diff --git a/src/agent.c b/src/agent.c index bb4d35a6..8ada57fb 100644 --- a/src/agent.c +++ b/src/agent.c @@ -278,12 +278,12 @@ static int agent_talk(struct ssh_session_struct *session, if (atomicio(session->agent, payload, 4, 0) == 4) { if (atomicio(session->agent, ssh_buffer_get(request), len, 0) != len) { - SSH_LOG(SSH_LOG_WARN, "atomicio sending request failed: %s", - ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); + SSH_LOG(SSH_LOG_TRACE, "atomicio sending request failed: %s", + strerror(errno)); return -1; } } else { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "atomicio sending request length failed: %s", ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); return -1; @@ -291,8 +291,8 @@ static int agent_talk(struct ssh_session_struct *session, /* wait for response, read the length of the response packet */ if (atomicio(session->agent, payload, 4, 1) != 4) { - SSH_LOG(SSH_LOG_WARN, "atomicio read response length failed: %s", - ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); + SSH_LOG(SSH_LOG_TRACE, "atomicio read response length failed: %s", + strerror(errno)); return -1; } @@ -367,7 +367,7 @@ uint32_t ssh_agent_get_ident_count(struct ssh_session_struct *session) type = bswap_32(type); #endif - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Answer type: %d, expected answer: %d", type, SSH2_AGENT_IDENTITIES_ANSWER); diff --git a/src/auth.c b/src/auth.c index aeac3aa3..b991bf99 100644 --- a/src/auth.c +++ b/src/auth.c @@ -72,7 +72,7 @@ static int ssh_userauth_request_service(ssh_session session) rc = ssh_service_request(session, "ssh-userauth"); if ((rc != SSH_OK) && (rc != SSH_AGAIN)) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Failed to request \"ssh-userauth\" service"); } @@ -202,7 +202,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_banner) { banner = ssh_buffer_get_ssh_string(packet); if (banner == NULL) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Invalid SSH_USERAUTH_BANNER packet"); } else { SSH_LOG(SSH_LOG_DEBUG, @@ -1288,7 +1288,7 @@ int ssh_userauth_publickey_auto(ssh_session session, rc = ssh_pki_export_pubkey_file(state->pubkey, pubkey_file); if (rc == SSH_ERROR) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Could not write public key to file: %s", pubkey_file); } @@ -1298,7 +1298,7 @@ int ssh_userauth_publickey_auto(ssh_session session, if (state->state == SSH_AUTH_AUTO_STATE_KEY_IMPORTED) { rc = ssh_userauth_try_publickey(session, username, state->pubkey); if (rc == SSH_AUTH_ERROR) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Public key authentication error for %s", privkey_file); ssh_key_free(state->privkey); diff --git a/src/bind_config.c b/src/bind_config.c index e8b9729e..a2f2efe4 100644 --- a/src/bind_config.c +++ b/src/bind_config.c @@ -363,7 +363,7 @@ ssh_bind_config_parse_line(ssh_bind bind, if (p && (*parser_flags & PARSING)) { rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY, p); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "line %d: Failed to set Hostkey value '%s'", count, p); } @@ -374,7 +374,7 @@ ssh_bind_config_parse_line(ssh_bind bind, if (p && (*parser_flags & PARSING)) { rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDADDR, p); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "line %d: Failed to set ListenAddress value '%s'", count, p); } @@ -385,7 +385,7 @@ ssh_bind_config_parse_line(ssh_bind bind, if (p && (*parser_flags & PARSING)) { rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDPORT_STR, p); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "line %d: Failed to set Port value '%s'", count, p); } @@ -396,7 +396,7 @@ ssh_bind_config_parse_line(ssh_bind bind, if (p && (*parser_flags & PARSING)) { rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_C_S, p); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "line %d: Failed to set C->S Ciphers value '%s'", count, p); break; @@ -404,7 +404,7 @@ ssh_bind_config_parse_line(ssh_bind bind, rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_S_C, p); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "line %d: Failed to set S->C Ciphers value '%s'", count, p); } @@ -415,7 +415,7 @@ ssh_bind_config_parse_line(ssh_bind bind, if (p && (*parser_flags & PARSING)) { rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HMAC_C_S, p); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "line %d: Failed to set C->S MAC value '%s'", count, p); break; @@ -423,7 +423,7 @@ ssh_bind_config_parse_line(ssh_bind bind, rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HMAC_S_C, p); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "line %d: Failed to set S->C MAC value '%s'", count, p); } @@ -453,7 +453,7 @@ ssh_bind_config_parse_line(ssh_bind bind, rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_LOG_VERBOSITY, &value); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "line %d: Failed to set LogLevel value '%s'", count, p); } @@ -465,7 +465,7 @@ ssh_bind_config_parse_line(ssh_bind bind, if (p && (*parser_flags & PARSING)) { rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_KEY_EXCHANGE, p); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "line %d: Failed to set KexAlgorithms value '%s'", count, p); } @@ -540,7 +540,7 @@ ssh_bind_config_parse_line(ssh_bind bind, /* Skip one argument */ p = ssh_config_get_str_tok(&s, NULL); if (p == NULL || p[0] == '\0') { - SSH_LOG(SSH_LOG_WARN, "line %d: Match keyword " + SSH_LOG(SSH_LOG_TRACE, "line %d: Match keyword " "'%s' requires argument\n", count, p2); SAFE_FREE(x); return -1; @@ -576,7 +576,7 @@ ssh_bind_config_parse_line(ssh_bind bind, rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, p); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "line %d: Failed to set PubKeyAcceptedKeyTypes value '%s'", count, p); } @@ -588,7 +588,7 @@ ssh_bind_config_parse_line(ssh_bind bind, rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, p); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "line %d: Failed to set HostkeyAlgorithms value '%s'", count, p); } @@ -599,15 +599,15 @@ ssh_bind_config_parse_line(ssh_bind bind, keyword, count); break; case BIND_CFG_UNKNOWN: - SSH_LOG(SSH_LOG_WARN, "Unknown option: %s, line: %d", + SSH_LOG(SSH_LOG_TRACE, "Unknown option: %s, line: %d", keyword, count); break; case BIND_CFG_UNSUPPORTED: - SSH_LOG(SSH_LOG_WARN, "Unsupported option: %s, line: %d", + SSH_LOG(SSH_LOG_TRACE, "Unsupported option: %s, line: %d", keyword, count); break; case BIND_CFG_NA: - SSH_LOG(SSH_LOG_WARN, "Option not applicable: %s, line: %d", + SSH_LOG(SSH_LOG_TRACE, "Option not applicable: %s, line: %d", keyword, count); break; default: diff --git a/src/buffer.c b/src/buffer.c index 85979388..24bb4e80 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -878,7 +878,7 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer, cstring = NULL; break; default: - SSH_LOG(SSH_LOG_WARN, "Invalid buffer format %c", *p); + SSH_LOG(SSH_LOG_TRACE, "Invalid buffer format %c", *p); rc = SSH_ERROR; } if (rc != SSH_OK){ @@ -1007,7 +1007,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, cstring = NULL; break; default: - SSH_LOG(SSH_LOG_WARN, "Invalid buffer format %c", *p); + SSH_LOG(SSH_LOG_TRACE, "Invalid buffer format %c", *p); rc = SSH_ERROR; } if (rc != SSH_OK){ @@ -1239,7 +1239,7 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer, rc = SSH_OK; break; default: - SSH_LOG(SSH_LOG_WARN, "Invalid buffer format %c", *p); + SSH_LOG(SSH_LOG_TRACE, "Invalid buffer format %c", *p); } if (rc != SSH_OK) { break; diff --git a/src/channels.c b/src/channels.c index 1d422801..73a6ffe4 100644 --- a/src/channels.c +++ b/src/channels.c @@ -1453,7 +1453,7 @@ static int channel_write_common(ssh_channel channel, } if (len > INT_MAX) { - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_TRACE, "Length (%u) is bigger than INT_MAX", len); return SSH_ERROR; } diff --git a/src/client.c b/src/client.c index d3e68e98..d80d9e5c 100644 --- a/src/client.c +++ b/src/client.c @@ -73,7 +73,7 @@ static void socket_callback_connected(int code, int errno_code, void *user) return; } - SSH_LOG(SSH_LOG_RARE,"Socket connection callback: %d (%d)",code, errno_code); + SSH_LOG(SSH_LOG_TRACE,"Socket connection callback: %d (%d)",code, errno_code); if(code == SSH_SOCKET_CONNECTED_OK) session->session_state=SSH_SESSION_STATE_SOCKET_CONNECTED; else { diff --git a/src/config.c b/src/config.c index ddc96e75..6e762eef 100644 --- a/src/config.c +++ b/src/config.c @@ -500,7 +500,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing) next ? next : "", hostname); if (rv < 0 || rv >= (int)sizeof(com)) { - SSH_LOG(SSH_LOG_WARN, "Too long ProxyJump configuration line"); + SSH_LOG(SSH_LOG_TRACE, "Too long ProxyJump configuration line"); rv = SSH_ERROR; goto out; } @@ -712,7 +712,7 @@ ssh_config_parse_line(ssh_session session, /* Skip one argument (including in quotes) */ p = ssh_config_get_token(&s); if (p == NULL || p[0] == '\0') { - SSH_LOG(SSH_LOG_WARN, "line %d: Match keyword " + SSH_LOG(SSH_LOG_TRACE, "line %d: Match keyword " "'%s' requires argument", count, p2); SAFE_FREE(x); return -1; @@ -739,7 +739,7 @@ ssh_config_parse_line(ssh_session session, } localuser = ssh_get_local_username(); if (localuser == NULL) { - SSH_LOG(SSH_LOG_WARN, "line %d: Can not get local username " + SSH_LOG(SSH_LOG_TRACE, "line %d: Can not get local username " "for conditional matching.", count); SAFE_FREE(x); return -1; @@ -753,13 +753,13 @@ ssh_config_parse_line(ssh_session session, /* Skip one argument */ p = ssh_config_get_str_tok(&s, NULL); if (p == NULL || p[0] == '\0') { - SSH_LOG(SSH_LOG_WARN, "line %d: Match keyword " + SSH_LOG(SSH_LOG_TRACE, "line %d: Match keyword " "'%s' requires argument", count, p2); SAFE_FREE(x); return -1; } args++; - SSH_LOG(SSH_LOG_INFO, + SSH_LOG(SSH_LOG_TRACE, "line %d: Unsupported Match keyword '%s', ignoring", count, p2); @@ -1014,13 +1014,13 @@ ssh_config_parse_line(ssh_session session, ll = strtoll(p, &endp, 10); if (p == endp || ll < 0) { /* No number or negative */ - SSH_LOG(SSH_LOG_WARN, "Invalid argument to rekey limit"); + SSH_LOG(SSH_LOG_TRACE, "Invalid argument to rekey limit"); break; } switch (*endp) { case 'G': if (ll > LLONG_MAX / 1024) { - SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); + SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit"); ll = -1; break; } @@ -1028,7 +1028,7 @@ ssh_config_parse_line(ssh_session session, FALL_THROUGH; case 'M': if (ll > LLONG_MAX / 1024) { - SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); + SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit"); ll = -1; break; } @@ -1036,7 +1036,7 @@ ssh_config_parse_line(ssh_session session, FALL_THROUGH; case 'K': if (ll > LLONG_MAX / 1024) { - SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); + SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit"); ll = -1; break; } @@ -1052,7 +1052,7 @@ ssh_config_parse_line(ssh_session session, break; } if (*endp != ' ' && *endp != '\0') { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Invalid trailing characters after the rekey limit: %s", endp); break; @@ -1073,14 +1073,14 @@ ssh_config_parse_line(ssh_session session, ll = strtoll(p, &endp, 10); if (p == endp || ll < 0) { /* No number or negative */ - SSH_LOG(SSH_LOG_WARN, "Invalid argument to rekey limit"); + SSH_LOG(SSH_LOG_TRACE, "Invalid argument to rekey limit"); break; } switch (*endp) { case 'w': case 'W': if (ll > LLONG_MAX / 7) { - SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); + SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit"); ll = -1; break; } @@ -1089,7 +1089,7 @@ ssh_config_parse_line(ssh_session session, case 'd': case 'D': if (ll > LLONG_MAX / 24) { - SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); + SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit"); ll = -1; break; } @@ -1098,7 +1098,7 @@ ssh_config_parse_line(ssh_session session, case 'h': case 'H': if (ll > LLONG_MAX / 60) { - SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); + SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit"); ll = -1; break; } @@ -1107,7 +1107,7 @@ ssh_config_parse_line(ssh_session session, case 'm': case 'M': if (ll > LLONG_MAX / 60) { - SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); + SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit"); ll = -1; break; } @@ -1126,7 +1126,7 @@ ssh_config_parse_line(ssh_session session, break; } if (*endp != '\0') { - SSH_LOG(SSH_LOG_WARN, "Invalid trailing characters after the" + SSH_LOG(SSH_LOG_TRACE, "Invalid trailing characters after the" " rekey limit: %s", endp); break; } @@ -1162,7 +1162,7 @@ ssh_config_parse_line(ssh_session session, } break; case SOC_NA: - SSH_LOG(SSH_LOG_INFO, "Unapplicable option: %s, line: %d", + SSH_LOG(SSH_LOG_TRACE, "Unapplicable option: %s, line: %d", keyword, count); break; case SOC_UNSUPPORTED: @@ -1170,7 +1170,7 @@ ssh_config_parse_line(ssh_session session, keyword, count); break; case SOC_UNKNOWN: - SSH_LOG(SSH_LOG_INFO, "Unknown option: %s, line: %d", + SSH_LOG(SSH_LOG_TRACE, "Unknown option: %s, line: %d", keyword, count); break; case SOC_IDENTITYAGENT: @@ -1268,12 +1268,12 @@ int ssh_config_parse_string(ssh_session session, const char *input) } if (c == NULL) { /* should not happen, would mean a string without trailing '\0' */ - SSH_LOG(SSH_LOG_WARN, "No trailing '\\0' in config string"); + SSH_LOG(SSH_LOG_TRACE, "No trailing '\\0' in config string"); return SSH_ERROR; } line_len = c - line_start; if (line_len > MAX_LINE_SIZE - 1) { - SSH_LOG(SSH_LOG_WARN, "Line %u too long: %u characters", + SSH_LOG(SSH_LOG_TRACE, "Line %u too long: %u characters", line_num, line_len); return SSH_ERROR; } diff --git a/src/config_parser.c b/src/config_parser.c index 2f91d39f..d0919eea 100644 --- a/src/config_parser.c +++ b/src/config_parser.c @@ -246,7 +246,7 @@ int ssh_config_parse_uri(const char *tok, /* Verify the port is valid positive number */ port_n = strtol(endp + 1, &port_end, 10); if (port_n < 1 || *port_end != '\0') { - SSH_LOG(SSH_LOG_WARN, "Failed to parse port number." + SSH_LOG(SSH_LOG_TRACE, "Failed to parse port number." " The value '%ld' is invalid or there are some" " trailing characters: '%s'", port_n, port_end); goto error; diff --git a/src/error.c b/src/error.c index 6b6e1922..3f8d78cd 100644 --- a/src/error.c +++ b/src/error.c @@ -63,8 +63,8 @@ void _ssh_set_error(void *error, va_end(va); err->error.error_code = code; - if (ssh_get_log_level() >= SSH_LOG_WARN) { - ssh_log_function(SSH_LOG_WARN, + if (ssh_get_log_level() == SSH_LOG_TRACE) { + ssh_log_function(SSH_LOG_TRACE, function, err->error.error_buffer); } diff --git a/src/gssapi.c b/src/gssapi.c index bbfcb6e6..f60f8d72 100644 --- a/src/gssapi.c +++ b/src/gssapi.c @@ -246,7 +246,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user, continue; } if(len < 2 || oid_s[0] != SSH_OID_TAG || ((size_t)oid_s[1]) != len - 2){ - SSH_LOG(SSH_LOG_WARNING,"GSSAPI: received invalid OID"); + SSH_LOG(SSH_LOG_TRACE,"GSSAPI: received invalid OID"); continue; } oid.elements = &oid_s[2]; @@ -288,8 +288,8 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user, gss_release_oid_set(&min_stat, &both_supported); if (maj_stat != GSS_S_COMPLETE) { - SSH_LOG(SSH_LOG_WARNING, "error acquiring credentials %d, %d", maj_stat, min_stat); - ssh_gssapi_log_error(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_TRACE, "error acquiring credentials %d, %d", maj_stat, min_stat); + ssh_gssapi_log_error(SSH_LOG_TRACE, "acquiring creds", maj_stat, min_stat); @@ -308,7 +308,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user, continue; } if(len < 2 || oid_s[0] != SSH_OID_TAG || ((size_t)oid_s[1]) != len - 2){ - SSH_LOG(SSH_LOG_WARNING,"GSSAPI: received invalid OID"); + SSH_LOG(SSH_LOG_TRACE,"GSSAPI: received invalid OID"); continue; } oid.elements = &oid_s[2]; diff --git a/src/kex.c b/src/kex.c index 192eb881..52d9c2ee 100644 --- a/src/kex.c +++ b/src/kex.c @@ -601,7 +601,7 @@ char *ssh_client_select_hostkeys(ssh_session session) /* This removes the certificate types, unsupported for now */ wanted_without_certs = ssh_find_all_matching(HOSTKEYS, wanted); if (wanted_without_certs == NULL) { - SSH_LOG(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_TRACE, "List of allowed host key algorithms is empty or contains only " "unsupported algorithms"); return NULL; @@ -654,7 +654,7 @@ char *ssh_client_select_hostkeys(ssh_session session) fips_hostkeys = ssh_keep_fips_algos(SSH_HOSTKEYS, new_hostkeys); SAFE_FREE(new_hostkeys); if (fips_hostkeys == NULL) { - SSH_LOG(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_TRACE, "None of the wanted host keys or keys in known_hosts files " "is allowed in FIPS mode."); return NULL; @@ -1141,7 +1141,7 @@ int ssh_make_sessionid(ssh_session session) case SSH_KEX_ECDH_SHA2_NISTP521: if (session->next_crypto->ecdh_client_pubkey == NULL || session->next_crypto->ecdh_server_pubkey == NULL) { - SSH_LOG(SSH_LOG_WARNING, "ECDH parameted missing"); + SSH_LOG(SSH_LOG_TRACE, "ECDH parameted missing"); goto error; } rc = ssh_buffer_pack(buf, diff --git a/src/knownhosts.c b/src/knownhosts.c index 49bdf574..1f52dedc 100644 --- a/src/knownhosts.c +++ b/src/knownhosts.c @@ -235,7 +235,7 @@ static int ssh_known_hosts_read_entries(const char *match, fp = fopen(filename, "r"); if (fp == NULL) { char err_msg[SSH_ERRNO_MSG_MAX] = {0}; - SSH_LOG(SSH_LOG_WARN, "Failed to open the known_hosts file '%s': %s", + SSH_LOG(SSH_LOG_TRACE, "Failed to open the known_hosts file '%s': %s", filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); /* The missing file is not an error here */ return SSH_OK; @@ -503,7 +503,7 @@ static const char *ssh_known_host_sigs_from_hostkey_type(enum ssh_keytypes_e typ #endif case SSH_KEYTYPE_UNKNOWN: default: - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "The given type %d is not a base private key type " "or is unsupported", type); @@ -749,7 +749,7 @@ int ssh_known_hosts_parse_line(const char *hostname, key_type = ssh_key_type_from_name(p); if (key_type == SSH_KEYTYPE_UNKNOWN) { - SSH_LOG(SSH_LOG_WARN, "key type '%s' unknown!", p); + SSH_LOG(SSH_LOG_TRACE, "key type '%s' unknown!", p); rc = SSH_ERROR; goto out; } @@ -765,7 +765,7 @@ int ssh_known_hosts_parse_line(const char *hostname, key_type, &e->publickey); if (rc != SSH_OK) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Failed to parse %s key for entry: %s!", ssh_key_type_to_char(key_type), e->unparsed); @@ -836,7 +836,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session) if (session->opts.knownhosts != NULL) { known_hosts_found = ssh_file_readaccess_ok(session->opts.knownhosts); if (!known_hosts_found) { - SSH_LOG(SSH_LOG_WARN, "Cannot access file %s", + SSH_LOG(SSH_LOG_TRACE, "Cannot access file %s", session->opts.knownhosts); } } @@ -845,7 +845,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session) global_known_hosts_found = ssh_file_readaccess_ok(session->opts.global_knownhosts); if (!global_known_hosts_found) { - SSH_LOG(SSH_LOG_WARN, "Cannot access file %s", + SSH_LOG(SSH_LOG_TRACE, "Cannot access file %s", session->opts.global_knownhosts); } } diff --git a/src/libcrypto.c b/src/libcrypto.c index 468b63f0..d2fe2289 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -104,7 +104,7 @@ ENGINE *pki_get_engine(void) engine = ENGINE_by_id("pkcs11"); if (engine == NULL) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Could not load the engine: %s", ERR_error_string(ERR_get_error(), NULL)); return NULL; @@ -113,7 +113,7 @@ ENGINE *pki_get_engine(void) ok = ENGINE_init(engine); if (!ok) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Could not initialize the engine: %s", ERR_error_string(ERR_get_error(), NULL)); ENGINE_free(engine); @@ -444,10 +444,10 @@ static void evp_cipher_init(struct ssh_cipher_struct *cipher) /* ciphers not using EVP */ #endif /* WITH_BLOWFISH_CIPHER */ case SSH_AEAD_CHACHA20_POLY1305: - SSH_LOG(SSH_LOG_WARNING, "The ChaCha cipher cannot be handled here"); + SSH_LOG(SSH_LOG_TRACE, "The ChaCha cipher cannot be handled here"); break; case SSH_NO_CIPHER: - SSH_LOG(SSH_LOG_WARNING, "No valid ciphertype found"); + SSH_LOG(SSH_LOG_TRACE, "No valid ciphertype found"); break; } } @@ -461,7 +461,7 @@ static int evp_cipher_set_encrypt_key(struct ssh_cipher_struct *cipher, rc = EVP_EncryptInit_ex(cipher->ctx, cipher->cipher, NULL, key, IV); if (rc != 1){ - SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptInit_ex failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptInit_ex failed"); return SSH_ERROR; } @@ -473,7 +473,7 @@ static int evp_cipher_set_encrypt_key(struct ssh_cipher_struct *cipher, -1, (uint8_t *)IV); if (rc != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_SET_IV_FIXED failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_SET_IV_FIXED failed"); return SSH_ERROR; } } @@ -491,7 +491,7 @@ static int evp_cipher_set_decrypt_key(struct ssh_cipher_struct *cipher, rc = EVP_DecryptInit_ex(cipher->ctx, cipher->cipher, NULL, key, IV); if (rc != 1){ - SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptInit_ex failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptInit_ex failed"); return SSH_ERROR; } @@ -503,7 +503,7 @@ static int evp_cipher_set_decrypt_key(struct ssh_cipher_struct *cipher, -1, (uint8_t *)IV); if (rc != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_SET_IV_FIXED failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_SET_IV_FIXED failed"); return SSH_ERROR; } } @@ -528,7 +528,7 @@ static void evp_cipher_encrypt(struct ssh_cipher_struct *cipher, (unsigned char *)in, (int)len); if (rc != 1){ - SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptUpdate failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptUpdate failed"); return; } if (outlen != (int)len){ @@ -554,7 +554,7 @@ static void evp_cipher_decrypt(struct ssh_cipher_struct *cipher, (unsigned char *)in, (int)len); if (rc != 1){ - SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptUpdate failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptUpdate failed"); return; } if (outlen != (int)len){ @@ -613,7 +613,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher, 1, lastiv); if (rc == 0) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_IV_GEN failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_IV_GEN failed"); return; } @@ -625,7 +625,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher, (int)aadlen); outlen = tmplen; if (rc == 0 || outlen != aadlen) { - SSH_LOG(SSH_LOG_WARNING, "Failed to pass authenticated data"); + SSH_LOG(SSH_LOG_TRACE, "Failed to pass authenticated data"); return; } memcpy(out, in, aadlen); @@ -638,7 +638,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher, (int)len - aadlen); outlen = tmplen; if (rc != 1 || outlen != (int)len - aadlen) { - SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptUpdate failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptUpdate failed"); return; } @@ -647,7 +647,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher, NULL, &tmplen); if (rc < 0) { - SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptFinal failed: Failed to create a tag"); + SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptFinal failed: Failed to create a tag"); return; } @@ -656,7 +656,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher, authlen, (unsigned char *)tag); if (rc != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_GET_TAG failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_GET_TAG failed"); return; } } @@ -684,7 +684,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher, 1, lastiv); if (rc == 0) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_IV_GEN failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_IV_GEN failed"); return SSH_ERROR; } @@ -694,7 +694,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher, authlen, (unsigned char *)complete_packet + aadlen + encrypted_size); if (rc == 0) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_SET_TAG failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_SET_TAG failed"); return SSH_ERROR; } @@ -705,7 +705,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher, (unsigned char *)complete_packet, (int)aadlen); if (rc == 0) { - SSH_LOG(SSH_LOG_WARNING, "Failed to pass authenticated data"); + SSH_LOG(SSH_LOG_TRACE, "Failed to pass authenticated data"); return SSH_ERROR; } /* Do not copy the length to the target buffer, because it is already processed */ @@ -718,12 +718,12 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher, (unsigned char *)complete_packet + aadlen, encrypted_size /* already substracted aadlen*/); if (rc != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptUpdate failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptUpdate failed"); return SSH_ERROR; } if (outlen != (int)encrypted_size) { - SSH_LOG(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptUpdate: output size %d for %zd in", outlen, encrypted_size); @@ -735,7 +735,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher, NULL, &outlen); if (rc < 0) { - SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptFinal failed: Failed authentication"); + SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptFinal failed: Failed authentication"); return SSH_ERROR; } @@ -817,24 +817,24 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher, /* K2 uses the first half of the key */ ctx->main_evp = EVP_CIPHER_CTX_new(); if (ctx->main_evp == NULL) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CIPHER_CTX_new failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CIPHER_CTX_new failed"); goto out; } rv = EVP_EncryptInit_ex(ctx->main_evp, EVP_chacha20(), NULL, u8key, NULL); if (rv != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CipherInit failed"); goto out; } /* K1 uses the second half of the key */ ctx->header_evp = EVP_CIPHER_CTX_new(); if (ctx->header_evp == NULL) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CIPHER_CTX_new failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CIPHER_CTX_new failed"); goto out; } ret = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL, u8key + CHACHA20_KEYLEN, NULL); if (ret != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CipherInit failed"); goto out; } @@ -844,18 +844,18 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher, #if OPENSSL_VERSION_NUMBER < 0x30000000L ctx->mctx = EVP_MD_CTX_new(); if (ctx->mctx == NULL) { - SSH_LOG(SSH_LOG_WARNING, "EVP_MD_CTX_new failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_MD_CTX_new failed"); return SSH_ERROR; } #else mac = EVP_MAC_fetch(NULL, "poly1305", NULL); if (mac == NULL) { - SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_fetch failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_fetch failed"); goto out; } ctx->mctx = EVP_MAC_CTX_new(mac); if (ctx->mctx == NULL) { - SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_CTX_new failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_CTX_new failed"); goto out; } #endif /* OPENSSL_VERSION_NUMBER */ @@ -893,13 +893,13 @@ chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher, ret = EVP_CipherInit_ex(ctx->header_evp, NULL, NULL, NULL, seqbuf, do_encrypt); if (ret != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit_ex(header_evp) failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CipherInit_ex(header_evp) failed"); return SSH_ERROR; } ret = EVP_CipherInit_ex(ctx->main_evp, NULL, NULL, NULL, seqbuf, do_encrypt); if (ret != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit_ex(main_evp) failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CipherInit_ex(main_evp) failed"); return SSH_ERROR; } @@ -928,7 +928,7 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher, rv = EVP_CipherUpdate(ctx->main_evp, poly_key, &len, (unsigned char *)zero_block, sizeof(zero_block)); if (rv != 1 || len != CHACHA20_BLOCKSIZE) { - SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptUpdate failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptUpdate failed"); goto out; } #ifdef DEBUG_CRYPTO @@ -942,12 +942,12 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher, ctx->key = EVP_PKEY_new_mac_key(EVP_PKEY_POLY1305, NULL, poly_key, POLY1305_KEYLEN); if (ctx->key == NULL) { - SSH_LOG(SSH_LOG_WARNING, "EVP_PKEY_new_mac_key failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_PKEY_new_mac_key failed"); goto out; } rv = EVP_DigestSignInit(ctx->mctx, &ctx->pctx, NULL, NULL, ctx->key); if (rv != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_DigestSignInit failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_DigestSignInit failed"); goto out; } } else { @@ -956,14 +956,14 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher, EVP_PKEY_CTRL_SET_MAC_KEY, POLY1305_KEYLEN, (void *)poly_key); if (rv <= 0) { - SSH_LOG(SSH_LOG_WARNING, "EVP_PKEY_CTX_ctrl failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_PKEY_CTX_ctrl failed"); goto out; } } #else rv = EVP_MAC_init(ctx->mctx, poly_key, POLY1305_KEYLEN, NULL); if (rv != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_init failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_init failed"); goto out; } #endif /* OPENSSL_VERSION_NUMBER */ @@ -1000,7 +1000,7 @@ chacha20_poly1305_aead_decrypt_length(struct ssh_cipher_struct *cipher, rv = EVP_CipherUpdate(ctx->header_evp, out, &outlen, in, len); if (rv != 1 || outlen != sizeof(uint32_t)) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CipherUpdate failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CipherUpdate failed"); return SSH_ERROR; } @@ -1010,7 +1010,7 @@ chacha20_poly1305_aead_decrypt_length(struct ssh_cipher_struct *cipher, rv = EVP_CipherFinal_ex(ctx->header_evp, out + outlen, &outlen); if (rv != 1 || outlen != 0) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CipherFinal_ex failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CipherFinal_ex failed"); return SSH_ERROR; } @@ -1035,7 +1035,7 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher, /* Prepare the Poly1305 key */ rv = chacha20_poly1305_packet_setup(cipher, seq, 0); if (rv != SSH_OK) { - SSH_LOG(SSH_LOG_WARNING, "Failed to setup packet"); + SSH_LOG(SSH_LOG_TRACE, "Failed to setup packet"); goto out; } @@ -1048,26 +1048,26 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher, rv = EVP_DigestSignUpdate(ctx->mctx, complete_packet, encrypted_size + sizeof(uint32_t)); if (rv != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_DigestSignUpdate failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_DigestSignUpdate failed"); goto out; } rv = EVP_DigestSignFinal(ctx->mctx, tag, &taglen); if (rv != 1) { - SSH_LOG(SSH_LOG_WARNING, "poly1305 verify error"); + SSH_LOG(SSH_LOG_TRACE, "poly1305 verify error"); goto out; } #else rv = EVP_MAC_update(ctx->mctx, complete_packet, encrypted_size + sizeof(uint32_t)); if (rv != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_update failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_update failed"); goto out; } rv = EVP_MAC_final(ctx->mctx, tag, &taglen, POLY1305_TAGLEN); if (rv != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_final failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_final failed"); goto out; } #endif /* OPENSSL_VERSION_NUMBER */ @@ -1089,13 +1089,13 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher, (uint8_t *)complete_packet + sizeof(uint32_t), encrypted_size); if (rv != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CipherUpdate failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CipherUpdate failed"); goto out; } rv = EVP_CipherFinal_ex(ctx->main_evp, out + len, &len); if (rv != 1 || len != 0) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CipherFinal_ex failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CipherFinal_ex failed"); goto out; } @@ -1120,7 +1120,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, /* Prepare the Poly1305 key */ ret = chacha20_poly1305_packet_setup(cipher, seq, 1); if (ret != SSH_OK) { - SSH_LOG(SSH_LOG_WARNING, "Failed to setup packet"); + SSH_LOG(SSH_LOG_TRACE, "Failed to setup packet"); return; } @@ -1135,7 +1135,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, (unsigned char *)&in_packet->length, sizeof(uint32_t)); if (ret != 1 || outlen != sizeof(uint32_t)) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CipherUpdate failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CipherUpdate failed"); return; } #ifdef DEBUG_CRYPTO @@ -1144,7 +1144,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, #endif /* DEBUG_CRYPTO */ ret = EVP_CipherFinal_ex(ctx->header_evp, (uint8_t *)out + outlen, &outlen); if (ret != 1 || outlen != 0) { - SSH_LOG(SSH_LOG_PACKET, "EVP_EncryptFinal_ex failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptFinal_ex failed"); return; } @@ -1156,7 +1156,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, in_packet->payload, len - sizeof(uint32_t)); if (ret != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_CipherUpdate failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_CipherUpdate failed"); return; } @@ -1164,24 +1164,24 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, #if OPENSSL_VERSION_NUMBER < 0x30000000L ret = EVP_DigestSignUpdate(ctx->mctx, out_packet, len); if (ret <= 0) { - SSH_LOG(SSH_LOG_WARNING, "EVP_DigestSignUpdate failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_DigestSignUpdate failed"); return; } ret = EVP_DigestSignFinal(ctx->mctx, tag, &taglen); if (ret <= 0) { - SSH_LOG(SSH_LOG_WARNING, "EVP_DigestSignFinal failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_DigestSignFinal failed"); return; } #else ret = EVP_MAC_update(ctx->mctx, (void*)out_packet, len); if (ret != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_update failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_update failed"); return; } ret = EVP_MAC_final(ctx->mctx, tag, &taglen, POLY1305_TAGLEN); if (ret != 1) { - SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_final failed"); + SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_final failed"); return; } #endif /* OPENSSL_VERSION_NUMBER */ diff --git a/src/libgcrypt.c b/src/libgcrypt.c index da5588ad..a450e78a 100644 --- a/src/libgcrypt.c +++ b/src/libgcrypt.c @@ -241,7 +241,7 @@ static int aes_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) { } break; default: - SSH_LOG(SSH_LOG_WARNING, "Unksupported key length %u.", cipher->keysize); + SSH_LOG(SSH_LOG_TRACE, "Unsupported key length %u.", cipher->keysize); SAFE_FREE(cipher->key); return -1; } @@ -334,7 +334,7 @@ aes_gcm_encrypt(struct ssh_cipher_struct *cipher, */ uint64_inc(cipher->last_iv + 4); if (err) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s", gpg_strerror(err)); return; } @@ -342,7 +342,7 @@ aes_gcm_encrypt(struct ssh_cipher_struct *cipher, /* Pass the authenticated data (packet_length) */ err = gcry_cipher_authenticate(cipher->key[0], in, aadlen); if (err) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_authenticate failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_authenticate failed: %s", gpg_strerror(err)); return; } @@ -355,7 +355,7 @@ aes_gcm_encrypt(struct ssh_cipher_struct *cipher, (unsigned char *)in + aadlen, len - aadlen); if (err) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s", gpg_strerror(err)); return; } @@ -365,7 +365,7 @@ aes_gcm_encrypt(struct ssh_cipher_struct *cipher, (void *)tag, authlen); if (err) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_gettag failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_gettag failed: %s", gpg_strerror(err)); return; } @@ -399,7 +399,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher, */ uint64_inc(cipher->last_iv + 4); if (err) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s", gpg_strerror(err)); return SSH_ERROR; } @@ -409,7 +409,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher, complete_packet, aadlen); if (err) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_authenticate failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_authenticate failed: %s", gpg_strerror(err)); return SSH_ERROR; } @@ -423,7 +423,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher, (unsigned char *)complete_packet + aadlen, encrypted_size); if (err) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_decrypt failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_decrypt failed: %s", gpg_strerror(err)); return SSH_ERROR; } @@ -436,7 +436,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher, SSH_LOG(SSH_LOG_WARNING, "The authentication tag does not match"); return SSH_ERROR; } else if (err != GPG_ERR_NO_ERROR) { - SSH_LOG(SSH_LOG_WARNING, "General error while decryption: %s", + SSH_LOG(SSH_LOG_TRACE, "General error while decryption: %s", gpg_strerror(err)); return SSH_ERROR; } @@ -522,7 +522,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher, err = gcry_cipher_open(&ctx->main_hd, GCRY_CIPHER_CHACHA20, GCRY_CIPHER_MODE_STREAM, 0); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_open failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_open failed: %s", gpg_strerror(err)); SAFE_FREE(cipher->chacha20_schedule); return -1; @@ -530,7 +530,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher, err = gcry_cipher_open(&ctx->header_hd, GCRY_CIPHER_CHACHA20, GCRY_CIPHER_MODE_STREAM, 0); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_open failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_open failed: %s", gpg_strerror(err)); gcry_cipher_close(ctx->main_hd); SAFE_FREE(cipher->chacha20_schedule); @@ -538,7 +538,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher, } err = gcry_mac_open(&ctx->mac_hd, GCRY_MAC_POLY1305, 0, NULL); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_mac_open failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_mac_open failed: %s", gpg_strerror(err)); gcry_cipher_close(ctx->main_hd); gcry_cipher_close(ctx->header_hd); @@ -551,7 +551,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher, err = gcry_cipher_setkey(ctx->main_hd, u8key, CHACHA20_KEYLEN); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setkey failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setkey failed: %s", gpg_strerror(err)); chacha20_cleanup(cipher); return -1; @@ -560,7 +560,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher, err = gcry_cipher_setkey(ctx->header_hd, u8key + CHACHA20_KEYLEN, CHACHA20_KEYLEN); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setkey failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setkey failed: %s", gpg_strerror(err)); chacha20_cleanup(cipher); return -1; @@ -587,7 +587,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, /* step 1, prepare the poly1305 key */ err = gcry_cipher_setiv(ctx->main_hd, (uint8_t *)&seq, sizeof(seq)); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s", gpg_strerror(err)); goto out; } @@ -599,13 +599,13 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, zero_block, sizeof(zero_block)); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s", gpg_strerror(err)); goto out; } err = gcry_mac_setkey(ctx->mac_hd, poly_key, POLY1305_KEYLEN); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_mac_setkey failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_mac_setkey failed: %s", gpg_strerror(err)); goto out; } @@ -613,7 +613,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, /* step 2, encrypt length field */ err = gcry_cipher_setiv(ctx->header_hd, (uint8_t *)&seq, sizeof(seq)); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s", gpg_strerror(err)); goto out; } @@ -623,7 +623,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, (uint8_t *)&in_packet->length, sizeof(uint32_t)); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s", gpg_strerror(err)); goto out; } @@ -635,7 +635,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, in_packet->payload, len - sizeof(uint32_t)); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s", gpg_strerror(err)); goto out; } @@ -643,13 +643,13 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, /* step 4, compute the MAC */ err = gcry_mac_write(ctx->mac_hd, (uint8_t *)out_packet, len); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_mac_write failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_mac_write failed: %s", gpg_strerror(err)); goto out; } err = gcry_mac_read(ctx->mac_hd, tag, &taglen); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_mac_read failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_mac_read failed: %s", gpg_strerror(err)); goto out; } @@ -675,7 +675,7 @@ static int chacha20_poly1305_aead_decrypt_length( err = gcry_cipher_setiv(ctx->header_hd, (uint8_t *)&seq, sizeof(seq)); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s", gpg_strerror(err)); return SSH_ERROR; } @@ -685,7 +685,7 @@ static int chacha20_poly1305_aead_decrypt_length( in, sizeof(uint32_t)); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_decrypt failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_decrypt failed: %s", gpg_strerror(err)); return SSH_ERROR; } @@ -711,7 +711,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher, /* step 1, prepare the poly1305 key */ err = gcry_cipher_setiv(ctx->main_hd, (uint8_t *)&seq, sizeof(seq)); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s", gpg_strerror(err)); goto out; } @@ -723,13 +723,13 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher, zero_block, sizeof(zero_block)); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s", gpg_strerror(err)); goto out; } err = gcry_mac_setkey(ctx->mac_hd, poly_key, POLY1305_KEYLEN); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_mac_setkey failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_mac_setkey failed: %s", gpg_strerror(err)); goto out; } @@ -738,7 +738,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher, err = gcry_mac_write(ctx->mac_hd, (uint8_t *)complete_packet, encrypted_size + sizeof(uint32_t)); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_mac_write failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_mac_write failed: %s", gpg_strerror(err)); goto out; } @@ -747,7 +747,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher, SSH_LOG(SSH_LOG_PACKET, "poly1305 verify error"); goto out; } else if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_mac_verify failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_mac_verify failed: %s", gpg_strerror(err)); goto out; } @@ -759,7 +759,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher, (uint8_t *)complete_packet + sizeof(uint32_t), encrypted_size); if (err != 0) { - SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_decrypt failed: %s", + SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_decrypt failed: %s", gpg_strerror(err)); goto out; } diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c index 6d84bd51..e3baecca 100644 --- a/src/libmbedcrypto.c +++ b/src/libmbedcrypto.c @@ -217,7 +217,7 @@ cipher_init(struct ssh_cipher_struct *cipher, } else if (operation == MBEDTLS_DECRYPT) { ctx = &cipher->decrypt_ctx; } else { - SSH_LOG(SSH_LOG_WARNING, "unknown operation"); + SSH_LOG(SSH_LOG_TRACE, "unknown operation"); return 1; } @@ -226,21 +226,21 @@ cipher_init(struct ssh_cipher_struct *cipher, rc = mbedtls_cipher_setup(ctx, cipher_info); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setup failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_setup failed"); goto error; } key_bitlen = mbedtls_cipher_info_get_key_bitlen(cipher_info); rc = mbedtls_cipher_setkey(ctx, key, key_bitlen, operation); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_setkey failed"); goto error; } iv_size = mbedtls_cipher_info_get_iv_size(cipher_info); rc = mbedtls_cipher_set_iv(ctx, IV, iv_size); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_set_iv failed"); goto error; } @@ -259,13 +259,13 @@ cipher_set_encrypt_key(struct ssh_cipher_struct *cipher, rc = cipher_init(cipher, MBEDTLS_ENCRYPT, key, IV); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "cipher_init failed"); + SSH_LOG(SSH_LOG_TRACE, "cipher_init failed"); goto error; } rc = mbedtls_cipher_reset(&cipher->encrypt_ctx); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed"); goto error; } @@ -283,7 +283,7 @@ cipher_set_encrypt_key_cbc(struct ssh_cipher_struct *cipher, rc = cipher_init(cipher, MBEDTLS_ENCRYPT, key, IV); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "cipher_init failed"); + SSH_LOG(SSH_LOG_TRACE, "cipher_init failed"); goto error; } @@ -293,13 +293,13 @@ cipher_set_encrypt_key_cbc(struct ssh_cipher_struct *cipher, MBEDTLS_PADDING_NONE); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_padding_mode failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_set_padding_mode failed"); goto error; } rc = mbedtls_cipher_reset(&cipher->encrypt_ctx); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed"); goto error; } @@ -327,7 +327,7 @@ cipher_set_key_gcm(struct ssh_cipher_struct *cipher, key, key_bitlen); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_gcm_setkey failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_gcm_setkey failed"); goto error; } @@ -350,13 +350,13 @@ cipher_set_decrypt_key(struct ssh_cipher_struct *cipher, rc = cipher_init(cipher, MBEDTLS_DECRYPT, key, IV); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "cipher_init failed"); + SSH_LOG(SSH_LOG_TRACE, "cipher_init failed"); goto error; } mbedtls_cipher_reset(&cipher->decrypt_ctx); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed"); goto error; } @@ -375,20 +375,20 @@ cipher_set_decrypt_key_cbc(struct ssh_cipher_struct *cipher, rc = cipher_init(cipher, MBEDTLS_DECRYPT, key, IV); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "cipher_init failed"); + SSH_LOG(SSH_LOG_TRACE, "cipher_init failed"); goto error; } rc = mbedtls_cipher_set_padding_mode(&cipher->decrypt_ctx, MBEDTLS_PADDING_NONE); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_padding_mode failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_set_padding_mode failed"); goto error; } mbedtls_cipher_reset(&cipher->decrypt_ctx); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed"); goto error; } @@ -408,7 +408,7 @@ static void cipher_encrypt(struct ssh_cipher_struct *cipher, int rc = 0; rc = mbedtls_cipher_update(&cipher->encrypt_ctx, in, len, out, &outlen); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update failed during encryption"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_update failed during encryption"); return; } @@ -424,7 +424,7 @@ static void cipher_encrypt(struct ssh_cipher_struct *cipher, total_len += outlen; if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_finish failed during encryption"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_finish failed during encryption"); return; } @@ -443,7 +443,7 @@ static void cipher_encrypt_cbc(struct ssh_cipher_struct *cipher, void *in, void int rc = 0; rc = mbedtls_cipher_update(&cipher->encrypt_ctx, in, len, out, &outlen); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update failed during encryption"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_update failed during encryption"); return; } @@ -466,7 +466,7 @@ static void cipher_decrypt(struct ssh_cipher_struct *cipher, rc = mbedtls_cipher_update(&cipher->decrypt_ctx, in, len, out, &outlen); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update failed during decryption"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_update failed during decryption"); return; } @@ -480,7 +480,7 @@ static void cipher_decrypt(struct ssh_cipher_struct *cipher, outlen, &outlen); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed during decryption"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed during decryption"); return; } @@ -501,7 +501,7 @@ static void cipher_decrypt_cbc(struct ssh_cipher_struct *cipher, void *in, void int rc = 0; rc = mbedtls_cipher_update(&cipher->decrypt_ctx, in, len, out, &outlen); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update failed during decryption"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_update failed during decryption"); return; } @@ -520,14 +520,14 @@ static void cipher_decrypt_cbc(struct ssh_cipher_struct *cipher, void *in, void } if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_finish failed during decryption"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_finish failed during decryption"); return; } rc = mbedtls_cipher_reset(&cipher->decrypt_ctx); if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed during decryption"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed during decryption"); return; } @@ -586,7 +586,7 @@ cipher_encrypt_gcm(struct ssh_cipher_struct *cipher, authlen, tag); /* tag */ if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_gcm_crypt_and_tag failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_gcm_crypt_and_tag failed"); return; } @@ -620,7 +620,7 @@ cipher_decrypt_gcm(struct ssh_cipher_struct *cipher, (const uint8_t *)complete_packet + aadlen, /* input */ (unsigned char *)out); /* output */ if (rc != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_gcm_auth_decrypt failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_gcm_auth_decrypt failed"); return SSH_ERROR; } @@ -694,14 +694,14 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher, /* K2 uses the first half of the key */ rv = mbedtls_chacha20_setkey(&ctx->main_ctx, u8key); if (rv != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_setkey(main_ctx) failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_setkey(main_ctx) failed"); goto out; } /* K1 uses the second half of the key */ rv = mbedtls_chacha20_setkey(&ctx->header_ctx, u8key + CHACHA20_KEYLEN); if (rv != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_setkey(header_ctx) failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_setkey(header_ctx) failed"); goto out; } @@ -734,13 +734,13 @@ chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher, ret = mbedtls_chacha20_starts(&ctx->header_ctx, seqbuf, 0); if (ret != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_starts(header_ctx) failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_starts(header_ctx) failed"); return SSH_ERROR; } ret = mbedtls_chacha20_starts(&ctx->main_ctx, seqbuf, 0); if (ret != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_starts(main_ctx) failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_starts(main_ctx) failed"); return SSH_ERROR; } @@ -769,7 +769,7 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher, rv = mbedtls_chacha20_update(&ctx->main_ctx, sizeof(zero_block), zero_block, poly_key); if (rv != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed"); goto out; } #ifdef DEBUG_CRYPTO @@ -779,7 +779,7 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher, /* Set the Poly1305 key */ rv = mbedtls_poly1305_starts(&ctx->poly_ctx, poly_key); if (rv != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_starts failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_starts failed"); goto out; } @@ -815,7 +815,7 @@ chacha20_poly1305_aead_decrypt_length(struct ssh_cipher_struct *cipher, rv = mbedtls_chacha20_update(&ctx->header_ctx, sizeof(uint32_t), in, out); if (rv != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed"); return SSH_ERROR; } @@ -843,7 +843,7 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher, /* Prepare the Poly1305 key */ rv = chacha20_poly1305_packet_setup(cipher, seq, 0); if (rv != SSH_OK) { - SSH_LOG(SSH_LOG_WARNING, "Failed to setup packet"); + SSH_LOG(SSH_LOG_TRACE, "Failed to setup packet"); goto out; } @@ -855,13 +855,13 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher, rv = mbedtls_poly1305_update(&ctx->poly_ctx, complete_packet, encrypted_size + sizeof(uint32_t)); if (rv != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_update failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_update failed"); goto out; } rv = mbedtls_poly1305_finish(&ctx->poly_ctx, tag); if (rv != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_finish failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_finish failed"); goto out; } @@ -882,7 +882,7 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher, (uint8_t *)complete_packet + sizeof(uint32_t), out); if (rv != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed"); goto out; } @@ -906,7 +906,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, /* Prepare the Poly1305 key */ ret = chacha20_poly1305_packet_setup(cipher, seq, 1); if (ret != SSH_OK) { - SSH_LOG(SSH_LOG_WARNING, "Failed to setup packet"); + SSH_LOG(SSH_LOG_TRACE, "Failed to setup packet"); return; } @@ -919,7 +919,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, (unsigned char *)&in_packet->length, (unsigned char *)&out_packet->length); if (ret != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed"); return; } #ifdef DEBUG_CRYPTO @@ -932,19 +932,19 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher, ret = mbedtls_chacha20_update(&ctx->main_ctx, len - sizeof(uint32_t), in_packet->payload, out_packet->payload); if (ret != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed"); return; } /* step 4, compute the MAC */ ret = mbedtls_poly1305_update(&ctx->poly_ctx, (const unsigned char *)out_packet, len); if (ret != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_update failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_update failed"); return; } ret = mbedtls_poly1305_finish(&ctx->poly_ctx, tag); if (ret != 0) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_finish failed"); + SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_finish failed"); return; } } diff --git a/src/messages.c b/src/messages.c index 3f969536..d1d06490 100644 --- a/src/messages.c +++ b/src/messages.c @@ -160,7 +160,7 @@ static int ssh_execute_server_request(ssh_session session, ssh_message msg) if (channel != NULL) { rc = ssh_message_channel_request_open_reply_accept_channel(msg, channel); if (rc != SSH_OK) { - SSH_LOG(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_TRACE, "Failed to send reply for accepting a channel " "open"); } @@ -237,7 +237,7 @@ static int ssh_execute_server_request(ssh_session session, ssh_message msg) msg->channel_request.pxwidth, msg->channel_request.pxheight); if (rc != SSH_OK) { - SSH_LOG(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_TRACE, "Failed to iterate callbacks for window change"); } return SSH_OK; @@ -775,7 +775,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){ cmp = strcmp(service, "ssh-connection"); if (cmp != 0) { - SSH_LOG(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_TRACE, "Invalid service request: %s", service); goto end; @@ -1620,7 +1620,7 @@ reply_with_failure: error: SAFE_FREE(msg); SAFE_FREE(request); - SSH_LOG(SSH_LOG_WARNING, "Invalid SSH_MSG_GLOBAL_REQUEST packet"); + SSH_LOG(SSH_LOG_TRACE, "Invalid SSH_MSG_GLOBAL_REQUEST packet"); return rc; } diff --git a/src/misc.c b/src/misc.c index 050a2438..7f37c869 100644 --- a/src/misc.c +++ b/src/misc.c @@ -1642,20 +1642,20 @@ int ssh_quote_file_name(const char *file_name, char *buf, size_t buf_len) enum ssh_quote_state_e state = NO_QUOTE; if (file_name == NULL || buf == NULL || buf_len == 0) { - SSH_LOG(SSH_LOG_WARNING, "Invalid parameter"); + SSH_LOG(SSH_LOG_TRACE, "Invalid parameter"); return SSH_ERROR; } /* Only allow file names smaller than 32kb. */ if (strlen(file_name) > 32 * 1024) { - SSH_LOG(SSH_LOG_WARNING, "File name too long"); + SSH_LOG(SSH_LOG_TRACE, "File name too long"); return SSH_ERROR; } /* Paranoia check */ required_buf_len = (size_t)3 * strlen(file_name) + 1; if (required_buf_len > buf_len) { - SSH_LOG(SSH_LOG_WARNING, "Buffer too small"); + SSH_LOG(SSH_LOG_TRACE, "Buffer too small"); return SSH_ERROR; } @@ -1813,7 +1813,7 @@ int ssh_newline_vis(const char *string, char *buf, size_t buf_len) } if ((2 * strlen(string) + 1) > buf_len) { - SSH_LOG(SSH_LOG_WARNING, "Buffer too small"); + SSH_LOG(SSH_LOG_TRACE, "Buffer too small"); return SSH_ERROR; } diff --git a/src/packet.c b/src/packet.c index e01351aa..ab0e1a4c 100644 --- a/src/packet.c +++ b/src/packet.c @@ -1543,7 +1543,7 @@ SSH_PACKET_CALLBACK(ssh_packet_unimplemented){ rc = ssh_buffer_unpack(packet, "d", &seq); if (rc != SSH_OK) { - SSH_LOG(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_TRACE, "Could not unpack SSH_MSG_UNIMPLEMENTED packet"); } @@ -1895,7 +1895,7 @@ ssh_packet_set_newkeys(ssh_session session, session->next_crypto->used |= direction; if (session->current_crypto != NULL) { if (session->current_crypto->used & direction) { - SSH_LOG(SSH_LOG_WARNING, "This direction isn't used anymore."); + SSH_LOG(SSH_LOG_TRACE, "This direction isn't used anymore."); } /* Mark the current requested direction unused */ session->current_crypto->used &= ~direction; diff --git a/src/pki.c b/src/pki.c index 99dab142..1754b4d2 100644 --- a/src/pki.c +++ b/src/pki.c @@ -351,7 +351,7 @@ enum ssh_digest_e ssh_key_hash_from_name(const char *name) return SSH_DIGEST_AUTO; } - SSH_LOG(SSH_LOG_WARN, "Unknown signature name %s", name); + SSH_LOG(SSH_LOG_TRACE, "Unknown signature name %s", name); /* TODO we should rather fail */ return SSH_DIGEST_AUTO; @@ -383,13 +383,13 @@ int ssh_key_algorithm_allowed(ssh_session session, const char *type) else if (session->server) { allowed_list = session->opts.wanted_methods[SSH_HOSTKEYS]; if (allowed_list == NULL) { - SSH_LOG(SSH_LOG_WARN, "Session invalid: no host key available"); + SSH_LOG(SSH_LOG_TRACE, "Session invalid: no host key available"); return 0; } } #endif /* WITH_SERVER */ else { - SSH_LOG(SSH_LOG_WARN, "Session invalid: not set as client nor server"); + SSH_LOG(SSH_LOG_TRACE, "Session invalid: not set as client nor server"); return 0; } @@ -495,7 +495,7 @@ enum ssh_digest_e ssh_key_type_to_hash(ssh_session session, case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_UNKNOWN: default: - SSH_LOG(SSH_LOG_WARN, "Digest algorithm to be used with key type %u " + SSH_LOG(SSH_LOG_TRACE, "Digest algorithm to be used with key type %u " "is not defined", type); } @@ -961,7 +961,7 @@ int ssh_pki_import_privkey_file(const char *filename, file = fopen(filename, "rb"); if (file == NULL) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Error opening %s: %s", filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); @@ -971,7 +971,7 @@ int ssh_pki_import_privkey_file(const char *filename, rc = fstat(fileno(file), &sb); if (rc < 0) { fclose(file); - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Error getting stat of %s: %s", filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); @@ -985,7 +985,7 @@ int ssh_pki_import_privkey_file(const char *filename, } if (sb.st_size > MAX_PRIVKEY_SIZE) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Private key is bigger than 4M."); fclose(file); return SSH_ERROR; @@ -994,7 +994,7 @@ int ssh_pki_import_privkey_file(const char *filename, key_buf = malloc(sb.st_size + 1); if (key_buf == NULL) { fclose(file); - SSH_LOG(SSH_LOG_WARN, "Out of memory!"); + SSH_LOG(SSH_LOG_TRACE, "Out of memory!"); return SSH_ERROR; } @@ -1003,7 +1003,7 @@ int ssh_pki_import_privkey_file(const char *filename, if (size != sb.st_size) { SAFE_FREE(key_buf); - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Error reading %s: %s", filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); @@ -1176,7 +1176,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type, rc = ssh_buffer_unpack(buffer, "SSSSS", &p, &q, &g, &pubkey, &privkey); if (rc != SSH_OK) { - SSH_LOG(SSH_LOG_WARN, "Unpack error"); + SSH_LOG(SSH_LOG_TRACE, "Unpack error"); goto fail; } @@ -1217,7 +1217,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type, rc = ssh_buffer_unpack(buffer, "SSSSSS", &n, &e, &d, &iqmp, &p, &q); if (rc != SSH_OK) { - SSH_LOG(SSH_LOG_WARN, "Unpack error"); + SSH_LOG(SSH_LOG_TRACE, "Unpack error"); goto fail; } @@ -1244,7 +1244,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type, ssh_string_burn(q); SSH_STRING_FREE(q); if (rc == SSH_ERROR) { - SSH_LOG(SSH_LOG_WARN, "Failed to build RSA private key"); + SSH_LOG(SSH_LOG_TRACE, "Failed to build RSA private key"); goto fail; } } @@ -1261,7 +1261,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type, rc = ssh_buffer_unpack(buffer, "SSS", &i, &e, &exp); if (rc != SSH_OK) { - SSH_LOG(SSH_LOG_WARN, "Unpack error"); + SSH_LOG(SSH_LOG_TRACE, "Unpack error"); goto fail; } @@ -1281,7 +1281,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type, ssh_string_burn(exp); SSH_STRING_FREE(exp); if (rc < 0) { - SSH_LOG(SSH_LOG_WARN, "Failed to build ECDSA private key"); + SSH_LOG(SSH_LOG_TRACE, "Failed to build ECDSA private key"); goto fail; } } @@ -1293,7 +1293,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type, rc = ssh_buffer_unpack(buffer, "SS", &pubkey, &privkey); if (rc != SSH_OK){ - SSH_LOG(SSH_LOG_WARN, "Unpack error"); + SSH_LOG(SSH_LOG_TRACE, "Unpack error"); goto fail; } @@ -1302,7 +1302,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type, SSH_STRING_FREE(privkey); SSH_STRING_FREE(pubkey); if (rc != SSH_OK) { - SSH_LOG(SSH_LOG_WARN, "Failed to build ed25519 key"); + SSH_LOG(SSH_LOG_TRACE, "Failed to build ed25519 key"); goto fail; } } @@ -1320,7 +1320,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type, case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_UNKNOWN: default: - SSH_LOG(SSH_LOG_WARN, "Unknown private key type (%d)", type); + SSH_LOG(SSH_LOG_TRACE, "Unknown private key type (%d)", type); goto fail; } @@ -1358,7 +1358,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, rc = ssh_buffer_unpack(buffer, "SSSS", &p, &q, &g, &pubkey); if (rc != SSH_OK) { - SSH_LOG(SSH_LOG_WARN, "Unpack error"); + SSH_LOG(SSH_LOG_TRACE, "Unpack error"); goto fail; } @@ -1377,7 +1377,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, ssh_string_burn(pubkey); SSH_STRING_FREE(pubkey); if (rc == SSH_ERROR) { - SSH_LOG(SSH_LOG_WARN, "Failed to build DSA public key"); + SSH_LOG(SSH_LOG_TRACE, "Failed to build DSA public key"); goto fail; } } @@ -1389,7 +1389,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, rc = ssh_buffer_unpack(buffer, "SS", &e, &n); if (rc != SSH_OK) { - SSH_LOG(SSH_LOG_WARN, "Unpack error"); + SSH_LOG(SSH_LOG_TRACE, "Unpack error"); goto fail; } @@ -1403,7 +1403,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, ssh_string_burn(n); SSH_STRING_FREE(n); if (rc == SSH_ERROR) { - SSH_LOG(SSH_LOG_WARN, "Failed to build RSA public key"); + SSH_LOG(SSH_LOG_TRACE, "Failed to build RSA public key"); goto fail; } } @@ -1421,7 +1421,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, rc = ssh_buffer_unpack(buffer, "SS", &i, &e); if (rc != SSH_OK) { - SSH_LOG(SSH_LOG_WARN, "Unpack error"); + SSH_LOG(SSH_LOG_TRACE, "Unpack error"); goto fail; } @@ -1437,7 +1437,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, ssh_string_burn(e); SSH_STRING_FREE(e); if (rc < 0) { - SSH_LOG(SSH_LOG_WARN, "Failed to build ECDSA public key"); + SSH_LOG(SSH_LOG_TRACE, "Failed to build ECDSA public key"); goto fail; } @@ -1450,7 +1450,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, if (type == SSH_KEYTYPE_SK_ECDSA) { ssh_string application = ssh_buffer_get_ssh_string(buffer); if (application == NULL) { - SSH_LOG(SSH_LOG_WARN, "SK Unpack error"); + SSH_LOG(SSH_LOG_TRACE, "SK Unpack error"); goto fail; } key->sk_application = application; @@ -1465,7 +1465,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, ssh_string pubkey = ssh_buffer_get_ssh_string(buffer); if (ssh_string_len(pubkey) != ED25519_KEY_LEN) { - SSH_LOG(SSH_LOG_WARN, "Invalid public key length"); + SSH_LOG(SSH_LOG_TRACE, "Invalid public key length"); ssh_string_burn(pubkey); SSH_STRING_FREE(pubkey); goto fail; @@ -1485,7 +1485,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, if (type == SSH_KEYTYPE_SK_ED25519) { ssh_string application = ssh_buffer_get_ssh_string(buffer); if (application == NULL) { - SSH_LOG(SSH_LOG_WARN, "SK Unpack error"); + SSH_LOG(SSH_LOG_TRACE, "SK Unpack error"); goto fail; } key->sk_application = application; @@ -1503,7 +1503,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_UNKNOWN: default: - SSH_LOG(SSH_LOG_WARN, "Unknown public key protocol %d", type); + SSH_LOG(SSH_LOG_TRACE, "Unknown public key protocol %d", type); goto fail; } @@ -1681,26 +1681,26 @@ int ssh_pki_import_pubkey_blob(const ssh_string key_blob, buffer = ssh_buffer_new(); if (buffer == NULL) { - SSH_LOG(SSH_LOG_WARN, "Out of memory!"); + SSH_LOG(SSH_LOG_TRACE, "Out of memory!"); return SSH_ERROR; } rc = ssh_buffer_add_data(buffer, ssh_string_data(key_blob), ssh_string_len(key_blob)); if (rc < 0) { - SSH_LOG(SSH_LOG_WARN, "Out of memory!"); + SSH_LOG(SSH_LOG_TRACE, "Out of memory!"); goto fail; } type_s = ssh_buffer_get_ssh_string(buffer); if (type_s == NULL) { - SSH_LOG(SSH_LOG_WARN, "Out of memory!"); + SSH_LOG(SSH_LOG_TRACE, "Out of memory!"); goto fail; } type = ssh_key_type_from_name(ssh_string_get_char(type_s)); if (type == SSH_KEYTYPE_UNKNOWN) { - SSH_LOG(SSH_LOG_WARN, "Unknown key type found!"); + SSH_LOG(SSH_LOG_TRACE, "Unknown key type found!"); goto fail; } SSH_STRING_FREE(type_s); @@ -1805,7 +1805,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey) file = fopen(filename, "rb"); if (file == NULL) { - SSH_LOG(SSH_LOG_WARN, "Error opening %s: %s", + SSH_LOG(SSH_LOG_TRACE, "Error opening %s: %s", filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); return SSH_EOF; } @@ -1813,7 +1813,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey) rc = fstat(fileno(file), &sb); if (rc < 0) { fclose(file); - SSH_LOG(SSH_LOG_WARN, "Error gettint stat of %s: %s", + SSH_LOG(SSH_LOG_TRACE, "Error gettint stat of %s: %s", filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); switch (errno) { case ENOENT: @@ -1831,7 +1831,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey) key_buf = malloc(sb.st_size + 1); if (key_buf == NULL) { fclose(file); - SSH_LOG(SSH_LOG_WARN, "Out of memory!"); + SSH_LOG(SSH_LOG_TRACE, "Out of memory!"); return SSH_ERROR; } @@ -1840,8 +1840,8 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey) if (size != sb.st_size) { SAFE_FREE(key_buf); - SSH_LOG(SSH_LOG_WARN, "Error reading %s: %s", - filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); + SSH_LOG(SSH_LOG_TRACE, "Error reading %s: %s", + filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); return SSH_ERROR; } key_buf[size] = '\0'; @@ -1853,7 +1853,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey) *pkey = ssh_pki_openssh_pubkey_import(key_buf); SAFE_FREE(key_buf); if (*pkey == NULL) { - SSH_LOG(SSH_LOG_WARN, "Failed to import public key from OpenSSH" + SSH_LOG(SSH_LOG_TRACE, "Failed to import public key from OpenSSH" " private key file"); return SSH_ERROR; } @@ -2441,7 +2441,7 @@ int pki_key_check_hash_compatible(ssh_key key, case SSH_KEYTYPE_DSS: if (hash_type == SSH_DIGEST_SHA1) { if (ssh_fips_mode()) { - SSH_LOG(SSH_LOG_WARN, "SHA1 is not allowed in FIPS mode"); + SSH_LOG(SSH_LOG_TRACE, "SHA1 is not allowed in FIPS mode"); return SSH_ERROR; } else { return SSH_OK; @@ -2452,7 +2452,7 @@ int pki_key_check_hash_compatible(ssh_key key, case SSH_KEYTYPE_RSA: if (hash_type == SSH_DIGEST_SHA1) { if (ssh_fips_mode()) { - SSH_LOG(SSH_LOG_WARN, "SHA1 is not allowed in FIPS mode"); + SSH_LOG(SSH_LOG_TRACE, "SHA1 is not allowed in FIPS mode"); return SSH_ERROR; } else { return SSH_OK; @@ -2496,11 +2496,11 @@ int pki_key_check_hash_compatible(ssh_key key, case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_UNKNOWN: - SSH_LOG(SSH_LOG_WARN, "Unknown key type %d", key->type); + SSH_LOG(SSH_LOG_TRACE, "Unknown key type %d", key->type); return SSH_ERROR; } - SSH_LOG(SSH_LOG_WARN, "Key type %d incompatible with hash type %d", + SSH_LOG(SSH_LOG_TRACE, "Key type %d incompatible with hash type %d", key->type, hash_type); return SSH_ERROR; @@ -2528,7 +2528,7 @@ int ssh_pki_signature_verify(ssh_session session, sig->type_c); if (key_type != sig->type) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Can not verify %s signature with %s key", sig->type_c, key->type_c); return SSH_ERROR; @@ -2559,7 +2559,7 @@ int ssh_pki_signature_verify(ssh_session session, ctx = sha256_init(); if (ctx == NULL) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Can not create SHA256CTX for application hash"); return SSH_ERROR; } @@ -2569,7 +2569,7 @@ int ssh_pki_signature_verify(ssh_session session, ctx = sha256_init(); if (ctx == NULL) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Can not create SHA256CTX for input hash"); return SSH_ERROR; } diff --git a/src/pki_container_openssh.c b/src/pki_container_openssh.c index cc97da7f..d78800fd 100644 --- a/src/pki_container_openssh.c +++ b/src/pki_container_openssh.c @@ -69,20 +69,20 @@ static int pki_openssh_import_privkey_blob(ssh_buffer key_blob_buffer, rc = ssh_buffer_unpack(key_blob_buffer, "s", &type_s); if (rc == SSH_ERROR){ - SSH_LOG(SSH_LOG_WARN, "Unpack error"); + SSH_LOG(SSH_LOG_TRACE, "Unpack error"); return SSH_ERROR; } type = ssh_key_type_from_name(type_s); if (type == SSH_KEYTYPE_UNKNOWN) { - SSH_LOG(SSH_LOG_WARN, "Unknown key type '%s' found!", type_s); + SSH_LOG(SSH_LOG_TRACE, "Unknown key type '%s' found!", type_s); return SSH_ERROR; } SAFE_FREE(type_s); rc = pki_import_privkey_buffer(type, key_blob_buffer, &key); if (rc != SSH_OK) { - SSH_LOG(SSH_LOG_WARN, "Failed to read key in OpenSSH format"); + SSH_LOG(SSH_LOG_TRACE, "Failed to read key in OpenSSH format"); goto fail; } @@ -133,17 +133,17 @@ static int pki_private_key_decrypt(ssh_string blob, } if (ciphers[i].name == NULL){ - SSH_LOG(SSH_LOG_WARN, "Unsupported cipher %s", ciphername); + SSH_LOG(SSH_LOG_TRACE, "Unsupported cipher %s", ciphername); return SSH_ERROR; } cmp = strcmp(kdfname, "bcrypt"); if (cmp != 0) { - SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname); + SSH_LOG(SSH_LOG_TRACE, "Unsupported KDF %s", kdfname); return SSH_ERROR; } if (ssh_string_len(blob) % cipher.blocksize != 0) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Encrypted string not multiple of blocksize: %zu", ssh_string_len(blob)); return SSH_ERROR; @@ -167,7 +167,7 @@ static int pki_private_key_decrypt(ssh_string blob, /* We need material for key (keysize bits / 8) and IV (blocksize) */ key_material_len = cipher.keysize/8 + cipher.blocksize; if (key_material_len > sizeof(key_material)) { - SSH_LOG(SSH_LOG_WARN, "Key material too big"); + SSH_LOG(SSH_LOG_TRACE, "Key material too big"); return SSH_ERROR; } @@ -181,7 +181,7 @@ static int pki_private_key_decrypt(ssh_string blob, if (passphrase == NULL) { if (auth_fn == NULL) { SAFE_FREE(salt); - SSH_LOG(SSH_LOG_WARN, "No passphrase provided"); + SSH_LOG(SSH_LOG_TRACE, "No passphrase provided"); return SSH_ERROR; } rc = auth_fn("Passphrase", @@ -251,7 +251,7 @@ ssh_pki_openssh_import(const char *text_key, cmp = strncmp(ptr, OPENSSH_HEADER_BEGIN, strlen(OPENSSH_HEADER_BEGIN)); if (cmp != 0) { - SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (no header)"); + SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (no header)"); goto out; } ptr += strlen(OPENSSH_HEADER_BEGIN); @@ -260,7 +260,7 @@ ssh_pki_openssh_import(const char *text_key, } end = strstr(ptr, OPENSSH_HEADER_END); if (end == NULL) { - SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (no footer)"); + SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (no footer)"); goto out; } base64 = malloc(end - ptr + 1); @@ -277,7 +277,7 @@ ssh_pki_openssh_import(const char *text_key, buffer = base64_to_bin(base64); SAFE_FREE(base64); if (buffer == NULL) { - SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (base64 error)"); + SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (base64 error)"); goto out; } rc = ssh_buffer_unpack(buffer, "PssSdSS", @@ -290,12 +290,12 @@ ssh_pki_openssh_import(const char *text_key, &pubkey0, &privkeys); if (rc == SSH_ERROR) { - SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (unpack error)"); + SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (unpack error)"); goto out; } cmp = strncmp(magic, OPENSSH_AUTH_MAGIC, strlen(OPENSSH_AUTH_MAGIC)); if (cmp != 0) { - SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (bad magic)"); + SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (bad magic)"); goto out; } SSH_LOG(SSH_LOG_INFO, @@ -304,7 +304,7 @@ ssh_pki_openssh_import(const char *text_key, kdfname, nkeys); if (nkeys != 1) { - SSH_LOG(SSH_LOG_WARN, "Opening OpenSSH private key: only 1 key supported (%d available)", nkeys); + SSH_LOG(SSH_LOG_TRACE, "Opening OpenSSH private key: only 1 key supported (%d available)", nkeys); goto out; } @@ -314,7 +314,7 @@ ssh_pki_openssh_import(const char *text_key, if (!private) { rc = ssh_pki_import_pubkey_blob(pubkey0, &key); if (rc != SSH_OK) { - SSH_LOG(SSH_LOG_WARN, "Failed to import public key blob"); + SSH_LOG(SSH_LOG_TRACE, "Failed to import public key blob"); } /* in either case we clean up here */ goto out; @@ -343,7 +343,7 @@ ssh_pki_openssh_import(const char *text_key, rc = ssh_buffer_unpack(privkey_buffer, "dd", &checkint1, &checkint2); if (rc == SSH_ERROR || checkint1 != checkint2) { - SSH_LOG(SSH_LOG_WARN, "OpenSSH private key unpack error (correct password?)"); + SSH_LOG(SSH_LOG_TRACE, "OpenSSH private key unpack error (correct password?)"); goto out; } rc = pki_openssh_import_privkey_blob(privkey_buffer, &key); @@ -358,7 +358,7 @@ ssh_pki_openssh_import(const char *text_key, if (padding != i) { ssh_key_free(key); key = NULL; - SSH_LOG(SSH_LOG_WARN, "Invalid padding"); + SSH_LOG(SSH_LOG_TRACE, "Invalid padding"); goto out; } } @@ -407,7 +407,7 @@ static int pki_openssh_export_privkey_blob(const ssh_key privkey, int rc; if (privkey->type != SSH_KEYTYPE_ED25519) { - SSH_LOG(SSH_LOG_WARN, "Type %s not supported", privkey->type_c); + SSH_LOG(SSH_LOG_TRACE, "Type %s not supported", privkey->type_c); return SSH_ERROR; } if (privkey->ed25519_privkey == NULL || @@ -462,19 +462,19 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer, } if (ciphers[i].name == NULL){ - SSH_LOG(SSH_LOG_WARN, "Unsupported cipher %s", ciphername); + SSH_LOG(SSH_LOG_TRACE, "Unsupported cipher %s", ciphername); return SSH_ERROR; } cmp = strcmp(kdfname, "bcrypt"); if (cmp != 0){ - SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname); + SSH_LOG(SSH_LOG_TRACE, "Unsupported KDF %s", kdfname); return SSH_ERROR; } /* We need material for key (keysize bits / 8) and IV (blocksize) */ key_material_len = cipher.keysize/8 + cipher.blocksize; if (key_material_len > sizeof(key_material)){ - SSH_LOG(SSH_LOG_WARN, "Key material too big"); + SSH_LOG(SSH_LOG_TRACE, "Key material too big"); return SSH_ERROR; } @@ -484,7 +484,7 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer, if (passphrase == NULL){ if (auth_fn == NULL){ - SSH_LOG(SSH_LOG_WARN, "No passphrase provided"); + SSH_LOG(SSH_LOG_TRACE, "No passphrase provided"); return SSH_ERROR; } rc = auth_fn("Passphrase", @@ -555,7 +555,7 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey, return NULL; } if (privkey->type != SSH_KEYTYPE_ED25519){ - SSH_LOG(SSH_LOG_WARN, "Unsupported key type %s", privkey->type_c); + SSH_LOG(SSH_LOG_TRACE, "Unsupported key type %s", privkey->type_c); return NULL; } if (passphrase != NULL || auth_fn != NULL){ diff --git a/src/pki_crypto.c b/src/pki_crypto.c index 33544d6a..0a5003da 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -916,7 +916,7 @@ int pki_key_generate_ecdsa(ssh_key key, int parameter) { #endif /* OPENSSL_VERSION_NUMBER */ break; default: - SSH_LOG(SSH_LOG_WARN, "Invalid parameter %d for ECDSA key " + SSH_LOG(SSH_LOG_TRACE, "Invalid parameter %d for ECDSA key " "generation", parameter); return SSH_ERROR; } @@ -1207,7 +1207,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key, rc = 1; break; #else - SSH_LOG(SSH_LOG_WARN, "PEM output not supported for key type ssh-ed25519"); + SSH_LOG(SSH_LOG_TRACE, "PEM output not supported for key type ssh-ed25519"); goto err; #endif /* HAVE_OPENSSL_ED25519 */ case SSH_KEYTYPE_DSS_CERT01: @@ -1218,11 +1218,11 @@ ssh_string pki_private_key_to_pem(const ssh_key key, case SSH_KEYTYPE_ED25519_CERT01: case SSH_KEYTYPE_UNKNOWN: default: - SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d", key->type); + SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key type %d", key->type); goto err; } if (rc != 1) { - SSH_LOG(SSH_LOG_WARN, "Failed to initialize EVP_PKEY structure"); + SSH_LOG(SSH_LOG_TRACE, "Failed to initialize EVP_PKEY structure"); goto err; } @@ -1317,8 +1317,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key, BIO_free(mem); if (pkey == NULL) { - SSH_LOG(SSH_LOG_WARN, - "Parsing private key: %s", + SSH_LOG(SSH_LOG_TRACE, + "Error parsing private key: %s", ERR_error_string(ERR_get_error(), NULL)); return NULL; } @@ -1327,8 +1327,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key, #if OPENSSL_VERSION_NUMBER < 0x30000000L dsa = EVP_PKEY_get1_DSA(pkey); if (dsa == NULL) { - SSH_LOG(SSH_LOG_WARN, - "Parsing private key: %s", + SSH_LOG(SSH_LOG_TRACE, + "Error parsing private key: %s", ERR_error_string(ERR_get_error(),NULL)); goto fail; } @@ -1339,8 +1339,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key, #if OPENSSL_VERSION_NUMBER < 0x30000000L rsa = EVP_PKEY_get1_RSA(pkey); if (rsa == NULL) { - SSH_LOG(SSH_LOG_WARN, - "Parsing private key: %s", + SSH_LOG(SSH_LOG_TRACE, + "Error parsing private key: %s", ERR_error_string(ERR_get_error(),NULL)); goto fail; } @@ -1356,8 +1356,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key, #if 1 ecdsa = EVP_PKEY_get1_EC_KEY(pkey); if (ecdsa == NULL) { - SSH_LOG(SSH_LOG_WARN, - "Parsing private key: %s", + SSH_LOG(SSH_LOG_TRACE, + "Error parsing private key: %s", ERR_error_string(ERR_get_error(), NULL)); goto fail; } @@ -1375,7 +1375,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, type = pki_key_ecdsa_to_key_type(pkey); #endif /* OPENSSL_VERSION_NUMBER */ if (type == SSH_KEYTYPE_UNKNOWN) { - SSH_LOG(SSH_LOG_WARN, "Invalid private key."); + SSH_LOG(SSH_LOG_TRACE, "Invalid private key."); goto fail; } @@ -1406,7 +1406,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, ed25519 = malloc(key_len); if (ed25519 == NULL) { - SSH_LOG(SSH_LOG_WARN, "Out of memory"); + SSH_LOG(SSH_LOG_TRACE, "Out of memory"); goto fail; } @@ -1424,7 +1424,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, break; #endif /* HAVE_OPENSSL_ED25519 */ default: - SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d", + SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key type %d", EVP_PKEY_base_id(pkey)); EVP_PKEY_free(pkey); return NULL; @@ -1856,7 +1856,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key) } out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P); if (out_param == NULL) { - SSH_LOG(SSH_LOG_WARN, "DSA: No param P has been found"); + SSH_LOG(SSH_LOG_TRACE, "DSA: No param P has been found"); goto fail; } rc = OSSL_PARAM_get_BN(out_param, &bp); @@ -1865,7 +1865,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key) } out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q); if (out_param == NULL) { - SSH_LOG(SSH_LOG_WARN, "DSA: No param Q has been found"); + SSH_LOG(SSH_LOG_TRACE, "DSA: No param Q has been found"); goto fail; } rc = OSSL_PARAM_get_BN(out_param, &bq); @@ -1874,7 +1874,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key) } out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G); if (out_param == NULL) { - SSH_LOG(SSH_LOG_WARN, "DSA: No param G has been found"); + SSH_LOG(SSH_LOG_TRACE, "DSA: No param G has been found"); goto fail; } rc = OSSL_PARAM_get_BN(out_param, &bg); @@ -1883,7 +1883,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key) } out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); if (out_param == NULL) { - SSH_LOG(SSH_LOG_WARN, "DSA: No param PUB_KEY has been found"); + SSH_LOG(SSH_LOG_TRACE, "DSA: No param PUB_KEY has been found"); goto fail; } rc = OSSL_PARAM_get_BN(out_param, &bpub_key); @@ -1959,7 +1959,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key) } out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E); if (out_param == NULL) { - SSH_LOG(SSH_LOG_WARN, "RSA: No param E has been found"); + SSH_LOG(SSH_LOG_TRACE, "RSA: No param E has been found"); goto fail; } rc = OSSL_PARAM_get_BN(out_param, &be); @@ -1968,7 +1968,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key) } out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N); if (out_param == NULL) { - SSH_LOG(SSH_LOG_WARN, "RSA: No param N has been found"); + SSH_LOG(SSH_LOG_TRACE, "RSA: No param N has been found"); goto fail; } rc = OSSL_PARAM_get_BN(out_param, &bn); @@ -2053,7 +2053,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key) #if 1 #ifdef WITH_PKCS11_URI if (ssh_key_is_private(key) && !EC_KEY_get0_public_key(key->ecdsa)) { - SSH_LOG(SSH_LOG_INFO, "It is mandatory to have separate public" + SSH_LOG(SSH_LOG_TRACE, "It is mandatory to have separate public" " ECDSA key objects in the PKCS #11 device. Unlike RSA," " ECDSA public keys cannot be derived from their private keys."); goto fail; @@ -2078,7 +2078,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key) locate_param = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY); #ifdef WITH_PKCS11_URI if (ssh_key_is_private(key) && !locate_param) { - SSH_LOG(SSH_LOG_INFO, "It is mandatory to have separate" + SSH_LOG(SSH_LOG_TRACE, "It is mandatory to have separate" " public ECDSA key objects in the PKCS #11 device." " Unlike RSA, ECDSA public keys cannot be derived" " from their private keys."); @@ -2386,7 +2386,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig) #endif /* HAVE_OPENSSL_ECC */ default: case SSH_KEYTYPE_UNKNOWN: - SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %s", sig->type_c); + SSH_LOG(SSH_LOG_TRACE, "Unknown signature key type: %s", sig->type_c); return NULL; } @@ -2407,21 +2407,21 @@ static int pki_signature_from_rsa_blob(const ssh_key pubkey, #if OPENSSL_VERSION_NUMBER < 0x30000000L if (pubkey->rsa == NULL) { - SSH_LOG(SSH_LOG_WARN, "Pubkey RSA field NULL"); + SSH_LOG(SSH_LOG_TRACE, "Pubkey RSA field NULL"); goto errout; } rsalen = RSA_size(pubkey->rsa); #else if (EVP_PKEY_get_base_id(pubkey->key) != EVP_PKEY_RSA) { - SSH_LOG(SSH_LOG_WARN, "Key has no RSA pubkey"); + SSH_LOG(SSH_LOG_TRACE, "Key has no RSA pubkey"); goto errout; } rsalen = EVP_PKEY_size(pubkey->key); #endif /* OPENSSL_VERSION_NUMBER */ if (len > rsalen) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Signature is too big: %lu > %lu", (unsigned long)len, (unsigned long)rsalen); @@ -2493,7 +2493,7 @@ static int pki_signature_from_dsa_blob(UNUSED_PARAM(const ssh_key pubkey), /* 40 is the dual signature blob len. */ if (len != 40) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Signature has wrong size: %lu", (unsigned long)len); goto error; @@ -2656,7 +2656,7 @@ static int pki_signature_from_ecdsa_blob(UNUSED_PARAM(const ssh_key pubkey), if (rlen != 0) { ssh_string_burn(s); SSH_STRING_FREE(s); - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Signature has remaining bytes in inner " "sigblob: %lu", (unsigned long)rlen); @@ -2745,7 +2745,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, int rc; if (ssh_key_type_plain(pubkey->type) != type) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Incompatible public key provided (%d) expecting (%d)", type, pubkey->type); @@ -2799,7 +2799,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, #endif default: case SSH_KEYTYPE_UNKNOWN: - SSH_LOG(SSH_LOG_WARN, "Unknown signature type"); + SSH_LOG(SSH_LOG_TRACE, "Unknown signature type"); goto error; } @@ -3462,7 +3462,7 @@ int pki_uri_import(const char *uri_name, /* Do the init only once */ engine = pki_get_engine(); if (engine == NULL) { - SSH_LOG(SSH_LOG_WARN, "Failed to initialize engine"); + SSH_LOG(SSH_LOG_TRACE, "Failed to initialize engine"); goto fail; } @@ -3470,7 +3470,7 @@ int pki_uri_import(const char *uri_name, case SSH_KEY_PRIVATE: pkey = ENGINE_load_private_key(engine, uri_name, NULL, NULL); if (pkey == NULL) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Could not load key: %s", ERR_error_string(ERR_get_error(),NULL)); goto fail; @@ -3479,14 +3479,14 @@ int pki_uri_import(const char *uri_name, case SSH_KEY_PUBLIC: pkey = ENGINE_load_public_key(engine, uri_name, NULL, NULL); if (pkey == NULL) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Could not load key: %s", ERR_error_string(ERR_get_error(),NULL)); goto fail; } break; default: - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Invalid key type: %d", key_type); goto fail; } @@ -3501,7 +3501,7 @@ int pki_uri_import(const char *uri_name, #if OPENSSL_VERSION_NUMBER < 0x30000000L rsa = EVP_PKEY_get1_RSA(pkey); if (rsa == NULL) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Parsing pub key: %s", ERR_error_string(ERR_get_error(),NULL)); goto fail; @@ -3518,7 +3518,7 @@ int pki_uri_import(const char *uri_name, #if 1 ecdsa = EVP_PKEY_get1_EC_KEY(pkey); if (ecdsa == NULL) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Parsing pub key: %s", ERR_error_string(ERR_get_error(), NULL)); goto fail; @@ -3531,14 +3531,14 @@ int pki_uri_import(const char *uri_name, type = pki_key_ecdsa_to_key_type(pkey); #endif /* OPENSSL_VERSION_NUMBER */ if (type == SSH_KEYTYPE_UNKNOWN) { - SSH_LOG(SSH_LOG_WARN, "Invalid pub key."); + SSH_LOG(SSH_LOG_TRACE, "Invalid pub key."); goto fail; } break; #endif default: - SSH_LOG(SSH_LOG_WARN, "Unknown or invalid public key type %d", + SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid public key type %d", EVP_PKEY_base_id(pkey)); goto fail; } diff --git a/src/pki_ed25519_common.c b/src/pki_ed25519_common.c index 7aa05269..15c9abef 100644 --- a/src/pki_ed25519_common.c +++ b/src/pki_ed25519_common.c @@ -34,7 +34,7 @@ int pki_privkey_build_ed25519(ssh_key key, if (ssh_string_len(pubkey) != ED25519_KEY_LEN || ssh_string_len(privkey) != (2 * ED25519_KEY_LEN)) { - SSH_LOG(SSH_LOG_WARN, "Invalid ed25519 key len"); + SSH_LOG(SSH_LOG_TRACE, "Invalid ed25519 key len"); return SSH_ERROR; } @@ -266,7 +266,7 @@ int pki_signature_from_ed25519_blob(ssh_signature sig, ssh_string sig_blob) len = ssh_string_len(sig_blob); if (len != ED25519_SIG_LEN){ - SSH_LOG(SSH_LOG_WARN, "Invalid ssh-ed25519 signature len: %zu", len); + SSH_LOG(SSH_LOG_TRACE, "Invalid ssh-ed25519 signature len: %zu", len); return SSH_ERROR; } diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index b619b1a3..702b9b2b 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -955,7 +955,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key, (void) auth_fn; (void) auth_data; - SSH_LOG(SSH_LOG_WARN, "PEM export not supported by gcrypt backend!"); + SSH_LOG(SSH_LOG_TRACE, "PEM export not supported by gcrypt backend!"); return NULL; } @@ -974,7 +974,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, type = pki_privatekey_type_from_string(b64_key); if (type == SSH_KEYTYPE_UNKNOWN) { - SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key."); + SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key."); return NULL; } @@ -994,7 +994,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, } if (!valid) { - SSH_LOG(SSH_LOG_WARN, "Parsing private key"); + SSH_LOG(SSH_LOG_TRACE, "Error parsing private key"); goto fail; } break; @@ -1013,7 +1013,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, } if (!valid) { - SSH_LOG(SSH_LOG_WARN, "Parsing private key"); + SSH_LOG(SSH_LOG_TRACE, "Error parsing private key"); goto fail; } break; @@ -1044,7 +1044,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, } if (!valid) { - SSH_LOG(SSH_LOG_WARN, "Parsing private key"); + SSH_LOG(SSH_LOG_TRACE, "Error parsing private key"); goto fail; } @@ -1052,7 +1052,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, * keys, so we need to figure out the correct type here */ type = pki_key_ecdsa_to_key_type(ecdsa); if (type == SSH_KEYTYPE_UNKNOWN) { - SSH_LOG(SSH_LOG_WARN, "Invalid private key."); + SSH_LOG(SSH_LOG_TRACE, "Invalid private key."); goto fail; } break; @@ -1062,7 +1062,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_UNKNOWN: default: - SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d", type); + SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key type %d", type); return NULL; } @@ -1938,7 +1938,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig) case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_UNKNOWN: default: - SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %d", sig->type); + SSH_LOG(SSH_LOG_TRACE, "Unknown signature key type: %d", sig->type); return NULL; break; } @@ -1958,7 +1958,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, int rc; if (ssh_key_type_plain(pubkey->type) != type) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Incompatible public key provided (%d) expecting (%d)", type, pubkey->type); @@ -1980,7 +1980,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, case SSH_KEYTYPE_DSS: /* 40 is the dual signature blob len. */ if (len != 40) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Signature has wrong size: %lu", (unsigned long)len); ssh_signature_free(sig); @@ -2010,7 +2010,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, rsalen = (gcry_pk_get_nbits(pubkey->rsa) + 7) / 8; if (len > rsalen) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Signature is too big: %lu > %lu", (unsigned long)len, (unsigned long)rsalen); @@ -2091,7 +2091,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, } if (rlen != 0) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Signature has remaining bytes in inner " "sigblob: %lu", (unsigned long)rlen); @@ -2129,7 +2129,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_UNKNOWN: default: - SSH_LOG(SSH_LOG_WARN, "Unknown signature type"); + SSH_LOG(SSH_LOG_TRACE, "Unknown signature type"); return NULL; } @@ -2190,7 +2190,7 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey, break; case SSH_DIGEST_AUTO: default: - SSH_LOG(SSH_LOG_WARN, "Incompatible key algorithm"); + SSH_LOG(SSH_LOG_TRACE, "Incompatible key algorithm"); return NULL; } err = gcry_sexp_build(&sexp, @@ -2548,7 +2548,7 @@ int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type) (void) uri_name; (void) key; (void) key_type; - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "gcrypt does not support PKCS #11"); return SSH_ERROR; } diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c index 4439b3cd..045bad50 100644 --- a/src/pki_mbedcrypto.c +++ b/src/pki_mbedcrypto.c @@ -222,7 +222,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase, * keys, so we need to figure out the correct type here */ key->type = pki_key_ecdsa_to_key_type(key->ecdsa); if (key->type == SSH_KEYTYPE_UNKNOWN) { - SSH_LOG(SSH_LOG_WARN, "Invalid private key."); + SSH_LOG(SSH_LOG_TRACE, "Invalid private key."); goto fail; } break; @@ -281,19 +281,19 @@ int pki_privkey_build_rsa(ssh_key key, ssh_string_data(d), ssh_string_len(d), ssh_string_data(e), ssh_string_len(e)); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, "Failed to import private RSA key"); + SSH_LOG(SSH_LOG_TRACE, "Failed to import private RSA key"); goto fail; } rc = mbedtls_rsa_complete(rsa); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, "Failed to complete private RSA key"); + SSH_LOG(SSH_LOG_TRACE, "Failed to complete private RSA key"); goto fail; } rc = mbedtls_rsa_check_privkey(rsa); if (rc != 0) { - SSH_LOG(SSH_LOG_WARN, "Inconsistent private RSA key"); + SSH_LOG(SSH_LOG_TRACE, "Inconsistent private RSA key"); goto fail; } @@ -1133,7 +1133,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig) sig_blob = pki_ed25519_signature_to_blob(sig); break; default: - SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %s", + SSH_LOG(SSH_LOG_TRACE, "Unknown signature key type: %s", sig->type_c); return NULL; } @@ -1153,20 +1153,20 @@ static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey, const size_t len = ssh_string_len(sig_blob); if (pubkey->rsa == NULL) { - SSH_LOG(SSH_LOG_WARN, "Pubkey RSA field NULL"); + SSH_LOG(SSH_LOG_TRACE, "Pubkey RSA field NULL"); goto errout; } rsalen = mbedtls_pk_get_bitlen(pubkey->rsa) / 8; if (len > rsalen) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Signature is too big: %lu > %lu", (unsigned long) len, (unsigned long) rsalen); goto errout; } #ifdef DEBUG_CRYPTO - SSH_LOG(SSH_LOG_DEBUG, "RSA signature len: %lu", (unsigned long)len); + SSH_LOG(SSH_LOG_TRACE, "RSA signature len: %lu", (unsigned long)len); ssh_log_hexdump("RSA signature", ssh_string_data(sig_blob), len); #endif @@ -1207,7 +1207,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, int rc; if (ssh_key_type_plain(pubkey->type) != type) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_TRACE, "Incompatible public key provided (%d) expecting (%d)", type, pubkey->type); @@ -1292,7 +1292,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, } if (rlen != 0) { - SSH_LOG(SSH_LOG_WARN, "Signature has remaining bytes in inner " + SSH_LOG(SSH_LOG_TRACE, "Signature has remaining bytes in inner " "sigblob: %lu", (unsigned long)rlen); ssh_signature_free(sig); @@ -1310,7 +1310,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, } break; default: - SSH_LOG(SSH_LOG_WARN, "Unknown signature type"); + SSH_LOG(SSH_LOG_TRACE, "Unknown signature type"); return NULL; } @@ -1341,7 +1341,7 @@ static ssh_string rsa_do_sign_hash(const unsigned char *digest, break; case SSH_DIGEST_AUTO: default: - SSH_LOG(SSH_LOG_WARN, "Incompatible key algorithm"); + SSH_LOG(SSH_LOG_TRACE, "Incompatible key algorithm"); return NULL; } diff --git a/src/session.c b/src/session.c index 94c0926d..75c49d2c 100644 --- a/src/session.c +++ b/src/session.c @@ -1189,8 +1189,8 @@ int ssh_get_publickey_hash(const ssh_key key, /* In FIPS mode, we cannot use MD5 */ if (ssh_fips_mode()) { - SSH_LOG(SSH_LOG_WARN, "In FIPS mode MD5 is not allowed." - "Try using SSH_PUBLICKEY_HASH_SHA256"); + SSH_LOG(SSH_LOG_TRACE, "In FIPS mode MD5 is not allowed." + "Try using SSH_PUBLICKEY_HASH_SHA256"); rc = SSH_ERROR; goto out; } diff --git a/src/socket.c b/src/socket.c index 4e637ae1..16c84e0e 100644 --- a/src/socket.c +++ b/src/socket.c @@ -489,13 +489,13 @@ void ssh_socket_close(ssh_socket s) while (waitpid(pid, &status, 0) == -1) { if (errno != EINTR) { char err_msg[SSH_ERRNO_MSG_MAX] = {0}; - SSH_LOG(SSH_LOG_WARN, "waitpid failed: %s", + SSH_LOG(SSH_LOG_TRACE, "waitpid failed: %s", ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); return; } } if (!WIFEXITED(status)) { - SSH_LOG(SSH_LOG_WARN, "Proxy command exited abnormally"); + SSH_LOG(SSH_LOG_TRACE, "Proxy command exited abnormally"); return; } SSH_LOG(SSH_LOG_TRACE, "Proxy command returned %d", WEXITSTATUS(status)); @@ -896,7 +896,7 @@ ssh_execute_command(const char *command, socket_t in, socket_t out) /* Prepare /dev/null socket for the stderr redirection */ devnull = open("/dev/null", O_WRONLY); if (devnull == -1) { - SSH_LOG(SSH_LOG_WARNING, "Failed to open /dev/null"); + SSH_LOG(SSH_LOG_TRACE, "Failed to open /dev/null"); exit(1); }