[crypto] Reduce standard debugging output

X.509 certificate processing currently produces an overwhelming amount
of debugging information.  Move some of this from DBGLVL_LOG to
DBGLVL_EXTRA, to make the output more manageable.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/x509.c

 	struct x509_certificate *cert =
 		container_of ( refcnt, struct x509_certificate, refcnt );
 
-	DBGC ( cert, "X509 %p freed\n", cert );
+	DBGC2 ( cert, "X509 %p freed\n", cert );
 	free ( cert->subject.name );
 	free ( cert->extensions.auth_info.ocsp.uri );
 	free ( cert );
 
 	/* Record version */
 	cert->version = version;
-	DBGC ( cert, "X509 %p is a version %d certificate\n",
-	       cert, ( cert->version + 1 ) );
+	DBGC2 ( cert, "X509 %p is a version %d certificate\n",
+		cert, ( cert->version + 1 ) );
 
 	return 0;
 }
 		       cert, strerror ( rc ) );
 		return rc;
 	}
-	DBGC ( cert, "X509 %p issuer is:\n", cert );
-	DBGC_HDA ( cert, 0, serial->raw.data, serial->raw.len );
+	DBGC2 ( cert, "X509 %p issuer is:\n", cert );
+	DBGC2_HDA ( cert, 0, serial->raw.data, serial->raw.len );
 
 	return 0;
 }
 		       cert, strerror ( rc ) );
 		return rc;
 	}
-	DBGC ( cert, "X509 %p issuer is:\n", cert );
-	DBGC_HDA ( cert, 0, issuer->raw.data, issuer->raw.len );
+	DBGC2 ( cert, "X509 %p issuer is:\n", cert );
+	DBGC2_HDA ( cert, 0, issuer->raw.data, issuer->raw.len );
 
 	return 0;
 }
 	/* Parse notBefore */
 	if ( ( rc = x509_parse_time ( cert, not_before, &cursor ) ) != 0 )
 		return rc;
-	DBGC ( cert, "X509 %p valid from time %lld\n", cert, not_before->time );
+	DBGC2 ( cert, "X509 %p valid from time %lld\n",
+		cert, not_before->time );
 	asn1_skip_any ( &cursor );
 
 	/* Parse notAfter */
 	if ( ( rc = x509_parse_time ( cert, not_after, &cursor ) ) != 0 )
 		return rc;
-	DBGC ( cert, "X509 %p valid until time %lld\n", cert, not_after->time );
+	DBGC2 ( cert, "X509 %p valid until time %lld\n",
+		cert, not_after->time );
 
 	return 0;
 }
 	}
 
 	/* Certificates may not have a commonName */
-	DBGC ( cert, "X509 %p no commonName found:\n", cert );
+	DBGC2 ( cert, "X509 %p no commonName found:\n", cert );
 	return 0;
 }
 
 	/* Record raw subject */
 	memcpy ( &subject->raw, raw, sizeof ( subject->raw ) );
 	asn1_shrink_any ( &subject->raw );
-	DBGC ( cert, "X509 %p subject is:\n", cert );
-	DBGC_HDA ( cert, 0, subject->raw.data, subject->raw.len );
+	DBGC2 ( cert, "X509 %p subject is:\n", cert );
+	DBGC2_HDA ( cert, 0, subject->raw.data, subject->raw.len );
 
 	/* Parse common name */
 	if ( ( rc = x509_parse_common_name ( cert, name, raw ) ) != 0 )
 		return rc;
-	DBGC ( cert, "X509 %p common name is \"%s\":\n", cert, *name );
+	DBGC2 ( cert, "X509 %p common name is \"%s\":\n", cert, *name );
 
 	return 0;
 }
 	if ( ( rc = x509_parse_pubkey_algorithm ( cert, algorithm,
 						  &cursor ) ) != 0 )
 		return rc;
-	DBGC ( cert, "X509 %p public key algorithm is %s\n",
-	       cert, (*algorithm)->name );
-	DBGC ( cert, "X509 %p public key is:\n", cert );
-	DBGC_HDA ( cert, 0, public_key->raw.data, public_key->raw.len );
+	DBGC2 ( cert, "X509 %p public key algorithm is %s\n",
+		cert, (*algorithm)->name );
+	DBGC2 ( cert, "X509 %p public key is:\n", cert );
+	DBGC2_HDA ( cert, 0, public_key->raw.data, public_key->raw.len );
 
 	return 0;
 }
 		asn1_skip_any ( &cursor );
 	}
 	basic->ca = ca;
-	DBGC ( cert, "X509 %p is %sa CA certificate\n",
-	       cert, ( basic->ca ? "" : "not " ) );
+	DBGC2 ( cert, "X509 %p is %sa CA certificate\n",
+		cert, ( basic->ca ? "" : "not " ) );
 
 	/* Ignore everything else unless "cA" is true */
 	if ( ! ca )
 			return -EINVAL;
 		}
 		basic->path_len = path_len;
-		DBGC ( cert, "X509 %p path length constraint is %u\n",
-		       cert, basic->path_len );
+		DBGC2 ( cert, "X509 %p path length constraint is %u\n",
+			cert, basic->path_len );
 	}
 
 	return 0;
 	for ( i = 0 ; i < len ; i++ ) {
 		usage->bits |= ( *(bytes++) << ( 8 * i ) );
 	}
-	DBGC ( cert, "X509 %p key usage is %08x\n", cert, usage->bits );
+	DBGC2 ( cert, "X509 %p key usage is %08x\n", cert, usage->bits );
 
 	return 0;
 }
 			    sizeof ( x509_key_purposes[0] ) ) ; i++ ) {
 		purpose = &x509_key_purposes[i];
 		if ( asn1_compare ( &cursor, &purpose->oid ) == 0 ) {
-			DBGC ( cert, "X509 %p has key purpose %s\n",
-			       cert, purpose->name );
+			DBGC2 ( cert, "X509 %p has key purpose %s\n",
+				cert, purpose->name );
 			ext_usage->bits |= purpose->bits;
 			return 0;
 		}
 	if ( ! ocsp->uri )
 		return -ENOMEM;
 	memcpy ( ocsp->uri, cursor.data, cursor.len );
-	DBGC ( cert, "X509 %p OCSP URI is %s:\n", cert, ocsp->uri );
+	DBGC2 ( cert, "X509 %p OCSP URI is %s:\n", cert, ocsp->uri );
 
 	return 0;
 }
 	asn1_enter ( &subcursor, ASN1_OID );
 	method = x509_find_access_method ( &subcursor );
 	asn1_skip_any ( &cursor );
-	DBGC ( cert, "X509 %p found access method %s\n",
-	       cert, ( method ? method->name : "<unknown>" ) );
+	DBGC2 ( cert, "X509 %p found access method %s\n",
+		cert, ( method ? method->name : "<unknown>" ) );
 
 	/* Parse access location, if applicable */
 	if ( method && ( ( rc = method->parse ( cert, &cursor ) ) != 0 ) )
 	asn1_enter ( &subcursor, ASN1_OID );
 	extension = x509_find_extension ( &subcursor );
 	asn1_skip_any ( &cursor );
-	DBGC ( cert, "X509 %p found extension %s\n",
-	       cert, ( extension ? extension->name : "<unknown>" ) );
+	DBGC2 ( cert, "X509 %p found extension %s\n",
+		cert, ( extension ? extension->name : "<unknown>" ) );
 
 	/* Identify criticality */
 	if ( asn1_type ( &cursor ) == ASN1_BOOLEAN ) {
 	if ( ( rc = x509_parse_signature_algorithm ( cert, algorithm,
 						     &cursor ) ) != 0 )
 		return rc;
-	DBGC ( cert, "X509 %p tbsCertificate signature algorithm is %s\n",
-	       cert, (*algorithm)->name );
+	DBGC2 ( cert, "X509 %p tbsCertificate signature algorithm is %s\n",
+		cert, (*algorithm)->name );
 	asn1_skip_any ( &cursor );
 
 	/* Parse issuer */
 	if ( ( rc = x509_parse_signature_algorithm ( cert, signature_algorithm,
 						     &cursor ) ) != 0 )
 		return rc;
-	DBGC ( cert, "X509 %p signatureAlgorithm is %s\n",
-	       cert, (*signature_algorithm)->name );
+	DBGC2 ( cert, "X509 %p signatureAlgorithm is %s\n",
+		cert, (*signature_algorithm)->name );
 	asn1_skip_any ( &cursor );
 
 	/* Parse signatureValue */
 	if ( ( rc = x509_parse_integral_bit_string ( cert, signature_value,
 						     &cursor ) ) != 0 )
 		return rc;
-	DBGC ( cert, "X509 %p signatureValue is:\n", cert );
-	DBGC_HDA ( cert, 0, signature_value->data, signature_value->len );
+	DBGC2 ( cert, "X509 %p signatureValue is:\n", cert );
+	DBGC2_HDA ( cert, 0, signature_value->data, signature_value->len );
 
 	/* Check that algorithm in tbsCertificate matches algorithm in
 	 * signature
 	list_for_each_entry ( (*cert), &x509_cache, list ) {
 		if ( asn1_compare ( &cursor, &(*cert)->raw ) == 0 ) {
 
-			DBGC ( *cert, "X509 %p \"%s\" cache hit\n",
-			       *cert, (*cert)->subject.name );
+			DBGC2 ( *cert, "X509 %p \"%s\" cache hit\n",
+				*cert, (*cert)->subject.name );
 
 			/* Mark as most recently used */
 			list_del ( &(*cert)->list );
 	digest_init ( digest, digest_ctx );
 	digest_update ( digest, digest_ctx, cert->tbs.data, cert->tbs.len );
 	digest_final ( digest, digest_ctx, digest_out );
-	DBGC ( cert, "X509 %p \"%s\" digest:\n", cert, cert->subject.name );
-	DBGC_HDA ( cert, 0, digest_out, sizeof ( digest_out ) );
+	DBGC2 ( cert, "X509 %p \"%s\" digest:\n", cert, cert->subject.name );
+	DBGC2_HDA ( cert, 0, digest_out, sizeof ( digest_out ) );
 
 	/* Check that signature public key algorithm matches signer */
 	if ( public_key->algorithm->pubkey != pubkey ) {
 		root_fingerprint += sizeof ( fingerprint );
 	}
 
-	DBGC ( cert, "X509 %p \"%s\" is not a root certificate\n",
-	       cert, cert->subject.name );
+	DBGC2 ( cert, "X509 %p \"%s\" is not a root certificate\n",
+		cert, cert->subject.name );
 	return -ENOENT;
 }
 
 		return -EACCES_EXPIRED;
 	}
 
-	DBGC ( cert, "X509 %p \"%s\" is valid (at time %lld)\n",
-	       cert, cert->subject.name, time );
+	DBGC2 ( cert, "X509 %p \"%s\" is valid (at time %lld)\n",
+		cert, cert->subject.name, time );
 	return 0;
 }
 
 
 	/* Fail unless we have an issuer */
 	if ( ! issuer ) {
-		DBGC ( cert, "X509 %p \"%s\" has no issuer\n",
-		       cert, cert->subject.name );
+		DBGC2 ( cert, "X509 %p \"%s\" has no issuer\n",
+			cert, cert->subject.name );
 		return -EACCES_UNTRUSTED;
 	}
 
 	struct x509_link *link;
 	struct x509_link *tmp;
 
-	DBGC ( chain, "X509 chain %p freed\n", chain );
+	DBGC2 ( chain, "X509 chain %p freed\n", chain );
 
 	/* Free each link in the chain */
 	list_for_each_entry_safe ( link, tmp, &chain->links, list ) {
 	ref_init ( &chain->refcnt, x509_free_chain );
 	INIT_LIST_HEAD ( &chain->links );
 
-	DBGC ( chain, "X509 chain %p allocated\n", chain );
+	DBGC2 ( chain, "X509 chain %p allocated\n", chain );
 	return chain;
 }
 

src/net/validator.c

 	struct validator *validator =
 		container_of ( refcnt, struct validator, refcnt );
 
-	DBGC ( validator, "VALIDATOR %p freed\n", validator );
+	DBGC2 ( validator, "VALIDATOR %p freed\n", validator );
 	x509_chain_put ( validator->chain );
 	xferbuf_done ( &validator->buffer );
 	free ( validator );
 		       validator, strerror ( rc ) );
 		goto err_download;
 	}
-	DBGC ( validator, "VALIDATOR %p download complete\n", validator );
+	DBGC2 ( validator, "VALIDATOR %p download complete\n", validator );
 
 	/* Append downloaded certificates */
 	if ( ( rc = validator_append ( validator, validator->buffer.data,
 	/* Attach parent interface, mortalise self, and return */
 	intf_plug_plug ( &validator->job, job );
 	ref_put ( &validator->refcnt );
-	DBGC ( validator, "VALIDATOR %p validating X509 chain %p\n",
-	       validator, validator->chain );
+	DBGC2 ( validator, "VALIDATOR %p validating X509 chain %p\n",
+		validator, validator->chain );
 	return 0;
 
 	validator_finished ( validator, rc );