Commit 341e68ff8f
Changed files (2)
lib
std
crypto
lib/std/crypto/tls/Client.zig
@@ -147,7 +147,8 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
.alert => {
const level = @intToEnum(tls.AlertLevel, frag[0]);
const desc = @intToEnum(tls.AlertDescription, frag[1]);
- std.debug.print("alert: {s} {s}\n", .{ @tagName(level), @tagName(desc) });
+ _ = level;
+ _ = desc;
return error.TlsAlert;
},
.handshake => {
@@ -226,14 +227,11 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
shared_key = mul.affineCoordinates().x.toBytes(.Big);
},
else => {
- //std.debug.print("named group: {x}\n", .{named_group});
return error.TlsIllegalParameter;
},
}
},
- else => {
- std.debug.print("unexpected extension: {x}\n", .{et});
- },
+ else => {},
}
i = next_i;
}
@@ -283,18 +281,6 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
p.server_handshake_key = hkdfExpandLabel(P.Hkdf, server_secret, "key", "", P.AEAD.key_length);
p.client_handshake_iv = hkdfExpandLabel(P.Hkdf, client_secret, "iv", "", P.AEAD.nonce_length);
p.server_handshake_iv = hkdfExpandLabel(P.Hkdf, server_secret, "iv", "", P.AEAD.nonce_length);
- //std.debug.print("shared_key: {}\nhello_hash: {}\nearly_secret: {}\nempty_hash: {}\nderived_secret: {}\nhandshake_secret: {}\n client_secret: {}\n server_secret: {}\nclient_handshake_iv: {}\nserver_handshake_iv: {}\n", .{
- // std.fmt.fmtSliceHexLower(&shared_key),
- // std.fmt.fmtSliceHexLower(&hello_hash),
- // std.fmt.fmtSliceHexLower(&early_secret),
- // std.fmt.fmtSliceHexLower(&empty_hash),
- // std.fmt.fmtSliceHexLower(&hs_derived_secret),
- // std.fmt.fmtSliceHexLower(&p.handshake_secret),
- // std.fmt.fmtSliceHexLower(&client_secret),
- // std.fmt.fmtSliceHexLower(&server_secret),
- // std.fmt.fmtSliceHexLower(&p.client_handshake_iv),
- // std.fmt.fmtSliceHexLower(&p.server_handshake_iv),
- //});
},
else => {
return error.TlsIllegalParameter;
@@ -416,11 +402,7 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
const next_ext_i = hs_i + ext_size;
switch (et) {
.server_name => {},
- else => {
- std.debug.print("encrypted extension: {any}\n", .{
- et,
- });
- },
+ else => {},
}
hs_i = next_ext_i;
}
@@ -467,12 +449,7 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
@memcpy(&main_cert_pub_key_buf, pub_key.ptr, pub_key.len);
main_cert_pub_key_len = @intCast(@TypeOf(main_cert_pub_key_len), pub_key.len);
} else {
- prev_cert.verify(subject) catch |err| {
- std.debug.print("unable to validate previous cert: {s}\n", .{
- @errorName(err),
- });
- return err;
- };
+ try prev_cert.verify(subject);
}
if (ca_bundle.verify(subject)) |_| {
@@ -480,12 +457,7 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
break :cert;
} else |err| switch (err) {
error.CertificateIssuerNotFound => {},
- else => |e| {
- std.debug.print("unable to validate cert against system root CAs: {s}\n", .{
- @errorName(e),
- });
- return e;
- },
+ else => |e| return e,
}
prev_cert = subject;
@@ -559,9 +531,6 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
}
},
else => {
- //std.debug.print("signature scheme: {any}\n", .{
- // scheme,
- //});
return error.TlsBadSignatureScheme;
},
}
@@ -609,11 +578,6 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
const client_secret = hkdfExpandLabel(P.Hkdf, p.master_secret, "c ap traffic", &handshake_hash, P.Hash.digest_length);
const server_secret = hkdfExpandLabel(P.Hkdf, p.master_secret, "s ap traffic", &handshake_hash, P.Hash.digest_length);
- //std.debug.print("master_secret={}\nclient_secret={}\nserver_secret={}\n", .{
- // std.fmt.fmtSliceHexLower(&p.master_secret),
- // std.fmt.fmtSliceHexLower(&client_secret),
- // std.fmt.fmtSliceHexLower(&server_secret),
- //});
break :c @unionInit(tls.ApplicationCipher, @tagName(tag), .{
.client_secret = client_secret,
.server_secret = server_secret,
@@ -646,13 +610,11 @@ pub fn init(stream: net.Stream, ca_bundle: Certificate.Bundle, host: []const u8)
}
},
else => {
- std.debug.print("inner content type: {any}\n", .{inner_ct});
return error.TlsUnexpectedMessage;
},
}
},
else => {
- std.debug.print("content type: {s}\n", .{@tagName(ct)});
return error.TlsUnexpectedMessage;
},
}
@@ -707,16 +669,6 @@ pub fn write(c: *Client, stream: net.Stream, bytes: []const u8) !usize {
c.write_seq += 1; // TODO send key_update on overflow
const nonce = @as(V, p.client_iv) ^ operand;
P.AEAD.encrypt(ciphertext, auth_tag, cleartext, ad, nonce, p.client_key);
- //std.debug.print("seq: {d} nonce: {} client_key: {} client_iv: {} ad: {} auth_tag: {}\nserver_key: {} server_iv: {}\n", .{
- // c.write_seq - 1,
- // std.fmt.fmtSliceHexLower(&nonce),
- // std.fmt.fmtSliceHexLower(&p.client_key),
- // std.fmt.fmtSliceHexLower(&p.client_iv),
- // std.fmt.fmtSliceHexLower(ad),
- // std.fmt.fmtSliceHexLower(auth_tag),
- // std.fmt.fmtSliceHexLower(&p.server_key),
- // std.fmt.fmtSliceHexLower(&p.server_iv),
- //});
const record = ciphertext_buf[record_start..ciphertext_end];
iovecs_buf[iovec_end] = .{
@@ -844,10 +796,6 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
c.partial_cleartext_idx = 0;
c.partial_ciphertext_idx = 0;
c.partial_ciphertext_end = 0;
- } else {
- std.debug.print("finished giving partial cleartext. {d} bytes ciphertext remain\n", .{
- c.partial_ciphertext_end - c.partial_ciphertext_idx,
- });
}
}
@@ -943,11 +891,8 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
in += 1;
const legacy_version = mem.readIntBig(u16, frag[in..][0..2]);
in += 2;
- //_ = legacy_version;
+ _ = legacy_version;
const record_len = mem.readIntBig(u16, frag[in..][0..2]);
- std.debug.print("ct={any} legacy_version={x} record_len={d}\n", .{
- ct, legacy_version, record_len,
- });
if (record_len > max_ciphertext_len) return error.TlsRecordOverflow;
in += 2;
const end = in + record_len;
@@ -962,12 +907,8 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
const first = frag[in..];
const full_record_len = record_len + tls.ciphertext_record_header_len;
const second_len = full_record_len - first.len;
- if (frag1.len < second_len) {
- std.debug.print("end > frag.len finishRead2 end={d} frag.len={d}\n", .{
- end, frag.len,
- });
+ if (frag1.len < second_len)
return finishRead2(c, first, frag1, vp.total);
- }
mem.copy(u8, frag[0..in], first);
mem.copy(u8, frag[first.len..], frag1[0..second_len]);
@@ -1016,7 +957,7 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
c.partial_ciphertext_end = c.partial_ciphertext_idx;
return vp.total;
}
- std.debug.print("alert: {s} {s}\n", .{ @tagName(level), @tagName(desc) });
+ _ = level;
return error.TlsAlert;
},
.handshake => {
@@ -1032,11 +973,9 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
const handshake = cleartext[ct_i..next_handshake_i];
switch (handshake_type) {
.new_session_ticket => {
- std.debug.print("new_session_ticket\n", .{});
// This client implementation ignores new session tickets.
},
.key_update => {
- std.debug.print("key_update\n", .{});
switch (c.application_cipher) {
inline else => |*p| {
const P = @TypeOf(p.*);
@@ -1085,13 +1024,10 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
const dest = c.partially_read_buffer[c.partial_ciphertext_idx..];
mem.copy(u8, dest, msg);
c.partial_ciphertext_idx = @intCast(@TypeOf(c.partial_ciphertext_idx), c.partial_ciphertext_idx + msg.len);
- std.debug.print("application_data {d} bytes to partial buffer\n", .{msg.len});
} else {
const amt = vp.put(msg);
- std.debug.print("application_data {d} bytes to read buffer\n", .{msg.len});
if (amt < msg.len) {
const rest = msg[amt..];
- std.debug.print(" {d} bytes to partial buffer\n", .{rest.len});
c.partial_cleartext_idx = 0;
c.partial_ciphertext_idx = @intCast(@TypeOf(c.partial_ciphertext_idx), rest.len);
mem.copy(u8, &c.partially_read_buffer, rest);
@@ -1101,7 +1037,6 @@ pub fn readvAdvanced(c: *Client, stream: net.Stream, iovecs: []const std.os.iove
// Output buffer was used directly which means no
// memory copying needs to occur, and we can move
// on to the next ciphertext record.
- std.debug.print("application_data {d} bytes directly to read buffer\n", .{cleartext.len - 1});
vp.next(cleartext.len - 1);
}
},
lib/std/crypto/Certificate.zig
@@ -241,7 +241,6 @@ pub fn parse(cert: Certificate) !Parsed {
var common_name = der.Element.Slice.empty;
var name_i = subject.slice.start;
- //std.debug.print("subject name:\n", .{});
while (name_i < subject.slice.end) {
const rdn = try der.Element.parse(cert_bytes, name_i);
var rdn_i = rdn.slice.start;
@@ -252,9 +251,6 @@ pub fn parse(cert: Certificate) !Parsed {
const ty_elem = try der.Element.parse(cert_bytes, atav_i);
const ty = try parseAttribute(cert_bytes, ty_elem);
const val = try der.Element.parse(cert_bytes, ty_elem.slice.end);
- //std.debug.print(" {s}: '{s}'\n", .{
- // @tagName(ty), cert_bytes[val.slice.start..val.slice.end],
- //});
switch (ty) {
.commonName => common_name = val.slice,
else => {},
@@ -452,10 +448,7 @@ fn parseEnum(comptime E: type, bytes: []const u8, element: der.Element) !E {
if (element.identifier.tag != .object_identifier)
return error.CertificateFieldHasWrongDataType;
const oid_bytes = bytes[element.slice.start..element.slice.end];
- return E.map.get(oid_bytes) orelse {
- //std.debug.print("tag: {}\n", .{std.fmt.fmtSliceHexLower(oid_bytes)});
- return error.CertificateHasUnrecognizedObjectId;
- };
+ return E.map.get(oid_bytes) orelse return error.CertificateHasUnrecognizedObjectId;
}
pub fn checkVersion(bytes: []const u8, version: der.Element) !void {