瀏覽代碼

[crypto] Reduce standard debugging output

X.509 certificate processing currently produces an overwhelming amount
of debugging information.  Move some of this from DBGLVL_LOG to
DBGLVL_EXTRA, to make the output more manageable.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 12 年之前
父節點
當前提交
0e4ee60a75
共有 2 個文件被更改,包括 53 次插入51 次删除
  1. 49
    47
      src/crypto/x509.c
  2. 4
    4
      src/net/validator.c

+ 49
- 47
src/crypto/x509.c 查看文件

@@ -121,7 +121,7 @@ static void x509_free ( struct refcnt *refcnt ) {
121 121
 	struct x509_certificate *cert =
122 122
 		container_of ( refcnt, struct x509_certificate, refcnt );
123 123
 
124
-	DBGC ( cert, "X509 %p freed\n", cert );
124
+	DBGC2 ( cert, "X509 %p freed\n", cert );
125 125
 	free ( cert->subject.name );
126 126
 	free ( cert->extensions.auth_info.ocsp.uri );
127 127
 	free ( cert );
@@ -444,8 +444,8 @@ static int x509_parse_version ( struct x509_certificate *cert,
444 444
 
445 445
 	/* Record version */
446 446
 	cert->version = version;
447
-	DBGC ( cert, "X509 %p is a version %d certificate\n",
448
-	       cert, ( cert->version + 1 ) );
447
+	DBGC2 ( cert, "X509 %p is a version %d certificate\n",
448
+		cert, ( cert->version + 1 ) );
449 449
 
450 450
 	return 0;
451 451
 }
@@ -469,8 +469,8 @@ static int x509_parse_serial ( struct x509_certificate *cert,
469 469
 		       cert, strerror ( rc ) );
470 470
 		return rc;
471 471
 	}
472
-	DBGC ( cert, "X509 %p issuer is:\n", cert );
473
-	DBGC_HDA ( cert, 0, serial->raw.data, serial->raw.len );
472
+	DBGC2 ( cert, "X509 %p issuer is:\n", cert );
473
+	DBGC2_HDA ( cert, 0, serial->raw.data, serial->raw.len );
474 474
 
475 475
 	return 0;
476 476
 }
@@ -494,8 +494,8 @@ static int x509_parse_issuer ( struct x509_certificate *cert,
494 494
 		       cert, strerror ( rc ) );
495 495
 		return rc;
496 496
 	}
497
-	DBGC ( cert, "X509 %p issuer is:\n", cert );
498
-	DBGC_HDA ( cert, 0, issuer->raw.data, issuer->raw.len );
497
+	DBGC2 ( cert, "X509 %p issuer is:\n", cert );
498
+	DBGC2_HDA ( cert, 0, issuer->raw.data, issuer->raw.len );
499 499
 
500 500
 	return 0;
501 501
 }
@@ -522,13 +522,15 @@ static int x509_parse_validity ( struct x509_certificate *cert,
522 522
 	/* Parse notBefore */
523 523
 	if ( ( rc = x509_parse_time ( cert, not_before, &cursor ) ) != 0 )
524 524
 		return rc;
525
-	DBGC ( cert, "X509 %p valid from time %lld\n", cert, not_before->time );
525
+	DBGC2 ( cert, "X509 %p valid from time %lld\n",
526
+		cert, not_before->time );
526 527
 	asn1_skip_any ( &cursor );
527 528
 
528 529
 	/* Parse notAfter */
529 530
 	if ( ( rc = x509_parse_time ( cert, not_after, &cursor ) ) != 0 )
530 531
 		return rc;
531
-	DBGC ( cert, "X509 %p valid until time %lld\n", cert, not_after->time );
532
+	DBGC2 ( cert, "X509 %p valid until time %lld\n",
533
+		cert, not_after->time );
532 534
 
533 535
 	return 0;
534 536
 }
@@ -588,7 +590,7 @@ static int x509_parse_common_name ( struct x509_certificate *cert, char **name,
588 590
 	}
589 591
 
590 592
 	/* Certificates may not have a commonName */
591
-	DBGC ( cert, "X509 %p no commonName found:\n", cert );
593
+	DBGC2 ( cert, "X509 %p no commonName found:\n", cert );
592 594
 	return 0;
593 595
 }
594 596
 
@@ -608,13 +610,13 @@ static int x509_parse_subject ( struct x509_certificate *cert,
608 610
 	/* Record raw subject */
609 611
 	memcpy ( &subject->raw, raw, sizeof ( subject->raw ) );
610 612
 	asn1_shrink_any ( &subject->raw );
611
-	DBGC ( cert, "X509 %p subject is:\n", cert );
612
-	DBGC_HDA ( cert, 0, subject->raw.data, subject->raw.len );
613
+	DBGC2 ( cert, "X509 %p subject is:\n", cert );
614
+	DBGC2_HDA ( cert, 0, subject->raw.data, subject->raw.len );
613 615
 
614 616
 	/* Parse common name */
615 617
 	if ( ( rc = x509_parse_common_name ( cert, name, raw ) ) != 0 )
616 618
 		return rc;
617
-	DBGC ( cert, "X509 %p common name is \"%s\":\n", cert, *name );
619
+	DBGC2 ( cert, "X509 %p common name is \"%s\":\n", cert, *name );
618 620
 
619 621
 	return 0;
620 622
 }
@@ -645,10 +647,10 @@ static int x509_parse_public_key ( struct x509_certificate *cert,
645 647
 	if ( ( rc = x509_parse_pubkey_algorithm ( cert, algorithm,
646 648
 						  &cursor ) ) != 0 )
647 649
 		return rc;
648
-	DBGC ( cert, "X509 %p public key algorithm is %s\n",
649
-	       cert, (*algorithm)->name );
650
-	DBGC ( cert, "X509 %p public key is:\n", cert );
651
-	DBGC_HDA ( cert, 0, public_key->raw.data, public_key->raw.len );
650
+	DBGC2 ( cert, "X509 %p public key algorithm is %s\n",
651
+		cert, (*algorithm)->name );
652
+	DBGC2 ( cert, "X509 %p public key is:\n", cert );
653
+	DBGC2_HDA ( cert, 0, public_key->raw.data, public_key->raw.len );
652 654
 
653 655
 	return 0;
654 656
 }
@@ -685,8 +687,8 @@ static int x509_parse_basic_constraints ( struct x509_certificate *cert,
685 687
 		asn1_skip_any ( &cursor );
686 688
 	}
687 689
 	basic->ca = ca;
688
-	DBGC ( cert, "X509 %p is %sa CA certificate\n",
689
-	       cert, ( basic->ca ? "" : "not " ) );
690
+	DBGC2 ( cert, "X509 %p is %sa CA certificate\n",
691
+		cert, ( basic->ca ? "" : "not " ) );
690 692
 
691 693
 	/* Ignore everything else unless "cA" is true */
692 694
 	if ( ! ca )
@@ -708,8 +710,8 @@ static int x509_parse_basic_constraints ( struct x509_certificate *cert,
708 710
 			return -EINVAL;
709 711
 		}
710 712
 		basic->path_len = path_len;
711
-		DBGC ( cert, "X509 %p path length constraint is %u\n",
712
-		       cert, basic->path_len );
713
+		DBGC2 ( cert, "X509 %p path length constraint is %u\n",
714
+			cert, basic->path_len );
713 715
 	}
714 716
 
715 717
 	return 0;
@@ -746,7 +748,7 @@ static int x509_parse_key_usage ( struct x509_certificate *cert,
746 748
 	for ( i = 0 ; i < len ; i++ ) {
747 749
 		usage->bits |= ( *(bytes++) << ( 8 * i ) );
748 750
 	}
749
-	DBGC ( cert, "X509 %p key usage is %08x\n", cert, usage->bits );
751
+	DBGC2 ( cert, "X509 %p key usage is %08x\n", cert, usage->bits );
750 752
 
751 753
 	return 0;
752 754
 }
@@ -791,8 +793,8 @@ static int x509_parse_key_purpose ( struct x509_certificate *cert,
791 793
 			    sizeof ( x509_key_purposes[0] ) ) ; i++ ) {
792 794
 		purpose = &x509_key_purposes[i];
793 795
 		if ( asn1_compare ( &cursor, &purpose->oid ) == 0 ) {
794
-			DBGC ( cert, "X509 %p has key purpose %s\n",
795
-			       cert, purpose->name );
796
+			DBGC2 ( cert, "X509 %p has key purpose %s\n",
797
+				cert, purpose->name );
796 798
 			ext_usage->bits |= purpose->bits;
797 799
 			return 0;
798 800
 		}
@@ -855,7 +857,7 @@ static int x509_parse_ocsp ( struct x509_certificate *cert,
855 857
 	if ( ! ocsp->uri )
856 858
 		return -ENOMEM;
857 859
 	memcpy ( ocsp->uri, cursor.data, cursor.len );
858
-	DBGC ( cert, "X509 %p OCSP URI is %s:\n", cert, ocsp->uri );
860
+	DBGC2 ( cert, "X509 %p OCSP URI is %s:\n", cert, ocsp->uri );
859 861
 
860 862
 	return 0;
861 863
 }
@@ -916,8 +918,8 @@ static int x509_parse_access_description ( struct x509_certificate *cert,
916 918
 	asn1_enter ( &subcursor, ASN1_OID );
917 919
 	method = x509_find_access_method ( &subcursor );
918 920
 	asn1_skip_any ( &cursor );
919
-	DBGC ( cert, "X509 %p found access method %s\n",
920
-	       cert, ( method ? method->name : "<unknown>" ) );
921
+	DBGC2 ( cert, "X509 %p found access method %s\n",
922
+		cert, ( method ? method->name : "<unknown>" ) );
921 923
 
922 924
 	/* Parse access location, if applicable */
923 925
 	if ( method && ( ( rc = method->parse ( cert, &cursor ) ) != 0 ) )
@@ -1038,8 +1040,8 @@ static int x509_parse_extension ( struct x509_certificate *cert,
1038 1040
 	asn1_enter ( &subcursor, ASN1_OID );
1039 1041
 	extension = x509_find_extension ( &subcursor );
1040 1042
 	asn1_skip_any ( &cursor );
1041
-	DBGC ( cert, "X509 %p found extension %s\n",
1042
-	       cert, ( extension ? extension->name : "<unknown>" ) );
1043
+	DBGC2 ( cert, "X509 %p found extension %s\n",
1044
+		cert, ( extension ? extension->name : "<unknown>" ) );
1043 1045
 
1044 1046
 	/* Identify criticality */
1045 1047
 	if ( asn1_type ( &cursor ) == ASN1_BOOLEAN ) {
@@ -1146,8 +1148,8 @@ static int x509_parse_tbscertificate ( struct x509_certificate *cert,
1146 1148
 	if ( ( rc = x509_parse_signature_algorithm ( cert, algorithm,
1147 1149
 						     &cursor ) ) != 0 )
1148 1150
 		return rc;
1149
-	DBGC ( cert, "X509 %p tbsCertificate signature algorithm is %s\n",
1150
-	       cert, (*algorithm)->name );
1151
+	DBGC2 ( cert, "X509 %p tbsCertificate signature algorithm is %s\n",
1152
+		cert, (*algorithm)->name );
1151 1153
 	asn1_skip_any ( &cursor );
1152 1154
 
1153 1155
 	/* Parse issuer */
@@ -1208,16 +1210,16 @@ static int x509_parse ( struct x509_certificate *cert,
1208 1210
 	if ( ( rc = x509_parse_signature_algorithm ( cert, signature_algorithm,
1209 1211
 						     &cursor ) ) != 0 )
1210 1212
 		return rc;
1211
-	DBGC ( cert, "X509 %p signatureAlgorithm is %s\n",
1212
-	       cert, (*signature_algorithm)->name );
1213
+	DBGC2 ( cert, "X509 %p signatureAlgorithm is %s\n",
1214
+		cert, (*signature_algorithm)->name );
1213 1215
 	asn1_skip_any ( &cursor );
1214 1216
 
1215 1217
 	/* Parse signatureValue */
1216 1218
 	if ( ( rc = x509_parse_integral_bit_string ( cert, signature_value,
1217 1219
 						     &cursor ) ) != 0 )
1218 1220
 		return rc;
1219
-	DBGC ( cert, "X509 %p signatureValue is:\n", cert );
1220
-	DBGC_HDA ( cert, 0, signature_value->data, signature_value->len );
1221
+	DBGC2 ( cert, "X509 %p signatureValue is:\n", cert );
1222
+	DBGC2_HDA ( cert, 0, signature_value->data, signature_value->len );
1221 1223
 
1222 1224
 	/* Check that algorithm in tbsCertificate matches algorithm in
1223 1225
 	 * signature
@@ -1259,8 +1261,8 @@ int x509_certificate ( const void *data, size_t len,
1259 1261
 	list_for_each_entry ( (*cert), &x509_cache, list ) {
1260 1262
 		if ( asn1_compare ( &cursor, &(*cert)->raw ) == 0 ) {
1261 1263
 
1262
-			DBGC ( *cert, "X509 %p \"%s\" cache hit\n",
1263
-			       *cert, (*cert)->subject.name );
1264
+			DBGC2 ( *cert, "X509 %p \"%s\" cache hit\n",
1265
+				*cert, (*cert)->subject.name );
1264 1266
 
1265 1267
 			/* Mark as most recently used */
1266 1268
 			list_del ( &(*cert)->list );
@@ -1323,8 +1325,8 @@ static int x509_check_signature ( struct x509_certificate *cert,
1323 1325
 	digest_init ( digest, digest_ctx );
1324 1326
 	digest_update ( digest, digest_ctx, cert->tbs.data, cert->tbs.len );
1325 1327
 	digest_final ( digest, digest_ctx, digest_out );
1326
-	DBGC ( cert, "X509 %p \"%s\" digest:\n", cert, cert->subject.name );
1327
-	DBGC_HDA ( cert, 0, digest_out, sizeof ( digest_out ) );
1328
+	DBGC2 ( cert, "X509 %p \"%s\" digest:\n", cert, cert->subject.name );
1329
+	DBGC2_HDA ( cert, 0, digest_out, sizeof ( digest_out ) );
1328 1330
 
1329 1331
 	/* Check that signature public key algorithm matches signer */
1330 1332
 	if ( public_key->algorithm->pubkey != pubkey ) {
@@ -1463,8 +1465,8 @@ int x509_check_root ( struct x509_certificate *cert, struct x509_root *root ) {
1463 1465
 		root_fingerprint += sizeof ( fingerprint );
1464 1466
 	}
1465 1467
 
1466
-	DBGC ( cert, "X509 %p \"%s\" is not a root certificate\n",
1467
-	       cert, cert->subject.name );
1468
+	DBGC2 ( cert, "X509 %p \"%s\" is not a root certificate\n",
1469
+		cert, cert->subject.name );
1468 1470
 	return -ENOENT;
1469 1471
 }
1470 1472
 
@@ -1490,8 +1492,8 @@ int x509_check_time ( struct x509_certificate *cert, time_t time ) {
1490 1492
 		return -EACCES_EXPIRED;
1491 1493
 	}
1492 1494
 
1493
-	DBGC ( cert, "X509 %p \"%s\" is valid (at time %lld)\n",
1494
-	       cert, cert->subject.name, time );
1495
+	DBGC2 ( cert, "X509 %p \"%s\" is valid (at time %lld)\n",
1496
+		cert, cert->subject.name, time );
1495 1497
 	return 0;
1496 1498
 }
1497 1499
 
@@ -1537,8 +1539,8 @@ static int x509_validate ( struct x509_certificate *cert,
1537 1539
 
1538 1540
 	/* Fail unless we have an issuer */
1539 1541
 	if ( ! issuer ) {
1540
-		DBGC ( cert, "X509 %p \"%s\" has no issuer\n",
1541
-		       cert, cert->subject.name );
1542
+		DBGC2 ( cert, "X509 %p \"%s\" has no issuer\n",
1543
+			cert, cert->subject.name );
1542 1544
 		return -EACCES_UNTRUSTED;
1543 1545
 	}
1544 1546
 
@@ -1588,7 +1590,7 @@ static void x509_free_chain ( struct refcnt *refcnt ) {
1588 1590
 	struct x509_link *link;
1589 1591
 	struct x509_link *tmp;
1590 1592
 
1591
-	DBGC ( chain, "X509 chain %p freed\n", chain );
1593
+	DBGC2 ( chain, "X509 chain %p freed\n", chain );
1592 1594
 
1593 1595
 	/* Free each link in the chain */
1594 1596
 	list_for_each_entry_safe ( link, tmp, &chain->links, list ) {
@@ -1618,7 +1620,7 @@ struct x509_chain * x509_alloc_chain ( void ) {
1618 1620
 	ref_init ( &chain->refcnt, x509_free_chain );
1619 1621
 	INIT_LIST_HEAD ( &chain->links );
1620 1622
 
1621
-	DBGC ( chain, "X509 chain %p allocated\n", chain );
1623
+	DBGC2 ( chain, "X509 chain %p allocated\n", chain );
1622 1624
 	return chain;
1623 1625
 }
1624 1626
 

+ 4
- 4
src/net/validator.c 查看文件

@@ -68,7 +68,7 @@ static void validator_free ( struct refcnt *refcnt ) {
68 68
 	struct validator *validator =
69 69
 		container_of ( refcnt, struct validator, refcnt );
70 70
 
71
-	DBGC ( validator, "VALIDATOR %p freed\n", validator );
71
+	DBGC2 ( validator, "VALIDATOR %p freed\n", validator );
72 72
 	x509_chain_put ( validator->chain );
73 73
 	xferbuf_done ( &validator->buffer );
74 74
 	free ( validator );
@@ -294,7 +294,7 @@ static void validator_xfer_close ( struct validator *validator, int rc ) {
294 294
 		       validator, strerror ( rc ) );
295 295
 		goto err_download;
296 296
 	}
297
-	DBGC ( validator, "VALIDATOR %p download complete\n", validator );
297
+	DBGC2 ( validator, "VALIDATOR %p download complete\n", validator );
298 298
 
299 299
 	/* Append downloaded certificates */
300 300
 	if ( ( rc = validator_append ( validator, validator->buffer.data,
@@ -439,8 +439,8 @@ int create_validator ( struct interface *job, struct x509_chain *chain ) {
439 439
 	/* Attach parent interface, mortalise self, and return */
440 440
 	intf_plug_plug ( &validator->job, job );
441 441
 	ref_put ( &validator->refcnt );
442
-	DBGC ( validator, "VALIDATOR %p validating X509 chain %p\n",
443
-	       validator, validator->chain );
442
+	DBGC2 ( validator, "VALIDATOR %p validating X509 chain %p\n",
443
+		validator, validator->chain );
444 444
 	return 0;
445 445
 
446 446
 	validator_finished ( validator, rc );

Loading…
取消
儲存