Added debugging

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-10-12 17:53:21 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-10-12 17:53:21 +0200
commit: b9bde0d74c0c24f2fc04b0f29ce1b553777c0af8 (patch)
tree: a7ee3ceae92b8042ce3d3db7f865c87a4e5d7430
parent: 048f1431c3cb5e0e4dd3e2154b19f9c4854c5690 (diff)
download: gnutls-b9bde0d74c0c24f2fc04b0f29ce1b553777c0af8.tar.gz
1 files changed, 76 insertions, 32 deletions
diff --git a/libdane/dane.c b/libdane/dane.c
index 0596f8ee18..052a0faa6f 100644
--- a/libdane/dane.c
+++ b/libdane/dane.c
@@ -35,6 +35,19 @@
 
 #define MAX_DATA_ENTRIES 4
 
+#ifdef DEBUG
+# define gnutls_assert() fprintf(stderr, "ASSERT: %s: %d\n", __FILE__, __LINE__);
+# define gnutls_assert_val(x) gnutls_assert_val_int(x, __FILE__, __LINE__)
+static int gnutls_assert_val_int (int val, const char *file, int line)
+{
+  fprintf(stderr, "ASSERT: %s: %d\n", file, line);
+  return val;
+}
+#else
+# define gnutls_assert()
+# define gnutls_assert_val(x) (x)
+#endif
+
 struct dane_state_st
 {
 	struct ub_ctx* ctx;
@@ -100,7 +113,7 @@ int dane_query_data(dane_query_t q, unsigned int idx,
 			unsigned int *match, gnutls_datum_t * data)
 {
 	if (idx >= q->data_entries)
-		return DANE_E_REQUESTED_DATA_NOT_AVAILABLE;
+		return gnutls_assert_val(DANE_E_REQUESTED_DATA_NOT_AVAILABLE);
 
 	if (usage)
 		*usage = q->usage[idx];
@@ -133,10 +146,11 @@ int dane_state_init(dane_state_t* s, unsigned int flags)
 
 	*s = calloc(1, sizeof(struct dane_state_st));
 	if (*s == NULL)
-		return DANE_E_MEMORY_ERROR;
+		return gnutls_assert_val(DANE_E_MEMORY_ERROR);
 
 	ctx = ub_ctx_create();
 	if(!ctx) {
+                gnutls_assert();
 		ret = DANE_E_INITIALIZATION_ERROR;
 		goto cleanup;
 	}
@@ -144,11 +158,13 @@ int dane_state_init(dane_state_t* s, unsigned int flags)
 
 	if (!(flags & DANE_F_IGNORE_LOCAL_RESOLVER)) {
 		if( (ret=ub_ctx_resolvconf(ctx, NULL)) != 0) {
+		        gnutls_assert();
 			ret = DANE_E_INITIALIZATION_ERROR;
 			goto cleanup;
 		}
 
 		if( (ret=ub_ctx_hosts(ctx, NULL)) != 0) {
+		        gnutls_assert();
 			ret = DANE_E_INITIALIZATION_ERROR;
 			goto cleanup;
 		}
@@ -156,6 +172,7 @@ int dane_state_init(dane_state_t* s, unsigned int flags)
 
 	/* read public keys for DNSSEC verification */
 	if( (ret=ub_ctx_add_ta_file(ctx, (char*)UNBOUND_ROOT_KEY_FILE)) != 0) {
+	        gnutls_assert();
 		ret = DANE_E_INITIALIZATION_ERROR;
 		goto cleanup;
 	}
@@ -222,19 +239,19 @@ int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const cha
 
 	*r = calloc(1, sizeof(struct dane_query_st));
 	if (*r == NULL)
-		return DANE_E_MEMORY_ERROR;
+		return gnutls_assert_val(DANE_E_MEMORY_ERROR);
 
 	snprintf(ns, sizeof(ns), "_%u._%s.%s", port, proto, host);
 
 	/* query for webserver */
 	ret = ub_resolve(s->ctx, ns, 52, 1, &(*r)->result);
 	if(ret != 0) {
-		return DANE_E_RESOLVING_ERROR;
+		return gnutls_assert_val(DANE_E_RESOLVING_ERROR);
 	}
 
 /* show first result */
 	if(!(*r)->result->havedata) {
-		return DANE_E_NO_DANE_DATA;
+		return gnutls_assert_val(DANE_E_NO_DANE_DATA);
 	}
 
 	i = 0;
@@ -243,7 +260,7 @@ int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const cha
 		if ((*r)->result->len[i] > 3)
 			ret = DANE_E_SUCCESS;
 		else {
-			return DANE_E_RECEIVED_CORRUPT_DATA;
+			return gnutls_assert_val(DANE_E_RECEIVED_CORRUPT_DATA);
 		}
 	
 		(*r)->usage[i] = (*r)->result->data[i][0];
@@ -258,17 +275,21 @@ int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const cha
 
 	if (!(*r)->result->secure) {
 		if ((*r)->result->bogus)
-			ret = DANE_E_INVALID_DNSSEC_SIG;
+			ret = gnutls_assert_val(DANE_E_INVALID_DNSSEC_SIG);
 		else
-			ret = DANE_E_NO_DNSSEC_SIG;
+			ret = gnutls_assert_val(DANE_E_NO_DNSSEC_SIG);
 	}
 
 	/* show security status */
-	if ((*r)->result->secure)
+	if ((*r)->result->secure) {
 		(*r)->status = DANE_QUERY_DNSSEC_VERIFIED;
-	else if ((*r)->result->bogus)
+	} else if ((*r)->result->bogus) {
+	        gnutls_assert();
 		(*r)->status = DANE_QUERY_BOGUS;
-	else (*r)->status = DANE_QUERY_NO_DNSSEC;
+	} else {
+	        gnutls_assert();
+	        (*r)->status = DANE_QUERY_NO_DNSSEC;
+        }
 
 	return ret;
 }
@@ -281,40 +302,40 @@ int ret;
 
 	if (match == DANE_MATCH_EXACT) {
 		if (raw1->size != raw2->size)
-			return 0;
+			return gnutls_assert_val(0);
 
 		if (memcmp(raw1->data, raw2->data, raw1->size) != 0)
-			return 0;
+			return gnutls_assert_val(0);
 		
 		return 1;
 	} else if (match == DANE_MATCH_SHA2_256) {
 
 		if (raw2->size != 32)
-			return 0;
+			return gnutls_assert_val(0);
 		
 		ret = gnutls_hash_fast(GNUTLS_DIG_SHA256, raw1->data, raw1->size, digest);
 		if (ret < 0)
-			return 0;
+			return gnutls_assert_val(0);
 
 		if (memcmp(digest, raw2->data, 32) != 0)
-			return 0;
+			return gnutls_assert_val(0);
 		
 		return 1;
 	} else if (match == DANE_MATCH_SHA2_512) {
 		if (raw2->size != 64)
-			return 0;
+			return gnutls_assert_val(0);
 		
 		ret = gnutls_hash_fast(GNUTLS_DIG_SHA512, raw1->data, raw1->size, digest);
 		if (ret < 0)
-			return 0;
+			return gnutls_assert_val(0);
 		
 		if (memcmp(digest, raw2->data, 64) != 0)
-			return 0;
+			return gnutls_assert_val(0);
 		
 		return 1;
 	}
 	
-	return 0;
+	return gnutls_assert_val(0);
 }
 
 static int crt_to_pubkey(const gnutls_datum_t *raw_crt, gnutls_datum_t * out)
@@ -327,28 +348,32 @@ int ret;
 
 	ret = gnutls_x509_crt_init(&crt);
 	if (ret < 0)
-		return DANE_E_PUBKEY_ERROR;
+		return gnutls_assert_val(DANE_E_PUBKEY_ERROR);
 
 	ret = gnutls_pubkey_init( &pub);
 	if (ret < 0) {
+	        gnutls_assert();
 		ret = DANE_E_PUBKEY_ERROR;
 		goto cleanup;
 	}
 		
 	ret = gnutls_x509_crt_import(crt, raw_crt, GNUTLS_X509_FMT_DER);
 	if (ret < 0) {
+	        gnutls_assert();
 		ret = DANE_E_PUBKEY_ERROR;
 		goto cleanup;
 	}
 
 	ret = gnutls_pubkey_import_x509(pub, crt, 0);
 	if (ret < 0) {
+	        gnutls_assert();
 		ret = DANE_E_PUBKEY_ERROR;
 		goto cleanup;
 	}
 
 	ret = gnutls_pubkey_export2(pub, GNUTLS_X509_FMT_DER, out);
 	if (ret < 0) {
+	        gnutls_assert();
 		ret = DANE_E_PUBKEY_ERROR;
 		goto cleanup;
 	}
@@ -377,20 +402,26 @@ gnutls_datum_t pubkey = {NULL, 0};
 int ret;
 
 	if (raw_crt_size < 2)
-		return DANE_E_INVALID_REQUEST;
+		return gnutls_assert_val(DANE_E_INVALID_REQUEST);
 
 	if (ctype == DANE_CERT_X509 && crt_type == GNUTLS_CRT_X509) {
 	
-		if (!matches(&raw_crt[1], data, match))
+		if (!matches(&raw_crt[1], data, match)) {
+		        gnutls_assert();
 			*verify |= DANE_VERIFY_CA_CONSTRAINS_VIOLATED;
+                }
 
 	} else if (ctype == DANE_CERT_PK && crt_type == GNUTLS_CRT_X509) {
 		ret = crt_to_pubkey(&raw_crt[1], &pubkey);
-		if (ret < 0)
+		if (ret < 0) {
+        	        gnutls_assert();
 			goto cleanup;
+                }
 
-		if (!matches(&pubkey, data, match))
+		if (!matches(&pubkey, data, match)) {
+                        gnutls_assert();
 			*verify |= DANE_VERIFY_CA_CONSTRAINS_VIOLATED;
+                }
 	}
 
 	ret = 0;
@@ -408,17 +439,23 @@ int ret;
 
 	if (ctype == DANE_CERT_X509 && crt_type == GNUTLS_CRT_X509) {
 
-		if (!matches(raw_crt, data, match))
+		if (!matches(raw_crt, data, match)) {
+		        gnutls_assert();
 			*verify |= DANE_VERIFY_CERT_DIFFERS;
+                }
 
 	} else if (ctype == DANE_CERT_PK && crt_type == GNUTLS_CRT_X509) {
 
 		ret = crt_to_pubkey(raw_crt, &pubkey);
-		if (ret < 0)
+		if (ret < 0) {
+        	        gnutls_assert();
 			goto cleanup;
+                }
 
-		if (!matches(&pubkey, data, match))
+		if (!matches(&pubkey, data, match)) {
+		        gnutls_assert();
 			*verify |= DANE_VERIFY_CERT_DIFFERS;
+                }
 	}
 
 	ret = 0;
@@ -471,13 +508,14 @@ unsigned int usage, type, match, idx;
 gnutls_datum_t data;
 	
 	if (chain_type != GNUTLS_CRT_X509)
-		return DANE_E_INVALID_REQUEST;
+		return gnutls_assert_val(DANE_E_INVALID_REQUEST);
 	
 	*verify = 0;
 	
 	if (s == NULL) {
 		ret = dane_state_init(&_s, sflags);
 		if (ret < 0) {
+		        gnutls_assert();
 			return ret;
 		}
 	} else
@@ -485,6 +523,7 @@ gnutls_datum_t data;
 	
 	ret = dane_query_tlsa(_s, &r, hostname, proto, port);
 	if (ret < 0) {
+	        gnutls_assert();
 		goto cleanup;
 	}
 
@@ -495,18 +534,23 @@ gnutls_datum_t data;
 			break;
 
 		if (ret < 0) {
+			gnutls_assert();
 			goto cleanup;
 		}
 	
 		if (usage == DANE_CERT_USAGE_LOCAL_CA || usage == DANE_CERT_USAGE_CA) {
 			ret = verify_ca(chain, chain_size, chain_type, type, match, &data, verify);
-			if (ret < 0)
+			if (ret < 0) {
+				gnutls_assert();
 				goto cleanup;
+                        }
 		
 		} else if (usage == DANE_CERT_USAGE_LOCAL_EE || usage == DANE_CERT_USAGE_EE) {
 			ret = verify_ee(&chain[0], chain_type, type, match, &data, verify);
-			if (ret < 0)
+			if (ret < 0) {
+				gnutls_assert();
 				goto cleanup;
+                        }
 		}
 	} while(1);
 
@@ -550,7 +594,7 @@ unsigned int type;
 
 	cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
 	if (cert_list_size == 0) {
-		return DANE_E_NO_CERT;
+		return gnutls_assert_val(DANE_E_NO_CERT);
 	}
 	
 	type = gnutls_certificate_type_get(session);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-10-12 17:53:21 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-10-12 17:53:21 +0200
commit	b9bde0d74c0c24f2fc04b0f29ce1b553777c0af8 (patch)
tree	a7ee3ceae92b8042ce3d3db7f865c87a4e5d7430
parent	048f1431c3cb5e0e4dd3e2154b19f9c4854c5690 (diff)
download	gnutls-b9bde0d74c0c24f2fc04b0f29ce1b553777c0af8.tar.gz