1 files changed, 28 insertions, 6 deletions

diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c
index 2ad5a72df..114b312fa 100644
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -156,8 +156,10 @@ ngx_quic_set_initial_secret(ngx_pool_t *pool, ngx_quic_secret_t *client,
         .len = is_len
     };
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pool->log, "salt", salt, sizeof(salt));
     ngx_quic_hexdump0(pool->log, "initial secret", is, is_len);
+#endif
 
     /* draft-ietf-quic-tls-23#section-5.2 */
     client->secret.len = SHA256_DIGEST_LENGTH;
@@ -263,8 +265,10 @@ ngx_quic_hkdf_expand(ngx_pool_t *pool, const EVP_MD *digest, ngx_str_t *out,
         return NGX_ERROR;
     }
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump(pool->log, "%V info", info, info_len, label);
     ngx_quic_hexdump(pool->log, "%V key", out->data, out->len, label);
+#endif
 
     return NGX_OK;
 }
@@ -761,21 +765,21 @@ ngx_quic_create_long_packet(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
 
     out.data = res->data + ad.len;
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len);
+#endif
 
     if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) {
         return NGX_ERROR;
     }
 
-    ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
-                   "ngx_quic_create_long_packet: number %L, encoded %d:0x%xD",
-                   pkt->number, (int) pkt->num_len, pkt->trunc);
-
     ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len);
     ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12);
     ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12);
+#endif
 
     if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out,
                           nonce, &pkt->payload, &ad, pkt->log)
@@ -791,8 +795,10 @@ ngx_quic_create_long_packet(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
         return NGX_ERROR;
     }
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "sample", sample, 16);
     ngx_quic_hexdump0(pkt->log, "mask", mask, 5);
+#endif
 
     /* quic-tls: 5.4.1.  Header Protection Application */
     ad.data[0] ^= mask[0] & 0x0f;
@@ -824,21 +830,26 @@ ngx_quic_create_short_packet(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
 
     out.data = res->data + ad.len;
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len);
+#endif
 
     if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) {
         return NGX_ERROR;
     }
 
     ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
-                   "ngx_quic_create_short_packet: number %L, encoded %d:0x%xD",
-                   pkt->number, (int) pkt->num_len, pkt->trunc);
+                   "quic ngx_quic_create_short_packet: number %L,"
+                   " encoded %d:0x%xD", pkt->number, (int) pkt->num_len,
+                   pkt->trunc);
 
     ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len);
     ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12);
     ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12);
+#endif
 
     if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out,
                           nonce, &pkt->payload, &ad, pkt->log)
@@ -854,8 +865,10 @@ ngx_quic_create_short_packet(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
         return NGX_ERROR;
     }
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "sample", sample, 16);
     ngx_quic_hexdump0(pkt->log, "mask", mask, 5);
+#endif
 
     /* quic-tls: 5.4.1.  Header Protection Application */
     ad.data[0] ^= mask[0] & 0x1f;
@@ -963,7 +976,9 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
 
     sample = p + 4;
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "sample", sample, 16);
+#endif
 
     /* header protection */
 
@@ -991,7 +1006,10 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
 
     pkt->pn = pn;
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "mask", mask, 5);
+#endif
+
     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
                    "quic clear flags: %xi", clearflags);
     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
@@ -1021,8 +1039,10 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
     ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
     ngx_quic_compute_nonce(nonce, sizeof(nonce), pn);
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12);
     ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len);
+#endif
 
     pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN;
 
@@ -1035,8 +1055,10 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
     rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,
                            nonce, &in, &ad, pkt->log);
 
+#if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS)
     ngx_quic_hexdump0(pkt->log, "packet payload",
                       pkt->payload.data, pkt->payload.len);
+#endif
 
     return rc;
 }