lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-09-11 13:30:43 +03:00
Code Activity

SSH_LOG_TRACE: Recategorize loglevels

Browse Source 
Do not print out logs when no fatal error happens.
This approach is similiar to openssh, when Error/Fatal does not print
recoverable error logs.
recategorized based on - SSH_LOG_TRACE are debug logs when error happens

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Norbert Pocs
2022-09-15 13:04:32 +02:00
committed by Andreas Schneider
parent bd1d06f51d
commit 7ea75cda45
26 changed files with 339 additions and 339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/agent.c
View File

@@ -278,12 +278,12 @@ static int agent_talk(struct ssh_session_struct *session,
if (atomicio(session->agent, payload, 4, 0) == 4) { if (atomicio(session->agent, payload, 4, 0) == 4) {
if (atomicio(session->agent, ssh_buffer_get(request), len, 0) if (atomicio(session->agent, ssh_buffer_get(request), len, 0)
!= len) { != len) {
SSH_LOG(SSH_LOG_WARN, "atomicio sending request failed: %s", SSH_LOG(SSH_LOG_TRACE, "atomicio sending request failed: %s",
ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); strerror(errno));
return -1; return -1;
} }
} else { } else {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"atomicio sending request length failed: %s", "atomicio sending request length failed: %s",
ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
return -1; return -1;
@@ -291,8 +291,8 @@ static int agent_talk(struct ssh_session_struct *session,
/* wait for response, read the length of the response packet */ /* wait for response, read the length of the response packet */
if (atomicio(session->agent, payload, 4, 1) != 4) { if (atomicio(session->agent, payload, 4, 1) != 4) {
SSH_LOG(SSH_LOG_WARN, "atomicio read response length failed: %s", SSH_LOG(SSH_LOG_TRACE, "atomicio read response length failed: %s",
ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); strerror(errno));
return -1; return -1;
} }
@@ -367,7 +367,7 @@ uint32_t ssh_agent_get_ident_count(struct ssh_session_struct *session)
type = bswap_32(type); type = bswap_32(type);
#endif #endif
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Answer type: %d, expected answer: %d", "Answer type: %d, expected answer: %d",
type, SSH2_AGENT_IDENTITIES_ANSWER); type, SSH2_AGENT_IDENTITIES_ANSWER);

8
src/auth.c
View File

@@ -72,7 +72,7 @@ static int ssh_userauth_request_service(ssh_session session)
rc = ssh_service_request(session, "ssh-userauth"); rc = ssh_service_request(session, "ssh-userauth");
if ((rc != SSH_OK) && (rc != SSH_AGAIN)) { if ((rc != SSH_OK) && (rc != SSH_AGAIN)) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Failed to request \"ssh-userauth\" service"); "Failed to request \"ssh-userauth\" service");
} }
@@ -202,7 +202,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_banner) {
banner = ssh_buffer_get_ssh_string(packet); banner = ssh_buffer_get_ssh_string(packet);
if (banner == NULL) { if (banner == NULL) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Invalid SSH_USERAUTH_BANNER packet"); "Invalid SSH_USERAUTH_BANNER packet");
} else { } else {
SSH_LOG(SSH_LOG_DEBUG, SSH_LOG(SSH_LOG_DEBUG,
@@ -1288,7 +1288,7 @@ int ssh_userauth_publickey_auto(ssh_session session,
rc = ssh_pki_export_pubkey_file(state->pubkey, pubkey_file); rc = ssh_pki_export_pubkey_file(state->pubkey, pubkey_file);
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Could not write public key to file: %s", "Could not write public key to file: %s",
pubkey_file); pubkey_file);
} }
@@ -1298,7 +1298,7 @@ int ssh_userauth_publickey_auto(ssh_session session,
if (state->state == SSH_AUTH_AUTO_STATE_KEY_IMPORTED) { if (state->state == SSH_AUTH_AUTO_STATE_KEY_IMPORTED) {
rc = ssh_userauth_try_publickey(session, username, state->pubkey); rc = ssh_userauth_try_publickey(session, username, state->pubkey);
if (rc == SSH_AUTH_ERROR) { if (rc == SSH_AUTH_ERROR) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Public key authentication error for %s", "Public key authentication error for %s",
privkey_file); privkey_file);
ssh_key_free(state->privkey); ssh_key_free(state->privkey);

30
src/bind_config.c
View File

@@ -363,7 +363,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
if (p && (*parser_flags & PARSING)) { if (p && (*parser_flags & PARSING)) {
rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY, p); rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY, p);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"line %d: Failed to set Hostkey value '%s'", "line %d: Failed to set Hostkey value '%s'",
count, p); count, p);
} }
@@ -374,7 +374,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
if (p && (*parser_flags & PARSING)) { if (p && (*parser_flags & PARSING)) {
rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDADDR, p); rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDADDR, p);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"line %d: Failed to set ListenAddress value '%s'", "line %d: Failed to set ListenAddress value '%s'",
count, p); count, p);
} }
@@ -385,7 +385,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
if (p && (*parser_flags & PARSING)) { if (p && (*parser_flags & PARSING)) {
rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDPORT_STR, p); rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDPORT_STR, p);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"line %d: Failed to set Port value '%s'", "line %d: Failed to set Port value '%s'",
count, p); count, p);
} }
@@ -396,7 +396,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
if (p && (*parser_flags & PARSING)) { if (p && (*parser_flags & PARSING)) {
rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_C_S, p); rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_C_S, p);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"line %d: Failed to set C->S Ciphers value '%s'", "line %d: Failed to set C->S Ciphers value '%s'",
count, p); count, p);
break; break;
@@ -404,7 +404,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_S_C, p); rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_S_C, p);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"line %d: Failed to set S->C Ciphers value '%s'", "line %d: Failed to set S->C Ciphers value '%s'",
count, p); count, p);
} }
@@ -415,7 +415,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
if (p && (*parser_flags & PARSING)) { if (p && (*parser_flags & PARSING)) {
rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HMAC_C_S, p); rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HMAC_C_S, p);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"line %d: Failed to set C->S MAC value '%s'", "line %d: Failed to set C->S MAC value '%s'",
count, p); count, p);
break; break;
@@ -423,7 +423,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HMAC_S_C, p); rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HMAC_S_C, p);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"line %d: Failed to set S->C MAC value '%s'", "line %d: Failed to set S->C MAC value '%s'",
count, p); count, p);
} }
@@ -453,7 +453,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_LOG_VERBOSITY, rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_LOG_VERBOSITY,
&value); &value);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"line %d: Failed to set LogLevel value '%s'", "line %d: Failed to set LogLevel value '%s'",
count, p); count, p);
} }
@@ -465,7 +465,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
if (p && (*parser_flags & PARSING)) { if (p && (*parser_flags & PARSING)) {
rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_KEY_EXCHANGE, p); rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_KEY_EXCHANGE, p);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"line %d: Failed to set KexAlgorithms value '%s'", "line %d: Failed to set KexAlgorithms value '%s'",
count, p); count, p);
} }
@@ -540,7 +540,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
/* Skip one argument */ /* Skip one argument */
p = ssh_config_get_str_tok(&s, NULL); p = ssh_config_get_str_tok(&s, NULL);
if (p == NULL || p[0] == '\0') { if (p == NULL || p[0] == '\0') {
SSH_LOG(SSH_LOG_WARN, "line %d: Match keyword " SSH_LOG(SSH_LOG_TRACE, "line %d: Match keyword "
"'%s' requires argument\n", count, p2); "'%s' requires argument\n", count, p2);
SAFE_FREE(x); SAFE_FREE(x);
return -1; return -1;
@@ -576,7 +576,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
rc = ssh_bind_options_set(bind, rc = ssh_bind_options_set(bind,
SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, p); SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, p);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"line %d: Failed to set PubKeyAcceptedKeyTypes value '%s'", "line %d: Failed to set PubKeyAcceptedKeyTypes value '%s'",
count, p); count, p);
} }
@@ -588,7 +588,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
rc = ssh_bind_options_set(bind, rc = ssh_bind_options_set(bind,
SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, p); SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, p);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"line %d: Failed to set HostkeyAlgorithms value '%s'", "line %d: Failed to set HostkeyAlgorithms value '%s'",
count, p); count, p);
} }
@@ -599,15 +599,15 @@ ssh_bind_config_parse_line(ssh_bind bind,
keyword, count); keyword, count);
break; break;
case BIND_CFG_UNKNOWN: case BIND_CFG_UNKNOWN:
SSH_LOG(SSH_LOG_WARN, "Unknown option: %s, line: %d", SSH_LOG(SSH_LOG_TRACE, "Unknown option: %s, line: %d",
keyword, count); keyword, count);
break; break;
case BIND_CFG_UNSUPPORTED: case BIND_CFG_UNSUPPORTED:
SSH_LOG(SSH_LOG_WARN, "Unsupported option: %s, line: %d", SSH_LOG(SSH_LOG_TRACE, "Unsupported option: %s, line: %d",
keyword, count); keyword, count);
break; break;
case BIND_CFG_NA: case BIND_CFG_NA:
SSH_LOG(SSH_LOG_WARN, "Option not applicable: %s, line: %d", SSH_LOG(SSH_LOG_TRACE, "Option not applicable: %s, line: %d",
keyword, count); keyword, count);
break; break;
default: default:

6
src/buffer.c
View File

@@ -878,7 +878,7 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer,
cstring = NULL; cstring = NULL;
break; break;
default: default:
SSH_LOG(SSH_LOG_WARN, "Invalid buffer format %c", *p); SSH_LOG(SSH_LOG_TRACE, "Invalid buffer format %c", *p);
rc = SSH_ERROR; rc = SSH_ERROR;
} }
if (rc != SSH_OK){ if (rc != SSH_OK){
@@ -1007,7 +1007,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
cstring = NULL; cstring = NULL;
break; break;
default: default:
SSH_LOG(SSH_LOG_WARN, "Invalid buffer format %c", *p); SSH_LOG(SSH_LOG_TRACE, "Invalid buffer format %c", *p);
rc = SSH_ERROR; rc = SSH_ERROR;
} }
if (rc != SSH_OK){ if (rc != SSH_OK){
@@ -1239,7 +1239,7 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
rc = SSH_OK; rc = SSH_OK;
break; break;
default: default:
SSH_LOG(SSH_LOG_WARN, "Invalid buffer format %c", *p); SSH_LOG(SSH_LOG_TRACE, "Invalid buffer format %c", *p);
} }
if (rc != SSH_OK) { if (rc != SSH_OK) {
break; break;

2
src/channels.c
View File

@@ -1453,7 +1453,7 @@ static int channel_write_common(ssh_channel channel,
} }
if (len > INT_MAX) { if (len > INT_MAX) {
SSH_LOG(SSH_LOG_PROTOCOL, SSH_LOG(SSH_LOG_TRACE,
"Length (%u) is bigger than INT_MAX", len); "Length (%u) is bigger than INT_MAX", len);
return SSH_ERROR; return SSH_ERROR;
} }

2
src/client.c
View File

@@ -73,7 +73,7 @@ static void socket_callback_connected(int code, int errno_code, void *user)
return; return;
} }
SSH_LOG(SSH_LOG_RARE,"Socket connection callback: %d (%d)",code, errno_code); SSH_LOG(SSH_LOG_TRACE,"Socket connection callback: %d (%d)",code, errno_code);
if(code == SSH_SOCKET_CONNECTED_OK) if(code == SSH_SOCKET_CONNECTED_OK)
session->session_state=SSH_SESSION_STATE_SOCKET_CONNECTED; session->session_state=SSH_SESSION_STATE_SOCKET_CONNECTED;
else { else {

40
src/config.c
View File

@@ -500,7 +500,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
next ? next : "", next ? next : "",
hostname); hostname);
if (rv < 0 || rv >= (int)sizeof(com)) { if (rv < 0 || rv >= (int)sizeof(com)) {
SSH_LOG(SSH_LOG_WARN, "Too long ProxyJump configuration line"); SSH_LOG(SSH_LOG_TRACE, "Too long ProxyJump configuration line");
rv = SSH_ERROR; rv = SSH_ERROR;
goto out; goto out;
} }
@@ -712,7 +712,7 @@ ssh_config_parse_line(ssh_session session,
/* Skip one argument (including in quotes) */ /* Skip one argument (including in quotes) */
p = ssh_config_get_token(&s); p = ssh_config_get_token(&s);
if (p == NULL || p[0] == '\0') { if (p == NULL || p[0] == '\0') {
SSH_LOG(SSH_LOG_WARN, "line %d: Match keyword " SSH_LOG(SSH_LOG_TRACE, "line %d: Match keyword "
"'%s' requires argument", count, p2); "'%s' requires argument", count, p2);
SAFE_FREE(x); SAFE_FREE(x);
return -1; return -1;
@@ -739,7 +739,7 @@ ssh_config_parse_line(ssh_session session,
} }
localuser = ssh_get_local_username(); localuser = ssh_get_local_username();
if (localuser == NULL) { if (localuser == NULL) {
SSH_LOG(SSH_LOG_WARN, "line %d: Can not get local username " SSH_LOG(SSH_LOG_TRACE, "line %d: Can not get local username "
"for conditional matching.", count); "for conditional matching.", count);
SAFE_FREE(x); SAFE_FREE(x);
return -1; return -1;
@@ -753,13 +753,13 @@ ssh_config_parse_line(ssh_session session,
/* Skip one argument */ /* Skip one argument */
p = ssh_config_get_str_tok(&s, NULL); p = ssh_config_get_str_tok(&s, NULL);
if (p == NULL || p[0] == '\0') { if (p == NULL || p[0] == '\0') {
SSH_LOG(SSH_LOG_WARN, "line %d: Match keyword " SSH_LOG(SSH_LOG_TRACE, "line %d: Match keyword "
"'%s' requires argument", count, p2); "'%s' requires argument", count, p2);
SAFE_FREE(x); SAFE_FREE(x);
return -1; return -1;
} }
args++; args++;
SSH_LOG(SSH_LOG_INFO, SSH_LOG(SSH_LOG_TRACE,
"line %d: Unsupported Match keyword '%s', ignoring", "line %d: Unsupported Match keyword '%s', ignoring",
count, count,
p2); p2);
@@ -1014,13 +1014,13 @@ ssh_config_parse_line(ssh_session session,
ll = strtoll(p, &endp, 10); ll = strtoll(p, &endp, 10);
if (p == endp || ll < 0) { if (p == endp || ll < 0) {
/* No number or negative */ /* No number or negative */
SSH_LOG(SSH_LOG_WARN, "Invalid argument to rekey limit"); SSH_LOG(SSH_LOG_TRACE, "Invalid argument to rekey limit");
break; break;
} }
switch (*endp) { switch (*endp) {
case 'G': case 'G':
if (ll > LLONG_MAX / 1024) { if (ll > LLONG_MAX / 1024) {
SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
ll = -1; ll = -1;
break; break;
} }
@@ -1028,7 +1028,7 @@ ssh_config_parse_line(ssh_session session,
FALL_THROUGH; FALL_THROUGH;
case 'M': case 'M':
if (ll > LLONG_MAX / 1024) { if (ll > LLONG_MAX / 1024) {
SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
ll = -1; ll = -1;
break; break;
} }
@@ -1036,7 +1036,7 @@ ssh_config_parse_line(ssh_session session,
FALL_THROUGH; FALL_THROUGH;
case 'K': case 'K':
if (ll > LLONG_MAX / 1024) { if (ll > LLONG_MAX / 1024) {
SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
ll = -1; ll = -1;
break; break;
} }
@@ -1052,7 +1052,7 @@ ssh_config_parse_line(ssh_session session,
break; break;
} }
if (*endp != ' ' && *endp != '\0') { if (*endp != ' ' && *endp != '\0') {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Invalid trailing characters after the rekey limit: %s", "Invalid trailing characters after the rekey limit: %s",
endp); endp);
break; break;
@@ -1073,14 +1073,14 @@ ssh_config_parse_line(ssh_session session,
ll = strtoll(p, &endp, 10); ll = strtoll(p, &endp, 10);
if (p == endp || ll < 0) { if (p == endp || ll < 0) {
/* No number or negative */ /* No number or negative */
SSH_LOG(SSH_LOG_WARN, "Invalid argument to rekey limit"); SSH_LOG(SSH_LOG_TRACE, "Invalid argument to rekey limit");
break; break;
} }
switch (*endp) { switch (*endp) {
case 'w': case 'w':
case 'W': case 'W':
if (ll > LLONG_MAX / 7) { if (ll > LLONG_MAX / 7) {
SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
ll = -1; ll = -1;
break; break;
} }
@@ -1089,7 +1089,7 @@ ssh_config_parse_line(ssh_session session,
case 'd': case 'd':
case 'D': case 'D':
if (ll > LLONG_MAX / 24) { if (ll > LLONG_MAX / 24) {
SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
ll = -1; ll = -1;
break; break;
} }
@@ -1098,7 +1098,7 @@ ssh_config_parse_line(ssh_session session,
case 'h': case 'h':
case 'H': case 'H':
if (ll > LLONG_MAX / 60) { if (ll > LLONG_MAX / 60) {
SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
ll = -1; ll = -1;
break; break;
} }
@@ -1107,7 +1107,7 @@ ssh_config_parse_line(ssh_session session,
case 'm': case 'm':
case 'M': case 'M':
if (ll > LLONG_MAX / 60) { if (ll > LLONG_MAX / 60) {
SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit"); SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
ll = -1; ll = -1;
break; break;
} }
@@ -1126,7 +1126,7 @@ ssh_config_parse_line(ssh_session session,
break; break;
} }
if (*endp != '\0') { if (*endp != '\0') {
SSH_LOG(SSH_LOG_WARN, "Invalid trailing characters after the" SSH_LOG(SSH_LOG_TRACE, "Invalid trailing characters after the"
" rekey limit: %s", endp); " rekey limit: %s", endp);
break; break;
} }
@@ -1162,7 +1162,7 @@ ssh_config_parse_line(ssh_session session,
} }
break; break;
case SOC_NA: case SOC_NA:
SSH_LOG(SSH_LOG_INFO, "Unapplicable option: %s, line: %d", SSH_LOG(SSH_LOG_TRACE, "Unapplicable option: %s, line: %d",
keyword, count); keyword, count);
break; break;
case SOC_UNSUPPORTED: case SOC_UNSUPPORTED:
@@ -1170,7 +1170,7 @@ ssh_config_parse_line(ssh_session session,
keyword, count); keyword, count);
break; break;
case SOC_UNKNOWN: case SOC_UNKNOWN:
SSH_LOG(SSH_LOG_INFO, "Unknown option: %s, line: %d", SSH_LOG(SSH_LOG_TRACE, "Unknown option: %s, line: %d",
keyword, count); keyword, count);
break; break;
case SOC_IDENTITYAGENT: case SOC_IDENTITYAGENT:
@@ -1268,12 +1268,12 @@ int ssh_config_parse_string(ssh_session session, const char *input)
} }
if (c == NULL) { if (c == NULL) {
/* should not happen, would mean a string without trailing '\0' */ /* should not happen, would mean a string without trailing '\0' */
SSH_LOG(SSH_LOG_WARN, "No trailing '\\0' in config string"); SSH_LOG(SSH_LOG_TRACE, "No trailing '\\0' in config string");
return SSH_ERROR; return SSH_ERROR;
} }
line_len = c - line_start; line_len = c - line_start;
if (line_len > MAX_LINE_SIZE - 1) { if (line_len > MAX_LINE_SIZE - 1) {
SSH_LOG(SSH_LOG_WARN, "Line %u too long: %u characters", SSH_LOG(SSH_LOG_TRACE, "Line %u too long: %u characters",
line_num, line_len); line_num, line_len);
return SSH_ERROR; return SSH_ERROR;
} }

2
src/config_parser.c
View File

@@ -246,7 +246,7 @@ int ssh_config_parse_uri(const char *tok,
/* Verify the port is valid positive number */ /* Verify the port is valid positive number */
port_n = strtol(endp + 1, &port_end, 10); port_n = strtol(endp + 1, &port_end, 10);
if (port_n < 1 || *port_end != '\0') { if (port_n < 1 || *port_end != '\0') {
SSH_LOG(SSH_LOG_WARN, "Failed to parse port number." SSH_LOG(SSH_LOG_TRACE, "Failed to parse port number."
" The value '%ld' is invalid or there are some" " The value '%ld' is invalid or there are some"
" trailing characters: '%s'", port_n, port_end); " trailing characters: '%s'", port_n, port_end);
goto error; goto error;

4
src/error.c
View File

@@ -63,8 +63,8 @@ void _ssh_set_error(void *error,
va_end(va); va_end(va);
err->error.error_code = code; err->error.error_code = code;
if (ssh_get_log_level() >= SSH_LOG_WARN) { if (ssh_get_log_level() == SSH_LOG_TRACE) {
ssh_log_function(SSH_LOG_WARN, ssh_log_function(SSH_LOG_TRACE,
function, function,
err->error.error_buffer); err->error.error_buffer);
} }

8
src/gssapi.c
View File

@@ -246,7 +246,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
continue; continue;
} }
if(len < 2 || oid_s[0] != SSH_OID_TAG || ((size_t)oid_s[1]) != len - 2){ if(len < 2 || oid_s[0] != SSH_OID_TAG || ((size_t)oid_s[1]) != len - 2){
SSH_LOG(SSH_LOG_WARNING,"GSSAPI: received invalid OID"); SSH_LOG(SSH_LOG_TRACE,"GSSAPI: received invalid OID");
continue; continue;
} }
oid.elements = &oid_s[2]; oid.elements = &oid_s[2];
@@ -288,8 +288,8 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
gss_release_oid_set(&min_stat, &both_supported); gss_release_oid_set(&min_stat, &both_supported);
if (maj_stat != GSS_S_COMPLETE) { if (maj_stat != GSS_S_COMPLETE) {
SSH_LOG(SSH_LOG_WARNING, "error acquiring credentials %d, %d", maj_stat, min_stat); SSH_LOG(SSH_LOG_TRACE, "error acquiring credentials %d, %d", maj_stat, min_stat);
ssh_gssapi_log_error(SSH_LOG_WARNING, ssh_gssapi_log_error(SSH_LOG_TRACE,
"acquiring creds", "acquiring creds",
maj_stat, maj_stat,
min_stat); min_stat);
@@ -308,7 +308,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
continue; continue;
} }
if(len < 2 || oid_s[0] != SSH_OID_TAG || ((size_t)oid_s[1]) != len - 2){ if(len < 2 || oid_s[0] != SSH_OID_TAG || ((size_t)oid_s[1]) != len - 2){
SSH_LOG(SSH_LOG_WARNING,"GSSAPI: received invalid OID"); SSH_LOG(SSH_LOG_TRACE,"GSSAPI: received invalid OID");
continue; continue;
} }
oid.elements = &oid_s[2]; oid.elements = &oid_s[2];

6
src/kex.c
View File

@@ -601,7 +601,7 @@ char *ssh_client_select_hostkeys(ssh_session session)
/* This removes the certificate types, unsupported for now */ /* This removes the certificate types, unsupported for now */
wanted_without_certs = ssh_find_all_matching(HOSTKEYS, wanted); wanted_without_certs = ssh_find_all_matching(HOSTKEYS, wanted);
if (wanted_without_certs == NULL) { if (wanted_without_certs == NULL) {
SSH_LOG(SSH_LOG_WARNING, SSH_LOG(SSH_LOG_TRACE,
"List of allowed host key algorithms is empty or contains only " "List of allowed host key algorithms is empty or contains only "
"unsupported algorithms"); "unsupported algorithms");
return NULL; return NULL;
@@ -654,7 +654,7 @@ char *ssh_client_select_hostkeys(ssh_session session)
fips_hostkeys = ssh_keep_fips_algos(SSH_HOSTKEYS, new_hostkeys); fips_hostkeys = ssh_keep_fips_algos(SSH_HOSTKEYS, new_hostkeys);
SAFE_FREE(new_hostkeys); SAFE_FREE(new_hostkeys);
if (fips_hostkeys == NULL) { if (fips_hostkeys == NULL) {
SSH_LOG(SSH_LOG_WARNING, SSH_LOG(SSH_LOG_TRACE,
"None of the wanted host keys or keys in known_hosts files " "None of the wanted host keys or keys in known_hosts files "
"is allowed in FIPS mode."); "is allowed in FIPS mode.");
return NULL; return NULL;
@@ -1141,7 +1141,7 @@ int ssh_make_sessionid(ssh_session session)
case SSH_KEX_ECDH_SHA2_NISTP521: case SSH_KEX_ECDH_SHA2_NISTP521:
if (session->next_crypto->ecdh_client_pubkey == NULL || if (session->next_crypto->ecdh_client_pubkey == NULL ||
session->next_crypto->ecdh_server_pubkey == NULL) { session->next_crypto->ecdh_server_pubkey == NULL) {
SSH_LOG(SSH_LOG_WARNING, "ECDH parameted missing"); SSH_LOG(SSH_LOG_TRACE, "ECDH parameted missing");
goto error; goto error;
} }
rc = ssh_buffer_pack(buf, rc = ssh_buffer_pack(buf,

12
src/knownhosts.c
View File

@@ -235,7 +235,7 @@ static int ssh_known_hosts_read_entries(const char *match,
fp = fopen(filename, "r"); fp = fopen(filename, "r");
if (fp == NULL) { if (fp == NULL) {
char err_msg[SSH_ERRNO_MSG_MAX] = {0}; char err_msg[SSH_ERRNO_MSG_MAX] = {0};
SSH_LOG(SSH_LOG_WARN, "Failed to open the known_hosts file '%s': %s", SSH_LOG(SSH_LOG_TRACE, "Failed to open the known_hosts file '%s': %s",
filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
/* The missing file is not an error here */ /* The missing file is not an error here */
return SSH_OK; return SSH_OK;
@@ -503,7 +503,7 @@ static const char *ssh_known_host_sigs_from_hostkey_type(enum ssh_keytypes_e typ
#endif #endif
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"The given type %d is not a base private key type " "The given type %d is not a base private key type "
"or is unsupported", "or is unsupported",
type); type);
@@ -749,7 +749,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
key_type = ssh_key_type_from_name(p); key_type = ssh_key_type_from_name(p);
if (key_type == SSH_KEYTYPE_UNKNOWN) { if (key_type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "key type '%s' unknown!", p); SSH_LOG(SSH_LOG_TRACE, "key type '%s' unknown!", p);
rc = SSH_ERROR; rc = SSH_ERROR;
goto out; goto out;
} }
@@ -765,7 +765,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
key_type, key_type,
&e->publickey); &e->publickey);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Failed to parse %s key for entry: %s!", "Failed to parse %s key for entry: %s!",
ssh_key_type_to_char(key_type), ssh_key_type_to_char(key_type),
e->unparsed); e->unparsed);
@@ -836,7 +836,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)
if (session->opts.knownhosts != NULL) { if (session->opts.knownhosts != NULL) {
known_hosts_found = ssh_file_readaccess_ok(session->opts.knownhosts); known_hosts_found = ssh_file_readaccess_ok(session->opts.knownhosts);
if (!known_hosts_found) { if (!known_hosts_found) {
SSH_LOG(SSH_LOG_WARN, "Cannot access file %s", SSH_LOG(SSH_LOG_TRACE, "Cannot access file %s",
session->opts.knownhosts); session->opts.knownhosts);
} }
} }
@@ -845,7 +845,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)
global_known_hosts_found = global_known_hosts_found =
ssh_file_readaccess_ok(session->opts.global_knownhosts); ssh_file_readaccess_ok(session->opts.global_knownhosts);
if (!global_known_hosts_found) { if (!global_known_hosts_found) {
SSH_LOG(SSH_LOG_WARN, "Cannot access file %s", SSH_LOG(SSH_LOG_TRACE, "Cannot access file %s",
session->opts.global_knownhosts); session->opts.global_knownhosts);
} }
} }

104
src/libcrypto.c
View File

@@ -104,7 +104,7 @@ ENGINE *pki_get_engine(void)
engine = ENGINE_by_id("pkcs11"); engine = ENGINE_by_id("pkcs11");
if (engine == NULL) { if (engine == NULL) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Could not load the engine: %s", "Could not load the engine: %s",
ERR_error_string(ERR_get_error(), NULL)); ERR_error_string(ERR_get_error(), NULL));
return NULL; return NULL;
@@ -113,7 +113,7 @@ ENGINE *pki_get_engine(void)
ok = ENGINE_init(engine); ok = ENGINE_init(engine);
if (!ok) { if (!ok) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Could not initialize the engine: %s", "Could not initialize the engine: %s",
ERR_error_string(ERR_get_error(), NULL)); ERR_error_string(ERR_get_error(), NULL));
ENGINE_free(engine); ENGINE_free(engine);
@@ -444,10 +444,10 @@ static void evp_cipher_init(struct ssh_cipher_struct *cipher)
/* ciphers not using EVP */ /* ciphers not using EVP */
#endif /* WITH_BLOWFISH_CIPHER */ #endif /* WITH_BLOWFISH_CIPHER */
case SSH_AEAD_CHACHA20_POLY1305: case SSH_AEAD_CHACHA20_POLY1305:
SSH_LOG(SSH_LOG_WARNING, "The ChaCha cipher cannot be handled here"); SSH_LOG(SSH_LOG_TRACE, "The ChaCha cipher cannot be handled here");
break; break;
case SSH_NO_CIPHER: case SSH_NO_CIPHER:
SSH_LOG(SSH_LOG_WARNING, "No valid ciphertype found"); SSH_LOG(SSH_LOG_TRACE, "No valid ciphertype found");
break; break;
} }
} }
@@ -461,7 +461,7 @@ static int evp_cipher_set_encrypt_key(struct ssh_cipher_struct *cipher,
rc = EVP_EncryptInit_ex(cipher->ctx, cipher->cipher, NULL, key, IV); rc = EVP_EncryptInit_ex(cipher->ctx, cipher->cipher, NULL, key, IV);
if (rc != 1){ if (rc != 1){
SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptInit_ex failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptInit_ex failed");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -473,7 +473,7 @@ static int evp_cipher_set_encrypt_key(struct ssh_cipher_struct *cipher,
-1, -1,
(uint8_t *)IV); (uint8_t *)IV);
if (rc != 1) { if (rc != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_SET_IV_FIXED failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_SET_IV_FIXED failed");
return SSH_ERROR; return SSH_ERROR;
} }
} }
@@ -491,7 +491,7 @@ static int evp_cipher_set_decrypt_key(struct ssh_cipher_struct *cipher,
rc = EVP_DecryptInit_ex(cipher->ctx, cipher->cipher, NULL, key, IV); rc = EVP_DecryptInit_ex(cipher->ctx, cipher->cipher, NULL, key, IV);
if (rc != 1){ if (rc != 1){
SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptInit_ex failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptInit_ex failed");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -503,7 +503,7 @@ static int evp_cipher_set_decrypt_key(struct ssh_cipher_struct *cipher,
-1, -1,
(uint8_t *)IV); (uint8_t *)IV);
if (rc != 1) { if (rc != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_SET_IV_FIXED failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_SET_IV_FIXED failed");
return SSH_ERROR; return SSH_ERROR;
} }
} }
@@ -528,7 +528,7 @@ static void evp_cipher_encrypt(struct ssh_cipher_struct *cipher,
(unsigned char *)in, (unsigned char *)in,
(int)len); (int)len);
if (rc != 1){ if (rc != 1){
SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptUpdate failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptUpdate failed");
return; return;
} }
if (outlen != (int)len){ if (outlen != (int)len){
@@ -554,7 +554,7 @@ static void evp_cipher_decrypt(struct ssh_cipher_struct *cipher,
(unsigned char *)in, (unsigned char *)in,
(int)len); (int)len);
if (rc != 1){ if (rc != 1){
SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptUpdate failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptUpdate failed");
return; return;
} }
if (outlen != (int)len){ if (outlen != (int)len){
@@ -613,7 +613,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
1, 1,
lastiv); lastiv);
if (rc == 0) { if (rc == 0) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_IV_GEN failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_IV_GEN failed");
return; return;
} }
@@ -625,7 +625,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
(int)aadlen); (int)aadlen);
outlen = tmplen; outlen = tmplen;
if (rc == 0 || outlen != aadlen) { if (rc == 0 || outlen != aadlen) {
SSH_LOG(SSH_LOG_WARNING, "Failed to pass authenticated data"); SSH_LOG(SSH_LOG_TRACE, "Failed to pass authenticated data");
return; return;
} }
memcpy(out, in, aadlen); memcpy(out, in, aadlen);
@@ -638,7 +638,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
(int)len - aadlen); (int)len - aadlen);
outlen = tmplen; outlen = tmplen;
if (rc != 1 || outlen != (int)len - aadlen) { if (rc != 1 || outlen != (int)len - aadlen) {
SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptUpdate failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptUpdate failed");
return; return;
} }
@@ -647,7 +647,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
NULL, NULL,
&tmplen); &tmplen);
if (rc < 0) { if (rc < 0) {
SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptFinal failed: Failed to create a tag"); SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptFinal failed: Failed to create a tag");
return; return;
} }
@@ -656,7 +656,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
authlen, authlen,
(unsigned char *)tag); (unsigned char *)tag);
if (rc != 1) { if (rc != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_GET_TAG failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_GET_TAG failed");
return; return;
} }
} }
@@ -684,7 +684,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
1, 1,
lastiv); lastiv);
if (rc == 0) { if (rc == 0) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_IV_GEN failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_IV_GEN failed");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -694,7 +694,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
authlen, authlen,
(unsigned char *)complete_packet + aadlen + encrypted_size); (unsigned char *)complete_packet + aadlen + encrypted_size);
if (rc == 0) { if (rc == 0) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_SET_TAG failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_SET_TAG failed");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -705,7 +705,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
(unsigned char *)complete_packet, (unsigned char *)complete_packet,
(int)aadlen); (int)aadlen);
if (rc == 0) { if (rc == 0) {
SSH_LOG(SSH_LOG_WARNING, "Failed to pass authenticated data"); SSH_LOG(SSH_LOG_TRACE, "Failed to pass authenticated data");
return SSH_ERROR; return SSH_ERROR;
} }
/* Do not copy the length to the target buffer, because it is already processed */ /* Do not copy the length to the target buffer, because it is already processed */
@@ -718,12 +718,12 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
(unsigned char *)complete_packet + aadlen, (unsigned char *)complete_packet + aadlen,
encrypted_size /* already substracted aadlen*/); encrypted_size /* already substracted aadlen*/);
if (rc != 1) { if (rc != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptUpdate failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptUpdate failed");
return SSH_ERROR; return SSH_ERROR;
} }
if (outlen != (int)encrypted_size) { if (outlen != (int)encrypted_size) {
SSH_LOG(SSH_LOG_WARNING, SSH_LOG(SSH_LOG_TRACE,
"EVP_DecryptUpdate: output size %d for %zd in", "EVP_DecryptUpdate: output size %d for %zd in",
outlen, outlen,
encrypted_size); encrypted_size);
@@ -735,7 +735,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
NULL, NULL,
&outlen); &outlen);
if (rc < 0) { if (rc < 0) {
SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptFinal failed: Failed authentication"); SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptFinal failed: Failed authentication");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -817,24 +817,24 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
/* K2 uses the first half of the key */ /* K2 uses the first half of the key */
ctx->main_evp = EVP_CIPHER_CTX_new(); ctx->main_evp = EVP_CIPHER_CTX_new();
if (ctx->main_evp == NULL) { if (ctx->main_evp == NULL) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CIPHER_CTX_new failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CIPHER_CTX_new failed");
goto out; goto out;
} }
rv = EVP_EncryptInit_ex(ctx->main_evp, EVP_chacha20(), NULL, u8key, NULL); rv = EVP_EncryptInit_ex(ctx->main_evp, EVP_chacha20(), NULL, u8key, NULL);
if (rv != 1) { if (rv != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CipherInit failed");
goto out; goto out;
} }
/* K1 uses the second half of the key */ /* K1 uses the second half of the key */
ctx->header_evp = EVP_CIPHER_CTX_new(); ctx->header_evp = EVP_CIPHER_CTX_new();
if (ctx->header_evp == NULL) { if (ctx->header_evp == NULL) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CIPHER_CTX_new failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CIPHER_CTX_new failed");
goto out; goto out;
} }
ret = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL, ret = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL,
u8key + CHACHA20_KEYLEN, NULL); u8key + CHACHA20_KEYLEN, NULL);
if (ret != 1) { if (ret != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CipherInit failed");
goto out; goto out;
} }
@@ -844,18 +844,18 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
ctx->mctx = EVP_MD_CTX_new(); ctx->mctx = EVP_MD_CTX_new();
if (ctx->mctx == NULL) { if (ctx->mctx == NULL) {
SSH_LOG(SSH_LOG_WARNING, "EVP_MD_CTX_new failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_MD_CTX_new failed");
return SSH_ERROR; return SSH_ERROR;
} }
#else #else
mac = EVP_MAC_fetch(NULL, "poly1305", NULL); mac = EVP_MAC_fetch(NULL, "poly1305", NULL);
if (mac == NULL) { if (mac == NULL) {
SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_fetch failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_fetch failed");
goto out; goto out;
} }
ctx->mctx = EVP_MAC_CTX_new(mac); ctx->mctx = EVP_MAC_CTX_new(mac);
if (ctx->mctx == NULL) { if (ctx->mctx == NULL) {
SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_CTX_new failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_CTX_new failed");
goto out; goto out;
} }
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_VERSION_NUMBER */
@@ -893,13 +893,13 @@ chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher,
ret = EVP_CipherInit_ex(ctx->header_evp, NULL, NULL, NULL, seqbuf, do_encrypt); ret = EVP_CipherInit_ex(ctx->header_evp, NULL, NULL, NULL, seqbuf, do_encrypt);
if (ret != 1) { if (ret != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit_ex(header_evp) failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CipherInit_ex(header_evp) failed");
return SSH_ERROR; return SSH_ERROR;
} }
ret = EVP_CipherInit_ex(ctx->main_evp, NULL, NULL, NULL, seqbuf, do_encrypt); ret = EVP_CipherInit_ex(ctx->main_evp, NULL, NULL, NULL, seqbuf, do_encrypt);
if (ret != 1) { if (ret != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit_ex(main_evp) failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CipherInit_ex(main_evp) failed");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -928,7 +928,7 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
rv = EVP_CipherUpdate(ctx->main_evp, poly_key, &len, rv = EVP_CipherUpdate(ctx->main_evp, poly_key, &len,
(unsigned char *)zero_block, sizeof(zero_block)); (unsigned char *)zero_block, sizeof(zero_block));
if (rv != 1 || len != CHACHA20_BLOCKSIZE) { if (rv != 1 || len != CHACHA20_BLOCKSIZE) {
SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptUpdate failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptUpdate failed");
goto out; goto out;
} }
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
@@ -942,12 +942,12 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
ctx->key = EVP_PKEY_new_mac_key(EVP_PKEY_POLY1305, NULL, ctx->key = EVP_PKEY_new_mac_key(EVP_PKEY_POLY1305, NULL,
poly_key, POLY1305_KEYLEN); poly_key, POLY1305_KEYLEN);
if (ctx->key == NULL) { if (ctx->key == NULL) {
SSH_LOG(SSH_LOG_WARNING, "EVP_PKEY_new_mac_key failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_PKEY_new_mac_key failed");
goto out; goto out;
} }
rv = EVP_DigestSignInit(ctx->mctx, &ctx->pctx, NULL, NULL, ctx->key); rv = EVP_DigestSignInit(ctx->mctx, &ctx->pctx, NULL, NULL, ctx->key);
if (rv != 1) { if (rv != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_DigestSignInit failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_DigestSignInit failed");
goto out; goto out;
} }
} else { } else {
@@ -956,14 +956,14 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
EVP_PKEY_CTRL_SET_MAC_KEY, EVP_PKEY_CTRL_SET_MAC_KEY,
POLY1305_KEYLEN, (void *)poly_key); POLY1305_KEYLEN, (void *)poly_key);
if (rv <= 0) { if (rv <= 0) {
SSH_LOG(SSH_LOG_WARNING, "EVP_PKEY_CTX_ctrl failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_PKEY_CTX_ctrl failed");
goto out; goto out;
} }
} }
#else #else
rv = EVP_MAC_init(ctx->mctx, poly_key, POLY1305_KEYLEN, NULL); rv = EVP_MAC_init(ctx->mctx, poly_key, POLY1305_KEYLEN, NULL);
if (rv != 1) { if (rv != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_init failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_init failed");
goto out; goto out;
} }
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_VERSION_NUMBER */
@@ -1000,7 +1000,7 @@ chacha20_poly1305_aead_decrypt_length(struct ssh_cipher_struct *cipher,
rv = EVP_CipherUpdate(ctx->header_evp, out, &outlen, in, len); rv = EVP_CipherUpdate(ctx->header_evp, out, &outlen, in, len);
if (rv != 1 || outlen != sizeof(uint32_t)) { if (rv != 1 || outlen != sizeof(uint32_t)) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CipherUpdate failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CipherUpdate failed");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -1010,7 +1010,7 @@ chacha20_poly1305_aead_decrypt_length(struct ssh_cipher_struct *cipher,
rv = EVP_CipherFinal_ex(ctx->header_evp, out + outlen, &outlen); rv = EVP_CipherFinal_ex(ctx->header_evp, out + outlen, &outlen);
if (rv != 1 || outlen != 0) { if (rv != 1 || outlen != 0) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CipherFinal_ex failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CipherFinal_ex failed");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -1035,7 +1035,7 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
/* Prepare the Poly1305 key */ /* Prepare the Poly1305 key */
rv = chacha20_poly1305_packet_setup(cipher, seq, 0); rv = chacha20_poly1305_packet_setup(cipher, seq, 0);
if (rv != SSH_OK) { if (rv != SSH_OK) {
SSH_LOG(SSH_LOG_WARNING, "Failed to setup packet"); SSH_LOG(SSH_LOG_TRACE, "Failed to setup packet");
goto out; goto out;
} }
@@ -1048,26 +1048,26 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
rv = EVP_DigestSignUpdate(ctx->mctx, complete_packet, rv = EVP_DigestSignUpdate(ctx->mctx, complete_packet,
encrypted_size + sizeof(uint32_t)); encrypted_size + sizeof(uint32_t));
if (rv != 1) { if (rv != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_DigestSignUpdate failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_DigestSignUpdate failed");
goto out; goto out;
} }
rv = EVP_DigestSignFinal(ctx->mctx, tag, &taglen); rv = EVP_DigestSignFinal(ctx->mctx, tag, &taglen);
if (rv != 1) { if (rv != 1) {
SSH_LOG(SSH_LOG_WARNING, "poly1305 verify error"); SSH_LOG(SSH_LOG_TRACE, "poly1305 verify error");
goto out; goto out;
} }
#else #else
rv = EVP_MAC_update(ctx->mctx, complete_packet, rv = EVP_MAC_update(ctx->mctx, complete_packet,
encrypted_size + sizeof(uint32_t)); encrypted_size + sizeof(uint32_t));
if (rv != 1) { if (rv != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_update failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_update failed");
goto out; goto out;
} }
rv = EVP_MAC_final(ctx->mctx, tag, &taglen, POLY1305_TAGLEN); rv = EVP_MAC_final(ctx->mctx, tag, &taglen, POLY1305_TAGLEN);
if (rv != 1) { if (rv != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_final failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_final failed");
goto out; goto out;
} }
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_VERSION_NUMBER */
@@ -1089,13 +1089,13 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
(uint8_t *)complete_packet + sizeof(uint32_t), (uint8_t *)complete_packet + sizeof(uint32_t),
encrypted_size); encrypted_size);
if (rv != 1) { if (rv != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CipherUpdate failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CipherUpdate failed");
goto out; goto out;
} }
rv = EVP_CipherFinal_ex(ctx->main_evp, out + len, &len); rv = EVP_CipherFinal_ex(ctx->main_evp, out + len, &len);
if (rv != 1 || len != 0) { if (rv != 1 || len != 0) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CipherFinal_ex failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CipherFinal_ex failed");
goto out; goto out;
} }
@@ -1120,7 +1120,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
/* Prepare the Poly1305 key */ /* Prepare the Poly1305 key */
ret = chacha20_poly1305_packet_setup(cipher, seq, 1); ret = chacha20_poly1305_packet_setup(cipher, seq, 1);
if (ret != SSH_OK) { if (ret != SSH_OK) {
SSH_LOG(SSH_LOG_WARNING, "Failed to setup packet"); SSH_LOG(SSH_LOG_TRACE, "Failed to setup packet");
return; return;
} }
@@ -1135,7 +1135,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
(unsigned char *)&in_packet->length, (unsigned char *)&in_packet->length,
sizeof(uint32_t)); sizeof(uint32_t));
if (ret != 1 || outlen != sizeof(uint32_t)) { if (ret != 1 || outlen != sizeof(uint32_t)) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CipherUpdate failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CipherUpdate failed");
return; return;
} }
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
@@ -1144,7 +1144,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
#endif /* DEBUG_CRYPTO */ #endif /* DEBUG_CRYPTO */
ret = EVP_CipherFinal_ex(ctx->header_evp, (uint8_t *)out + outlen, &outlen); ret = EVP_CipherFinal_ex(ctx->header_evp, (uint8_t *)out + outlen, &outlen);
if (ret != 1 || outlen != 0) { if (ret != 1 || outlen != 0) {
SSH_LOG(SSH_LOG_PACKET, "EVP_EncryptFinal_ex failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptFinal_ex failed");
return; return;
} }
@@ -1156,7 +1156,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
in_packet->payload, in_packet->payload,
len - sizeof(uint32_t)); len - sizeof(uint32_t));
if (ret != 1) { if (ret != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CipherUpdate failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_CipherUpdate failed");
return; return;
} }
@@ -1164,24 +1164,24 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
ret = EVP_DigestSignUpdate(ctx->mctx, out_packet, len); ret = EVP_DigestSignUpdate(ctx->mctx, out_packet, len);
if (ret <= 0) { if (ret <= 0) {
SSH_LOG(SSH_LOG_WARNING, "EVP_DigestSignUpdate failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_DigestSignUpdate failed");
return; return;
} }
ret = EVP_DigestSignFinal(ctx->mctx, tag, &taglen); ret = EVP_DigestSignFinal(ctx->mctx, tag, &taglen);
if (ret <= 0) { if (ret <= 0) {
SSH_LOG(SSH_LOG_WARNING, "EVP_DigestSignFinal failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_DigestSignFinal failed");
return; return;
} }
#else #else
ret = EVP_MAC_update(ctx->mctx, (void*)out_packet, len); ret = EVP_MAC_update(ctx->mctx, (void*)out_packet, len);
if (ret != 1) { if (ret != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_update failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_update failed");
return; return;
} }
ret = EVP_MAC_final(ctx->mctx, tag, &taglen, POLY1305_TAGLEN); ret = EVP_MAC_final(ctx->mctx, tag, &taglen, POLY1305_TAGLEN);
if (ret != 1) { if (ret != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_final failed"); SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_final failed");
return; return;
} }
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_VERSION_NUMBER */

60
src/libgcrypt.c
View File

@@ -241,7 +241,7 @@ static int aes_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
} }
break; break;
default: default:
SSH_LOG(SSH_LOG_WARNING, "Unksupported key length %u.", cipher->keysize); SSH_LOG(SSH_LOG_TRACE, "Unsupported key length %u.", cipher->keysize);
SAFE_FREE(cipher->key); SAFE_FREE(cipher->key);
return -1; return -1;
} }
@@ -334,7 +334,7 @@ aes_gcm_encrypt(struct ssh_cipher_struct *cipher,
*/ */
uint64_inc(cipher->last_iv + 4); uint64_inc(cipher->last_iv + 4);
if (err) { if (err) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s",
gpg_strerror(err)); gpg_strerror(err));
return; return;
} }
@@ -342,7 +342,7 @@ aes_gcm_encrypt(struct ssh_cipher_struct *cipher,
/* Pass the authenticated data (packet_length) */ /* Pass the authenticated data (packet_length) */
err = gcry_cipher_authenticate(cipher->key[0], in, aadlen); err = gcry_cipher_authenticate(cipher->key[0], in, aadlen);
if (err) { if (err) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_authenticate failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_authenticate failed: %s",
gpg_strerror(err)); gpg_strerror(err));
return; return;
} }
@@ -355,7 +355,7 @@ aes_gcm_encrypt(struct ssh_cipher_struct *cipher,
(unsigned char *)in + aadlen, (unsigned char *)in + aadlen,
len - aadlen); len - aadlen);
if (err) { if (err) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s",
gpg_strerror(err)); gpg_strerror(err));
return; return;
} }
@@ -365,7 +365,7 @@ aes_gcm_encrypt(struct ssh_cipher_struct *cipher,
(void *)tag, (void *)tag,
authlen); authlen);
if (err) { if (err) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_gettag failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_gettag failed: %s",
gpg_strerror(err)); gpg_strerror(err));
return; return;
} }
@@ -399,7 +399,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher,
*/ */
uint64_inc(cipher->last_iv + 4); uint64_inc(cipher->last_iv + 4);
if (err) { if (err) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s",
gpg_strerror(err)); gpg_strerror(err));
return SSH_ERROR; return SSH_ERROR;
} }
@@ -409,7 +409,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher,
complete_packet, complete_packet,
aadlen); aadlen);
if (err) { if (err) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_authenticate failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_authenticate failed: %s",
gpg_strerror(err)); gpg_strerror(err));
return SSH_ERROR; return SSH_ERROR;
} }
@@ -423,7 +423,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher,
(unsigned char *)complete_packet + aadlen, (unsigned char *)complete_packet + aadlen,
encrypted_size); encrypted_size);
if (err) { if (err) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_decrypt failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_decrypt failed: %s",
gpg_strerror(err)); gpg_strerror(err));
return SSH_ERROR; return SSH_ERROR;
} }
@@ -436,7 +436,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher,
SSH_LOG(SSH_LOG_WARNING, "The authentication tag does not match"); SSH_LOG(SSH_LOG_WARNING, "The authentication tag does not match");
return SSH_ERROR; return SSH_ERROR;
} else if (err != GPG_ERR_NO_ERROR) { } else if (err != GPG_ERR_NO_ERROR) {
SSH_LOG(SSH_LOG_WARNING, "General error while decryption: %s", SSH_LOG(SSH_LOG_TRACE, "General error while decryption: %s",
gpg_strerror(err)); gpg_strerror(err));
return SSH_ERROR; return SSH_ERROR;
} }
@@ -522,7 +522,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
err = gcry_cipher_open(&ctx->main_hd, GCRY_CIPHER_CHACHA20, err = gcry_cipher_open(&ctx->main_hd, GCRY_CIPHER_CHACHA20,
GCRY_CIPHER_MODE_STREAM, 0); GCRY_CIPHER_MODE_STREAM, 0);
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_open failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_open failed: %s",
gpg_strerror(err)); gpg_strerror(err));
SAFE_FREE(cipher->chacha20_schedule); SAFE_FREE(cipher->chacha20_schedule);
return -1; return -1;
@@ -530,7 +530,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
err = gcry_cipher_open(&ctx->header_hd, GCRY_CIPHER_CHACHA20, err = gcry_cipher_open(&ctx->header_hd, GCRY_CIPHER_CHACHA20,
GCRY_CIPHER_MODE_STREAM, 0); GCRY_CIPHER_MODE_STREAM, 0);
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_open failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_open failed: %s",
gpg_strerror(err)); gpg_strerror(err));
gcry_cipher_close(ctx->main_hd); gcry_cipher_close(ctx->main_hd);
SAFE_FREE(cipher->chacha20_schedule); SAFE_FREE(cipher->chacha20_schedule);
@@ -538,7 +538,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
} }
err = gcry_mac_open(&ctx->mac_hd, GCRY_MAC_POLY1305, 0, NULL); err = gcry_mac_open(&ctx->mac_hd, GCRY_MAC_POLY1305, 0, NULL);
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_mac_open failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_mac_open failed: %s",
gpg_strerror(err)); gpg_strerror(err));
gcry_cipher_close(ctx->main_hd); gcry_cipher_close(ctx->main_hd);
gcry_cipher_close(ctx->header_hd); gcry_cipher_close(ctx->header_hd);
@@ -551,7 +551,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
err = gcry_cipher_setkey(ctx->main_hd, u8key, CHACHA20_KEYLEN); err = gcry_cipher_setkey(ctx->main_hd, u8key, CHACHA20_KEYLEN);
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setkey failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setkey failed: %s",
gpg_strerror(err)); gpg_strerror(err));
chacha20_cleanup(cipher); chacha20_cleanup(cipher);
return -1; return -1;
@@ -560,7 +560,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
err = gcry_cipher_setkey(ctx->header_hd, u8key + CHACHA20_KEYLEN, err = gcry_cipher_setkey(ctx->header_hd, u8key + CHACHA20_KEYLEN,
CHACHA20_KEYLEN); CHACHA20_KEYLEN);
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setkey failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setkey failed: %s",
gpg_strerror(err)); gpg_strerror(err));
chacha20_cleanup(cipher); chacha20_cleanup(cipher);
return -1; return -1;
@@ -587,7 +587,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
/* step 1, prepare the poly1305 key */ /* step 1, prepare the poly1305 key */
err = gcry_cipher_setiv(ctx->main_hd, (uint8_t *)&seq, sizeof(seq)); err = gcry_cipher_setiv(ctx->main_hd, (uint8_t *)&seq, sizeof(seq));
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }
@@ -599,13 +599,13 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
zero_block, zero_block,
sizeof(zero_block)); sizeof(zero_block));
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }
err = gcry_mac_setkey(ctx->mac_hd, poly_key, POLY1305_KEYLEN); err = gcry_mac_setkey(ctx->mac_hd, poly_key, POLY1305_KEYLEN);
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_mac_setkey failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_mac_setkey failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }
@@ -613,7 +613,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
/* step 2, encrypt length field */ /* step 2, encrypt length field */
err = gcry_cipher_setiv(ctx->header_hd, (uint8_t *)&seq, sizeof(seq)); err = gcry_cipher_setiv(ctx->header_hd, (uint8_t *)&seq, sizeof(seq));
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }
@@ -623,7 +623,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
(uint8_t *)&in_packet->length, (uint8_t *)&in_packet->length,
sizeof(uint32_t)); sizeof(uint32_t));
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }
@@ -635,7 +635,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
in_packet->payload, in_packet->payload,
len - sizeof(uint32_t)); len - sizeof(uint32_t));
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }
@@ -643,13 +643,13 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
/* step 4, compute the MAC */ /* step 4, compute the MAC */
err = gcry_mac_write(ctx->mac_hd, (uint8_t *)out_packet, len); err = gcry_mac_write(ctx->mac_hd, (uint8_t *)out_packet, len);
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_mac_write failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_mac_write failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }
err = gcry_mac_read(ctx->mac_hd, tag, &taglen); err = gcry_mac_read(ctx->mac_hd, tag, &taglen);
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_mac_read failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_mac_read failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }
@@ -675,7 +675,7 @@ static int chacha20_poly1305_aead_decrypt_length(
err = gcry_cipher_setiv(ctx->header_hd, (uint8_t *)&seq, sizeof(seq)); err = gcry_cipher_setiv(ctx->header_hd, (uint8_t *)&seq, sizeof(seq));
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s",
gpg_strerror(err)); gpg_strerror(err));
return SSH_ERROR; return SSH_ERROR;
} }
@@ -685,7 +685,7 @@ static int chacha20_poly1305_aead_decrypt_length(
in, in,
sizeof(uint32_t)); sizeof(uint32_t));
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_decrypt failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_decrypt failed: %s",
gpg_strerror(err)); gpg_strerror(err));
return SSH_ERROR; return SSH_ERROR;
} }
@@ -711,7 +711,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
/* step 1, prepare the poly1305 key */ /* step 1, prepare the poly1305 key */
err = gcry_cipher_setiv(ctx->main_hd, (uint8_t *)&seq, sizeof(seq)); err = gcry_cipher_setiv(ctx->main_hd, (uint8_t *)&seq, sizeof(seq));
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }
@@ -723,13 +723,13 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
zero_block, zero_block,
sizeof(zero_block)); sizeof(zero_block));
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }
err = gcry_mac_setkey(ctx->mac_hd, poly_key, POLY1305_KEYLEN); err = gcry_mac_setkey(ctx->mac_hd, poly_key, POLY1305_KEYLEN);
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_mac_setkey failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_mac_setkey failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }
@@ -738,7 +738,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
err = gcry_mac_write(ctx->mac_hd, (uint8_t *)complete_packet, err = gcry_mac_write(ctx->mac_hd, (uint8_t *)complete_packet,
encrypted_size + sizeof(uint32_t)); encrypted_size + sizeof(uint32_t));
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_mac_write failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_mac_write failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }
@@ -747,7 +747,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
SSH_LOG(SSH_LOG_PACKET, "poly1305 verify error"); SSH_LOG(SSH_LOG_PACKET, "poly1305 verify error");
goto out; goto out;
} else if (err != 0) { } else if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_mac_verify failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_mac_verify failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }
@@ -759,7 +759,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
(uint8_t *)complete_packet + sizeof(uint32_t), (uint8_t *)complete_packet + sizeof(uint32_t),
encrypted_size); encrypted_size);
if (err != 0) { if (err != 0) {
SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_decrypt failed: %s", SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_decrypt failed: %s",
gpg_strerror(err)); gpg_strerror(err));
goto out; goto out;
} }

82
src/libmbedcrypto.c
View File

@@ -217,7 +217,7 @@ cipher_init(struct ssh_cipher_struct *cipher,
} else if (operation == MBEDTLS_DECRYPT) { } else if (operation == MBEDTLS_DECRYPT) {
ctx = &cipher->decrypt_ctx; ctx = &cipher->decrypt_ctx;
} else { } else {
SSH_LOG(SSH_LOG_WARNING, "unknown operation"); SSH_LOG(SSH_LOG_TRACE, "unknown operation");
return 1; return 1;
} }
@@ -226,21 +226,21 @@ cipher_init(struct ssh_cipher_struct *cipher,
rc = mbedtls_cipher_setup(ctx, cipher_info); rc = mbedtls_cipher_setup(ctx, cipher_info);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setup failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_setup failed");
goto error; goto error;
} }
key_bitlen = mbedtls_cipher_info_get_key_bitlen(cipher_info); key_bitlen = mbedtls_cipher_info_get_key_bitlen(cipher_info);
rc = mbedtls_cipher_setkey(ctx, key, key_bitlen, operation); rc = mbedtls_cipher_setkey(ctx, key, key_bitlen, operation);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_setkey failed");
goto error; goto error;
} }
iv_size = mbedtls_cipher_info_get_iv_size(cipher_info); iv_size = mbedtls_cipher_info_get_iv_size(cipher_info);
rc = mbedtls_cipher_set_iv(ctx, IV, iv_size); rc = mbedtls_cipher_set_iv(ctx, IV, iv_size);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_set_iv failed");
goto error; goto error;
} }
@@ -259,13 +259,13 @@ cipher_set_encrypt_key(struct ssh_cipher_struct *cipher,
rc = cipher_init(cipher, MBEDTLS_ENCRYPT, key, IV); rc = cipher_init(cipher, MBEDTLS_ENCRYPT, key, IV);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "cipher_init failed"); SSH_LOG(SSH_LOG_TRACE, "cipher_init failed");
goto error; goto error;
} }
rc = mbedtls_cipher_reset(&cipher->encrypt_ctx); rc = mbedtls_cipher_reset(&cipher->encrypt_ctx);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed");
goto error; goto error;
} }
@@ -283,7 +283,7 @@ cipher_set_encrypt_key_cbc(struct ssh_cipher_struct *cipher,
rc = cipher_init(cipher, MBEDTLS_ENCRYPT, key, IV); rc = cipher_init(cipher, MBEDTLS_ENCRYPT, key, IV);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "cipher_init failed"); SSH_LOG(SSH_LOG_TRACE, "cipher_init failed");
goto error; goto error;
} }
@@ -293,13 +293,13 @@ cipher_set_encrypt_key_cbc(struct ssh_cipher_struct *cipher,
MBEDTLS_PADDING_NONE); MBEDTLS_PADDING_NONE);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_padding_mode failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_set_padding_mode failed");
goto error; goto error;
} }
rc = mbedtls_cipher_reset(&cipher->encrypt_ctx); rc = mbedtls_cipher_reset(&cipher->encrypt_ctx);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed");
goto error; goto error;
} }
@@ -327,7 +327,7 @@ cipher_set_key_gcm(struct ssh_cipher_struct *cipher,
key, key_bitlen); key, key_bitlen);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_gcm_setkey failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_gcm_setkey failed");
goto error; goto error;
} }
@@ -350,13 +350,13 @@ cipher_set_decrypt_key(struct ssh_cipher_struct *cipher,
rc = cipher_init(cipher, MBEDTLS_DECRYPT, key, IV); rc = cipher_init(cipher, MBEDTLS_DECRYPT, key, IV);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "cipher_init failed"); SSH_LOG(SSH_LOG_TRACE, "cipher_init failed");
goto error; goto error;
} }
mbedtls_cipher_reset(&cipher->decrypt_ctx); mbedtls_cipher_reset(&cipher->decrypt_ctx);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed");
goto error; goto error;
} }
@@ -375,20 +375,20 @@ cipher_set_decrypt_key_cbc(struct ssh_cipher_struct *cipher,
rc = cipher_init(cipher, MBEDTLS_DECRYPT, key, IV); rc = cipher_init(cipher, MBEDTLS_DECRYPT, key, IV);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "cipher_init failed"); SSH_LOG(SSH_LOG_TRACE, "cipher_init failed");
goto error; goto error;
} }
rc = mbedtls_cipher_set_padding_mode(&cipher->decrypt_ctx, rc = mbedtls_cipher_set_padding_mode(&cipher->decrypt_ctx,
MBEDTLS_PADDING_NONE); MBEDTLS_PADDING_NONE);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_padding_mode failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_set_padding_mode failed");
goto error; goto error;
} }
mbedtls_cipher_reset(&cipher->decrypt_ctx); mbedtls_cipher_reset(&cipher->decrypt_ctx);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed");
goto error; goto error;
} }
@@ -408,7 +408,7 @@ static void cipher_encrypt(struct ssh_cipher_struct *cipher,
int rc = 0; int rc = 0;
rc = mbedtls_cipher_update(&cipher->encrypt_ctx, in, len, out, &outlen); rc = mbedtls_cipher_update(&cipher->encrypt_ctx, in, len, out, &outlen);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update failed during encryption"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_update failed during encryption");
return; return;
} }
@@ -424,7 +424,7 @@ static void cipher_encrypt(struct ssh_cipher_struct *cipher,
total_len += outlen; total_len += outlen;
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_finish failed during encryption"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_finish failed during encryption");
return; return;
} }
@@ -443,7 +443,7 @@ static void cipher_encrypt_cbc(struct ssh_cipher_struct *cipher, void *in, void
int rc = 0; int rc = 0;
rc = mbedtls_cipher_update(&cipher->encrypt_ctx, in, len, out, &outlen); rc = mbedtls_cipher_update(&cipher->encrypt_ctx, in, len, out, &outlen);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update failed during encryption"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_update failed during encryption");
return; return;
} }
@@ -466,7 +466,7 @@ static void cipher_decrypt(struct ssh_cipher_struct *cipher,
rc = mbedtls_cipher_update(&cipher->decrypt_ctx, in, len, out, &outlen); rc = mbedtls_cipher_update(&cipher->decrypt_ctx, in, len, out, &outlen);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update failed during decryption"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_update failed during decryption");
return; return;
} }
@@ -480,7 +480,7 @@ static void cipher_decrypt(struct ssh_cipher_struct *cipher,
outlen, &outlen); outlen, &outlen);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed during decryption"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed during decryption");
return; return;
} }
@@ -501,7 +501,7 @@ static void cipher_decrypt_cbc(struct ssh_cipher_struct *cipher, void *in, void
int rc = 0; int rc = 0;
rc = mbedtls_cipher_update(&cipher->decrypt_ctx, in, len, out, &outlen); rc = mbedtls_cipher_update(&cipher->decrypt_ctx, in, len, out, &outlen);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update failed during decryption"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_update failed during decryption");
return; return;
} }
@@ -520,14 +520,14 @@ static void cipher_decrypt_cbc(struct ssh_cipher_struct *cipher, void *in, void
} }
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_finish failed during decryption"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_finish failed during decryption");
return; return;
} }
rc = mbedtls_cipher_reset(&cipher->decrypt_ctx); rc = mbedtls_cipher_reset(&cipher->decrypt_ctx);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed during decryption"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed during decryption");
return; return;
} }
@@ -586,7 +586,7 @@ cipher_encrypt_gcm(struct ssh_cipher_struct *cipher,
authlen, authlen,
tag); /* tag */ tag); /* tag */
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_gcm_crypt_and_tag failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_gcm_crypt_and_tag failed");
return; return;
} }
@@ -620,7 +620,7 @@ cipher_decrypt_gcm(struct ssh_cipher_struct *cipher,
(const uint8_t *)complete_packet + aadlen, /* input */ (const uint8_t *)complete_packet + aadlen, /* input */
(unsigned char *)out); /* output */ (unsigned char *)out); /* output */
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_gcm_auth_decrypt failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_gcm_auth_decrypt failed");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -694,14 +694,14 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
/* K2 uses the first half of the key */ /* K2 uses the first half of the key */
rv = mbedtls_chacha20_setkey(&ctx->main_ctx, u8key); rv = mbedtls_chacha20_setkey(&ctx->main_ctx, u8key);
if (rv != 0) { if (rv != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_setkey(main_ctx) failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_setkey(main_ctx) failed");
goto out; goto out;
} }
/* K1 uses the second half of the key */ /* K1 uses the second half of the key */
rv = mbedtls_chacha20_setkey(&ctx->header_ctx, u8key + CHACHA20_KEYLEN); rv = mbedtls_chacha20_setkey(&ctx->header_ctx, u8key + CHACHA20_KEYLEN);
if (rv != 0) { if (rv != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_setkey(header_ctx) failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_setkey(header_ctx) failed");
goto out; goto out;
} }
@@ -734,13 +734,13 @@ chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher,
ret = mbedtls_chacha20_starts(&ctx->header_ctx, seqbuf, 0); ret = mbedtls_chacha20_starts(&ctx->header_ctx, seqbuf, 0);
if (ret != 0) { if (ret != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_starts(header_ctx) failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_starts(header_ctx) failed");
return SSH_ERROR; return SSH_ERROR;
} }
ret = mbedtls_chacha20_starts(&ctx->main_ctx, seqbuf, 0); ret = mbedtls_chacha20_starts(&ctx->main_ctx, seqbuf, 0);
if (ret != 0) { if (ret != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_starts(main_ctx) failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_starts(main_ctx) failed");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -769,7 +769,7 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
rv = mbedtls_chacha20_update(&ctx->main_ctx, sizeof(zero_block), rv = mbedtls_chacha20_update(&ctx->main_ctx, sizeof(zero_block),
zero_block, poly_key); zero_block, poly_key);
if (rv != 0) { if (rv != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed");
goto out; goto out;
} }
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
@@ -779,7 +779,7 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
/* Set the Poly1305 key */ /* Set the Poly1305 key */
rv = mbedtls_poly1305_starts(&ctx->poly_ctx, poly_key); rv = mbedtls_poly1305_starts(&ctx->poly_ctx, poly_key);
if (rv != 0) { if (rv != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_starts failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_starts failed");
goto out; goto out;
} }
@@ -815,7 +815,7 @@ chacha20_poly1305_aead_decrypt_length(struct ssh_cipher_struct *cipher,
rv = mbedtls_chacha20_update(&ctx->header_ctx, sizeof(uint32_t), in, out); rv = mbedtls_chacha20_update(&ctx->header_ctx, sizeof(uint32_t), in, out);
if (rv != 0) { if (rv != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -843,7 +843,7 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
/* Prepare the Poly1305 key */ /* Prepare the Poly1305 key */
rv = chacha20_poly1305_packet_setup(cipher, seq, 0); rv = chacha20_poly1305_packet_setup(cipher, seq, 0);
if (rv != SSH_OK) { if (rv != SSH_OK) {
SSH_LOG(SSH_LOG_WARNING, "Failed to setup packet"); SSH_LOG(SSH_LOG_TRACE, "Failed to setup packet");
goto out; goto out;
} }
@@ -855,13 +855,13 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
rv = mbedtls_poly1305_update(&ctx->poly_ctx, complete_packet, rv = mbedtls_poly1305_update(&ctx->poly_ctx, complete_packet,
encrypted_size + sizeof(uint32_t)); encrypted_size + sizeof(uint32_t));
if (rv != 0) { if (rv != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_update failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_update failed");
goto out; goto out;
} }
rv = mbedtls_poly1305_finish(&ctx->poly_ctx, tag); rv = mbedtls_poly1305_finish(&ctx->poly_ctx, tag);
if (rv != 0) { if (rv != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_finish failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_finish failed");
goto out; goto out;
} }
@@ -882,7 +882,7 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
(uint8_t *)complete_packet + sizeof(uint32_t), (uint8_t *)complete_packet + sizeof(uint32_t),
out); out);
if (rv != 0) { if (rv != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed");
goto out; goto out;
} }
@@ -906,7 +906,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
/* Prepare the Poly1305 key */ /* Prepare the Poly1305 key */
ret = chacha20_poly1305_packet_setup(cipher, seq, 1); ret = chacha20_poly1305_packet_setup(cipher, seq, 1);
if (ret != SSH_OK) { if (ret != SSH_OK) {
SSH_LOG(SSH_LOG_WARNING, "Failed to setup packet"); SSH_LOG(SSH_LOG_TRACE, "Failed to setup packet");
return; return;
} }
@@ -919,7 +919,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
(unsigned char *)&in_packet->length, (unsigned char *)&in_packet->length,
(unsigned char *)&out_packet->length); (unsigned char *)&out_packet->length);
if (ret != 0) { if (ret != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed");
return; return;
} }
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
@@ -932,19 +932,19 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
ret = mbedtls_chacha20_update(&ctx->main_ctx, len - sizeof(uint32_t), ret = mbedtls_chacha20_update(&ctx->main_ctx, len - sizeof(uint32_t),
in_packet->payload, out_packet->payload); in_packet->payload, out_packet->payload);
if (ret != 0) { if (ret != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed");
return; return;
} }
/* step 4, compute the MAC */ /* step 4, compute the MAC */
ret = mbedtls_poly1305_update(&ctx->poly_ctx, (const unsigned char *)out_packet, len); ret = mbedtls_poly1305_update(&ctx->poly_ctx, (const unsigned char *)out_packet, len);
if (ret != 0) { if (ret != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_update failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_update failed");
return; return;
} }
ret = mbedtls_poly1305_finish(&ctx->poly_ctx, tag); ret = mbedtls_poly1305_finish(&ctx->poly_ctx, tag);
if (ret != 0) { if (ret != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_finish failed"); SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_finish failed");
return; return;
} }
} }

8
src/messages.c
View File

@@ -160,7 +160,7 @@ static int ssh_execute_server_request(ssh_session session, ssh_message msg)
if (channel != NULL) { if (channel != NULL) {
rc = ssh_message_channel_request_open_reply_accept_channel(msg, channel); rc = ssh_message_channel_request_open_reply_accept_channel(msg, channel);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_WARNING, SSH_LOG(SSH_LOG_TRACE,
"Failed to send reply for accepting a channel " "Failed to send reply for accepting a channel "
"open"); "open");
} }
@@ -237,7 +237,7 @@ static int ssh_execute_server_request(ssh_session session, ssh_message msg)
msg->channel_request.pxwidth, msg->channel_request.pxwidth,
msg->channel_request.pxheight); msg->channel_request.pxheight);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_WARNING, SSH_LOG(SSH_LOG_TRACE,
"Failed to iterate callbacks for window change"); "Failed to iterate callbacks for window change");
} }
return SSH_OK; return SSH_OK;
@@ -775,7 +775,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
cmp = strcmp(service, "ssh-connection"); cmp = strcmp(service, "ssh-connection");
if (cmp != 0) { if (cmp != 0) {
SSH_LOG(SSH_LOG_WARNING, SSH_LOG(SSH_LOG_TRACE,
"Invalid service request: %s", "Invalid service request: %s",
service); service);
goto end; goto end;
@@ -1620,7 +1620,7 @@ reply_with_failure:
error: error:
SAFE_FREE(msg); SAFE_FREE(msg);
SAFE_FREE(request); SAFE_FREE(request);
SSH_LOG(SSH_LOG_WARNING, "Invalid SSH_MSG_GLOBAL_REQUEST packet"); SSH_LOG(SSH_LOG_TRACE, "Invalid SSH_MSG_GLOBAL_REQUEST packet");
return rc; return rc;
} }

8
src/misc.c
View File

@@ -1642,20 +1642,20 @@ int ssh_quote_file_name(const char *file_name, char *buf, size_t buf_len)
enum ssh_quote_state_e state = NO_QUOTE; enum ssh_quote_state_e state = NO_QUOTE;
if (file_name == NULL || buf == NULL || buf_len == 0) { if (file_name == NULL || buf == NULL || buf_len == 0) {
SSH_LOG(SSH_LOG_WARNING, "Invalid parameter"); SSH_LOG(SSH_LOG_TRACE, "Invalid parameter");
return SSH_ERROR; return SSH_ERROR;
} }
/* Only allow file names smaller than 32kb. */ /* Only allow file names smaller than 32kb. */
if (strlen(file_name) > 32 * 1024) { if (strlen(file_name) > 32 * 1024) {
SSH_LOG(SSH_LOG_WARNING, "File name too long"); SSH_LOG(SSH_LOG_TRACE, "File name too long");
return SSH_ERROR; return SSH_ERROR;
} }
/* Paranoia check */ /* Paranoia check */
required_buf_len = (size_t)3 * strlen(file_name) + 1; required_buf_len = (size_t)3 * strlen(file_name) + 1;
if (required_buf_len > buf_len) { if (required_buf_len > buf_len) {
SSH_LOG(SSH_LOG_WARNING, "Buffer too small"); SSH_LOG(SSH_LOG_TRACE, "Buffer too small");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -1813,7 +1813,7 @@ int ssh_newline_vis(const char *string, char *buf, size_t buf_len)
} }
if ((2 * strlen(string) + 1) > buf_len) { if ((2 * strlen(string) + 1) > buf_len) {
SSH_LOG(SSH_LOG_WARNING, "Buffer too small"); SSH_LOG(SSH_LOG_TRACE, "Buffer too small");
return SSH_ERROR; return SSH_ERROR;
} }

4
src/packet.c
View File

@@ -1543,7 +1543,7 @@ SSH_PACKET_CALLBACK(ssh_packet_unimplemented){
rc = ssh_buffer_unpack(packet, "d", &seq); rc = ssh_buffer_unpack(packet, "d", &seq);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_WARNING, SSH_LOG(SSH_LOG_TRACE,
"Could not unpack SSH_MSG_UNIMPLEMENTED packet"); "Could not unpack SSH_MSG_UNIMPLEMENTED packet");
} }
@@ -1895,7 +1895,7 @@ ssh_packet_set_newkeys(ssh_session session,
session->next_crypto->used |= direction; session->next_crypto->used |= direction;
if (session->current_crypto != NULL) { if (session->current_crypto != NULL) {
if (session->current_crypto->used & direction) { if (session->current_crypto->used & direction) {
SSH_LOG(SSH_LOG_WARNING, "This direction isn't used anymore."); SSH_LOG(SSH_LOG_TRACE, "This direction isn't used anymore.");
} }
/* Mark the current requested direction unused */ /* Mark the current requested direction unused */
session->current_crypto->used &= ~direction; session->current_crypto->used &= ~direction;

88
src/pki.c
View File

@@ -351,7 +351,7 @@ enum ssh_digest_e ssh_key_hash_from_name(const char *name)
return SSH_DIGEST_AUTO; return SSH_DIGEST_AUTO;
} }
SSH_LOG(SSH_LOG_WARN, "Unknown signature name %s", name); SSH_LOG(SSH_LOG_TRACE, "Unknown signature name %s", name);
/* TODO we should rather fail */ /* TODO we should rather fail */
return SSH_DIGEST_AUTO; return SSH_DIGEST_AUTO;
@@ -383,13 +383,13 @@ int ssh_key_algorithm_allowed(ssh_session session, const char *type)
else if (session->server) { else if (session->server) {
allowed_list = session->opts.wanted_methods[SSH_HOSTKEYS]; allowed_list = session->opts.wanted_methods[SSH_HOSTKEYS];
if (allowed_list == NULL) { if (allowed_list == NULL) {
SSH_LOG(SSH_LOG_WARN, "Session invalid: no host key available"); SSH_LOG(SSH_LOG_TRACE, "Session invalid: no host key available");
return 0; return 0;
} }
} }
#endif /* WITH_SERVER */ #endif /* WITH_SERVER */
else { else {
SSH_LOG(SSH_LOG_WARN, "Session invalid: not set as client nor server"); SSH_LOG(SSH_LOG_TRACE, "Session invalid: not set as client nor server");
return 0; return 0;
} }
@@ -495,7 +495,7 @@ enum ssh_digest_e ssh_key_type_to_hash(ssh_session session,
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:
SSH_LOG(SSH_LOG_WARN, "Digest algorithm to be used with key type %u " SSH_LOG(SSH_LOG_TRACE, "Digest algorithm to be used with key type %u "
"is not defined", type); "is not defined", type);
} }
@@ -961,7 +961,7 @@ int ssh_pki_import_privkey_file(const char *filename,
file = fopen(filename, "rb"); file = fopen(filename, "rb");
if (file == NULL) { if (file == NULL) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Error opening %s: %s", "Error opening %s: %s",
filename, filename,
ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
@@ -971,7 +971,7 @@ int ssh_pki_import_privkey_file(const char *filename,
rc = fstat(fileno(file), &sb); rc = fstat(fileno(file), &sb);
if (rc < 0) { if (rc < 0) {
fclose(file); fclose(file);
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Error getting stat of %s: %s", "Error getting stat of %s: %s",
filename, filename,
ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
@@ -985,7 +985,7 @@ int ssh_pki_import_privkey_file(const char *filename,
} }
if (sb.st_size > MAX_PRIVKEY_SIZE) { if (sb.st_size > MAX_PRIVKEY_SIZE) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Private key is bigger than 4M."); "Private key is bigger than 4M.");
fclose(file); fclose(file);
return SSH_ERROR; return SSH_ERROR;
@@ -994,7 +994,7 @@ int ssh_pki_import_privkey_file(const char *filename,
key_buf = malloc(sb.st_size + 1); key_buf = malloc(sb.st_size + 1);
if (key_buf == NULL) { if (key_buf == NULL) {
fclose(file); fclose(file);
SSH_LOG(SSH_LOG_WARN, "Out of memory!"); SSH_LOG(SSH_LOG_TRACE, "Out of memory!");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -1003,7 +1003,7 @@ int ssh_pki_import_privkey_file(const char *filename,
if (size != sb.st_size) { if (size != sb.st_size) {
SAFE_FREE(key_buf); SAFE_FREE(key_buf);
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Error reading %s: %s", "Error reading %s: %s",
filename, filename,
ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
@@ -1176,7 +1176,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
rc = ssh_buffer_unpack(buffer, "SSSSS", &p, &q, &g, rc = ssh_buffer_unpack(buffer, "SSSSS", &p, &q, &g,
&pubkey, &privkey); &pubkey, &privkey);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_WARN, "Unpack error"); SSH_LOG(SSH_LOG_TRACE, "Unpack error");
goto fail; goto fail;
} }
@@ -1217,7 +1217,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
rc = ssh_buffer_unpack(buffer, "SSSSSS", &n, &e, &d, rc = ssh_buffer_unpack(buffer, "SSSSSS", &n, &e, &d,
&iqmp, &p, &q); &iqmp, &p, &q);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_WARN, "Unpack error"); SSH_LOG(SSH_LOG_TRACE, "Unpack error");
goto fail; goto fail;
} }
@@ -1244,7 +1244,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
ssh_string_burn(q); ssh_string_burn(q);
SSH_STRING_FREE(q); SSH_STRING_FREE(q);
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {
SSH_LOG(SSH_LOG_WARN, "Failed to build RSA private key"); SSH_LOG(SSH_LOG_TRACE, "Failed to build RSA private key");
goto fail; goto fail;
} }
} }
@@ -1261,7 +1261,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
rc = ssh_buffer_unpack(buffer, "SSS", &i, &e, &exp); rc = ssh_buffer_unpack(buffer, "SSS", &i, &e, &exp);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_WARN, "Unpack error"); SSH_LOG(SSH_LOG_TRACE, "Unpack error");
goto fail; goto fail;
} }
@@ -1281,7 +1281,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
ssh_string_burn(exp); ssh_string_burn(exp);
SSH_STRING_FREE(exp); SSH_STRING_FREE(exp);
if (rc < 0) { if (rc < 0) {
SSH_LOG(SSH_LOG_WARN, "Failed to build ECDSA private key"); SSH_LOG(SSH_LOG_TRACE, "Failed to build ECDSA private key");
goto fail; goto fail;
} }
} }
@@ -1293,7 +1293,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
rc = ssh_buffer_unpack(buffer, "SS", &pubkey, &privkey); rc = ssh_buffer_unpack(buffer, "SS", &pubkey, &privkey);
if (rc != SSH_OK){ if (rc != SSH_OK){
SSH_LOG(SSH_LOG_WARN, "Unpack error"); SSH_LOG(SSH_LOG_TRACE, "Unpack error");
goto fail; goto fail;
} }
@@ -1302,7 +1302,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
SSH_STRING_FREE(privkey); SSH_STRING_FREE(privkey);
SSH_STRING_FREE(pubkey); SSH_STRING_FREE(pubkey);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_WARN, "Failed to build ed25519 key"); SSH_LOG(SSH_LOG_TRACE, "Failed to build ed25519 key");
goto fail; goto fail;
} }
} }
@@ -1320,7 +1320,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:
SSH_LOG(SSH_LOG_WARN, "Unknown private key type (%d)", type); SSH_LOG(SSH_LOG_TRACE, "Unknown private key type (%d)", type);
goto fail; goto fail;
} }
@@ -1358,7 +1358,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
rc = ssh_buffer_unpack(buffer, "SSSS", &p, &q, &g, &pubkey); rc = ssh_buffer_unpack(buffer, "SSSS", &p, &q, &g, &pubkey);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_WARN, "Unpack error"); SSH_LOG(SSH_LOG_TRACE, "Unpack error");
goto fail; goto fail;
} }
@@ -1377,7 +1377,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
ssh_string_burn(pubkey); ssh_string_burn(pubkey);
SSH_STRING_FREE(pubkey); SSH_STRING_FREE(pubkey);
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {
SSH_LOG(SSH_LOG_WARN, "Failed to build DSA public key"); SSH_LOG(SSH_LOG_TRACE, "Failed to build DSA public key");
goto fail; goto fail;
} }
} }
@@ -1389,7 +1389,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
rc = ssh_buffer_unpack(buffer, "SS", &e, &n); rc = ssh_buffer_unpack(buffer, "SS", &e, &n);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_WARN, "Unpack error"); SSH_LOG(SSH_LOG_TRACE, "Unpack error");
goto fail; goto fail;
} }
@@ -1403,7 +1403,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
ssh_string_burn(n); ssh_string_burn(n);
SSH_STRING_FREE(n); SSH_STRING_FREE(n);
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {
SSH_LOG(SSH_LOG_WARN, "Failed to build RSA public key"); SSH_LOG(SSH_LOG_TRACE, "Failed to build RSA public key");
goto fail; goto fail;
} }
} }
@@ -1421,7 +1421,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
rc = ssh_buffer_unpack(buffer, "SS", &i, &e); rc = ssh_buffer_unpack(buffer, "SS", &i, &e);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_WARN, "Unpack error"); SSH_LOG(SSH_LOG_TRACE, "Unpack error");
goto fail; goto fail;
} }
@@ -1437,7 +1437,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
ssh_string_burn(e); ssh_string_burn(e);
SSH_STRING_FREE(e); SSH_STRING_FREE(e);
if (rc < 0) { if (rc < 0) {
SSH_LOG(SSH_LOG_WARN, "Failed to build ECDSA public key"); SSH_LOG(SSH_LOG_TRACE, "Failed to build ECDSA public key");
goto fail; goto fail;
} }
@@ -1450,7 +1450,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
if (type == SSH_KEYTYPE_SK_ECDSA) { if (type == SSH_KEYTYPE_SK_ECDSA) {
ssh_string application = ssh_buffer_get_ssh_string(buffer); ssh_string application = ssh_buffer_get_ssh_string(buffer);
if (application == NULL) { if (application == NULL) {
SSH_LOG(SSH_LOG_WARN, "SK Unpack error"); SSH_LOG(SSH_LOG_TRACE, "SK Unpack error");
goto fail; goto fail;
} }
key->sk_application = application; key->sk_application = application;
@@ -1465,7 +1465,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
ssh_string pubkey = ssh_buffer_get_ssh_string(buffer); ssh_string pubkey = ssh_buffer_get_ssh_string(buffer);
if (ssh_string_len(pubkey) != ED25519_KEY_LEN) { if (ssh_string_len(pubkey) != ED25519_KEY_LEN) {
SSH_LOG(SSH_LOG_WARN, "Invalid public key length"); SSH_LOG(SSH_LOG_TRACE, "Invalid public key length");
ssh_string_burn(pubkey); ssh_string_burn(pubkey);
SSH_STRING_FREE(pubkey); SSH_STRING_FREE(pubkey);
goto fail; goto fail;
@@ -1485,7 +1485,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
if (type == SSH_KEYTYPE_SK_ED25519) { if (type == SSH_KEYTYPE_SK_ED25519) {
ssh_string application = ssh_buffer_get_ssh_string(buffer); ssh_string application = ssh_buffer_get_ssh_string(buffer);
if (application == NULL) { if (application == NULL) {
SSH_LOG(SSH_LOG_WARN, "SK Unpack error"); SSH_LOG(SSH_LOG_TRACE, "SK Unpack error");
goto fail; goto fail;
} }
key->sk_application = application; key->sk_application = application;
@@ -1503,7 +1503,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:
SSH_LOG(SSH_LOG_WARN, "Unknown public key protocol %d", type); SSH_LOG(SSH_LOG_TRACE, "Unknown public key protocol %d", type);
goto fail; goto fail;
} }
@@ -1681,26 +1681,26 @@ int ssh_pki_import_pubkey_blob(const ssh_string key_blob,
buffer = ssh_buffer_new(); buffer = ssh_buffer_new();
if (buffer == NULL) { if (buffer == NULL) {
SSH_LOG(SSH_LOG_WARN, "Out of memory!"); SSH_LOG(SSH_LOG_TRACE, "Out of memory!");
return SSH_ERROR; return SSH_ERROR;
} }
rc = ssh_buffer_add_data(buffer, ssh_string_data(key_blob), rc = ssh_buffer_add_data(buffer, ssh_string_data(key_blob),
ssh_string_len(key_blob)); ssh_string_len(key_blob));
if (rc < 0) { if (rc < 0) {
SSH_LOG(SSH_LOG_WARN, "Out of memory!"); SSH_LOG(SSH_LOG_TRACE, "Out of memory!");
goto fail; goto fail;
} }
type_s = ssh_buffer_get_ssh_string(buffer); type_s = ssh_buffer_get_ssh_string(buffer);
if (type_s == NULL) { if (type_s == NULL) {
SSH_LOG(SSH_LOG_WARN, "Out of memory!"); SSH_LOG(SSH_LOG_TRACE, "Out of memory!");
goto fail; goto fail;
} }
type = ssh_key_type_from_name(ssh_string_get_char(type_s)); type = ssh_key_type_from_name(ssh_string_get_char(type_s));
if (type == SSH_KEYTYPE_UNKNOWN) { if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Unknown key type found!"); SSH_LOG(SSH_LOG_TRACE, "Unknown key type found!");
goto fail; goto fail;
} }
SSH_STRING_FREE(type_s); SSH_STRING_FREE(type_s);
@@ -1805,7 +1805,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
file = fopen(filename, "rb"); file = fopen(filename, "rb");
if (file == NULL) { if (file == NULL) {
SSH_LOG(SSH_LOG_WARN, "Error opening %s: %s", SSH_LOG(SSH_LOG_TRACE, "Error opening %s: %s",
filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
return SSH_EOF; return SSH_EOF;
} }
@@ -1813,7 +1813,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
rc = fstat(fileno(file), &sb); rc = fstat(fileno(file), &sb);
if (rc < 0) { if (rc < 0) {
fclose(file); fclose(file);
SSH_LOG(SSH_LOG_WARN, "Error gettint stat of %s: %s", SSH_LOG(SSH_LOG_TRACE, "Error gettint stat of %s: %s",
filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
switch (errno) { switch (errno) {
case ENOENT: case ENOENT:
@@ -1831,7 +1831,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
key_buf = malloc(sb.st_size + 1); key_buf = malloc(sb.st_size + 1);
if (key_buf == NULL) { if (key_buf == NULL) {
fclose(file); fclose(file);
SSH_LOG(SSH_LOG_WARN, "Out of memory!"); SSH_LOG(SSH_LOG_TRACE, "Out of memory!");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -1840,8 +1840,8 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
if (size != sb.st_size) { if (size != sb.st_size) {
SAFE_FREE(key_buf); SAFE_FREE(key_buf);
SSH_LOG(SSH_LOG_WARN, "Error reading %s: %s", SSH_LOG(SSH_LOG_TRACE, "Error reading %s: %s",
filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
return SSH_ERROR; return SSH_ERROR;
} }
key_buf[size] = '\0'; key_buf[size] = '\0';
@@ -1853,7 +1853,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
*pkey = ssh_pki_openssh_pubkey_import(key_buf); *pkey = ssh_pki_openssh_pubkey_import(key_buf);
SAFE_FREE(key_buf); SAFE_FREE(key_buf);
if (*pkey == NULL) { if (*pkey == NULL) {
SSH_LOG(SSH_LOG_WARN, "Failed to import public key from OpenSSH" SSH_LOG(SSH_LOG_TRACE, "Failed to import public key from OpenSSH"
" private key file"); " private key file");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -2441,7 +2441,7 @@ int pki_key_check_hash_compatible(ssh_key key,
case SSH_KEYTYPE_DSS: case SSH_KEYTYPE_DSS:
if (hash_type == SSH_DIGEST_SHA1) { if (hash_type == SSH_DIGEST_SHA1) {
if (ssh_fips_mode()) { if (ssh_fips_mode()) {
SSH_LOG(SSH_LOG_WARN, "SHA1 is not allowed in FIPS mode"); SSH_LOG(SSH_LOG_TRACE, "SHA1 is not allowed in FIPS mode");
return SSH_ERROR; return SSH_ERROR;
} else { } else {
return SSH_OK; return SSH_OK;
@@ -2452,7 +2452,7 @@ int pki_key_check_hash_compatible(ssh_key key,
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
if (hash_type == SSH_DIGEST_SHA1) { if (hash_type == SSH_DIGEST_SHA1) {
if (ssh_fips_mode()) { if (ssh_fips_mode()) {
SSH_LOG(SSH_LOG_WARN, "SHA1 is not allowed in FIPS mode"); SSH_LOG(SSH_LOG_TRACE, "SHA1 is not allowed in FIPS mode");
return SSH_ERROR; return SSH_ERROR;
} else { } else {
return SSH_OK; return SSH_OK;
@@ -2496,11 +2496,11 @@ int pki_key_check_hash_compatible(ssh_key key,
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
SSH_LOG(SSH_LOG_WARN, "Unknown key type %d", key->type); SSH_LOG(SSH_LOG_TRACE, "Unknown key type %d", key->type);
return SSH_ERROR; return SSH_ERROR;
} }
SSH_LOG(SSH_LOG_WARN, "Key type %d incompatible with hash type %d", SSH_LOG(SSH_LOG_TRACE, "Key type %d incompatible with hash type %d",
key->type, hash_type); key->type, hash_type);
return SSH_ERROR; return SSH_ERROR;
@@ -2528,7 +2528,7 @@ int ssh_pki_signature_verify(ssh_session session,
sig->type_c); sig->type_c);
if (key_type != sig->type) { if (key_type != sig->type) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Can not verify %s signature with %s key", "Can not verify %s signature with %s key",
sig->type_c, key->type_c); sig->type_c, key->type_c);
return SSH_ERROR; return SSH_ERROR;
@@ -2559,7 +2559,7 @@ int ssh_pki_signature_verify(ssh_session session,
ctx = sha256_init(); ctx = sha256_init();
if (ctx == NULL) { if (ctx == NULL) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Can not create SHA256CTX for application hash"); "Can not create SHA256CTX for application hash");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -2569,7 +2569,7 @@ int ssh_pki_signature_verify(ssh_session session,
ctx = sha256_init(); ctx = sha256_init();
if (ctx == NULL) { if (ctx == NULL) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Can not create SHA256CTX for input hash"); "Can not create SHA256CTX for input hash");
return SSH_ERROR; return SSH_ERROR;
} }

46
src/pki_container_openssh.c
View File

@@ -69,20 +69,20 @@ static int pki_openssh_import_privkey_blob(ssh_buffer key_blob_buffer,
rc = ssh_buffer_unpack(key_blob_buffer, "s", &type_s); rc = ssh_buffer_unpack(key_blob_buffer, "s", &type_s);
if (rc == SSH_ERROR){ if (rc == SSH_ERROR){
SSH_LOG(SSH_LOG_WARN, "Unpack error"); SSH_LOG(SSH_LOG_TRACE, "Unpack error");
return SSH_ERROR; return SSH_ERROR;
} }
type = ssh_key_type_from_name(type_s); type = ssh_key_type_from_name(type_s);
if (type == SSH_KEYTYPE_UNKNOWN) { if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Unknown key type '%s' found!", type_s); SSH_LOG(SSH_LOG_TRACE, "Unknown key type '%s' found!", type_s);
return SSH_ERROR; return SSH_ERROR;
} }
SAFE_FREE(type_s); SAFE_FREE(type_s);
rc = pki_import_privkey_buffer(type, key_blob_buffer, &key); rc = pki_import_privkey_buffer(type, key_blob_buffer, &key);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_WARN, "Failed to read key in OpenSSH format"); SSH_LOG(SSH_LOG_TRACE, "Failed to read key in OpenSSH format");
goto fail; goto fail;
} }
@@ -133,17 +133,17 @@ static int pki_private_key_decrypt(ssh_string blob,
} }
if (ciphers[i].name == NULL){ if (ciphers[i].name == NULL){
SSH_LOG(SSH_LOG_WARN, "Unsupported cipher %s", ciphername); SSH_LOG(SSH_LOG_TRACE, "Unsupported cipher %s", ciphername);
return SSH_ERROR; return SSH_ERROR;
} }
cmp = strcmp(kdfname, "bcrypt"); cmp = strcmp(kdfname, "bcrypt");
if (cmp != 0) { if (cmp != 0) {
SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname); SSH_LOG(SSH_LOG_TRACE, "Unsupported KDF %s", kdfname);
return SSH_ERROR; return SSH_ERROR;
} }
if (ssh_string_len(blob) % cipher.blocksize != 0) { if (ssh_string_len(blob) % cipher.blocksize != 0) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Encrypted string not multiple of blocksize: %zu", "Encrypted string not multiple of blocksize: %zu",
ssh_string_len(blob)); ssh_string_len(blob));
return SSH_ERROR; return SSH_ERROR;
@@ -167,7 +167,7 @@ static int pki_private_key_decrypt(ssh_string blob,
/* We need material for key (keysize bits / 8) and IV (blocksize) */ /* We need material for key (keysize bits / 8) and IV (blocksize) */
key_material_len = cipher.keysize/8 + cipher.blocksize; key_material_len = cipher.keysize/8 + cipher.blocksize;
if (key_material_len > sizeof(key_material)) { if (key_material_len > sizeof(key_material)) {
SSH_LOG(SSH_LOG_WARN, "Key material too big"); SSH_LOG(SSH_LOG_TRACE, "Key material too big");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -181,7 +181,7 @@ static int pki_private_key_decrypt(ssh_string blob,
if (passphrase == NULL) { if (passphrase == NULL) {
if (auth_fn == NULL) { if (auth_fn == NULL) {
SAFE_FREE(salt); SAFE_FREE(salt);
SSH_LOG(SSH_LOG_WARN, "No passphrase provided"); SSH_LOG(SSH_LOG_TRACE, "No passphrase provided");
return SSH_ERROR; return SSH_ERROR;
} }
rc = auth_fn("Passphrase", rc = auth_fn("Passphrase",
@@ -251,7 +251,7 @@ ssh_pki_openssh_import(const char *text_key,
cmp = strncmp(ptr, OPENSSH_HEADER_BEGIN, strlen(OPENSSH_HEADER_BEGIN)); cmp = strncmp(ptr, OPENSSH_HEADER_BEGIN, strlen(OPENSSH_HEADER_BEGIN));
if (cmp != 0) { if (cmp != 0) {
SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (no header)"); SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (no header)");
goto out; goto out;
} }
ptr += strlen(OPENSSH_HEADER_BEGIN); ptr += strlen(OPENSSH_HEADER_BEGIN);
@@ -260,7 +260,7 @@ ssh_pki_openssh_import(const char *text_key,
} }
end = strstr(ptr, OPENSSH_HEADER_END); end = strstr(ptr, OPENSSH_HEADER_END);
if (end == NULL) { if (end == NULL) {
SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (no footer)"); SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (no footer)");
goto out; goto out;
} }
base64 = malloc(end - ptr + 1); base64 = malloc(end - ptr + 1);
@@ -277,7 +277,7 @@ ssh_pki_openssh_import(const char *text_key,
buffer = base64_to_bin(base64); buffer = base64_to_bin(base64);
SAFE_FREE(base64); SAFE_FREE(base64);
if (buffer == NULL) { if (buffer == NULL) {
SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (base64 error)"); SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (base64 error)");
goto out; goto out;
} }
rc = ssh_buffer_unpack(buffer, "PssSdSS", rc = ssh_buffer_unpack(buffer, "PssSdSS",
@@ -290,12 +290,12 @@ ssh_pki_openssh_import(const char *text_key,
&pubkey0, &pubkey0,
&privkeys); &privkeys);
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {
SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (unpack error)"); SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (unpack error)");
goto out; goto out;
} }
cmp = strncmp(magic, OPENSSH_AUTH_MAGIC, strlen(OPENSSH_AUTH_MAGIC)); cmp = strncmp(magic, OPENSSH_AUTH_MAGIC, strlen(OPENSSH_AUTH_MAGIC));
if (cmp != 0) { if (cmp != 0) {
SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (bad magic)"); SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (bad magic)");
goto out; goto out;
} }
SSH_LOG(SSH_LOG_INFO, SSH_LOG(SSH_LOG_INFO,
@@ -304,7 +304,7 @@ ssh_pki_openssh_import(const char *text_key,
kdfname, kdfname,
nkeys); nkeys);
if (nkeys != 1) { if (nkeys != 1) {
SSH_LOG(SSH_LOG_WARN, "Opening OpenSSH private key: only 1 key supported (%d available)", nkeys); SSH_LOG(SSH_LOG_TRACE, "Opening OpenSSH private key: only 1 key supported (%d available)", nkeys);
goto out; goto out;
} }
@@ -314,7 +314,7 @@ ssh_pki_openssh_import(const char *text_key,
if (!private) { if (!private) {
rc = ssh_pki_import_pubkey_blob(pubkey0, &key); rc = ssh_pki_import_pubkey_blob(pubkey0, &key);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_WARN, "Failed to import public key blob"); SSH_LOG(SSH_LOG_TRACE, "Failed to import public key blob");
} }
/* in either case we clean up here */ /* in either case we clean up here */
goto out; goto out;
@@ -343,7 +343,7 @@ ssh_pki_openssh_import(const char *text_key,
rc = ssh_buffer_unpack(privkey_buffer, "dd", &checkint1, &checkint2); rc = ssh_buffer_unpack(privkey_buffer, "dd", &checkint1, &checkint2);
if (rc == SSH_ERROR || checkint1 != checkint2) { if (rc == SSH_ERROR || checkint1 != checkint2) {
SSH_LOG(SSH_LOG_WARN, "OpenSSH private key unpack error (correct password?)"); SSH_LOG(SSH_LOG_TRACE, "OpenSSH private key unpack error (correct password?)");
goto out; goto out;
} }
rc = pki_openssh_import_privkey_blob(privkey_buffer, &key); rc = pki_openssh_import_privkey_blob(privkey_buffer, &key);
@@ -358,7 +358,7 @@ ssh_pki_openssh_import(const char *text_key,
if (padding != i) { if (padding != i) {
ssh_key_free(key); ssh_key_free(key);
key = NULL; key = NULL;
SSH_LOG(SSH_LOG_WARN, "Invalid padding"); SSH_LOG(SSH_LOG_TRACE, "Invalid padding");
goto out; goto out;
} }
} }
@@ -407,7 +407,7 @@ static int pki_openssh_export_privkey_blob(const ssh_key privkey,
int rc; int rc;
if (privkey->type != SSH_KEYTYPE_ED25519) { if (privkey->type != SSH_KEYTYPE_ED25519) {
SSH_LOG(SSH_LOG_WARN, "Type %s not supported", privkey->type_c); SSH_LOG(SSH_LOG_TRACE, "Type %s not supported", privkey->type_c);
return SSH_ERROR; return SSH_ERROR;
} }
if (privkey->ed25519_privkey == NULL || if (privkey->ed25519_privkey == NULL ||
@@ -462,19 +462,19 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
} }
if (ciphers[i].name == NULL){ if (ciphers[i].name == NULL){
SSH_LOG(SSH_LOG_WARN, "Unsupported cipher %s", ciphername); SSH_LOG(SSH_LOG_TRACE, "Unsupported cipher %s", ciphername);
return SSH_ERROR; return SSH_ERROR;
} }
cmp = strcmp(kdfname, "bcrypt"); cmp = strcmp(kdfname, "bcrypt");
if (cmp != 0){ if (cmp != 0){
SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname); SSH_LOG(SSH_LOG_TRACE, "Unsupported KDF %s", kdfname);
return SSH_ERROR; return SSH_ERROR;
} }
/* We need material for key (keysize bits / 8) and IV (blocksize) */ /* We need material for key (keysize bits / 8) and IV (blocksize) */
key_material_len = cipher.keysize/8 + cipher.blocksize; key_material_len = cipher.keysize/8 + cipher.blocksize;
if (key_material_len > sizeof(key_material)){ if (key_material_len > sizeof(key_material)){
SSH_LOG(SSH_LOG_WARN, "Key material too big"); SSH_LOG(SSH_LOG_TRACE, "Key material too big");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -484,7 +484,7 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
if (passphrase == NULL){ if (passphrase == NULL){
if (auth_fn == NULL){ if (auth_fn == NULL){
SSH_LOG(SSH_LOG_WARN, "No passphrase provided"); SSH_LOG(SSH_LOG_TRACE, "No passphrase provided");
return SSH_ERROR; return SSH_ERROR;
} }
rc = auth_fn("Passphrase", rc = auth_fn("Passphrase",
@@ -555,7 +555,7 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
return NULL; return NULL;
} }
if (privkey->type != SSH_KEYTYPE_ED25519){ if (privkey->type != SSH_KEYTYPE_ED25519){
SSH_LOG(SSH_LOG_WARN, "Unsupported key type %s", privkey->type_c); SSH_LOG(SSH_LOG_TRACE, "Unsupported key type %s", privkey->type_c);
return NULL; return NULL;
} }
if (passphrase != NULL || auth_fn != NULL){ if (passphrase != NULL || auth_fn != NULL){

78
src/pki_crypto.c
View File

@@ -916,7 +916,7 @@ int pki_key_generate_ecdsa(ssh_key key, int parameter) {
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_VERSION_NUMBER */
break; break;
default: default:
SSH_LOG(SSH_LOG_WARN, "Invalid parameter %d for ECDSA key " SSH_LOG(SSH_LOG_TRACE, "Invalid parameter %d for ECDSA key "
"generation", parameter); "generation", parameter);
return SSH_ERROR; return SSH_ERROR;
} }
@@ -1207,7 +1207,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
rc = 1; rc = 1;
break; break;
#else #else
SSH_LOG(SSH_LOG_WARN, "PEM output not supported for key type ssh-ed25519"); SSH_LOG(SSH_LOG_TRACE, "PEM output not supported for key type ssh-ed25519");
goto err; goto err;
#endif /* HAVE_OPENSSL_ED25519 */ #endif /* HAVE_OPENSSL_ED25519 */
case SSH_KEYTYPE_DSS_CERT01: case SSH_KEYTYPE_DSS_CERT01:
@@ -1218,11 +1218,11 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
case SSH_KEYTYPE_ED25519_CERT01: case SSH_KEYTYPE_ED25519_CERT01:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:
SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d", key->type); SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key type %d", key->type);
goto err; goto err;
} }
if (rc != 1) { if (rc != 1) {
SSH_LOG(SSH_LOG_WARN, "Failed to initialize EVP_PKEY structure"); SSH_LOG(SSH_LOG_TRACE, "Failed to initialize EVP_PKEY structure");
goto err; goto err;
} }
@@ -1317,8 +1317,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
BIO_free(mem); BIO_free(mem);
if (pkey == NULL) { if (pkey == NULL) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Parsing private key: %s", "Error parsing private key: %s",
ERR_error_string(ERR_get_error(), NULL)); ERR_error_string(ERR_get_error(), NULL));
return NULL; return NULL;
} }
@@ -1327,8 +1327,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
dsa = EVP_PKEY_get1_DSA(pkey); dsa = EVP_PKEY_get1_DSA(pkey);
if (dsa == NULL) { if (dsa == NULL) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Parsing private key: %s", "Error parsing private key: %s",
ERR_error_string(ERR_get_error(),NULL)); ERR_error_string(ERR_get_error(),NULL));
goto fail; goto fail;
} }
@@ -1339,8 +1339,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
rsa = EVP_PKEY_get1_RSA(pkey); rsa = EVP_PKEY_get1_RSA(pkey);
if (rsa == NULL) { if (rsa == NULL) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Parsing private key: %s", "Error parsing private key: %s",
ERR_error_string(ERR_get_error(),NULL)); ERR_error_string(ERR_get_error(),NULL));
goto fail; goto fail;
} }
@@ -1356,8 +1356,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
#if 1 #if 1
ecdsa = EVP_PKEY_get1_EC_KEY(pkey); ecdsa = EVP_PKEY_get1_EC_KEY(pkey);
if (ecdsa == NULL) { if (ecdsa == NULL) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Parsing private key: %s", "Error parsing private key: %s",
ERR_error_string(ERR_get_error(), NULL)); ERR_error_string(ERR_get_error(), NULL));
goto fail; goto fail;
} }
@@ -1375,7 +1375,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
type = pki_key_ecdsa_to_key_type(pkey); type = pki_key_ecdsa_to_key_type(pkey);
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_VERSION_NUMBER */
if (type == SSH_KEYTYPE_UNKNOWN) { if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid private key."); SSH_LOG(SSH_LOG_TRACE, "Invalid private key.");
goto fail; goto fail;
} }
@@ -1406,7 +1406,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
ed25519 = malloc(key_len); ed25519 = malloc(key_len);
if (ed25519 == NULL) { if (ed25519 == NULL) {
SSH_LOG(SSH_LOG_WARN, "Out of memory"); SSH_LOG(SSH_LOG_TRACE, "Out of memory");
goto fail; goto fail;
} }
@@ -1424,7 +1424,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
break; break;
#endif /* HAVE_OPENSSL_ED25519 */ #endif /* HAVE_OPENSSL_ED25519 */
default: default:
SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d", SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key type %d",
EVP_PKEY_base_id(pkey)); EVP_PKEY_base_id(pkey));
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
return NULL; return NULL;
@@ -1856,7 +1856,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
} }
out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P); out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P);
if (out_param == NULL) { if (out_param == NULL) {
SSH_LOG(SSH_LOG_WARN, "DSA: No param P has been found"); SSH_LOG(SSH_LOG_TRACE, "DSA: No param P has been found");
goto fail; goto fail;
} }
rc = OSSL_PARAM_get_BN(out_param, &bp); rc = OSSL_PARAM_get_BN(out_param, &bp);
@@ -1865,7 +1865,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
} }
out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q); out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q);
if (out_param == NULL) { if (out_param == NULL) {
SSH_LOG(SSH_LOG_WARN, "DSA: No param Q has been found"); SSH_LOG(SSH_LOG_TRACE, "DSA: No param Q has been found");
goto fail; goto fail;
} }
rc = OSSL_PARAM_get_BN(out_param, &bq); rc = OSSL_PARAM_get_BN(out_param, &bq);
@@ -1874,7 +1874,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
} }
out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G); out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G);
if (out_param == NULL) { if (out_param == NULL) {
SSH_LOG(SSH_LOG_WARN, "DSA: No param G has been found"); SSH_LOG(SSH_LOG_TRACE, "DSA: No param G has been found");
goto fail; goto fail;
} }
rc = OSSL_PARAM_get_BN(out_param, &bg); rc = OSSL_PARAM_get_BN(out_param, &bg);
@@ -1883,7 +1883,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
} }
out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
if (out_param == NULL) { if (out_param == NULL) {
SSH_LOG(SSH_LOG_WARN, "DSA: No param PUB_KEY has been found"); SSH_LOG(SSH_LOG_TRACE, "DSA: No param PUB_KEY has been found");
goto fail; goto fail;
} }
rc = OSSL_PARAM_get_BN(out_param, &bpub_key); rc = OSSL_PARAM_get_BN(out_param, &bpub_key);
@@ -1959,7 +1959,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
} }
out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E); out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
if (out_param == NULL) { if (out_param == NULL) {
SSH_LOG(SSH_LOG_WARN, "RSA: No param E has been found"); SSH_LOG(SSH_LOG_TRACE, "RSA: No param E has been found");
goto fail; goto fail;
} }
rc = OSSL_PARAM_get_BN(out_param, &be); rc = OSSL_PARAM_get_BN(out_param, &be);
@@ -1968,7 +1968,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
} }
out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N); out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
if (out_param == NULL) { if (out_param == NULL) {
SSH_LOG(SSH_LOG_WARN, "RSA: No param N has been found"); SSH_LOG(SSH_LOG_TRACE, "RSA: No param N has been found");
goto fail; goto fail;
} }
rc = OSSL_PARAM_get_BN(out_param, &bn); rc = OSSL_PARAM_get_BN(out_param, &bn);
@@ -2053,7 +2053,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
#if 1 #if 1
#ifdef WITH_PKCS11_URI #ifdef WITH_PKCS11_URI
if (ssh_key_is_private(key) && !EC_KEY_get0_public_key(key->ecdsa)) { if (ssh_key_is_private(key) && !EC_KEY_get0_public_key(key->ecdsa)) {
SSH_LOG(SSH_LOG_INFO, "It is mandatory to have separate public" SSH_LOG(SSH_LOG_TRACE, "It is mandatory to have separate public"
" ECDSA key objects in the PKCS #11 device. Unlike RSA," " ECDSA key objects in the PKCS #11 device. Unlike RSA,"
" ECDSA public keys cannot be derived from their private keys."); " ECDSA public keys cannot be derived from their private keys.");
goto fail; goto fail;
@@ -2078,7 +2078,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
locate_param = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY); locate_param = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
#ifdef WITH_PKCS11_URI #ifdef WITH_PKCS11_URI
if (ssh_key_is_private(key) && !locate_param) { if (ssh_key_is_private(key) && !locate_param) {
SSH_LOG(SSH_LOG_INFO, "It is mandatory to have separate" SSH_LOG(SSH_LOG_TRACE, "It is mandatory to have separate"
" public ECDSA key objects in the PKCS #11 device." " public ECDSA key objects in the PKCS #11 device."
" Unlike RSA, ECDSA public keys cannot be derived" " Unlike RSA, ECDSA public keys cannot be derived"
" from their private keys."); " from their private keys.");
@@ -2386,7 +2386,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
#endif /* HAVE_OPENSSL_ECC */ #endif /* HAVE_OPENSSL_ECC */
default: default:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %s", sig->type_c); SSH_LOG(SSH_LOG_TRACE, "Unknown signature key type: %s", sig->type_c);
return NULL; return NULL;
} }
@@ -2407,21 +2407,21 @@ static int pki_signature_from_rsa_blob(const ssh_key pubkey,
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
if (pubkey->rsa == NULL) { if (pubkey->rsa == NULL) {
SSH_LOG(SSH_LOG_WARN, "Pubkey RSA field NULL"); SSH_LOG(SSH_LOG_TRACE, "Pubkey RSA field NULL");
goto errout; goto errout;
} }
rsalen = RSA_size(pubkey->rsa); rsalen = RSA_size(pubkey->rsa);
#else #else
if (EVP_PKEY_get_base_id(pubkey->key) != EVP_PKEY_RSA) { if (EVP_PKEY_get_base_id(pubkey->key) != EVP_PKEY_RSA) {
SSH_LOG(SSH_LOG_WARN, "Key has no RSA pubkey"); SSH_LOG(SSH_LOG_TRACE, "Key has no RSA pubkey");
goto errout; goto errout;
} }
rsalen = EVP_PKEY_size(pubkey->key); rsalen = EVP_PKEY_size(pubkey->key);
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_VERSION_NUMBER */
if (len > rsalen) { if (len > rsalen) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Signature is too big: %lu > %lu", "Signature is too big: %lu > %lu",
(unsigned long)len, (unsigned long)len,
(unsigned long)rsalen); (unsigned long)rsalen);
@@ -2493,7 +2493,7 @@ static int pki_signature_from_dsa_blob(UNUSED_PARAM(const ssh_key pubkey),
/* 40 is the dual signature blob len. */ /* 40 is the dual signature blob len. */
if (len != 40) { if (len != 40) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Signature has wrong size: %lu", "Signature has wrong size: %lu",
(unsigned long)len); (unsigned long)len);
goto error; goto error;
@@ -2656,7 +2656,7 @@ static int pki_signature_from_ecdsa_blob(UNUSED_PARAM(const ssh_key pubkey),
if (rlen != 0) { if (rlen != 0) {
ssh_string_burn(s); ssh_string_burn(s);
SSH_STRING_FREE(s); SSH_STRING_FREE(s);
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Signature has remaining bytes in inner " "Signature has remaining bytes in inner "
"sigblob: %lu", "sigblob: %lu",
(unsigned long)rlen); (unsigned long)rlen);
@@ -2745,7 +2745,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
int rc; int rc;
if (ssh_key_type_plain(pubkey->type) != type) { if (ssh_key_type_plain(pubkey->type) != type) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Incompatible public key provided (%d) expecting (%d)", "Incompatible public key provided (%d) expecting (%d)",
type, type,
pubkey->type); pubkey->type);
@@ -2799,7 +2799,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
#endif #endif
default: default:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
SSH_LOG(SSH_LOG_WARN, "Unknown signature type"); SSH_LOG(SSH_LOG_TRACE, "Unknown signature type");
goto error; goto error;
} }
@@ -3462,7 +3462,7 @@ int pki_uri_import(const char *uri_name,
/* Do the init only once */ /* Do the init only once */
engine = pki_get_engine(); engine = pki_get_engine();
if (engine == NULL) { if (engine == NULL) {
SSH_LOG(SSH_LOG_WARN, "Failed to initialize engine"); SSH_LOG(SSH_LOG_TRACE, "Failed to initialize engine");
goto fail; goto fail;
} }
@@ -3470,7 +3470,7 @@ int pki_uri_import(const char *uri_name,
case SSH_KEY_PRIVATE: case SSH_KEY_PRIVATE:
pkey = ENGINE_load_private_key(engine, uri_name, NULL, NULL); pkey = ENGINE_load_private_key(engine, uri_name, NULL, NULL);
if (pkey == NULL) { if (pkey == NULL) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Could not load key: %s", "Could not load key: %s",
ERR_error_string(ERR_get_error(),NULL)); ERR_error_string(ERR_get_error(),NULL));
goto fail; goto fail;
@@ -3479,14 +3479,14 @@ int pki_uri_import(const char *uri_name,
case SSH_KEY_PUBLIC: case SSH_KEY_PUBLIC:
pkey = ENGINE_load_public_key(engine, uri_name, NULL, NULL); pkey = ENGINE_load_public_key(engine, uri_name, NULL, NULL);
if (pkey == NULL) { if (pkey == NULL) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Could not load key: %s", "Could not load key: %s",
ERR_error_string(ERR_get_error(),NULL)); ERR_error_string(ERR_get_error(),NULL));
goto fail; goto fail;
} }
break; break;
default: default:
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Invalid key type: %d", key_type); "Invalid key type: %d", key_type);
goto fail; goto fail;
} }
@@ -3501,7 +3501,7 @@ int pki_uri_import(const char *uri_name,
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
rsa = EVP_PKEY_get1_RSA(pkey); rsa = EVP_PKEY_get1_RSA(pkey);
if (rsa == NULL) { if (rsa == NULL) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Parsing pub key: %s", "Parsing pub key: %s",
ERR_error_string(ERR_get_error(),NULL)); ERR_error_string(ERR_get_error(),NULL));
goto fail; goto fail;
@@ -3518,7 +3518,7 @@ int pki_uri_import(const char *uri_name,
#if 1 #if 1
ecdsa = EVP_PKEY_get1_EC_KEY(pkey); ecdsa = EVP_PKEY_get1_EC_KEY(pkey);
if (ecdsa == NULL) { if (ecdsa == NULL) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Parsing pub key: %s", "Parsing pub key: %s",
ERR_error_string(ERR_get_error(), NULL)); ERR_error_string(ERR_get_error(), NULL));
goto fail; goto fail;
@@ -3531,14 +3531,14 @@ int pki_uri_import(const char *uri_name,
type = pki_key_ecdsa_to_key_type(pkey); type = pki_key_ecdsa_to_key_type(pkey);
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_VERSION_NUMBER */
if (type == SSH_KEYTYPE_UNKNOWN) { if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid pub key."); SSH_LOG(SSH_LOG_TRACE, "Invalid pub key.");
goto fail; goto fail;
} }
break; break;
#endif #endif
default: default:
SSH_LOG(SSH_LOG_WARN, "Unknown or invalid public key type %d", SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid public key type %d",
EVP_PKEY_base_id(pkey)); EVP_PKEY_base_id(pkey));
goto fail; goto fail;
} }

4
src/pki_ed25519_common.c
View File

@@ -34,7 +34,7 @@ int pki_privkey_build_ed25519(ssh_key key,
if (ssh_string_len(pubkey) != ED25519_KEY_LEN || if (ssh_string_len(pubkey) != ED25519_KEY_LEN ||
ssh_string_len(privkey) != (2 * ED25519_KEY_LEN)) ssh_string_len(privkey) != (2 * ED25519_KEY_LEN))
{ {
SSH_LOG(SSH_LOG_WARN, "Invalid ed25519 key len"); SSH_LOG(SSH_LOG_TRACE, "Invalid ed25519 key len");
return SSH_ERROR; return SSH_ERROR;
} }
@@ -266,7 +266,7 @@ int pki_signature_from_ed25519_blob(ssh_signature sig, ssh_string sig_blob)
len = ssh_string_len(sig_blob); len = ssh_string_len(sig_blob);
if (len != ED25519_SIG_LEN){ if (len != ED25519_SIG_LEN){
SSH_LOG(SSH_LOG_WARN, "Invalid ssh-ed25519 signature len: %zu", len); SSH_LOG(SSH_LOG_TRACE, "Invalid ssh-ed25519 signature len: %zu", len);
return SSH_ERROR; return SSH_ERROR;
} }

30
src/pki_gcrypt.c
View File

@@ -955,7 +955,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
(void) auth_fn; (void) auth_fn;
(void) auth_data; (void) auth_data;
SSH_LOG(SSH_LOG_WARN, "PEM export not supported by gcrypt backend!"); SSH_LOG(SSH_LOG_TRACE, "PEM export not supported by gcrypt backend!");
return NULL; return NULL;
} }
@@ -974,7 +974,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
type = pki_privatekey_type_from_string(b64_key); type = pki_privatekey_type_from_string(b64_key);
if (type == SSH_KEYTYPE_UNKNOWN) { if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key."); SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key.");
return NULL; return NULL;
} }
@@ -994,7 +994,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
} }
if (!valid) { if (!valid) {
SSH_LOG(SSH_LOG_WARN, "Parsing private key"); SSH_LOG(SSH_LOG_TRACE, "Error parsing private key");
goto fail; goto fail;
} }
break; break;
@@ -1013,7 +1013,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
} }
if (!valid) { if (!valid) {
SSH_LOG(SSH_LOG_WARN, "Parsing private key"); SSH_LOG(SSH_LOG_TRACE, "Error parsing private key");
goto fail; goto fail;
} }
break; break;
@@ -1044,7 +1044,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
} }
if (!valid) { if (!valid) {
SSH_LOG(SSH_LOG_WARN, "Parsing private key"); SSH_LOG(SSH_LOG_TRACE, "Error parsing private key");
goto fail; goto fail;
} }
@@ -1052,7 +1052,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
* keys, so we need to figure out the correct type here */ * keys, so we need to figure out the correct type here */
type = pki_key_ecdsa_to_key_type(ecdsa); type = pki_key_ecdsa_to_key_type(ecdsa);
if (type == SSH_KEYTYPE_UNKNOWN) { if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid private key."); SSH_LOG(SSH_LOG_TRACE, "Invalid private key.");
goto fail; goto fail;
} }
break; break;
@@ -1062,7 +1062,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:
SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d", type); SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key type %d", type);
return NULL; return NULL;
} }
@@ -1938,7 +1938,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:
SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %d", sig->type); SSH_LOG(SSH_LOG_TRACE, "Unknown signature key type: %d", sig->type);
return NULL; return NULL;
break; break;
} }
@@ -1958,7 +1958,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
int rc; int rc;
if (ssh_key_type_plain(pubkey->type) != type) { if (ssh_key_type_plain(pubkey->type) != type) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Incompatible public key provided (%d) expecting (%d)", "Incompatible public key provided (%d) expecting (%d)",
type, type,
pubkey->type); pubkey->type);
@@ -1980,7 +1980,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
case SSH_KEYTYPE_DSS: case SSH_KEYTYPE_DSS:
/* 40 is the dual signature blob len. */ /* 40 is the dual signature blob len. */
if (len != 40) { if (len != 40) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Signature has wrong size: %lu", "Signature has wrong size: %lu",
(unsigned long)len); (unsigned long)len);
ssh_signature_free(sig); ssh_signature_free(sig);
@@ -2010,7 +2010,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
rsalen = (gcry_pk_get_nbits(pubkey->rsa) + 7) / 8; rsalen = (gcry_pk_get_nbits(pubkey->rsa) + 7) / 8;
if (len > rsalen) { if (len > rsalen) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Signature is too big: %lu > %lu", "Signature is too big: %lu > %lu",
(unsigned long)len, (unsigned long)len,
(unsigned long)rsalen); (unsigned long)rsalen);
@@ -2091,7 +2091,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
} }
if (rlen != 0) { if (rlen != 0) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Signature has remaining bytes in inner " "Signature has remaining bytes in inner "
"sigblob: %lu", "sigblob: %lu",
(unsigned long)rlen); (unsigned long)rlen);
@@ -2129,7 +2129,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:
SSH_LOG(SSH_LOG_WARN, "Unknown signature type"); SSH_LOG(SSH_LOG_TRACE, "Unknown signature type");
return NULL; return NULL;
} }
@@ -2190,7 +2190,7 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
break; break;
case SSH_DIGEST_AUTO: case SSH_DIGEST_AUTO:
default: default:
SSH_LOG(SSH_LOG_WARN, "Incompatible key algorithm"); SSH_LOG(SSH_LOG_TRACE, "Incompatible key algorithm");
return NULL; return NULL;
} }
err = gcry_sexp_build(&sexp, err = gcry_sexp_build(&sexp,
@@ -2548,7 +2548,7 @@ int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type)
(void) uri_name; (void) uri_name;
(void) key; (void) key;
(void) key_type; (void) key_type;
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"gcrypt does not support PKCS #11"); "gcrypt does not support PKCS #11");
return SSH_ERROR; return SSH_ERROR;
} }

24
src/pki_mbedcrypto.c
View File

@@ -222,7 +222,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
* keys, so we need to figure out the correct type here */ * keys, so we need to figure out the correct type here */
key->type = pki_key_ecdsa_to_key_type(key->ecdsa); key->type = pki_key_ecdsa_to_key_type(key->ecdsa);
if (key->type == SSH_KEYTYPE_UNKNOWN) { if (key->type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid private key."); SSH_LOG(SSH_LOG_TRACE, "Invalid private key.");
goto fail; goto fail;
} }
break; break;
@@ -281,19 +281,19 @@ int pki_privkey_build_rsa(ssh_key key,
ssh_string_data(d), ssh_string_len(d), ssh_string_data(d), ssh_string_len(d),
ssh_string_data(e), ssh_string_len(e)); ssh_string_data(e), ssh_string_len(e));
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, "Failed to import private RSA key"); SSH_LOG(SSH_LOG_TRACE, "Failed to import private RSA key");
goto fail; goto fail;
} }
rc = mbedtls_rsa_complete(rsa); rc = mbedtls_rsa_complete(rsa);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, "Failed to complete private RSA key"); SSH_LOG(SSH_LOG_TRACE, "Failed to complete private RSA key");
goto fail; goto fail;
} }
rc = mbedtls_rsa_check_privkey(rsa); rc = mbedtls_rsa_check_privkey(rsa);
if (rc != 0) { if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, "Inconsistent private RSA key"); SSH_LOG(SSH_LOG_TRACE, "Inconsistent private RSA key");
goto fail; goto fail;
} }
@@ -1133,7 +1133,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
sig_blob = pki_ed25519_signature_to_blob(sig); sig_blob = pki_ed25519_signature_to_blob(sig);
break; break;
default: default:
SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %s", SSH_LOG(SSH_LOG_TRACE, "Unknown signature key type: %s",
sig->type_c); sig->type_c);
return NULL; return NULL;
} }
@@ -1153,20 +1153,20 @@ static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey, const
size_t len = ssh_string_len(sig_blob); size_t len = ssh_string_len(sig_blob);
if (pubkey->rsa == NULL) { if (pubkey->rsa == NULL) {
SSH_LOG(SSH_LOG_WARN, "Pubkey RSA field NULL"); SSH_LOG(SSH_LOG_TRACE, "Pubkey RSA field NULL");
goto errout; goto errout;
} }
rsalen = mbedtls_pk_get_bitlen(pubkey->rsa) / 8; rsalen = mbedtls_pk_get_bitlen(pubkey->rsa) / 8;
if (len > rsalen) { if (len > rsalen) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Signature is too big: %lu > %lu", "Signature is too big: %lu > %lu",
(unsigned long) len, (unsigned long) len,
(unsigned long) rsalen); (unsigned long) rsalen);
goto errout; goto errout;
} }
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
SSH_LOG(SSH_LOG_DEBUG, "RSA signature len: %lu", (unsigned long)len); SSH_LOG(SSH_LOG_TRACE, "RSA signature len: %lu", (unsigned long)len);
ssh_log_hexdump("RSA signature", ssh_string_data(sig_blob), len); ssh_log_hexdump("RSA signature", ssh_string_data(sig_blob), len);
#endif #endif
@@ -1207,7 +1207,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
int rc; int rc;
if (ssh_key_type_plain(pubkey->type) != type) { if (ssh_key_type_plain(pubkey->type) != type) {
SSH_LOG(SSH_LOG_WARN, SSH_LOG(SSH_LOG_TRACE,
"Incompatible public key provided (%d) expecting (%d)", "Incompatible public key provided (%d) expecting (%d)",
type, type,
pubkey->type); pubkey->type);
@@ -1292,7 +1292,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
} }
if (rlen != 0) { if (rlen != 0) {
SSH_LOG(SSH_LOG_WARN, "Signature has remaining bytes in inner " SSH_LOG(SSH_LOG_TRACE, "Signature has remaining bytes in inner "
"sigblob: %lu", "sigblob: %lu",
(unsigned long)rlen); (unsigned long)rlen);
ssh_signature_free(sig); ssh_signature_free(sig);
@@ -1310,7 +1310,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
} }
break; break;
default: default:
SSH_LOG(SSH_LOG_WARN, "Unknown signature type"); SSH_LOG(SSH_LOG_TRACE, "Unknown signature type");
return NULL; return NULL;
} }
@@ -1341,7 +1341,7 @@ static ssh_string rsa_do_sign_hash(const unsigned char *digest,
break; break;
case SSH_DIGEST_AUTO: case SSH_DIGEST_AUTO:
default: default:
SSH_LOG(SSH_LOG_WARN, "Incompatible key algorithm"); SSH_LOG(SSH_LOG_TRACE, "Incompatible key algorithm");
return NULL; return NULL;
} }

4
src/session.c
View File

@@ -1189,8 +1189,8 @@ int ssh_get_publickey_hash(const ssh_key key,
/* In FIPS mode, we cannot use MD5 */ /* In FIPS mode, we cannot use MD5 */
if (ssh_fips_mode()) { if (ssh_fips_mode()) {
SSH_LOG(SSH_LOG_WARN, "In FIPS mode MD5 is not allowed." SSH_LOG(SSH_LOG_TRACE, "In FIPS mode MD5 is not allowed."
"Try using SSH_PUBLICKEY_HASH_SHA256"); "Try using SSH_PUBLICKEY_HASH_SHA256");
rc = SSH_ERROR; rc = SSH_ERROR;
goto out; goto out;
} }

6
src/socket.c
View File

@@ -489,13 +489,13 @@ void ssh_socket_close(ssh_socket s)
while (waitpid(pid, &status, 0) == -1) { while (waitpid(pid, &status, 0) == -1) {
if (errno != EINTR) { if (errno != EINTR) {
char err_msg[SSH_ERRNO_MSG_MAX] = {0}; char err_msg[SSH_ERRNO_MSG_MAX] = {0};
SSH_LOG(SSH_LOG_WARN, "waitpid failed: %s", SSH_LOG(SSH_LOG_TRACE, "waitpid failed: %s",
ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
return; return;
} }
} }
if (!WIFEXITED(status)) { if (!WIFEXITED(status)) {
SSH_LOG(SSH_LOG_WARN, "Proxy command exited abnormally"); SSH_LOG(SSH_LOG_TRACE, "Proxy command exited abnormally");
return; return;
} }
SSH_LOG(SSH_LOG_TRACE, "Proxy command returned %d", WEXITSTATUS(status)); SSH_LOG(SSH_LOG_TRACE, "Proxy command returned %d", WEXITSTATUS(status));
@@ -896,7 +896,7 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
/* Prepare /dev/null socket for the stderr redirection */ /* Prepare /dev/null socket for the stderr redirection */
devnull = open("/dev/null", O_WRONLY); devnull = open("/dev/null", O_WRONLY);
if (devnull == -1) { if (devnull == -1) {
SSH_LOG(SSH_LOG_WARNING, "Failed to open /dev/null"); SSH_LOG(SSH_LOG_TRACE, "Failed to open /dev/null");
exit(1); exit(1);
} }