pki: Use the standard logging function
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
Andreas Schneider
родитель
82a80b205b
Коммит
3b0b1c3ee3
@ -43,11 +43,6 @@ int bcrypt_pbkdf(const char *pass,
|
||||
/* Magic defined in OpenSSH/PROTOCOL.key */
|
||||
#define OPENSSH_AUTH_MAGIC "openssh-key-v1"
|
||||
|
||||
#define ssh_pki_log(...) \
|
||||
_ssh_log(SSH_LOG_FUNCTIONS, __func__, __VA_ARGS__)
|
||||
void _ssh_pki_log(const char *function,
|
||||
const char *format, ...) PRINTF_ATTRIBUTE(2, 3);
|
||||
|
||||
int pki_key_ecdsa_nid_from_name(const char *name);
|
||||
const char *pki_key_ecdsa_nid_to_name(int nid);
|
||||
|
||||
|
||||
68
src/pki.c
68
src/pki.c
@ -64,24 +64,6 @@
|
||||
#include "libssh/misc.h"
|
||||
#include "libssh/agent.h"
|
||||
|
||||
void _ssh_pki_log(const char *function, const char *format, ...)
|
||||
{
|
||||
#ifdef DEBUG_CRYPTO
|
||||
char buffer[1024];
|
||||
va_list va;
|
||||
|
||||
va_start(va, format);
|
||||
vsnprintf(buffer, sizeof(buffer), format, va);
|
||||
va_end(va);
|
||||
|
||||
ssh_log_function(SSH_LOG_DEBUG, function, buffer);
|
||||
#else
|
||||
(void) function;
|
||||
(void) format;
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
|
||||
enum ssh_keytypes_e pki_privatekey_type_from_string(const char *privkey) {
|
||||
if (strncmp(privkey, DSA_HEADER_BEGIN, strlen(DSA_HEADER_BEGIN)) == 0) {
|
||||
return SSH_KEYTYPE_DSS;
|
||||
@ -309,7 +291,7 @@ int ssh_key_cmp(const ssh_key k1,
|
||||
}
|
||||
|
||||
if (k1->type != k2->type) {
|
||||
ssh_pki_log("key types don't match!");
|
||||
SSH_LOG(SSH_LOG_WARN, "key types don't match!");
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -412,8 +394,9 @@ int ssh_pki_import_privkey_base64(const char *b64_key,
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
ssh_pki_log("Trying to decode privkey passphrase=%s",
|
||||
passphrase ? "true" : "false");
|
||||
SSH_LOG(SSH_LOG_INFO,
|
||||
"Trying to decode privkey passphrase=%s",
|
||||
passphrase ? "true" : "false");
|
||||
|
||||
/* Test for OpenSSH key format first */
|
||||
cmp = strncmp(b64_key, OPENSSH_HEADER_BEGIN, strlen(OPENSSH_HEADER_BEGIN));
|
||||
@ -475,16 +458,20 @@ int ssh_pki_import_privkey_file(const char *filename,
|
||||
|
||||
file = fopen(filename, "rb");
|
||||
if (file == NULL) {
|
||||
ssh_pki_log("Error opening %s: %s",
|
||||
filename, strerror(errno));
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Error opening %s: %s",
|
||||
filename,
|
||||
strerror(errno));
|
||||
return SSH_EOF;
|
||||
}
|
||||
|
||||
rc = fstat(fileno(file), &sb);
|
||||
if (rc < 0) {
|
||||
fclose(file);
|
||||
ssh_pki_log("Error getting stat of %s: %s",
|
||||
filename, strerror(errno));
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Error getting stat of %s: %s",
|
||||
filename,
|
||||
strerror(errno));
|
||||
switch (errno) {
|
||||
case ENOENT:
|
||||
case EACCES:
|
||||
@ -495,7 +482,8 @@ int ssh_pki_import_privkey_file(const char *filename,
|
||||
}
|
||||
|
||||
if (sb.st_size > MAX_PRIVKEY_SIZE) {
|
||||
ssh_pki_log("Private key is bigger than 4M.");
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Private key is bigger than 4M.");
|
||||
fclose(file);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
@ -503,7 +491,7 @@ int ssh_pki_import_privkey_file(const char *filename,
|
||||
key_buf = malloc(sb.st_size + 1);
|
||||
if (key_buf == NULL) {
|
||||
fclose(file);
|
||||
ssh_pki_log("Out of memory!");
|
||||
SSH_LOG(SSH_LOG_WARN, "Out of memory!");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
@ -512,8 +500,10 @@ int ssh_pki_import_privkey_file(const char *filename,
|
||||
|
||||
if (size != sb.st_size) {
|
||||
SAFE_FREE(key_buf);
|
||||
ssh_pki_log("Error reading %s: %s",
|
||||
filename, strerror(errno));
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Error reading %s: %s",
|
||||
filename,
|
||||
strerror(errno));
|
||||
return SSH_ERROR;
|
||||
}
|
||||
key_buf[size] = 0;
|
||||
@ -789,7 +779,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
|
||||
{
|
||||
ssh_string pubkey = buffer_get_ssh_string(buffer);
|
||||
if (ssh_string_len(pubkey) != ED25519_PK_LEN) {
|
||||
ssh_pki_log("Invalid public key length");
|
||||
SSH_LOG(SSH_LOG_WARN, "Invalid public key length");
|
||||
ssh_string_burn(pubkey);
|
||||
ssh_string_free(pubkey);
|
||||
goto fail;
|
||||
@ -809,7 +799,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
|
||||
break;
|
||||
case SSH_KEYTYPE_UNKNOWN:
|
||||
default:
|
||||
ssh_pki_log("Unknown public key protocol %d", type);
|
||||
SSH_LOG(SSH_LOG_WARN, "Unknown public key protocol %d", type);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@ -892,26 +882,26 @@ int ssh_pki_import_pubkey_blob(const ssh_string key_blob,
|
||||
|
||||
buffer = ssh_buffer_new();
|
||||
if (buffer == NULL) {
|
||||
ssh_pki_log("Out of memory!");
|
||||
SSH_LOG(SSH_LOG_WARN, "Out of memory!");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
rc = ssh_buffer_add_data(buffer, ssh_string_data(key_blob),
|
||||
ssh_string_len(key_blob));
|
||||
if (rc < 0) {
|
||||
ssh_pki_log("Out of memory!");
|
||||
SSH_LOG(SSH_LOG_WARN, "Out of memory!");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
type_s = buffer_get_ssh_string(buffer);
|
||||
if (type_s == NULL) {
|
||||
ssh_pki_log("Out of memory!");
|
||||
SSH_LOG(SSH_LOG_WARN, "Out of memory!");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
type = ssh_key_type_from_name(ssh_string_get_char(type_s));
|
||||
if (type == SSH_KEYTYPE_UNKNOWN) {
|
||||
ssh_pki_log("Unknown key type found!");
|
||||
SSH_LOG(SSH_LOG_WARN, "Unknown key type found!");
|
||||
goto fail;
|
||||
}
|
||||
ssh_string_free(type_s);
|
||||
@ -957,7 +947,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
|
||||
|
||||
file = fopen(filename, "r");
|
||||
if (file == NULL) {
|
||||
ssh_pki_log("Error opening %s: %s",
|
||||
SSH_LOG(SSH_LOG_WARN, "Error opening %s: %s",
|
||||
filename, strerror(errno));
|
||||
return SSH_EOF;
|
||||
}
|
||||
@ -965,7 +955,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
|
||||
rc = fstat(fileno(file), &sb);
|
||||
if (rc < 0) {
|
||||
fclose(file);
|
||||
ssh_pki_log("Error gettint stat of %s: %s",
|
||||
SSH_LOG(SSH_LOG_WARN, "Error gettint stat of %s: %s",
|
||||
filename, strerror(errno));
|
||||
switch (errno) {
|
||||
case ENOENT:
|
||||
@ -983,7 +973,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
|
||||
key_buf = malloc(sb.st_size + 1);
|
||||
if (key_buf == NULL) {
|
||||
fclose(file);
|
||||
ssh_pki_log("Out of memory!");
|
||||
SSH_LOG(SSH_LOG_WARN, "Out of memory!");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
@ -992,7 +982,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
|
||||
|
||||
if (size != sb.st_size) {
|
||||
SAFE_FREE(key_buf);
|
||||
ssh_pki_log("Error reading %s: %s",
|
||||
SSH_LOG(SSH_LOG_WARN, "Error reading %s: %s",
|
||||
filename, strerror(errno));
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
@ -69,20 +69,20 @@ static int pki_openssh_import_privkey_blob(ssh_buffer key_blob_buffer,
|
||||
|
||||
rc = ssh_buffer_unpack(key_blob_buffer, "s", &type_s);
|
||||
if (rc == SSH_ERROR){
|
||||
ssh_pki_log("Unpack error");
|
||||
SSH_LOG(SSH_LOG_WARN, "Unpack error");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
type = ssh_key_type_from_name(type_s);
|
||||
if (type == SSH_KEYTYPE_UNKNOWN) {
|
||||
ssh_pki_log("Unknown key type found!");
|
||||
SSH_LOG(SSH_LOG_WARN, "Unknown key type found!");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
SAFE_FREE(type_s);
|
||||
|
||||
key = ssh_key_new();
|
||||
if (key == NULL) {
|
||||
ssh_pki_log("Out of memory");
|
||||
SSH_LOG(SSH_LOG_WARN, "Out of memory");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
@ -94,12 +94,12 @@ static int pki_openssh_import_privkey_blob(ssh_buffer key_blob_buffer,
|
||||
case SSH_KEYTYPE_ED25519:
|
||||
rc = ssh_buffer_unpack(key_blob_buffer, "SS", &pubkey, &privkey);
|
||||
if (rc != SSH_OK){
|
||||
ssh_pki_log("Unpack error");
|
||||
SSH_LOG(SSH_LOG_WARN, "Unpack error");
|
||||
goto fail;
|
||||
}
|
||||
if(ssh_string_len(pubkey) != ED25519_PK_LEN ||
|
||||
ssh_string_len(privkey) != ED25519_SK_LEN){
|
||||
ssh_pki_log("Invalid ed25519 key len");
|
||||
SSH_LOG(SSH_LOG_WARN, "Invalid ed25519 key len");
|
||||
goto fail;
|
||||
}
|
||||
key->ed25519_privkey = malloc(ED25519_SK_LEN);
|
||||
@ -120,10 +120,10 @@ static int pki_openssh_import_privkey_blob(ssh_buffer key_blob_buffer,
|
||||
case SSH_KEYTYPE_RSA1:
|
||||
case SSH_KEYTYPE_ECDSA:
|
||||
/* curve_name, group, privkey */
|
||||
ssh_pki_log("Unsupported private key method %s", key->type_c);
|
||||
SSH_LOG(SSH_LOG_WARN, "Unsupported private key method %s", key->type_c);
|
||||
goto fail;
|
||||
case SSH_KEYTYPE_UNKNOWN:
|
||||
ssh_pki_log("Unknown private key protocol %s", key->type_c);
|
||||
SSH_LOG(SSH_LOG_WARN, "Unknown private key protocol %s", key->type_c);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@ -213,18 +213,21 @@ static int pki_private_key_decrypt(ssh_string blob,
|
||||
/* We need material for key (keysize bits / 8) and IV (blocksize) */
|
||||
key_material_len = cipher.keysize/8 + cipher.blocksize;
|
||||
if (key_material_len > sizeof(key_material)) {
|
||||
ssh_pki_log("Key material too big");
|
||||
SSH_LOG(SSH_LOG_WARN, "Key material too big");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
ssh_pki_log("Decryption: %d key, %d IV, %d rounds, %zu bytes salt",
|
||||
cipher.keysize/8,
|
||||
cipher.blocksize, rounds, ssh_string_len(salt));
|
||||
SSH_LOG(SSH_LOG_DEBUG,
|
||||
"Decryption: %d key, %d IV, %d rounds, %zu bytes salt",
|
||||
cipher.keysize/8,
|
||||
cipher.blocksize,
|
||||
rounds,
|
||||
ssh_string_len(salt));
|
||||
|
||||
if (passphrase == NULL) {
|
||||
if (auth_fn == NULL) {
|
||||
SAFE_FREE(salt);
|
||||
ssh_pki_log("No passphrase provided");
|
||||
SSH_LOG(SSH_LOG_WARN, "No passphrase provided");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
rc = auth_fn("Passphrase",
|
||||
@ -339,7 +342,11 @@ ssh_key ssh_pki_openssh_privkey_import(const char *text_key,
|
||||
SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (bad magic)");
|
||||
goto error;
|
||||
}
|
||||
ssh_pki_log("Opening OpenSSH private key: ciphername: %s, kdf: %s, nkeys: %d\n", ciphername, kdfname, nkeys);
|
||||
SSH_LOG(SSH_LOG_INFO,
|
||||
"Opening OpenSSH private key: ciphername: %s, kdf: %s, nkeys: %d\n",
|
||||
ciphername,
|
||||
kdfname,
|
||||
nkeys);
|
||||
if (nkeys != 1){
|
||||
SSH_LOG(SSH_LOG_WARN, "Opening OpenSSH private key: only 1 key supported (%d available)", nkeys);
|
||||
goto error;
|
||||
@ -383,7 +390,7 @@ ssh_key ssh_pki_openssh_privkey_import(const char *text_key,
|
||||
if (padding != i){
|
||||
ssh_key_free(key);
|
||||
key = NULL;
|
||||
ssh_pki_log("Invalid padding");
|
||||
SSH_LOG(SSH_LOG_WARN, "Invalid padding");
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
@ -419,7 +426,7 @@ static int pki_openssh_export_privkey_blob(const ssh_key privkey,
|
||||
int rc;
|
||||
|
||||
if (privkey->type != SSH_KEYTYPE_ED25519) {
|
||||
ssh_pki_log("Type %s not supported", privkey->type_c);
|
||||
SSH_LOG(SSH_LOG_WARN, "Type %s not supported", privkey->type_c);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
if (privkey->ed25519_privkey == NULL ||
|
||||
@ -494,17 +501,17 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
|
||||
/* We need material for key (keysize bits / 8) and IV (blocksize) */
|
||||
key_material_len = cipher.keysize/8 + cipher.blocksize;
|
||||
if (key_material_len > sizeof(key_material)){
|
||||
ssh_pki_log("Key material too big");
|
||||
SSH_LOG(SSH_LOG_WARN, "Key material too big");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
ssh_pki_log("Encryption: %d key, %d IV, %d rounds, %zu bytes salt",
|
||||
SSH_LOG(SSH_LOG_WARN, "Encryption: %d key, %d IV, %d rounds, %zu bytes salt",
|
||||
cipher.keysize/8,
|
||||
cipher.blocksize, rounds, ssh_string_len(salt));
|
||||
|
||||
if (passphrase == NULL){
|
||||
if (auth_fn == NULL){
|
||||
ssh_pki_log("No passphrase provided");
|
||||
SSH_LOG(SSH_LOG_WARN, "No passphrase provided");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
rc = auth_fn("Passphrase",
|
||||
@ -573,11 +580,11 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
|
||||
return NULL;
|
||||
}
|
||||
if (privkey->type != SSH_KEYTYPE_ED25519){
|
||||
ssh_pki_log("Unsupported key type %s", privkey->type_c);
|
||||
SSH_LOG(SSH_LOG_WARN, "Unsupported key type %s", privkey->type_c);
|
||||
return NULL;
|
||||
}
|
||||
if (passphrase != NULL || auth_fn != NULL){
|
||||
ssh_pki_log("Enabling encryption for private key export");
|
||||
SSH_LOG(SSH_LOG_INFO, "Enabling encryption for private key export");
|
||||
to_encrypt = 1;
|
||||
}
|
||||
buffer = ssh_buffer_new();
|
||||
|
||||
@ -649,11 +649,11 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
|
||||
#endif
|
||||
case SSH_KEYTYPE_ED25519:
|
||||
BIO_free(mem);
|
||||
ssh_pki_log("PEM output not supported for key type ssh-ed25519");
|
||||
SSH_LOG(SSH_LOG_WARN, "PEM output not supported for key type ssh-ed25519");
|
||||
return NULL;
|
||||
case SSH_KEYTYPE_UNKNOWN:
|
||||
BIO_free(mem);
|
||||
ssh_pki_log("Unkown or invalid private key type %d", key->type);
|
||||
SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", key->type);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -696,7 +696,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
|
||||
|
||||
type = pki_privatekey_type_from_string(b64_key);
|
||||
if (type == SSH_KEYTYPE_UNKNOWN) {
|
||||
ssh_pki_log("Unknown or invalid private key.");
|
||||
SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key.");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -720,8 +720,9 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
|
||||
BIO_free(mem);
|
||||
|
||||
if (dsa == NULL) {
|
||||
ssh_pki_log("Parsing private key: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Parsing private key: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -744,8 +745,9 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
|
||||
BIO_free(mem);
|
||||
|
||||
if (rsa == NULL) {
|
||||
ssh_pki_log("Parsing private key: %s",
|
||||
ERR_error_string(ERR_get_error(),NULL));
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Parsing private key: %s",
|
||||
ERR_error_string(ERR_get_error(),NULL));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -768,8 +770,9 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
|
||||
BIO_free(mem);
|
||||
|
||||
if (ecdsa == NULL) {
|
||||
ssh_pki_log("Parsing private key: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Parsing private key: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -779,7 +782,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
|
||||
/* Cannot open ed25519 keys with libcrypto */
|
||||
case SSH_KEYTYPE_UNKNOWN:
|
||||
BIO_free(mem);
|
||||
ssh_pki_log("Unkown or invalid private key type %d", type);
|
||||
SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", type);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -1247,7 +1250,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
|
||||
break;
|
||||
default:
|
||||
case SSH_KEYTYPE_UNKNOWN:
|
||||
ssh_pki_log("Unknown signature key type: %s", sig->type_c);
|
||||
SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %s", sig->type_c);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -1267,19 +1270,21 @@ static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey,
|
||||
size_t len = ssh_string_len(sig_blob);
|
||||
|
||||
if (pubkey->rsa == NULL) {
|
||||
ssh_pki_log("Pubkey RSA field NULL");
|
||||
SSH_LOG(SSH_LOG_WARN, "Pubkey RSA field NULL");
|
||||
goto errout;
|
||||
}
|
||||
|
||||
rsalen = RSA_size(pubkey->rsa);
|
||||
if (len > rsalen) {
|
||||
ssh_pki_log("Signature is too big: %lu > %lu",
|
||||
(unsigned long)len, (unsigned long)rsalen);
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Signature is too big: %lu > %lu",
|
||||
(unsigned long)len,
|
||||
(unsigned long)rsalen);
|
||||
goto errout;
|
||||
}
|
||||
|
||||
#ifdef DEBUG_CRYPTO
|
||||
ssh_pki_log("RSA signature len: %lu", (unsigned long)len);
|
||||
SSH_LOG(SSH_LOG_WARN, "RSA signature len: %lu", (unsigned long)len);
|
||||
ssh_print_hexa("RSA signature", ssh_string_data(sig_blob), len);
|
||||
#endif
|
||||
|
||||
@ -1287,8 +1292,10 @@ static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey,
|
||||
sig->rsa_sig = ssh_string_copy(sig_blob);
|
||||
} else {
|
||||
/* pad the blob to the expected rsalen size */
|
||||
ssh_pki_log("RSA signature len %lu < %lu",
|
||||
(unsigned long)len, (unsigned long)rsalen);
|
||||
SSH_LOG(SSH_LOG_DEBUG,
|
||||
"RSA signature len %lu < %lu",
|
||||
(unsigned long)len,
|
||||
(unsigned long)rsalen);
|
||||
|
||||
pad_len = rsalen - len;
|
||||
|
||||
@ -1339,8 +1346,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
|
||||
case SSH_KEYTYPE_DSS:
|
||||
/* 40 is the dual signature blob len. */
|
||||
if (len != 40) {
|
||||
ssh_pki_log("Signature has wrong size: %lu",
|
||||
(unsigned long)len);
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Signature has wrong size: %lu",
|
||||
(unsigned long)len);
|
||||
ssh_signature_free(sig);
|
||||
return NULL;
|
||||
}
|
||||
@ -1457,9 +1465,10 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
|
||||
}
|
||||
|
||||
if (rlen != 0) {
|
||||
ssh_pki_log("Signature has remaining bytes in inner "
|
||||
"sigblob: %lu",
|
||||
(unsigned long)rlen);
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Signature has remaining bytes in inner "
|
||||
"sigblob: %lu",
|
||||
(unsigned long)rlen);
|
||||
ssh_signature_free(sig);
|
||||
return NULL;
|
||||
}
|
||||
@ -1476,7 +1485,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
|
||||
break;
|
||||
default:
|
||||
case SSH_KEYTYPE_UNKNOWN:
|
||||
ssh_pki_log("Unknown signature type");
|
||||
SSH_LOG(SSH_LOG_WARN, "Unknown signature type");
|
||||
ssh_signature_free(sig);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -290,7 +290,7 @@ int pki_ed25519_sig_from_blob(ssh_signature sig, ssh_string sig_blob)
|
||||
|
||||
len = ssh_string_len(sig_blob);
|
||||
if (len != ED25519_SIG_LEN){
|
||||
ssh_pki_log("Invalid ssh-ed25519 signature len: %zu", len);
|
||||
SSH_LOG(SSH_LOG_WARN, "Invalid ssh-ed25519 signature len: %zu", len);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
|
||||
@ -622,7 +622,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
|
||||
|
||||
type = pki_privatekey_type_from_string(b64_key);
|
||||
if (type == SSH_KEYTYPE_UNKNOWN) {
|
||||
ssh_pki_log("Unknown or invalid private key.");
|
||||
SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key.");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -642,7 +642,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
|
||||
}
|
||||
|
||||
if (!valid) {
|
||||
ssh_pki_log("Parsing private key");
|
||||
SSH_LOG(SSH_LOG_WARN, "Parsing private key");
|
||||
goto fail;
|
||||
}
|
||||
break;
|
||||
@ -662,7 +662,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
|
||||
}
|
||||
|
||||
if (!valid) {
|
||||
ssh_pki_log("Parsing private key");
|
||||
SSH_LOG(SSH_LOG_WARN, "Parsing private key");
|
||||
goto fail;
|
||||
}
|
||||
break;
|
||||
@ -671,7 +671,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
|
||||
case SSH_KEYTYPE_ECDSA:
|
||||
case SSH_KEYTYPE_UNKNOWN:
|
||||
default:
|
||||
ssh_pki_log("Unkown or invalid private key type %d", type);
|
||||
SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", type);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -1461,7 +1461,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
|
||||
case SSH_KEYTYPE_ECDSA:
|
||||
case SSH_KEYTYPE_UNKNOWN:
|
||||
default:
|
||||
ssh_pki_log("Unknown signature key type: %d", sig->type);
|
||||
SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %d", sig->type);
|
||||
return NULL;
|
||||
break;
|
||||
}
|
||||
@ -1492,14 +1492,17 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
|
||||
case SSH_KEYTYPE_DSS:
|
||||
/* 40 is the dual signature blob len. */
|
||||
if (len != 40) {
|
||||
ssh_pki_log("Signature has wrong size: %lu",
|
||||
(unsigned long)len);
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Signature has wrong size: %lu",
|
||||
(unsigned long)len);
|
||||
ssh_signature_free(sig);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifdef DEBUG_CRYPTO
|
||||
ssh_pki_log("DSA signature len: %lu", (unsigned long)len);
|
||||
SSH_LOG(SSH_LOG_DEBUG,
|
||||
"DSA signature len: %lu",
|
||||
(unsigned long)len);
|
||||
ssh_print_hexa("DSA signature", ssh_string_data(sig_blob), len);
|
||||
#endif
|
||||
|
||||
@ -1520,19 +1523,22 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
|
||||
rsalen = (gcry_pk_get_nbits(pubkey->rsa) + 7) / 8;
|
||||
|
||||
if (len > rsalen) {
|
||||
ssh_pki_log("Signature is to big size: %lu",
|
||||
(unsigned long)len);
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Signature is to big size: %lu",
|
||||
(unsigned long)len);
|
||||
ssh_signature_free(sig);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (len < rsalen) {
|
||||
ssh_pki_log("RSA signature len %lu < %lu",
|
||||
(unsigned long)len, (unsigned long)rsalen);
|
||||
SSH_LOG(SSH_LOG_DEBUG,
|
||||
"RSA signature len %lu < %lu",
|
||||
(unsigned long)len,
|
||||
(unsigned long)rsalen);
|
||||
}
|
||||
|
||||
#ifdef DEBUG_CRYPTO
|
||||
ssh_pki_log("RSA signature len: %lu", (unsigned long)len);
|
||||
SSH_LOG(SSH_LOG_DEBUG, "RSA signature len: %lu", (unsigned long)len);
|
||||
ssh_print_hexa("RSA signature", ssh_string_data(sig_blob), len);
|
||||
#endif
|
||||
|
||||
@ -1556,7 +1562,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
|
||||
case SSH_KEYTYPE_ECDSA:
|
||||
case SSH_KEYTYPE_UNKNOWN:
|
||||
default:
|
||||
ssh_pki_log("Unknown signature type");
|
||||
SSH_LOG(SSH_LOG_WARN, "Unknown signature type");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
@ -1265,8 +1265,6 @@ static void torture_pki_write_privkey_rsa(void **state)
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
ssh_set_log_level(5);
|
||||
|
||||
rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
|
||||
NULL,
|
||||
NULL,
|
||||
@ -1305,8 +1303,6 @@ static void torture_pki_write_privkey_dsa(void **state)
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
ssh_set_log_level(5);
|
||||
|
||||
rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY,
|
||||
NULL,
|
||||
NULL,
|
||||
@ -1346,8 +1342,6 @@ static void torture_pki_write_privkey_ecdsa(void **state)
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
ssh_set_log_level(5);
|
||||
|
||||
rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY,
|
||||
NULL,
|
||||
NULL,
|
||||
@ -1387,8 +1381,6 @@ static void torture_pki_write_privkey_ed25519(void **state){
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
ssh_set_log_level(5);
|
||||
|
||||
rc = ssh_pki_import_privkey_file(LIBSSH_ED25519_TESTKEY,
|
||||
NULL,
|
||||
NULL,
|
||||
@ -1457,8 +1449,6 @@ static void torture_pki_ecdsa_name(void **state, const char *expected_name)
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
ssh_set_log_level(5);
|
||||
|
||||
rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY, NULL, NULL, NULL, &key);
|
||||
assert_true(rc == 0);
|
||||
|
||||
|
||||
Загрузка…
x
Ссылка в новой задаче
Block a user