LibTLS: Put lots of debug spam behind TLS_DEBUG

Libraries/LibTLS/ClientHandshake.cpp

@@ -87,8 +87,10 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p
     if (session_length && session_length <= 32) {
         memcpy(m_context.session_id, buffer.offset_pointer(res), session_length);
         m_context.session_id_size = session_length;
+#ifdef TLS_DEBUG
         dbg() << "Remote session ID:";
         print_buffer(ByteBuffer::wrap(m_context.session_id, session_length));
+#endif
     } else {
         m_context.session_id_size = 0;
     }
@@ -106,7 +108,9 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p
         return (i8)Error::NoCommonCipher;
     }
     m_context.cipher = cipher;
+#ifdef TLS_DEBUG
     dbg() << "Cipher: " << (u16)cipher;
+#endif
 
     // The handshake hash function is _always_ SHA256
     m_context.handshake_hash.initialize(Crypto::Hash::HashKind::SHA256);
@@ -140,7 +144,9 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p
         u16 extension_length = convert_between_host_and_network(*(const u16*)buffer.offset_pointer(res));
         res += 2;
 
+#ifdef TLS_DEBUG
         dbg() << "extension " << (u16)extension_type << " with length " << extension_length;
+#endif
         if (extension_length) {
             if (buffer.size() - res < extension_length) {
                 dbg() << "not enough data for extension";
@@ -212,17 +218,23 @@ ssize_t TLSv12::handle_finished(const ByteBuffer& buffer, WritePacketStage& writ
     index += 3;
 
     if (size < 12) {
+#ifdef TLS_DEBUG
         dbg() << "finished packet smaller than minimum size: " << size;
+#endif
         return (i8)Error::BrokenPacket;
     }
 
     if (size < buffer.size() - index) {
+#ifdef TLS_DEBUG
         dbg() << "not enough data after length: " << size << " > " << buffer.size() - index;
+#endif
         return (i8)Error::NeedMoreData;
     }
 
-    // TODO: Compare Hashes
+// TODO: Compare Hashes
+#ifdef TLS_DEBUG
     dbg() << "FIXME: handle_finished :: Check message validity";
+#endif
     m_context.connection_status = ConnectionStatus::Established;
 
     return handle_message(buffer);
@@ -279,7 +291,9 @@ void TLSv12::build_random(PacketBuilder& builder)
 ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
 {
     if (m_context.connection_status == ConnectionStatus::Established) {
+#ifdef TLS_DEBUG
         dbg() << "Renegotiation attempt ignored";
+#endif
         // FIXME: We should properly say "NoRenegotiation", but that causes a handshake failure
         //        so we just roll with it and pretend that we _did_ renegotiate
         //        This will cause issues when we decide to have long-lasting connections, but

Libraries/LibTLS/Record.cpp

@@ -199,7 +199,9 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
     buffer_position += 2;
 
     if (buffer_position + length > buffer.size()) {
+#ifdef TLS_DEBUG
         dbg() << "record length more than what we have: " << buffer.size();
+#endif
         return (i8)Error::NeedMoreData;
     }
 

Libraries/LibTLS/Socket.cpp

@@ -75,7 +75,9 @@ ByteBuffer TLSv12::read_line(size_t max_size)
 bool TLSv12::write(const ByteBuffer& buffer)
 {
     if (m_context.connection_status != ConnectionStatus::Established) {
+#ifdef TLS_DEBUG
         dbg() << "write request while not connected";
+#endif
         return false;
     }
 
@@ -165,11 +167,15 @@ bool TLSv12::check_connection_state(bool read)
 {
     if (!Core::Socket::is_open() || !Core::Socket::is_connected() || Core::Socket::eof()) {
         // an abrupt closure (the server is a jerk)
+#ifdef TLS_DEBUG
         dbg() << "Socket not open, assuming abrupt closure";
+#endif
         m_context.connection_finished = true;
     }
     if (m_context.critical_error) {
+#ifdef TLS_DEBUG
         dbg() << "CRITICAL ERROR " << m_context.critical_error << " :(";
+#endif
         if (on_tls_error)
             on_tls_error((AlertDescription)m_context.critical_error);
         return false;
@@ -180,10 +186,14 @@ bool TLSv12::check_connection_state(bool read)
                 on_tls_finished();
         }
         if (m_context.tls_buffer.size()) {
+#ifdef TLS_DEBUG
             dbg() << "connection closed without finishing data transfer, " << m_context.tls_buffer.size() << " bytes still in buffer & " << m_context.application_buffer.size() << " bytes in application buffer";
+#endif
         } else {
             m_context.connection_finished = false;
+#ifdef TLS_DEBUG
             dbg() << "FINISHED";
+#endif
         }
         if (!m_context.application_buffer.size()) {
             m_context.connection_status = ConnectionStatus::Disconnected;
@@ -212,7 +222,9 @@ bool TLSv12::flush()
     }
     if (m_context.send_retries++ == 10) {
         // drop the records, we can't send
+#ifdef TLS_DEBUG
         dbg() << "Dropping " << write_buffer().size() << " bytes worth of TLS records as max retries has been reached";
+#endif
         write_buffer().clear();
         m_context.send_retries = 0;
     }

Libraries/LibTLS/TLSv12.cpp

@@ -183,13 +183,17 @@ static ssize_t _parse_asn1(const Context& context, Certificate& cert, const u8*
         size_t length = _get_asn1_length((const u8*)&buffer[position], size - position, octets);
 
         if (octets > 4 || octets > size - position) {
+#ifdef TLS_DEBUG
             dbg() << "could not read the certificate";
+#endif
             return position;
         }
 
         position += octets;
         if (size - position < length) {
+#ifdef TLS_DEBUG
             dbg() << "not enough data for sequence";
+#endif
             return (i8)Error::NeedMoreData;
         }
 
@@ -368,7 +372,9 @@ static ssize_t _parse_asn1(const Context& context, Certificate& cert, const u8*
             hash.initialize(Crypto::Hash::HashKind::SHA512);
             break;
         default:
+#ifdef TLS_DEBUG
             dbg() << "Unsupported hash mode " << (u32)cert.key_algorithm;
+#endif
             // fallback to md5, it will fail later
             hash.initialize(Crypto::Hash::HashKind::MD5);
             break;
@@ -410,13 +416,17 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
     ssize_t res = 0;
 
     if (buffer.size() < 3) {
+#ifdef TLS_DEBUG
         dbg() << "not enough certificate header data";
+#endif
         return (i8)Error::NeedMoreData;
     }
 
     u32 certificate_total_length = buffer[0] * 0x10000 + buffer[1] * 0x100 + buffer[2];
 
+#ifdef TLS_DEBUG
     dbg() << "total length: " << certificate_total_length;
+#endif
 
     if (certificate_total_length <= 4)
         return 3 * certificate_total_length;
@@ -424,7 +434,9 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
     res += 3;
 
     if (certificate_total_length > buffer.size() - res) {
+#ifdef TLS_DEBUG
         dbg() << "not enough data for claimed total cert length";
+#endif
         return (i8)Error::NeedMoreData;
     }
     size_t size = certificate_total_length;
@@ -435,14 +447,18 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
     while (size > 0) {
         ++index;
         if (buffer.size() - res < 3) {
+#ifdef TLS_DEBUG
             dbg() << "not enough data for certificate length";
+#endif
             return (i8)Error::NeedMoreData;
         }
         size_t certificate_size = buffer[res] * 0x10000 + buffer[res + 1] * 0x100 + buffer[res + 2];
         res += 3;
 
         if (buffer.size() - res < certificate_size) {
+#ifdef TLS_DEBUG
             dbg() << "not enough data for certificate body";
+#endif
             return (i8)Error::NeedMoreData;
         }
 

Libraries/LibTLS/TLSv12.h

@@ -40,14 +40,14 @@
 
 namespace TLS {
 
-inline static void print_buffer(const ByteBuffer& buffer)
+inline void print_buffer(const ByteBuffer& buffer)
 {
     for (size_t i { 0 }; i < buffer.size(); ++i)
         dbgprintf("%02x ", buffer[i]);
     dbgprintf("\n");
 }
 
-inline static void print_buffer(const u8* buffer, size_t size)
+inline void print_buffer(const u8* buffer, size_t size)
 {
     for (size_t i { 0 }; i < size; ++i)
         dbgprintf("%02x ", buffer[i]);