diff options
Diffstat (limited to 'ssh-pkcs11-helper.c')
-rw-r--r-- | ssh-pkcs11-helper.c | 76 |
1 files changed, 33 insertions, 43 deletions
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index d73e83576..5ca8d03fb 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.23 2020/03/06 18:26:21 markus Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.25 2021/08/11 05:20:17 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -98,7 +98,8 @@ lookup_key(struct sshkey *k) struct pkcs11_keyinfo *ki; TAILQ_FOREACH(ki, &pkcs11_keylist, next) { - debug("check %p %s %s", ki, ki->providername, ki->label); + debug("check %s %s %s", sshkey_type(ki->key), + ki->providername, ki->label); if (sshkey_equal(k, ki->key)) return (ki->key); } @@ -111,7 +112,7 @@ send_msg(struct sshbuf *m) int r; if ((r = sshbuf_put_stringb(oqueue, m)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "enqueue"); } static void @@ -126,35 +127,30 @@ process_add(void) char **labels = NULL; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if ((nkeys = pkcs11_add_provider(name, pin, &keys, &labels)) > 0) { if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || (r = sshbuf_put_u32(msg, nkeys)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); for (i = 0; i < nkeys; i++) { if ((r = sshkey_to_blob(keys[i], &blob, &blen)) != 0) { - debug("%s: sshkey_to_blob: %s", - __func__, ssh_err(r)); + debug_fr(r, "encode key"); continue; } if ((r = sshbuf_put_string(msg, blob, blen)) != 0 || (r = sshbuf_put_cstring(msg, labels[i])) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "compose key"); free(blob); add_key(keys[i], name, labels[i]); free(labels[i]); } - } else { - if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if ((r = sshbuf_put_u32(msg, -nkeys)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - } + } else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0 || + (r = sshbuf_put_u32(msg, -nkeys)) != 0) + fatal_fr(r, "compose"); free(labels); free(keys); /* keys themselves are transferred to pkcs11_keylist */ free(pin); @@ -171,14 +167,14 @@ process_del(void) int r; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); del_keys_by_name(name); if ((r = sshbuf_put_u8(msg, pkcs11_del_provider(name) == 0 ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); free(pin); free(name); send_msg(msg); @@ -198,10 +194,10 @@ process_sign(void) if ((r = sshbuf_get_string(iqueue, &blob, &blen)) != 0 || (r = sshbuf_get_string(iqueue, &data, &dlen)) != 0 || (r = sshbuf_get_u32(iqueue, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if ((r = sshkey_from_blob(blob, blen, &key)) != 0) - error("%s: sshkey_from_blob: %s", __func__, ssh_err(r)); + fatal_fr(r, "decode key"); else { if ((found = lookup_key(key)) != NULL) { #ifdef WITH_OPENSSL @@ -227,26 +223,25 @@ process_sign(void) if (ret != 0) ok = 0; else - error("%s: ECDSA_sign" - " returns %d", __func__, ret); + error_f("ECDSA_sign returned %d", ret); slen = xslen; #endif /* OPENSSL_HAS_ECC */ } else - error("%s: don't know how to sign with key " - "type %d", __func__, (int)key->type); + error_f("don't know how to sign with key " + "type %d", (int)key->type); #endif /* WITH_OPENSSL */ } sshkey_free(key); } if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if (ok == 0) { if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || (r = sshbuf_put_string(msg, signature, slen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose response"); } else { if ((r = sshbuf_put_u8(msg, SSH2_AGENT_FAILURE)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose failure response"); } free(data); free(blob); @@ -278,7 +273,7 @@ process(void) return; if ((r = sshbuf_consume(iqueue, 4)) != 0 || (r = sshbuf_get_u8(iqueue, &type)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse type/len"); buf_len -= 4; switch (type) { case SSH_AGENTC_ADD_SMARTCARD_KEY: @@ -309,7 +304,7 @@ process(void) } if (msg_len > consumed) { if ((r = sshbuf_consume(iqueue, msg_len - consumed)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "consume"); } } @@ -356,14 +351,13 @@ main(int argc, char **argv) log_init(__progname, log_level, log_facility, log_stderr); pkcs11_init(0); - in = STDIN_FILENO; out = STDOUT_FILENO; if ((iqueue = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((oqueue = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); while (1) { memset(pfd, 0, sizeof(pfd)); @@ -379,7 +373,7 @@ main(int argc, char **argv) (r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) pfd[0].events = POLLIN; else if (r != SSH_ERR_NO_BUFFER_SPACE) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "reserve"); if (sshbuf_len(oqueue) > 0) pfd[1].events = POLLOUT; @@ -399,10 +393,8 @@ main(int argc, char **argv) } else if (len < 0) { error("read: %s", strerror(errno)); cleanup_exit(1); - } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) { - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - } + } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) + fatal_fr(r, "sshbuf_put"); } /* send oqueue to stdout */ if ((pfd[1].revents & (POLLOUT|POLLHUP)) != 0) { @@ -411,10 +403,8 @@ main(int argc, char **argv) if (len < 0) { error("write: %s", strerror(errno)); cleanup_exit(1); - } else if ((r = sshbuf_consume(oqueue, len)) != 0) { - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - } + } else if ((r = sshbuf_consume(oqueue, len)) != 0) + fatal_fr(r, "consume"); } /* @@ -425,7 +415,7 @@ main(int argc, char **argv) if ((r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) process(); else if (r != SSH_ERR_NO_BUFFER_SPACE) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "reserve"); } } |