_level() _gnutls_log_level #define cdk_malloc gnutls_malloc diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index 01f7a709e1..ada1fe143f 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -1597,7 +1597,7 @@ gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key, ret = gnutls_openpgp_crt_get_subkey_idx (key, keyid); if (ret < 0) { - _gnutls_x509_log ("the requested subkey does not exist\n"); + _gnutls_debug_log ("the requested subkey does not exist\n"); gnutls_assert (); return ret; } diff --git a/lib/openpgp/pgpverify.c b/lib/openpgp/pgpverify.c index 3a5771b528..7e27b7c251 100644 --- a/lib/openpgp/pgpverify.c +++ b/lib/openpgp/pgpverify.c @@ -82,12 +82,12 @@ gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key, } else if (rc != CDK_Success) { - _gnutls_x509_log ("cdk_pk_check_sigs: error %d\n", rc); + _gnutls_debug_log ("cdk_pk_check_sigs: error %d\n", rc); rc = _gnutls_map_cdk_rc (rc); gnutls_assert (); return rc; } - _gnutls_x509_log ("status: %x\n", status); + _gnutls_debug_log ("status: %x\n", status); if (status & CDK_KEY_INVALID) *verify |= GNUTLS_CERT_INVALID; diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c index 2ebcb99dbb..6f2a396fd0 100644 --- a/lib/openpgp/privkey.c +++ b/lib/openpgp/privkey.c @@ -268,7 +268,7 @@ _gnutls_openpgp_get_algo (int cdk_algo) algo = GNUTLS_PK_DSA; else { - _gnutls_x509_log ("Unknown OpenPGP algorithm %d\n", cdk_algo); + _gnutls_debug_log ("Unknown OpenPGP algorithm %d\n", cdk_algo); algo = GNUTLS_PK_UNKNOWN; } @@ -1214,7 +1214,7 @@ gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key, ret = gnutls_openpgp_privkey_get_subkey_idx (key, keyid); if (ret < 0) { - _gnutls_x509_log ("the requested subkey does not exist\n"); + _gnutls_debug_log ("the requested subkey does not exist\n"); gnutls_assert (); return ret; } diff --git a/lib/x509/common.c b/lib/x509/common.c index 5119cbedac..21774dfaee 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -258,7 +258,7 @@ _gnutls_x509_oid_data2string (const char *oid, void *value, asn1_err)) != ASN1_SUCCESS) { gnutls_assert (); - _gnutls_x509_log ("asn1_der_decoding: %s:%s\n", str, asn1_err); + _gnutls_debug_log ("asn1_der_decoding: %s:%s\n", str, asn1_err); asn1_delete_structure (&tmpasn); return _gnutls_asn2err (result); } @@ -1333,7 +1333,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, algo = _gnutls_x509_oid2pk_algorithm (oid); if (algo == GNUTLS_PK_UNKNOWN) { - _gnutls_x509_log + _gnutls_debug_log ("%s: unknown public key algorithm: %s\n", __func__, oid); } diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 9757258fa6..c7b2020648 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -279,7 +279,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, if (result < 0) { gnutls_assert (); - _gnutls_x509_log + _gnutls_debug_log ("Found OID: '%s' with value '%s'\n", oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped, NULL)); @@ -660,7 +660,7 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid, if (val_name == NULL) { gnutls_assert (); - _gnutls_x509_log ("Cannot find OID: %s\n", given_oid); + _gnutls_debug_log ("Cannot find OID: %s\n", given_oid); return GNUTLS_E_X509_UNSUPPORTED_OID; } @@ -1001,7 +1001,7 @@ gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data) if (result != ASN1_SUCCESS) { /* couldn't decode DER */ - _gnutls_x509_log ("ASN.1 Decoding error: %s\n", err); + _gnutls_debug_log ("ASN.1 Decoding error: %s\n", err); gnutls_assert (); return _gnutls_asn2err (result); } diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 32a8f4697a..f278612414 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -65,7 +65,7 @@ _decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, if (strcmp (oid, DATA_OID) != 0) { gnutls_assert (); - _gnutls_x509_log ("Unknown PKCS12 Content OID '%s'\n", oid); + _gnutls_debug_log ("Unknown PKCS12 Content OID '%s'\n", oid); return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE; } @@ -96,7 +96,7 @@ _decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, if (result != ASN1_SUCCESS) { gnutls_assert (); - _gnutls_x509_log ("DER error: %s\n", error_str); + _gnutls_debug_log ("DER error: %s\n", error_str); result = _gnutls_asn2err (result); goto cleanup; } @@ -236,7 +236,7 @@ gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, if (result != ASN1_SUCCESS) { result = _gnutls_asn2err (result); - _gnutls_x509_log ("DER error: %s\n", error_str); + _gnutls_debug_log ("DER error: %s\n", error_str); gnutls_assert (); goto cleanup; } @@ -486,7 +486,7 @@ _pkcs12_decode_safe_contents (const gnutls_datum_t * content, { _gnutls_free_datum (&attr_val); gnutls_assert (); - _gnutls_x509_log + _gnutls_debug_log ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid); continue; } @@ -504,7 +504,7 @@ _pkcs12_decode_safe_contents (const gnutls_datum_t * content, { _gnutls_free_datum (&attr_val); gnutls_assert (); - _gnutls_x509_log + _gnutls_debug_log ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid); continue; } @@ -514,7 +514,7 @@ _pkcs12_decode_safe_contents (const gnutls_datum_t * content, else { _gnutls_free_datum (&attr_val); - _gnutls_x509_log + _gnutls_debug_log ("Unknown PKCS12 Bag Attribute OID '%s'\n", oid); } } diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 2e5b52a4bc..d8b85ee185 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -63,7 +63,7 @@ _decode_pkcs7_signed_data (ASN1_TYPE pkcs7, ASN1_TYPE * sdata, if (strcmp (oid, SIGNED_DATA_OID) != 0) { gnutls_assert (); - _gnutls_x509_log ("Unknown PKCS7 Content OID '%s'\n", oid); + _gnutls_debug_log ("Unknown PKCS7 Content OID '%s'\n", oid); return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE; } diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index a06520502f..09e858e43c 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -120,7 +120,7 @@ check_schema (const char *oid) if (strcmp (oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0) return PKCS12_RC2_40_SHA1; - _gnutls_x509_log ("PKCS encryption schema OID '%s' is unsupported.\n", oid); + _gnutls_debug_log ("PKCS encryption schema OID '%s' is unsupported.\n", oid); return GNUTLS_E_UNKNOWN_CIPHER_TYPE; } @@ -438,7 +438,7 @@ _gnutls_pkcs_flags_to_schema (unsigned int flags) else { gnutls_assert (); - _gnutls_x509_log + _gnutls_debug_log ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n", flags); schema = PKCS12_3DES_SHA1; @@ -1106,7 +1106,7 @@ decode_private_key_info (const gnutls_datum_t * der, else { gnutls_assert (); - _gnutls_x509_log + _gnutls_debug_log ("PKCS #8 private key OID '%s' is unsupported.\n", oid); result = GNUTLS_E_UNKNOWN_PK_ALGORITHM; goto error; @@ -1273,7 +1273,7 @@ read_pbkdf2_params (ASN1_TYPE pbes2_asn, if (strcmp (oid, PBKDF2_OID) != 0) { gnutls_assert (); - _gnutls_x509_log + _gnutls_debug_log ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid); return _gnutls_asn2err (result); } @@ -1473,7 +1473,7 @@ oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo) return 0; } - _gnutls_x509_log ("PKCS #8 encryption OID '%s' is unsupported.\n", oid); + _gnutls_debug_log ("PKCS #8 encryption OID '%s' is unsupported.\n", oid); return GNUTLS_E_UNKNOWN_CIPHER_TYPE; } diff --git a/lib/x509/verify.c b/lib/x509/verify.c index f2f05fa1c9..a33be90d8e 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -711,7 +711,7 @@ decode_ber_digest_info (const gnutls_datum_t * info, if (*hash == GNUTLS_MAC_UNKNOWN) { - _gnutls_x509_log ("verify.c: HASH OID: %s\n", str); + _gnutls_debug_log ("verify.c: HASH OID: %s\n", str); gnutls_assert (); asn1_delete_structure (&dinfo); diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index a0b830e695..5d31a830da 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -907,7 +907,7 @@ disable_optional_stuff (gnutls_x509_crt_t cert) if (cert->use_extensions == 0) { - _gnutls_x509_log ("Disabling X.509 extensions.\n"); + _gnutls_debug_log ("Disabling X.509 extensions.\n"); asn1_write_value (cert->cert, "tbsCertificate.extensions", NULL, 0); } diff --git a/lib/x509_b64.c b/lib/x509_b64.c index de3c0999ef..272c00de37 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -469,7 +469,7 @@ _gnutls_fbase64_decode (const char *header, const opaque * data, if (kdata == NULL) { gnutls_assert (); - _gnutls_x509_log ("Could not find '%s'\n", ENDSTR); + _gnutls_debug_log ("Could not find '%s'\n", ENDSTR); return GNUTLS_E_BASE64_DECODING_ERROR; } data_size -= strlen (ENDSTR);