Change SSL debug API in the library

parent 79c4e3ee
......@@ -54,6 +54,8 @@ API Changes
pointer, parameters reordered).
* On server, mbedtls_ssl_conf_session_tickets_cb() must now be used in
place of mbedtls_ssl_conf_session_tickets() to enable session tickets.
* The SSL debug callback gained two new arguments (file name, line number).
* Debug modes were removed.
* mbedtls_ssl_conf_truncated_hmac() now returns void.
* mbedtls_memory_buffer_alloc_init() now returns void.
* X.509 verification flags are now an uint32_t. Affect the signature of:
......
......@@ -120,9 +120,6 @@
#if defined MBEDTLS_DEBUG_C
#define POLARSSL_DEBUG_C MBEDTLS_DEBUG_C
#endif
#if defined MBEDTLS_DEBUG_DFL_MODE
#define POLARSSL_DEBUG_DFL_MODE MBEDTLS_DEBUG_DFL_MODE
#endif
#if defined MBEDTLS_DEPRECATED_REMOVED
#define POLARSSL_DEPRECATED_REMOVED MBEDTLS_DEPRECATED_REMOVED
#endif
......
......@@ -2413,9 +2413,6 @@
*/
//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
/* Debug options */
//#define MBEDTLS_DEBUG_DFL_MODE MBEDTLS_DEBUG_LOG_FULL /**< Default log: Full or Raw */
/* X509 options */
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
......
......@@ -38,24 +38,6 @@
#if defined(MBEDTLS_DEBUG_C)
#define MBEDTLS_DEBUG_LOG_FULL 0 /**< Include file:line in log lines */
#define MBEDTLS_DEBUG_LOG_RAW 1 /**< Only log raw debug lines */
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line.
* \{
*/
#if !defined(MBEDTLS_DEBUG_DFL_MODE)
#define MBEDTLS_DEBUG_DFL_MODE MBEDTLS_DEBUG_LOG_FULL /**< Default log: Full or Raw */
#endif
/* \} name SECTION: Module settings */
#define MBEDTLS_SSL_DEBUG_MSG( level, args ) \
mbedtls_debug_print_msg_free( ssl, level, __FILE__, __LINE__, mbedtls_debug_fmt args )
......@@ -95,15 +77,6 @@
extern "C" {
#endif
/**
* \brief Set the log mode for the debug functions globally
* (Default value: MBEDTLS_DEBUG_DFL_MODE)
*
* \param log_mode The log mode to use (MBEDTLS_DEBUG_LOG_FULL or
* MBEDTLS_DEBUG_LOG_RAW)
*/
void mbedtls_debug_set_log_mode( int log_mode );
/**
* \brief Set the level threshold to handle globally. Messages that have a
* level over the threshold value are ignored.
......
......@@ -488,7 +488,7 @@ struct mbedtls_ssl_config
const int *ciphersuite_list[4]; /*!< allowed ciphersuites per version */
/** Callback for printing debug output */
void (*f_dbg)(void *, int, const char *);
void (*f_dbg)(void *, int, const char *, int, const char *);
void *p_dbg; /*!< context for the debug function */
/** Callback for getting (pseudo-)random numbers */
......@@ -957,12 +957,19 @@ void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
/**
* \brief Set the debug callback
*
* The callback has the following argument:
* void * opaque context for the callback
* int debug level
* const char * file name
* int line number
* const char * message
*
* \param conf SSL configuration
* \param f_dbg debug function
* \param p_dbg debug parameter
*/
void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
void (*f_dbg)(void *, int, const char *),
void (*f_dbg)(void *, int, const char *, int, const char *),
void *p_dbg );
/**
......
......@@ -45,14 +45,8 @@
#define DEBUG_BUF_SIZE 512
static int debug_log_mode = MBEDTLS_DEBUG_DFL_MODE;
static int debug_threshold = 0;
void mbedtls_debug_set_log_mode( int log_mode )
{
debug_log_mode = log_mode;
}
void mbedtls_debug_set_threshold( int threshold )
{
debug_threshold = threshold;
......@@ -94,14 +88,9 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
return;
if( debug_log_mode == MBEDTLS_DEBUG_LOG_RAW )
{
ssl->conf->f_dbg( ssl->conf->p_dbg, level, text );
return;
}
mbedtls_snprintf( str, sizeof( str ), "%s\n", text );
mbedtls_snprintf( str, sizeof( str ), "%s(%04d): %s\n", file, line, text );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
}
void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
......@@ -109,7 +98,6 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
const char *text, int ret )
{
char str[DEBUG_BUF_SIZE];
size_t idx = 0;
if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
return;
......@@ -122,13 +110,10 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
if( ret == MBEDTLS_ERR_SSL_WANT_READ )
return;
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
idx = mbedtls_snprintf( str, sizeof( str ), "%s(%04d): ", file, line );
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "%s() returned %d (-0x%04x)\n",
mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n",
text, ret, -ret );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
}
void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
......@@ -142,13 +127,10 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
return;
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
idx = mbedtls_snprintf( str, sizeof( str ), "%s(%04d): ", file, line );
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n",
text, (unsigned int) len );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
idx = 0;
memset( txt, 0, sizeof( txt ) );
......@@ -162,15 +144,12 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
if( i > 0 )
{
mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
idx = 0;
memset( txt, 0, sizeof( txt ) );
}
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
idx = mbedtls_snprintf( str, sizeof( str ), "%s(%04d): ", file, line );
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, "%04x: ",
(unsigned int) i );
......@@ -187,7 +166,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " " );
mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
}
}
......@@ -229,13 +208,10 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
if( ( ( X->p[n] >> j ) & 1 ) != 0 )
break;
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
idx = mbedtls_snprintf( str, sizeof( str ), "%s(%04d): ", file, line );
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "value of '%s' (%d bits) is:\n",
text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
idx = 0;
for( i = n + 1, j = 0; i > 0; i-- )
......@@ -255,12 +231,9 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
if( j > 0 )
{
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
idx = 0;
}
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
idx = mbedtls_snprintf( str, sizeof( str ), "%s(%04d): ", file, line );
}
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", (unsigned int)
......@@ -272,17 +245,10 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
}
if( zeros == 1 )
{
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
{
idx = mbedtls_snprintf( str, sizeof( str ), "%s(%04d): ", file, line );
}
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " 00" );
}
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
}
#endif /* MBEDTLS_BIGNUM_C */
......@@ -323,35 +289,50 @@ static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
}
}
static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level,
const char *file, int line, const char *text )
{
char str[DEBUG_BUF_SIZE];
const char *start, *cur;
start = text;
for( cur = text; *cur != '\0'; cur++ )
{
if( *cur == '\n' )
{
size_t len = cur - start + 1;
if( len > DEBUG_BUF_SIZE - 1 )
len = DEBUG_BUF_SIZE - 1;
memcpy( str, start, len );
str[len] = '\0';
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
start = cur + 1;
}
}
}
void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_x509_crt *crt )
{
char str[1024], prefix[64];
int i = 0, idx = 0;
char str[DEBUG_BUF_SIZE];
int i = 0;
if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || crt == NULL || level > debug_threshold )
return;
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
{
mbedtls_snprintf( prefix, sizeof( prefix ), "%s(%04d): ", file, line );
}
else
prefix[0] = '\0';
while( crt != NULL )
{
char buf[1024];
mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, prefix, crt );
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
idx = mbedtls_snprintf( str, sizeof( str ), "%s(%04d): ", file, line );
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "%s #%d:\n%s",
text, ++i, buf );
mbedtls_snprintf( str, sizeof( str ), "%s #%d:\n", text, ++i );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
debug_print_line_by_line( ssl, level, file, line, buf );
debug_print_pk( ssl, level, file, line, "crt->", &crt->pk );
......
......@@ -5228,7 +5228,7 @@ void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
}
void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
void (*f_dbg)(void *, int, const char *),
void (*f_dbg)(void *, int, const char *, int, const char *),
void *p_dbg )
{
conf->f_dbg = f_dbg;
......
This diff is collapsed.
......@@ -7,20 +7,32 @@ struct buffer_data
char *ptr;
};
void string_debug(void *data, int level, const char *str)
void string_debug(void *data, int level, const char *file, int line, const char *str)
{
struct buffer_data *buffer = (struct buffer_data *) data;
char *p = buffer->ptr;
((void) level);
memcpy(buffer->ptr, str, strlen(str));
buffer->ptr += strlen(str);
memcpy( p, file, strlen( file ) );
p += strlen( file );
*p++ = '(';
*p++ = '0' + ( line / 1000 ) % 10;
*p++ = '0' + ( line / 100 ) % 10;
*p++ = '0' + ( line / 10 ) % 10;
*p++ = '0' + ( line / 1 ) % 10;
*p++ = ')';
*p++ = ':';
*p++ = ' ';
memcpy( p, str, strlen( str ) );
p += strlen( str );
/* Detect if debug messages output partial lines and mark them */
if( *(buffer->ptr - 1) != '\n' )
{
*buffer->ptr = '*';
buffer->ptr++;
}
if( p[-1] != '\n' )
*p++ = '*';
buffer->ptr = p;
}
/* END_HEADER */
......@@ -44,7 +56,6 @@ void debug_print_msg_threshold( int threshold, int level, char *file, int line,
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_log_mode( MBEDTLS_DEBUG_LOG_FULL );
mbedtls_debug_set_threshold( threshold );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
......@@ -60,7 +71,7 @@ exit:
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_debug_print_ret( int mode, char *file, int line, char *text, int value,
void mbedtls_debug_print_ret( char *file, int line, char *text, int value,
char *result_str )
{
mbedtls_ssl_context ssl;
......@@ -74,7 +85,6 @@ void mbedtls_debug_print_ret( int mode, char *file, int line, char *text, int va
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_log_mode( mode );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
......@@ -88,7 +98,7 @@ exit:
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_debug_print_buf( int mode, char *file, int line, char *text,
void mbedtls_debug_print_buf( char *file, int line, char *text,
char *data_string, char *result_str )
{
unsigned char data[10000];
......@@ -107,7 +117,6 @@ void mbedtls_debug_print_buf( int mode, char *file, int line, char *text,
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_log_mode( mode );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_buf( &ssl, 0, file, line, text, data, data_len );
......@@ -121,7 +130,7 @@ exit:
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_debug_print_crt( int mode, char *crt_file, char *file, int line,
void mbedtls_debug_print_crt( char *crt_file, char *file, int line,
char *prefix, char *result_str )
{
mbedtls_x509_crt crt;
......@@ -137,7 +146,6 @@ void mbedtls_debug_print_crt( int mode, char *crt_file, char *file, int line,
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_log_mode( mode );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
......@@ -153,7 +161,7 @@ exit:
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */
void mbedtls_debug_print_mpi( int mode, int radix, char *value, char *file, int line,
void mbedtls_debug_print_mpi( int radix, char *value, char *file, int line,
char *prefix, char *result_str )
{
mbedtls_ssl_context ssl;
......@@ -171,7 +179,6 @@ void mbedtls_debug_print_mpi( int mode, int radix, char *value, char *file, int
TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 );
mbedtls_debug_set_log_mode( mode );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment