lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-08 19:02:06 +03:00
Code Activity

pki: Use the standard logging function

Browse Source 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Andreas Schneider
2015-09-07 10:50:49 +02:00
parent 82a80b205b
commit 3b0b1c3ee3
7 changed files with 109 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/libssh/pki_priv.h
View File

@@ -43,11 +43,6 @@ int bcrypt_pbkdf(const char *pass,
/* Magic defined in OpenSSH/PROTOCOL.key */ /* Magic defined in OpenSSH/PROTOCOL.key */
#define OPENSSH_AUTH_MAGIC "openssh-key-v1" #define OPENSSH_AUTH_MAGIC "openssh-key-v1"
#define ssh_pki_log(...) \
_ssh_log(SSH_LOG_FUNCTIONS, __func__, __VA_ARGS__)
void _ssh_pki_log(const char *function,
const char *format, ...) PRINTF_ATTRIBUTE(2, 3);
int pki_key_ecdsa_nid_from_name(const char *name); int pki_key_ecdsa_nid_from_name(const char *name);
const char *pki_key_ecdsa_nid_to_name(int nid); const char *pki_key_ecdsa_nid_to_name(int nid);

66
src/pki.c
View File

@@ -64,24 +64,6 @@
#include "libssh/misc.h" #include "libssh/misc.h"
#include "libssh/agent.h" #include "libssh/agent.h"
void _ssh_pki_log(const char *function, const char *format, ...)
{
#ifdef DEBUG_CRYPTO
char buffer[1024];
va_list va;
va_start(va, format);
vsnprintf(buffer, sizeof(buffer), format, va);
va_end(va);
ssh_log_function(SSH_LOG_DEBUG, function, buffer);
#else
(void) function;
(void) format;
#endif
return;
}
enum ssh_keytypes_e pki_privatekey_type_from_string(const char *privkey) { enum ssh_keytypes_e pki_privatekey_type_from_string(const char *privkey) {
if (strncmp(privkey, DSA_HEADER_BEGIN, strlen(DSA_HEADER_BEGIN)) == 0) { if (strncmp(privkey, DSA_HEADER_BEGIN, strlen(DSA_HEADER_BEGIN)) == 0) {
return SSH_KEYTYPE_DSS; return SSH_KEYTYPE_DSS;
@@ -309,7 +291,7 @@ int ssh_key_cmp(const ssh_key k1,
} }
if (k1->type != k2->type) { if (k1->type != k2->type) {
ssh_pki_log("key types don't match!"); SSH_LOG(SSH_LOG_WARN, "key types don't match!");
return 1; return 1;
} }
@@ -412,7 +394,8 @@ int ssh_pki_import_privkey_base64(const char *b64_key,
return SSH_ERROR; return SSH_ERROR;
} }
ssh_pki_log("Trying to decode privkey passphrase=%s", SSH_LOG(SSH_LOG_INFO,
"Trying to decode privkey passphrase=%s",
passphrase ? "true" : "false"); passphrase ? "true" : "false");
/* Test for OpenSSH key format first */ /* Test for OpenSSH key format first */
@@ -475,16 +458,20 @@ int ssh_pki_import_privkey_file(const char *filename,
file = fopen(filename, "rb"); file = fopen(filename, "rb");
if (file == NULL) { if (file == NULL) {
ssh_pki_log("Error opening %s: %s", SSH_LOG(SSH_LOG_WARN,
filename, strerror(errno)); "Error opening %s: %s",
filename,
strerror(errno));
return SSH_EOF; return SSH_EOF;
} }
rc = fstat(fileno(file), &sb); rc = fstat(fileno(file), &sb);
if (rc < 0) { if (rc < 0) {
fclose(file); fclose(file);
ssh_pki_log("Error getting stat of %s: %s", SSH_LOG(SSH_LOG_WARN,
filename, strerror(errno)); "Error getting stat of %s: %s",
filename,
strerror(errno));
switch (errno) { switch (errno) {
case ENOENT: case ENOENT:
case EACCES: case EACCES:
@@ -495,7 +482,8 @@ int ssh_pki_import_privkey_file(const char *filename,
} }
if (sb.st_size > MAX_PRIVKEY_SIZE) { if (sb.st_size > MAX_PRIVKEY_SIZE) {
ssh_pki_log("Private key is bigger than 4M."); SSH_LOG(SSH_LOG_WARN,
"Private key is bigger than 4M.");
fclose(file); fclose(file);
return SSH_ERROR; return SSH_ERROR;
} }
@@ -503,7 +491,7 @@ int ssh_pki_import_privkey_file(const char *filename,
key_buf = malloc(sb.st_size + 1); key_buf = malloc(sb.st_size + 1);
if (key_buf == NULL) { if (key_buf == NULL) {
fclose(file); fclose(file);
ssh_pki_log("Out of memory!"); SSH_LOG(SSH_LOG_WARN, "Out of memory!");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -512,8 +500,10 @@ int ssh_pki_import_privkey_file(const char *filename,
if (size != sb.st_size) { if (size != sb.st_size) {
SAFE_FREE(key_buf); SAFE_FREE(key_buf);
ssh_pki_log("Error reading %s: %s", SSH_LOG(SSH_LOG_WARN,
filename, strerror(errno)); "Error reading %s: %s",
filename,
strerror(errno));
return SSH_ERROR; return SSH_ERROR;
} }
key_buf[size] = 0; key_buf[size] = 0;
@@ -789,7 +779,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
{ {
ssh_string pubkey = buffer_get_ssh_string(buffer); ssh_string pubkey = buffer_get_ssh_string(buffer);
if (ssh_string_len(pubkey) != ED25519_PK_LEN) { if (ssh_string_len(pubkey) != ED25519_PK_LEN) {
ssh_pki_log("Invalid public key length"); SSH_LOG(SSH_LOG_WARN, "Invalid public key length");
ssh_string_burn(pubkey); ssh_string_burn(pubkey);
ssh_string_free(pubkey); ssh_string_free(pubkey);
goto fail; goto fail;
@@ -809,7 +799,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
break; break;
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:
ssh_pki_log("Unknown public key protocol %d", type); SSH_LOG(SSH_LOG_WARN, "Unknown public key protocol %d", type);
goto fail; goto fail;
} }
@@ -892,26 +882,26 @@ int ssh_pki_import_pubkey_blob(const ssh_string key_blob,
buffer = ssh_buffer_new(); buffer = ssh_buffer_new();
if (buffer == NULL) { if (buffer == NULL) {
ssh_pki_log("Out of memory!"); SSH_LOG(SSH_LOG_WARN, "Out of memory!");
return SSH_ERROR; return SSH_ERROR;
} }
rc = ssh_buffer_add_data(buffer, ssh_string_data(key_blob), rc = ssh_buffer_add_data(buffer, ssh_string_data(key_blob),
ssh_string_len(key_blob)); ssh_string_len(key_blob));
if (rc < 0) { if (rc < 0) {
ssh_pki_log("Out of memory!"); SSH_LOG(SSH_LOG_WARN, "Out of memory!");
goto fail; goto fail;
} }
type_s = buffer_get_ssh_string(buffer); type_s = buffer_get_ssh_string(buffer);
if (type_s == NULL) { if (type_s == NULL) {
ssh_pki_log("Out of memory!"); SSH_LOG(SSH_LOG_WARN, "Out of memory!");
goto fail; goto fail;
} }
type = ssh_key_type_from_name(ssh_string_get_char(type_s)); type = ssh_key_type_from_name(ssh_string_get_char(type_s));
if (type == SSH_KEYTYPE_UNKNOWN) { if (type == SSH_KEYTYPE_UNKNOWN) {
ssh_pki_log("Unknown key type found!"); SSH_LOG(SSH_LOG_WARN, "Unknown key type found!");
goto fail; goto fail;
} }
ssh_string_free(type_s); ssh_string_free(type_s);
@@ -957,7 +947,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
file = fopen(filename, "r"); file = fopen(filename, "r");
if (file == NULL) { if (file == NULL) {
ssh_pki_log("Error opening %s: %s", SSH_LOG(SSH_LOG_WARN, "Error opening %s: %s",
filename, strerror(errno)); filename, strerror(errno));
return SSH_EOF; return SSH_EOF;
} }
@@ -965,7 +955,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
rc = fstat(fileno(file), &sb); rc = fstat(fileno(file), &sb);
if (rc < 0) { if (rc < 0) {
fclose(file); fclose(file);
ssh_pki_log("Error gettint stat of %s: %s", SSH_LOG(SSH_LOG_WARN, "Error gettint stat of %s: %s",
filename, strerror(errno)); filename, strerror(errno));
switch (errno) { switch (errno) {
case ENOENT: case ENOENT:
@@ -983,7 +973,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
key_buf = malloc(sb.st_size + 1); key_buf = malloc(sb.st_size + 1);
if (key_buf == NULL) { if (key_buf == NULL) {
fclose(file); fclose(file);
ssh_pki_log("Out of memory!"); SSH_LOG(SSH_LOG_WARN, "Out of memory!");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -992,7 +982,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
if (size != sb.st_size) { if (size != sb.st_size) {
SAFE_FREE(key_buf); SAFE_FREE(key_buf);
ssh_pki_log("Error reading %s: %s", SSH_LOG(SSH_LOG_WARN, "Error reading %s: %s",
filename, strerror(errno)); filename, strerror(errno));
return SSH_ERROR; return SSH_ERROR;
} }

45
src/pki_container_openssh.c
View File

@@ -69,20 +69,20 @@ static int pki_openssh_import_privkey_blob(ssh_buffer key_blob_buffer,
rc = ssh_buffer_unpack(key_blob_buffer, "s", &type_s); rc = ssh_buffer_unpack(key_blob_buffer, "s", &type_s);
if (rc == SSH_ERROR){ if (rc == SSH_ERROR){
ssh_pki_log("Unpack error"); SSH_LOG(SSH_LOG_WARN, "Unpack error");
return SSH_ERROR; return SSH_ERROR;
} }
type = ssh_key_type_from_name(type_s); type = ssh_key_type_from_name(type_s);
if (type == SSH_KEYTYPE_UNKNOWN) { if (type == SSH_KEYTYPE_UNKNOWN) {
ssh_pki_log("Unknown key type found!"); SSH_LOG(SSH_LOG_WARN, "Unknown key type found!");
return SSH_ERROR; return SSH_ERROR;
} }
SAFE_FREE(type_s); SAFE_FREE(type_s);
key = ssh_key_new(); key = ssh_key_new();
if (key == NULL) { if (key == NULL) {
ssh_pki_log("Out of memory"); SSH_LOG(SSH_LOG_WARN, "Out of memory");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -94,12 +94,12 @@ static int pki_openssh_import_privkey_blob(ssh_buffer key_blob_buffer,
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
rc = ssh_buffer_unpack(key_blob_buffer, "SS", &pubkey, &privkey); rc = ssh_buffer_unpack(key_blob_buffer, "SS", &pubkey, &privkey);
if (rc != SSH_OK){ if (rc != SSH_OK){
ssh_pki_log("Unpack error"); SSH_LOG(SSH_LOG_WARN, "Unpack error");
goto fail; goto fail;
} }
if(ssh_string_len(pubkey) != ED25519_PK_LEN || if(ssh_string_len(pubkey) != ED25519_PK_LEN ||
ssh_string_len(privkey) != ED25519_SK_LEN){ ssh_string_len(privkey) != ED25519_SK_LEN){
ssh_pki_log("Invalid ed25519 key len"); SSH_LOG(SSH_LOG_WARN, "Invalid ed25519 key len");
goto fail; goto fail;
} }
key->ed25519_privkey = malloc(ED25519_SK_LEN); key->ed25519_privkey = malloc(ED25519_SK_LEN);
@@ -120,10 +120,10 @@ static int pki_openssh_import_privkey_blob(ssh_buffer key_blob_buffer,
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA:
/* curve_name, group, privkey */ /* curve_name, group, privkey */
ssh_pki_log("Unsupported private key method %s", key->type_c); SSH_LOG(SSH_LOG_WARN, "Unsupported private key method %s", key->type_c);
goto fail; goto fail;
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
ssh_pki_log("Unknown private key protocol %s", key->type_c); SSH_LOG(SSH_LOG_WARN, "Unknown private key protocol %s", key->type_c);
goto fail; goto fail;
} }
@@ -213,18 +213,21 @@ static int pki_private_key_decrypt(ssh_string blob,
/* We need material for key (keysize bits / 8) and IV (blocksize) */ /* We need material for key (keysize bits / 8) and IV (blocksize) */
key_material_len = cipher.keysize/8 + cipher.blocksize; key_material_len = cipher.keysize/8 + cipher.blocksize;
if (key_material_len > sizeof(key_material)) { if (key_material_len > sizeof(key_material)) {
ssh_pki_log("Key material too big"); SSH_LOG(SSH_LOG_WARN, "Key material too big");
return SSH_ERROR; return SSH_ERROR;
} }
ssh_pki_log("Decryption: %d key, %d IV, %d rounds, %zu bytes salt", SSH_LOG(SSH_LOG_DEBUG,
"Decryption: %d key, %d IV, %d rounds, %zu bytes salt",
cipher.keysize/8, cipher.keysize/8,
cipher.blocksize, rounds, ssh_string_len(salt)); cipher.blocksize,
rounds,
ssh_string_len(salt));
if (passphrase == NULL) { if (passphrase == NULL) {
if (auth_fn == NULL) { if (auth_fn == NULL) {
SAFE_FREE(salt); SAFE_FREE(salt);
ssh_pki_log("No passphrase provided"); SSH_LOG(SSH_LOG_WARN, "No passphrase provided");
return SSH_ERROR; return SSH_ERROR;
} }
rc = auth_fn("Passphrase", rc = auth_fn("Passphrase",
@@ -339,7 +342,11 @@ ssh_key ssh_pki_openssh_privkey_import(const char *text_key,
SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (bad magic)"); SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (bad magic)");
goto error; goto error;
} }
ssh_pki_log("Opening OpenSSH private key: ciphername: %s, kdf: %s, nkeys: %d\n", ciphername, kdfname, nkeys); SSH_LOG(SSH_LOG_INFO,
"Opening OpenSSH private key: ciphername: %s, kdf: %s, nkeys: %d\n",
ciphername,
kdfname,
nkeys);
if (nkeys != 1){ if (nkeys != 1){
SSH_LOG(SSH_LOG_WARN, "Opening OpenSSH private key: only 1 key supported (%d available)", nkeys); SSH_LOG(SSH_LOG_WARN, "Opening OpenSSH private key: only 1 key supported (%d available)", nkeys);
goto error; goto error;
@@ -383,7 +390,7 @@ ssh_key ssh_pki_openssh_privkey_import(const char *text_key,
if (padding != i){ if (padding != i){
ssh_key_free(key); ssh_key_free(key);
key = NULL; key = NULL;
ssh_pki_log("Invalid padding"); SSH_LOG(SSH_LOG_WARN, "Invalid padding");
goto error; goto error;
} }
} }
@@ -419,7 +426,7 @@ static int pki_openssh_export_privkey_blob(const ssh_key privkey,
int rc; int rc;
if (privkey->type != SSH_KEYTYPE_ED25519) { if (privkey->type != SSH_KEYTYPE_ED25519) {
ssh_pki_log("Type %s not supported", privkey->type_c); SSH_LOG(SSH_LOG_WARN, "Type %s not supported", privkey->type_c);
return SSH_ERROR; return SSH_ERROR;
} }
if (privkey->ed25519_privkey == NULL || if (privkey->ed25519_privkey == NULL ||
@@ -494,17 +501,17 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
/* We need material for key (keysize bits / 8) and IV (blocksize) */ /* We need material for key (keysize bits / 8) and IV (blocksize) */
key_material_len = cipher.keysize/8 + cipher.blocksize; key_material_len = cipher.keysize/8 + cipher.blocksize;
if (key_material_len > sizeof(key_material)){ if (key_material_len > sizeof(key_material)){
ssh_pki_log("Key material too big"); SSH_LOG(SSH_LOG_WARN, "Key material too big");
return SSH_ERROR; return SSH_ERROR;
} }
ssh_pki_log("Encryption: %d key, %d IV, %d rounds, %zu bytes salt", SSH_LOG(SSH_LOG_WARN, "Encryption: %d key, %d IV, %d rounds, %zu bytes salt",
cipher.keysize/8, cipher.keysize/8,
cipher.blocksize, rounds, ssh_string_len(salt)); cipher.blocksize, rounds, ssh_string_len(salt));
if (passphrase == NULL){ if (passphrase == NULL){
if (auth_fn == NULL){ if (auth_fn == NULL){
ssh_pki_log("No passphrase provided"); SSH_LOG(SSH_LOG_WARN, "No passphrase provided");
return SSH_ERROR; return SSH_ERROR;
} }
rc = auth_fn("Passphrase", rc = auth_fn("Passphrase",
@@ -573,11 +580,11 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
return NULL; return NULL;
} }
if (privkey->type != SSH_KEYTYPE_ED25519){ if (privkey->type != SSH_KEYTYPE_ED25519){
ssh_pki_log("Unsupported key type %s", privkey->type_c); SSH_LOG(SSH_LOG_WARN, "Unsupported key type %s", privkey->type_c);
return NULL; return NULL;
} }
if (passphrase != NULL || auth_fn != NULL){ if (passphrase != NULL || auth_fn != NULL){
ssh_pki_log("Enabling encryption for private key export"); SSH_LOG(SSH_LOG_INFO, "Enabling encryption for private key export");
to_encrypt = 1; to_encrypt = 1;
} }
buffer = ssh_buffer_new(); buffer = ssh_buffer_new();

43
src/pki_crypto.c
View File

@@ -649,11 +649,11 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
#endif #endif
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
BIO_free(mem); BIO_free(mem);
ssh_pki_log("PEM output not supported for key type ssh-ed25519"); SSH_LOG(SSH_LOG_WARN, "PEM output not supported for key type ssh-ed25519");
return NULL; return NULL;
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
BIO_free(mem); BIO_free(mem);
ssh_pki_log("Unkown or invalid private key type %d", key->type); SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", key->type);
return NULL; return NULL;
} }
@@ -696,7 +696,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
type = pki_privatekey_type_from_string(b64_key); type = pki_privatekey_type_from_string(b64_key);
if (type == SSH_KEYTYPE_UNKNOWN) { if (type == SSH_KEYTYPE_UNKNOWN) {
ssh_pki_log("Unknown or invalid private key."); SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key.");
return NULL; return NULL;
} }
@@ -720,7 +720,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
BIO_free(mem); BIO_free(mem);
if (dsa == NULL) { if (dsa == NULL) {
ssh_pki_log("Parsing private key: %s", SSH_LOG(SSH_LOG_WARN,
"Parsing private key: %s",
ERR_error_string(ERR_get_error(), NULL)); ERR_error_string(ERR_get_error(), NULL));
return NULL; return NULL;
} }
@@ -744,7 +745,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
BIO_free(mem); BIO_free(mem);
if (rsa == NULL) { if (rsa == NULL) {
ssh_pki_log("Parsing private key: %s", SSH_LOG(SSH_LOG_WARN,
"Parsing private key: %s",
ERR_error_string(ERR_get_error(),NULL)); ERR_error_string(ERR_get_error(),NULL));
return NULL; return NULL;
} }
@@ -768,7 +770,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
BIO_free(mem); BIO_free(mem);
if (ecdsa == NULL) { if (ecdsa == NULL) {
ssh_pki_log("Parsing private key: %s", SSH_LOG(SSH_LOG_WARN,
"Parsing private key: %s",
ERR_error_string(ERR_get_error(), NULL)); ERR_error_string(ERR_get_error(), NULL));
return NULL; return NULL;
} }
@@ -779,7 +782,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
/* Cannot open ed25519 keys with libcrypto */ /* Cannot open ed25519 keys with libcrypto */
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
BIO_free(mem); BIO_free(mem);
ssh_pki_log("Unkown or invalid private key type %d", type); SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", type);
return NULL; return NULL;
} }
@@ -1247,7 +1250,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
break; break;
default: default:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
ssh_pki_log("Unknown signature key type: %s", sig->type_c); SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %s", sig->type_c);
return NULL; return NULL;
} }
@@ -1267,19 +1270,21 @@ static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey,
size_t len = ssh_string_len(sig_blob); size_t len = ssh_string_len(sig_blob);
if (pubkey->rsa == NULL) { if (pubkey->rsa == NULL) {
ssh_pki_log("Pubkey RSA field NULL"); SSH_LOG(SSH_LOG_WARN, "Pubkey RSA field NULL");
goto errout; goto errout;
} }
rsalen = RSA_size(pubkey->rsa); rsalen = RSA_size(pubkey->rsa);
if (len > rsalen) { if (len > rsalen) {
ssh_pki_log("Signature is too big: %lu > %lu", SSH_LOG(SSH_LOG_WARN,
(unsigned long)len, (unsigned long)rsalen); "Signature is too big: %lu > %lu",
(unsigned long)len,
(unsigned long)rsalen);
goto errout; goto errout;
} }
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_pki_log("RSA signature len: %lu", (unsigned long)len); SSH_LOG(SSH_LOG_WARN, "RSA signature len: %lu", (unsigned long)len);
ssh_print_hexa("RSA signature", ssh_string_data(sig_blob), len); ssh_print_hexa("RSA signature", ssh_string_data(sig_blob), len);
#endif #endif
@@ -1287,8 +1292,10 @@ static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey,
sig->rsa_sig = ssh_string_copy(sig_blob); sig->rsa_sig = ssh_string_copy(sig_blob);
} else { } else {
/* pad the blob to the expected rsalen size */ /* pad the blob to the expected rsalen size */
ssh_pki_log("RSA signature len %lu < %lu", SSH_LOG(SSH_LOG_DEBUG,
(unsigned long)len, (unsigned long)rsalen); "RSA signature len %lu < %lu",
(unsigned long)len,
(unsigned long)rsalen);
pad_len = rsalen - len; pad_len = rsalen - len;
@@ -1339,7 +1346,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
case SSH_KEYTYPE_DSS: case SSH_KEYTYPE_DSS:
/* 40 is the dual signature blob len. */ /* 40 is the dual signature blob len. */
if (len != 40) { if (len != 40) {
ssh_pki_log("Signature has wrong size: %lu", SSH_LOG(SSH_LOG_WARN,
"Signature has wrong size: %lu",
(unsigned long)len); (unsigned long)len);
ssh_signature_free(sig); ssh_signature_free(sig);
return NULL; return NULL;
@@ -1457,7 +1465,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
} }
if (rlen != 0) { if (rlen != 0) {
ssh_pki_log("Signature has remaining bytes in inner " SSH_LOG(SSH_LOG_WARN,
"Signature has remaining bytes in inner "
"sigblob: %lu", "sigblob: %lu",
(unsigned long)rlen); (unsigned long)rlen);
ssh_signature_free(sig); ssh_signature_free(sig);
@@ -1476,7 +1485,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
break; break;
default: default:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
ssh_pki_log("Unknown signature type"); SSH_LOG(SSH_LOG_WARN, "Unknown signature type");
ssh_signature_free(sig); ssh_signature_free(sig);
return NULL; return NULL;
} }

2
src/pki_ed25519.c
View File

@@ -290,7 +290,7 @@ int pki_ed25519_sig_from_blob(ssh_signature sig, ssh_string sig_blob)
len = ssh_string_len(sig_blob); len = ssh_string_len(sig_blob);
if (len != ED25519_SIG_LEN){ if (len != ED25519_SIG_LEN){
ssh_pki_log("Invalid ssh-ed25519 signature len: %zu", len); SSH_LOG(SSH_LOG_WARN, "Invalid ssh-ed25519 signature len: %zu", len);
return SSH_ERROR; return SSH_ERROR;
} }

30
src/pki_gcrypt.c
View File

@@ -622,7 +622,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
type = pki_privatekey_type_from_string(b64_key); type = pki_privatekey_type_from_string(b64_key);
if (type == SSH_KEYTYPE_UNKNOWN) { if (type == SSH_KEYTYPE_UNKNOWN) {
ssh_pki_log("Unknown or invalid private key."); SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key.");
return NULL; return NULL;
} }
@@ -642,7 +642,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
} }
if (!valid) { if (!valid) {
ssh_pki_log("Parsing private key"); SSH_LOG(SSH_LOG_WARN, "Parsing private key");
goto fail; goto fail;
} }
break; break;
@@ -662,7 +662,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
} }
if (!valid) { if (!valid) {
ssh_pki_log("Parsing private key"); SSH_LOG(SSH_LOG_WARN, "Parsing private key");
goto fail; goto fail;
} }
break; break;
@@ -671,7 +671,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:
ssh_pki_log("Unkown or invalid private key type %d", type); SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", type);
return NULL; return NULL;
} }
@@ -1461,7 +1461,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:
ssh_pki_log("Unknown signature key type: %d", sig->type); SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %d", sig->type);
return NULL; return NULL;
break; break;
} }
@@ -1492,14 +1492,17 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
case SSH_KEYTYPE_DSS: case SSH_KEYTYPE_DSS:
/* 40 is the dual signature blob len. */ /* 40 is the dual signature blob len. */
if (len != 40) { if (len != 40) {
ssh_pki_log("Signature has wrong size: %lu", SSH_LOG(SSH_LOG_WARN,
"Signature has wrong size: %lu",
(unsigned long)len); (unsigned long)len);
ssh_signature_free(sig); ssh_signature_free(sig);
return NULL; return NULL;
} }
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_pki_log("DSA signature len: %lu", (unsigned long)len); SSH_LOG(SSH_LOG_DEBUG,
"DSA signature len: %lu",
(unsigned long)len);
ssh_print_hexa("DSA signature", ssh_string_data(sig_blob), len); ssh_print_hexa("DSA signature", ssh_string_data(sig_blob), len);
#endif #endif
@@ -1520,19 +1523,22 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
rsalen = (gcry_pk_get_nbits(pubkey->rsa) + 7) / 8; rsalen = (gcry_pk_get_nbits(pubkey->rsa) + 7) / 8;
if (len > rsalen) { if (len > rsalen) {
ssh_pki_log("Signature is to big size: %lu", SSH_LOG(SSH_LOG_WARN,
"Signature is to big size: %lu",
(unsigned long)len); (unsigned long)len);
ssh_signature_free(sig); ssh_signature_free(sig);
return NULL; return NULL;
} }
if (len < rsalen) { if (len < rsalen) {
ssh_pki_log("RSA signature len %lu < %lu", SSH_LOG(SSH_LOG_DEBUG,
(unsigned long)len, (unsigned long)rsalen); "RSA signature len %lu < %lu",
(unsigned long)len,
(unsigned long)rsalen);
} }
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_pki_log("RSA signature len: %lu", (unsigned long)len); SSH_LOG(SSH_LOG_DEBUG, "RSA signature len: %lu", (unsigned long)len);
ssh_print_hexa("RSA signature", ssh_string_data(sig_blob), len); ssh_print_hexa("RSA signature", ssh_string_data(sig_blob), len);
#endif #endif
@@ -1556,7 +1562,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:
ssh_pki_log("Unknown signature type"); SSH_LOG(SSH_LOG_WARN, "Unknown signature type");
return NULL; return NULL;
} }

10
tests/unittests/torture_pki.c
View File

@@ -1265,8 +1265,6 @@ static void torture_pki_write_privkey_rsa(void **state)
(void) state; /* unused */ (void) state; /* unused */
ssh_set_log_level(5);
rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY, rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
NULL, NULL,
NULL, NULL,
@@ -1305,8 +1303,6 @@ static void torture_pki_write_privkey_dsa(void **state)
(void) state; /* unused */ (void) state; /* unused */
ssh_set_log_level(5);
rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY, rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY,
NULL, NULL,
NULL, NULL,
@@ -1346,8 +1342,6 @@ static void torture_pki_write_privkey_ecdsa(void **state)
(void) state; /* unused */ (void) state; /* unused */
ssh_set_log_level(5);
rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY, rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY,
NULL, NULL,
NULL, NULL,
@@ -1387,8 +1381,6 @@ static void torture_pki_write_privkey_ed25519(void **state){
(void) state; /* unused */ (void) state; /* unused */
ssh_set_log_level(5);
rc = ssh_pki_import_privkey_file(LIBSSH_ED25519_TESTKEY, rc = ssh_pki_import_privkey_file(LIBSSH_ED25519_TESTKEY,
NULL, NULL,
NULL, NULL,
@@ -1457,8 +1449,6 @@ static void torture_pki_ecdsa_name(void **state, const char *expected_name)
(void) state; /* unused */ (void) state; /* unused */
ssh_set_log_level(5);
rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY, NULL, NULL, NULL, &key); rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY, NULL, NULL, NULL, &key);
assert_true(rc == 0); assert_true(rc == 0);