RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 06:47:35 +00:00
Code Issues Activity Actions

Everywhere: Replace a bundle of dbg with dbgln.

Browse source 
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.Everything:

The modifications in this commit were automatically made using the
following command:

    find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
This commit is contained in:
asynts 2021-01-09 18:51:44 +01:00 committed by Andreas Kling
parent 40b8e21115
commit 938e5c7719
95 changed files with 331 additions and 331 deletions
Download patch file Download diff file Expand all files Collapse all files

108
Libraries/LibTLS/ClientHandshake.cpp
View file

@ -51,14 +51,14 @@ ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packe
{
write_packets = WritePacketStage::Initial;
if (m_context.connection_status != ConnectionStatus::Disconnected && m_context.connection_status != ConnectionStatus::Renegotiating) {
dbg() << "unexpected hello message";
dbgln("unexpected hello message");
return (i8)Error::UnexpectedMessage;
}
ssize_t res = 0;
size_t min_hello_size = 41;
if (min_hello_size > buffer.size()) {
dbg() << "need more data";
dbgln("need more data");
return (i8)Error::NeedMoreData;
}
size_t following_bytes = buffer[0] * 0x10000 + buffer[1] * 0x100 + buffer[2];
@ -69,7 +69,7 @@ ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packe
}
if (buffer.size() - res < 2) {
dbg() << "not enough data for version";
dbgln("not enough data for version");
return (i8)Error::NeedMoreData;
}
auto version = (Version)AK::convert_between_host_and_network_endian(*(const u16*)buffer.offset_pointer(res));
@ -83,7 +83,7 @@ ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packe
u8 session_length = buffer[res++];
if (buffer.size() - res < session_length) {
dbg() << "not enough data for session id";
dbgln("not enough data for session id");
return (i8)Error::NeedMoreData;
}
@ -91,7 +91,7 @@ ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packe
memcpy(m_context.session_id, buffer.offset_pointer(res), session_length);
m_context.session_id_size = session_length;
#ifdef TLS_DEBUG
dbg() << "Remote session ID:";
dbgln("Remote session ID:");
print_buffer(ReadonlyBytes { m_context.session_id, session_length });
#endif
} else {
@ -100,14 +100,14 @@ ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packe
res += session_length;
if (buffer.size() - res < 2) {
dbg() << "not enough data for cipher suite listing";
dbgln("not enough data for cipher suite listing");
return (i8)Error::NeedMoreData;
}
auto cipher = (CipherSuite)AK::convert_between_host_and_network_endian(*(const u16*)buffer.offset_pointer(res));
res += 2;
if (!supports_cipher(cipher)) {
m_context.cipher = CipherSuite::Invalid;
dbg() << "No supported cipher could be agreed upon";
dbgln("No supported cipher could be agreed upon");
return (i8)Error::NoCommonCipher;
}
m_context.cipher = cipher;
@ -119,12 +119,12 @@ ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packe
m_context.handshake_hash.initialize(Crypto::Hash::HashKind::SHA256);
if (buffer.size() - res < 1) {
dbg() << "not enough data for compression spec";
dbgln("not enough data for compression spec");
return (i8)Error::NeedMoreData;
}
u8 compression = buffer[res++];
if (compression != 0) {
dbg() << "Server told us to compress, we will not!";
dbgln("Server told us to compress, we will not!");
return (i8)Error::CompressionNotSupported;
}
@ -132,7 +132,7 @@ ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packe
if (m_context.connection_status != ConnectionStatus::Renegotiating)
m_context.connection_status = ConnectionStatus::Negotiating;
if (m_context.is_server) {
dbg() << "unsupported: server mode";
dbgln("unsupported: server mode");
write_packets = WritePacketStage::ServerHandshake;
}
}
@ -152,7 +152,7 @@ ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packe
#endif
if (extension_length) {
if (buffer.size() - res < extension_length) {
dbg() << "not enough data for extension";
dbgln("not enough data for extension");
return (i8)Error::NeedMoreData;
}
@ -191,7 +191,7 @@ ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packe
}
}
} else if (extension_type == HandshakeExtension::SignatureAlgorithms) {
dbg() << "supported signatures: ";
dbgln("supported signatures: ");
print_buffer(buffer.slice(res, extension_length));
// FIXME: what are we supposed to do here?
}
@ -205,7 +205,7 @@ ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packe
ssize_t TLSv12::handle_finished(ReadonlyBytes buffer, WritePacketStage& write_packets)
{
if (m_context.connection_status < ConnectionStatus::KeyExchange || m_context.connection_status == ConnectionStatus::Established) {
dbg() << "unexpected finished message";
dbgln("unexpected finished message");
return (i8)Error::UnexpectedMessage;
}
@ -235,7 +235,7 @@ ssize_t TLSv12::handle_finished(ReadonlyBytes buffer, WritePacketStage& write_pa
// TODO: Compare Hashes
#ifdef TLS_DEBUG
dbg() << "FIXME: handle_finished :: Check message validity";
dbgln("FIXME: handle_finished :: Check message validity");
#endif
m_context.connection_status = ConnectionStatus::Established;
@ -266,7 +266,7 @@ void TLSv12::build_random(PacketBuilder& builder)
}
if (m_context.is_server) {
dbg() << "Server mode not supported";
dbgln("Server mode not supported");
return;
} else {
*(u16*)random_bytes = AK::convert_between_host_and_network_endian((u16)Version::V12);
@ -276,14 +276,14 @@ void TLSv12::build_random(PacketBuilder& builder)
const auto& certificate_option = verify_chain_and_get_matching_certificate(m_context.SNI); // if the SNI is empty, we'll make a special case and match *a* leaf certificate.
if (!certificate_option.has_value()) {
dbg() << "certificate verification failed :(";
dbgln("certificate verification failed :(");
alert(AlertLevel::Critical, AlertDescription::BadCertificate);
return;
}
auto& certificate = m_context.certificates[certificate_option.value()];
#ifdef TLS_DEBUG
dbg() << "PreMaster secret";
dbgln("PreMaster secret");
print_buffer(m_context.premaster_key);
#endif
@ -294,12 +294,12 @@ void TLSv12::build_random(PacketBuilder& builder)
rsa.encrypt(m_context.premaster_key, outbuf);
#ifdef TLS_DEBUG
dbg() << "Encrypted: ";
dbgln("Encrypted: ");
print_buffer(outbuf);
#endif
if (!compute_master_secret(bytes)) {
dbg() << "oh noes we could not derive a master key :(";
dbgln("oh noes we could not derive a master key :(");
return;
}
@ -312,7 +312,7 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
{
if (m_context.connection_status == ConnectionStatus::Established) {
#ifdef TLS_DEBUG
dbg() << "Renegotiation attempt ignored";
dbgln("Renegotiation attempt ignored");
#endif
// FIXME: We should properly say "NoRenegotiation", but that causes a handshake failure
// so we just roll with it and pretend that we _did_ renegotiate
@ -339,12 +339,12 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
switch (type) {
case HelloRequest:
if (m_context.handshake_messages[0] >= 1) {
dbg() << "unexpected hello request message";
dbgln("unexpected hello request message");
payload_res = (i8)Error::UnexpectedMessage;
break;
}
++m_context.handshake_messages[0];
dbg() << "hello request (renegotiation?)";
dbgln("hello request (renegotiation?)");
if (m_context.connection_status == ConnectionStatus::Established) {
// renegotiation
payload_res = (i8)Error::NoRenegotiation;
@ -362,38 +362,38 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
break;
case ServerHello:
if (m_context.handshake_messages[2] >= 1) {
dbg() << "unexpected server hello message";
dbgln("unexpected server hello message");
payload_res = (i8)Error::UnexpectedMessage;
break;
}
++m_context.handshake_messages[2];
#ifdef TLS_DEBUG
dbg() << "server hello";
dbgln("server hello");
#endif
if (m_context.is_server) {
dbg() << "unsupported: server mode";
dbgln("unsupported: server mode");
ASSERT_NOT_REACHED();
} else {
payload_res = handle_hello(buffer.slice(1, payload_size), write_packets);
}
break;
case HelloVerifyRequest:
dbg() << "unsupported: DTLS";
dbgln("unsupported: DTLS");
payload_res = (i8)Error::UnexpectedMessage;
break;
case CertificateMessage:
if (m_context.handshake_messages[4] >= 1) {
dbg() << "unexpected certificate message";
dbgln("unexpected certificate message");
payload_res = (i8)Error::UnexpectedMessage;
break;
}
++m_context.handshake_messages[4];
#ifdef TLS_DEBUG
dbg() << "certificate";
dbgln("certificate");
#endif
if (m_context.connection_status == ConnectionStatus::Negotiating) {
if (m_context.is_server) {
dbg() << "unsupported: server mode";
dbgln("unsupported: server mode");
ASSERT_NOT_REACHED();
}
payload_res = handle_certificate(buffer.slice(1, payload_size));
@ -402,7 +402,7 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
if (it.is_end()) {
// no valid certificates
dbg() << "No valid certificates found";
dbgln("No valid certificates found");
payload_res = (i8)Error::BadCertificate;
m_context.critical_error = payload_res;
break;
@ -418,16 +418,16 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
break;
case ServerKeyExchange:
if (m_context.handshake_messages[5] >= 1) {
dbg() << "unexpected server key exchange message";
dbgln("unexpected server key exchange message");
payload_res = (i8)Error::UnexpectedMessage;
break;
}
++m_context.handshake_messages[5];
#ifdef TLS_DEBUG
dbg() << "server key exchange";
dbgln("server key exchange");
#endif
if (m_context.is_server) {
dbg() << "unsupported: server mode";
dbgln("unsupported: server mode");
ASSERT_NOT_REACHED();
} else {
payload_res = handle_server_key_exchange(buffer.slice(1, payload_size));
@ -435,18 +435,18 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
break;
case CertificateRequest:
if (m_context.handshake_messages[6] >= 1) {
dbg() << "unexpected certificate request message";
dbgln("unexpected certificate request message");
payload_res = (i8)Error::UnexpectedMessage;
break;
}
++m_context.handshake_messages[6];
if (m_context.is_server) {
dbg() << "invalid request";
dbg() << "unsupported: server mode";
dbgln("invalid request");
dbgln("unsupported: server mode");
ASSERT_NOT_REACHED();
} else {
// we do not support "certificate request"
dbg() << "certificate request";
dbgln("certificate request");
if (on_tls_certificate_request)
on_tls_certificate_request(*this);
m_context.client_verified = VerificationNeeded;
@ -454,16 +454,16 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
break;
case ServerHelloDone:
if (m_context.handshake_messages[7] >= 1) {
dbg() << "unexpected server hello done message";
dbgln("unexpected server hello done message");
payload_res = (i8)Error::UnexpectedMessage;
break;
}
++m_context.handshake_messages[7];
#ifdef TLS_DEBUG
dbg() << "server hello done";
dbgln("server hello done");
#endif
if (m_context.is_server) {
dbg() << "unsupported: server mode";
dbgln("unsupported: server mode");
ASSERT_NOT_REACHED();
} else {
payload_res = handle_server_hello_done(buffer.slice(1, payload_size));
@ -473,13 +473,13 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
break;
case CertificateVerify:
if (m_context.handshake_messages[8] >= 1) {
dbg() << "unexpected certificate verify message";
dbgln("unexpected certificate verify message");
payload_res = (i8)Error::UnexpectedMessage;
break;
}
++m_context.handshake_messages[8];
#ifdef TLS_DEBUG
dbg() << "certificate verify";
dbgln("certificate verify");
#endif
if (m_context.connection_status == ConnectionStatus::KeyExchange) {
payload_res = handle_verify(buffer.slice(1, payload_size));
@ -489,16 +489,16 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
break;
case ClientKeyExchange:
if (m_context.handshake_messages[9] >= 1) {
dbg() << "unexpected client key exchange message";
dbgln("unexpected client key exchange message");
payload_res = (i8)Error::UnexpectedMessage;
break;
}
++m_context.handshake_messages[9];
#ifdef TLS_DEBUG
dbg() << "client key exchange";
dbgln("client key exchange");
#endif
if (m_context.is_server) {
dbg() << "unsupported: server mode";
dbgln("unsupported: server mode");
ASSERT_NOT_REACHED();
} else {
payload_res = (i8)Error::UnexpectedMessage;
@ -509,13 +509,13 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
m_context.cached_handshake.clear();
}
if (m_context.handshake_messages[10] >= 1) {
dbg() << "unexpected finished message";
dbgln("unexpected finished message");
payload_res = (i8)Error::UnexpectedMessage;
break;
}
++m_context.handshake_messages[10];
#ifdef TLS_DEBUG
dbg() << "finished";
dbgln("finished");
#endif
payload_res = handle_finished(buffer.slice(1, payload_size), write_packets);
if (payload_res > 0) {
@ -602,7 +602,7 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
case WritePacketStage::ClientHandshake:
if (m_context.client_verified == VerificationNeeded) {
#ifdef TLS_DEBUG
dbg() << "> Client Certificate";
dbgln("> Client Certificate");
#endif
auto packet = build_certificate();
write_packet(packet);
@ -610,14 +610,14 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
}
{
#ifdef TLS_DEBUG
dbg() << "> Key exchange";
dbgln("> Key exchange");
#endif
auto packet = build_client_key_exchange();
write_packet(packet);
}
{
#ifdef TLS_DEBUG
dbg() << "> change cipher spec";
dbgln("> change cipher spec");
#endif
auto packet = build_change_cipher_spec();
write_packet(packet);
@ -626,7 +626,7 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
m_context.local_sequence_number = 0;
{
#ifdef TLS_DEBUG
dbg() << "> client finished";
dbgln("> client finished");
#endif
auto packet = build_finished();
write_packet(packet);
@ -635,21 +635,21 @@ ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
break;
case WritePacketStage::ServerHandshake:
// server handshake
dbg() << "UNSUPPORTED: Server mode";
dbgln("UNSUPPORTED: Server mode");
ASSERT_NOT_REACHED();
break;
case WritePacketStage::Finished:
// finished
{
#ifdef TLS_DEBUG
dbg() << "> change cipher spec";
dbgln("> change cipher spec");
#endif
auto packet = build_change_cipher_spec();
write_packet(packet);
}
{
#ifdef TLS_DEBUG
dbg() << "> client finished";
dbgln("> client finished");
#endif
auto packet = build_finished();
write_packet(packet);

30
Libraries/LibTLS/Exchange.cpp
View file

@ -38,7 +38,7 @@ bool TLSv12::expand_key()
auto is_aead = this->is_aead();
if (m_context.master_key.size() == 0) {
dbg() << "expand_key() with empty master key";
dbgln("expand_key() with empty master key");
return false;
}
@ -73,18 +73,18 @@ bool TLSv12::expand_key()
offset += iv_size;
#ifdef TLS_DEBUG
dbg() << "client key";
dbgln("client key");
print_buffer(client_key, key_size);
dbg() << "server key";
dbgln("server key");
print_buffer(server_key, key_size);
dbg() << "client iv";
dbgln("client iv");
print_buffer(client_iv, iv_size);
dbg() << "server iv";
dbgln("server iv");
print_buffer(server_iv, iv_size);
if (!is_aead) {
dbg() << "client mac key";
dbgln("client mac key");
print_buffer(m_context.crypto.local_mac, mac_size);
dbg() << "server mac key";
dbgln("server mac key");
print_buffer(m_context.crypto.remote_mac, mac_size);
}
#endif
@ -111,7 +111,7 @@ bool TLSv12::expand_key()
void TLSv12::pseudorandom_function(Bytes output, ReadonlyBytes secret, const u8* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b)
{
if (!secret.size()) {
dbg() << "null secret";
dbgln("null secret");
return;
}
@ -155,7 +155,7 @@ void TLSv12::pseudorandom_function(Bytes output, ReadonlyBytes secret, const u8*
bool TLSv12::compute_master_secret(size_t length)
{
if (m_context.premaster_key.size() == 0 || length < 48) {
dbg() << "there's no way I can make a master secret like this";
dbgln("there's no way I can make a master secret like this");
dbg() << "I'd like to talk to your manager about this length of " << length;
return false;
}
@ -172,7 +172,7 @@ bool TLSv12::compute_master_secret(size_t length)
m_context.premaster_key.clear();
#ifdef TLS_DEBUG
dbg() << "master key:";
dbgln("master key:");
print_buffer(m_context.master_key);
#endif
expand_key();
@ -187,7 +187,7 @@ ByteBuffer TLSv12::build_certificate()
Vector<Certificate>* local_certificates = nullptr;
if (m_context.is_server) {
dbg() << "Unsupported: Server mode";
dbgln("Unsupported: Server mode");
ASSERT_NOT_REACHED();
} else {
local_certificates = &m_context.client_certificates;
@ -214,7 +214,7 @@ ByteBuffer TLSv12::build_certificate()
if (!total_certificate_size) {
#ifdef TLS_DEBUG
dbg() << "No certificates, sending empty certificate message";
dbgln("No certificates, sending empty certificate message");
#endif
builder.append_u24(certificate_vector_header_size);
builder.append_u24(total_certificate_size);
@ -246,7 +246,7 @@ ByteBuffer TLSv12::build_change_cipher_spec()
ByteBuffer TLSv12::build_server_key_exchange()
{
dbg() << "FIXME: build_server_key_exchange";
dbgln("FIXME: build_server_key_exchange");
return {};
}
@ -267,13 +267,13 @@ ByteBuffer TLSv12::build_client_key_exchange()
ssize_t TLSv12::handle_server_key_exchange(ReadonlyBytes)
{
dbg() << "FIXME: parse_server_key_exchange";
dbgln("FIXME: parse_server_key_exchange");
return 0;
}
ssize_t TLSv12::handle_verify(ReadonlyBytes)
{
dbg() << "FIXME: parse_verify";
dbgln("FIXME: parse_verify");
return 0;
}

28
Libraries/LibTLS/Record.cpp
View file

@ -205,12 +205,12 @@ ByteBuffer TLSv12::hmac_message(const ReadonlyBytes& buf, const Optional<Readonl
ensure_hmac(mac_length, local);
auto& hmac = local ? *m_hmac_local : *m_hmac_remote;
#ifdef TLS_DEBUG
dbg() << "========================= PACKET DATA ==========================";
dbgln("========================= PACKET DATA ==========================");
print_buffer((const u8*)&sequence_number, sizeof(u64));
print_buffer(buf.data(), buf.size());
if (buf2.has_value())
print_buffer(buf2.value().data(), buf2.value().size());
dbg() << "========================= PACKET DATA ==========================";
dbgln("========================= PACKET DATA ==========================");
#endif
hmac.update((const u8*)&sequence_number, sizeof(u64));
hmac.update(buf);
@ -271,7 +271,7 @@ ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
if (m_context.cipher_spec_set && type != MessageType::ChangeCipher) {
#ifdef TLS_DEBUG
dbg() << "Encrypted: ";
dbgln("Encrypted: ");
print_buffer(buffer.slice(header_size, length));
#endif
@ -279,7 +279,7 @@ ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
ASSERT(m_aes_remote.gcm);
if (length < 24) {
dbg() << "Invalid packet length";
dbgln("Invalid packet length");
auto packet = build_alert(true, (u8)AlertDescription::DecryptError);
write_packet(packet);
return (i8)Error::BrokenPacket;
@ -352,13 +352,13 @@ ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
length = decrypted_span.size();
#ifdef TLS_DEBUG
dbg() << "Decrypted: ";
dbgln("Decrypted: ");
print_buffer(decrypted);
#endif
auto mac_size = mac_length();
if (length < mac_size) {
dbg() << "broken packet";
dbgln("broken packet");
auto packet = build_alert(true, (u8)AlertDescription::DecryptError);
write_packet(packet);
return (i8)Error::BrokenPacket;
@ -374,9 +374,9 @@ ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
auto message_mac = ReadonlyBytes { message_hmac, mac_size };
if (hmac != message_mac) {
dbg() << "integrity check failed (mac length " << mac_size << ")";
dbg() << "mac received:";
dbgln("mac received:");
print_buffer(message_mac);
dbg() << "mac computed:";
dbgln("mac computed:");
print_buffer(hmac);
auto packet = build_alert(true, (u8)AlertDescription::BadRecordMAC);
write_packet(packet);
@ -391,7 +391,7 @@ ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
switch (type) {
case MessageType::ApplicationData:
if (m_context.connection_status != ConnectionStatus::Established) {
dbg() << "unexpected application data";
dbgln("unexpected application data");
payload_res = (i8)Error::UnexpectedMessage;
auto packet = build_alert(true, (u8)AlertDescription::UnexpectedMessage);
write_packet(packet);
@ -405,18 +405,18 @@ ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
break;
case MessageType::Handshake:
#ifdef TLS_DEBUG
dbg() << "tls handshake message";
dbgln("tls handshake message");
#endif
payload_res = handle_payload(plain);
break;
case MessageType::ChangeCipher:
if (m_context.connection_status != ConnectionStatus::KeyExchange) {
dbg() << "unexpected change cipher message";
dbgln("unexpected change cipher message");
auto packet = build_alert(true, (u8)AlertDescription::UnexpectedMessage);
payload_res = (i8)Error::UnexpectedMessage;
} else {
#ifdef TLS_DEBUG
dbg() << "change cipher spec message";
dbgln("change cipher spec message");
#endif
m_context.cipher_spec_set = true;
m_context.remote_sequence_number = 0;
@ -447,7 +447,7 @@ ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
m_context.connection_finished = true;
if (!m_context.cipher_spec_set) {
// AWS CloudFront hits this.
dbg() << "Server sent a close notify and we haven't agreed on a cipher suite. Treating it as a handshake failure.";
dbgln("Server sent a close notify and we haven't agreed on a cipher suite. Treating it as a handshake failure.");
m_context.critical_error = (u8)AlertDescription::HandshakeFailure;
try_disambiguate_error();
}
@ -456,7 +456,7 @@ ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
}
break;
default:
dbg() << "message not understood";
dbgln("message not understood");
return (i8)Error::NotUnderstood;
}

8
Libraries/LibTLS/Socket.cpp
View file

@ -77,7 +77,7 @@ bool TLSv12::write(ReadonlyBytes buffer)
{
if (m_context.connection_status != ConnectionStatus::Established) {
#ifdef TLS_DEBUG
dbg() << "write request while not connected";
dbgln("write request while not connected");
#endif
return false;
}
@ -194,7 +194,7 @@ bool TLSv12::check_connection_state(bool read)
if (!Core::Socket::is_open() || !Core::Socket::is_connected() || Core::Socket::eof()) {
// an abrupt closure (the server is a jerk)
#ifdef TLS_DEBUG
dbg() << "Socket not open, assuming abrupt closure";
dbgln("Socket not open, assuming abrupt closure");
#endif
m_context.connection_finished = true;
}
@ -218,7 +218,7 @@ bool TLSv12::check_connection_state(bool read)
} else {
m_context.connection_finished = false;
#ifdef TLS_DEBUG
dbg() << "FINISHED";
dbgln("FINISHED");
#endif
}
if (!m_context.application_buffer.size()) {
@ -239,7 +239,7 @@ bool TLSv12::flush()
return true;
#ifdef TLS_DEBUG
dbg() << "SENDING...";
dbgln("SENDING...");
print_buffer(out_buffer, out_buffer_length);
#endif
if (Core::Socket::write(&out_buffer[out_buffer_index], out_buffer_length)) {

72
Libraries/LibTLS/TLSv12.cpp
View file

@ -96,7 +96,7 @@ static bool _set_algorithm(CertificateKeyAlgorithm& algorithm, const u8* value,
{
if (length == 7) {
// Elliptic Curve pubkey
dbg() << "Cert.algorithm: EC, unsupported";
dbgln("Cert.algorithm: EC, unsupported");
return false;
}
@ -113,7 +113,7 @@ static bool _set_algorithm(CertificateKeyAlgorithm& algorithm, const u8* value,
}
if (length != 9) {
dbg() << "Invalid certificate algorithm";
dbgln("Invalid certificate algorithm");
return false;
}
@ -193,7 +193,7 @@ static ssize_t _parse_asn1(const Context& context, Certificate& cert, const u8*
while (position < size) {
size_t start_position = position;
if (size - position < 2) {
dbg() << "not enough data for certificate size";
dbgln("not enough data for certificate size");
return (i8)Error::NeedMoreData;
}
u8 first = buffer[position++];
@ -210,7 +210,7 @@ static ssize_t _parse_asn1(const Context& context, Certificate& cert, const u8*
if (octets > 4 || octets > size - position) {
#ifdef TLS_DEBUG
dbg() << "could not read the certificate";
dbgln("could not read the certificate");
#endif
return position;
}
@ -218,7 +218,7 @@ static ssize_t _parse_asn1(const Context& context, Certificate& cert, const u8*
position += octets;
if (size - position < length) {
#ifdef TLS_DEBUG
dbg() << "not enough data for sequence";
dbgln("not enough data for sequence");
#endif
return (i8)Error::NeedMoreData;
}
@ -420,7 +420,7 @@ static ssize_t _parse_asn1(const Context& context, Certificate& cert, const u8*
cert.fingerprint.grow(fingerprint.data_length());
cert.fingerprint.overwrite(0, fingerprint.immutable_data(), fingerprint.data_length());
#ifdef TLS_DEBUG
dbg() << "Certificate fingerprint:";
dbgln("Certificate fingerprint:");
print_buffer(cert.fingerprint);
#endif
}
@ -453,7 +453,7 @@ ssize_t TLSv12::handle_certificate(ReadonlyBytes buffer)
if (buffer.size() < 3) {
#ifdef TLS_DEBUG
dbg() << "not enough certificate header data";
dbgln("not enough certificate header data");
#endif
return (i8)Error::NeedMoreData;
}
@ -471,7 +471,7 @@ ssize_t TLSv12::handle_certificate(ReadonlyBytes buffer)
if (certificate_total_length > buffer.size() - res) {
#ifdef TLS_DEBUG
dbg() << "not enough data for claimed total cert length";
dbgln("not enough data for claimed total cert length");
#endif
return (i8)Error::NeedMoreData;
}
@ -484,7 +484,7 @@ ssize_t TLSv12::handle_certificate(ReadonlyBytes buffer)
++index;
if (buffer.size() - res < 3) {
#ifdef TLS_DEBUG
dbg() << "not enough data for certificate length";
dbgln("not enough data for certificate length");
#endif
return (i8)Error::NeedMoreData;
}
@ -493,7 +493,7 @@ ssize_t TLSv12::handle_certificate(ReadonlyBytes buffer)
if (buffer.size() - res < certificate_size) {
#ifdef TLS_DEBUG
dbg() << "not enough data for certificate body";
dbgln("not enough data for certificate body");
#endif
return (i8)Error::NeedMoreData;
}
@ -504,7 +504,7 @@ ssize_t TLSv12::handle_certificate(ReadonlyBytes buffer)
do {
if (remaining <= 3) {
dbg() << "Ran out of data";
dbgln("Ran out of data");
break;
}
++certificates_in_chain;
@ -603,7 +603,7 @@ void TLSv12::consume(ReadonlyBytes record)
index += length;
buffer_length -= length;
if (m_context.critical_error) {
dbg() << "Broken connection";
dbgln("Broken connection");
m_context.error_code = Error::BrokenConnection;
break;
}
@ -674,61 +674,61 @@ bool Certificate::is_valid() const
void TLSv12::try_disambiguate_error() const
{
dbg() << "Possible failure cause(s): ";
dbgln("Possible failure cause(s): ");
switch ((AlertDescription)m_context.critical_error) {
case AlertDescription::HandshakeFailure:
if (!m_context.cipher_spec_set) {
dbg() << "- No cipher suite in common with " << m_context.SNI;
} else {
dbg() << "- Unknown internal issue";
dbgln("- Unknown internal issue");
}
break;
case AlertDescription::InsufficientSecurity:
dbg() << "- No cipher suite in common with " << m_context.SNI << " (the server is oh so secure)";
break;
case AlertDescription::ProtocolVersion:
dbg() << "- The server refused to negotiate with TLS 1.2 :(";
dbgln("- The server refused to negotiate with TLS 1.2 :(");
break;
case AlertDescription::UnexpectedMessage:
dbg() << "- We sent an invalid message for the state we're in.";
dbgln("- We sent an invalid message for the state we're in.");
break;
case AlertDescription::BadRecordMAC:
dbg() << "- Bad MAC record from our side.";
dbg() << "- Ciphertext wasn't an even multiple of the block length.";
dbg() << "- Bad block cipher padding.";
dbg() << "- If both sides are compliant, the only cause is messages being corrupted in the network.";
dbgln("- Bad MAC record from our side.");
dbgln("- Ciphertext wasn't an even multiple of the block length.");
dbgln("- Bad block cipher padding.");
dbgln("- If both sides are compliant, the only cause is messages being corrupted in the network.");
break;
case AlertDescription::RecordOverflow:
dbg() << "- Sent a ciphertext record which has a length bigger than 18432 bytes.";
dbg() << "- Sent record decrypted to a compressed record that has a length bigger than 18432 bytes.";
dbg() << "- If both sides are compliant, the only cause is messages being corrupted in the network.";
dbgln("- Sent a ciphertext record which has a length bigger than 18432 bytes.");
dbgln("- Sent record decrypted to a compressed record that has a length bigger than 18432 bytes.");
dbgln("- If both sides are compliant, the only cause is messages being corrupted in the network.");
break;
case AlertDescription::DecompressionFailure:
dbg() << "- We sent invalid input for decompression (e.g. data that would expand to excessive length)";
dbgln("- We sent invalid input for decompression (e.g. data that would expand to excessive length)");
break;
case AlertDescription::IllegalParameter:
dbg() << "- We sent a parameter in the handshake that is out of range or inconsistent with the other parameters.";
dbgln("- We sent a parameter in the handshake that is out of range or inconsistent with the other parameters.");
break;
case AlertDescription::DecodeError:
dbg() << "- The message we sent cannot be decoded because a field was out of range or the length was incorrect.";
dbg() << "- If both sides are compliant, the only cause is messages being corrupted in the network.";
dbgln("- The message we sent cannot be decoded because a field was out of range or the length was incorrect.");
dbgln("- If both sides are compliant, the only cause is messages being corrupted in the network.");
break;
case AlertDescription::DecryptError:
dbg() << "- A handshake crypto operation failed. This includes signature verification and validating Finished.";
dbgln("- A handshake crypto operation failed. This includes signature verification and validating Finished.");
break;
case AlertDescription::AccessDenied:
dbg() << "- The certificate is valid, but once access control was applied, the sender decided to stop negotiation.";
dbgln("- The certificate is valid, but once access control was applied, the sender decided to stop negotiation.");
break;
case AlertDescription::InternalError:
dbg() << "- No one knows, but it isn't a protocol failure.";
dbgln("- No one knows, but it isn't a protocol failure.");
break;
case AlertDescription::DecryptionFailed:
case AlertDescription::NoCertificate:
case AlertDescription::ExportRestriction:
dbg() << "- No one knows, the server sent a non-compliant alert.";
dbgln("- No one knows, the server sent a non-compliant alert.");
break;
default:
dbg() << "- No one knows.";
dbgln("- No one knows.");
break;
}
}
@ -736,7 +736,7 @@ void TLSv12::try_disambiguate_error() const
void TLSv12::set_root_certificates(Vector<Certificate> certificates)
{
if (!m_context.root_ceritificates.is_empty())
dbg() << "TLS warn: resetting root certificates!";
dbgln("TLS warn: resetting root certificates!");
for (auto& cert : certificates) {
if (!cert.is_valid())
@ -750,7 +750,7 @@ bool Context::verify_chain() const
{
const Vector<Certificate>* local_chain = nullptr;
if (is_server) {
dbg() << "Unsupported: Server mode";
dbgln("Unsupported: Server mode");
TODO();
} else {
local_chain = &certificates;
@ -853,13 +853,13 @@ bool TLSv12::add_client_key(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes
}
auto decoded_certificate = Crypto::decode_pem(certificate_pem_buffer, 0);
if (decoded_certificate.is_empty()) {
dbg() << "Certificate not PEM";
dbgln("Certificate not PEM");
return false;
}
auto maybe_certificate = parse_asn1(decoded_certificate);
if (!maybe_certificate.has_value()) {
dbg() << "Invalid certificate";
dbgln("Invalid certificate");
return false;
}