=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-pkcs11.c,v retrieving revision 1.50 retrieving revision 1.51 diff -u -r1.50 -r1.51 --- src/usr.bin/ssh/ssh-pkcs11.c 2020/05/29 03:14:02 1.50 +++ src/usr.bin/ssh/ssh-pkcs11.c 2020/10/18 11:32:02 1.51 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.50 2020/05/29 03:14:02 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.51 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -74,10 +74,9 @@ { unsigned long e; - error("%s: %s", __func__, msg); + error_f("%s", msg); while ((e = ERR_get_error()) != 0) - error("%s: libcrypto error: %.100s", __func__, - ERR_error_string(e, NULL)); + error_f("libcrypto error: %s", ERR_error_string(e, NULL)); } #endif @@ -193,7 +192,7 @@ { struct pkcs11_key *k11 = ptr; - debug("%s: parent %p ptr %p idx %d", __func__, parent, ptr, idx); + debug_f("parent %p ptr %p idx %d", parent, ptr, idx); if (k11 == NULL) return; if (k11->provider) @@ -254,7 +253,7 @@ snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ", si->token.label); if ((pin = read_passphrase(prompt, RP_ALLOW_EOF)) == NULL) { - debug("%s: no pin specified", __func__); + debug_f("no pin specified"); return (-1); /* bail out */ } } @@ -328,8 +327,8 @@ return (-1); } *val = flag != 0; - debug("%s: provider %p slot %lu object %lu: attrib %lu = %d", - __func__, k11->provider, k11->slotidx, obj, type, *val); + debug_f("provider %p slot %lu object %lu: attrib %lu = %d", + k11->provider, k11->slotidx, obj, type, *val); return (0); } @@ -398,7 +397,7 @@ pkcs11_check_obj_bool_attrib(k11, obj, CKA_ALWAYS_AUTHENTICATE, &always_auth); /* ignore errors here */ if (always_auth && !did_login) { - debug("%s: always-auth key", __func__); + debug_f("always-auth key"); if (pkcs11_login(k11, CKU_CONTEXT_SPECIFIC) < 0) { error("login failed for always-auth key"); return (-1); @@ -466,7 +465,7 @@ if (!RSA_meth_set1_name(rsa_method, "pkcs11") || !RSA_meth_set_priv_enc(rsa_method, pkcs11_rsa_private_encrypt) || !RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt)) { - error("%s: setup pkcs11 method failed", __func__); + error_f("setup pkcs11 method failed"); return (-1); } return (0); @@ -551,7 +550,7 @@ goto done; } if (!ECDSA_SIG_set0(ret, r, s)) { - error("%s: ECDSA_SIG_set0 failed", __func__); + error_f("ECDSA_SIG_set0 failed"); ECDSA_SIG_free(ret); ret = NULL; goto done; @@ -870,7 +869,7 @@ goto fail; } if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) - fatal("%s: set key", __func__); + fatal_f("set key"); rsa_n = rsa_e = NULL; /* transferred */ if (pkcs11_rsa_wrap(p, slotidx, &key_attr[0], rsa)) @@ -1330,7 +1329,7 @@ if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv, &pubKey, &privKey)) != CKR_OK) { - error("%s: key generation failed: error 0x%lx", __func__, rv); + error_f("key generation failed: error 0x%lx", rv); *err = rv; return NULL; } @@ -1409,12 +1408,12 @@ break; } if (!ec_curve_infos[i].name) { - error("%s: invalid key size %lu", __func__, bits); + error_f("invalid key size %lu", bits); return NULL; } if (pkcs11_decode_hex(ec_curve_infos[i].oid_encoded, &ecparams, &ecparams_size) == -1) { - error("%s: invalid oid", __func__); + error_f("invalid oid"); return NULL; } @@ -1447,7 +1446,7 @@ if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv, &pubKey, &privKey)) != CKR_OK) { - error("%s: key generation failed: error 0x%lx", __func__, rv); + error_f("key generation failed: error 0x%lx", rv); *err = rv; return NULL; } @@ -1485,8 +1484,7 @@ *labelsp = NULL; if (pkcs11_provider_lookup(provider_id) != NULL) { - debug("%s: provider already registered: %s", - __func__, provider_id); + debug_f("provider already registered: %s", provider_id); goto fail; } /* open shared pkcs11-library */ @@ -1535,8 +1533,7 @@ goto fail; } if (p->nslots == 0) { - debug("%s: provider %s returned no slots", __func__, - provider_id); + debug_f("provider %s returned no slots", provider_id); ret = -SSH_PKCS11_ERR_NO_SLOTS; goto fail; } @@ -1555,13 +1552,12 @@ if ((rv = f->C_GetTokenInfo(p->slotlist[i], token)) != CKR_OK) { error("C_GetTokenInfo for provider %s slot %lu " - "failed: %lu", provider_id, (unsigned long)i, rv); + "failed: %lu", provider_id, (u_long)i, rv); continue; } if ((token->flags & CKF_TOKEN_INITIALIZED) == 0) { - debug2("%s: ignoring uninitialised token in " - "provider %s slot %lu", __func__, - provider_id, (unsigned long)i); + debug2_f("ignoring uninitialised token in " + "provider %s slot %lu", provider_id, (u_long)i); continue; } rmspace(token->label, sizeof(token->label)); @@ -1643,8 +1639,7 @@ pkcs11_provider_unref(p); } if (nkeys == 0) - debug("%s: provider %s returned no keys", __func__, - provider_id); + debug_f("provider %s returned no keys", provider_id); return (nkeys); } @@ -1665,11 +1660,10 @@ *err = 0; if ((p = pkcs11_provider_lookup(provider_id)) != NULL) - debug("%s: provider \"%s\" available", __func__, provider_id); + debug_f("provider \"%s\" available", provider_id); else if ((ret = pkcs11_register_provider(provider_id, pin, NULL, NULL, &p, CKU_SO)) < 0) { - debug("%s: could not register provider %s", __func__, - provider_id); + debug_f("could not register provider %s", provider_id); goto out; } else reset_provider = 1; @@ -1680,7 +1674,7 @@ if ((rv = f->C_SetOperationState(session , pin, strlen(pin), CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) { - debug("%s: could not supply SO pin: %lu", __func__, rv); + debug_f("could not supply SO pin: %lu", rv); reset_pin = 0; } else reset_pin = 1; @@ -1689,20 +1683,20 @@ case KEY_RSA: if ((k = pkcs11_rsa_generate_private_key(p, slotidx, label, bits, keyid, err)) == NULL) { - debug("%s: failed to generate RSA key", __func__); + debug_f("failed to generate RSA key"); goto out; } break; case KEY_ECDSA: if ((k = pkcs11_ecdsa_generate_private_key(p, slotidx, label, bits, keyid, err)) == NULL) { - debug("%s: failed to generate ECDSA key", __func__); + debug_f("failed to generate ECDSA key"); goto out; } break; default: *err = SSH_PKCS11_ERR_GENERIC; - debug("%s: unknown type %d", __func__, type); + debug_f("unknown type %d", type); goto out; } @@ -1737,10 +1731,10 @@ *err = 0; if ((p = pkcs11_provider_lookup(provider_id)) != NULL) { - debug("%s: using provider \"%s\"", __func__, provider_id); + debug_f("using provider \"%s\"", provider_id); } else if (pkcs11_register_provider(provider_id, pin, NULL, NULL, &p, CKU_SO) < 0) { - debug("%s: could not register provider %s", __func__, + debug_f("could not register provider %s", provider_id); goto out; } else @@ -1752,7 +1746,7 @@ if ((rv = f->C_SetOperationState(session , pin, strlen(pin), CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) { - debug("%s: could not supply SO pin: %lu", __func__, rv); + debug_f("could not supply SO pin: %lu", rv); reset_pin = 0; } else reset_pin = 1; @@ -1766,8 +1760,8 @@ if (pkcs11_find(p, slotidx, attrs, nattrs, &obj) == 0 && obj != CK_INVALID_HANDLE) { if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) { - debug("%s: could not destroy private key 0x%hhx", - __func__, keyid); + debug_f("could not destroy private key 0x%hhx", + keyid); *err = rv; goto out; } @@ -1788,8 +1782,8 @@ sizeof(key_type)); rv = f->C_GetAttributeValue(session, obj, attrs, nattrs); if (rv != CKR_OK) { - debug("%s: could not get key type of public key 0x%hhx", - __func__, keyid); + debug_f("could not get key type of public key 0x%hhx", + keyid); *err = rv; key_type = -1; } @@ -1799,8 +1793,7 @@ k = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj); if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) { - debug("%s: could not destroy public key 0x%hhx", - __func__, keyid); + debug_f("could not destroy public key 0x%hhx", keyid); *err = rv; goto out; }