=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-sk.c,v retrieving revision 1.32 retrieving revision 1.33 diff -u -r1.32 -r1.33 --- src/usr.bin/ssh/ssh-sk.c 2020/09/09 03:08:02 1.32 +++ src/usr.bin/ssh/ssh-sk.c 2020/10/18 11:32:02 1.33 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.c,v 1.32 2020/09/09 03:08:02 djm Exp $ */ +/* $OpenBSD: ssh-sk.c,v 1.33 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -99,11 +99,11 @@ return NULL; } if ((ret = calloc(1, sizeof(*ret))) == NULL) { - error("%s: calloc failed", __func__); + error_f("calloc failed"); return NULL; } if ((ret->path = strdup(path)) == NULL) { - error("%s: strdup failed", __func__); + error_f("strdup failed"); goto fail; } /* Skip the rest if we're using the linked in middleware */ @@ -124,8 +124,8 @@ goto fail; } version = ret->sk_api_version(); - debug("%s: provider %s implements version 0x%08lx", __func__, - ret->path, (u_long)version); + debug_f("provider %s implements version 0x%08lx", ret->path, + (u_long)version); if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) { error("Provider \"%s\" implements unsupported " "version 0x%08lx (supported: 0x%08lx)", @@ -190,7 +190,7 @@ *keyp = NULL; if ((key = sshkey_new(KEY_ECDSA_SK)) == NULL) { - error("%s: sshkey_new failed", __func__); + error_f("sshkey_new failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -198,17 +198,17 @@ if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) == NULL || (q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL || (b = sshbuf_new()) == NULL) { - error("%s: allocation failed", __func__); + error_f("allocation failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } if ((r = sshbuf_put_string(b, resp->public_key, resp->public_key_len)) != 0) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "sshbuf_put_string"); goto out; } if ((r = sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa))) != 0) { - error("%s: parse key: %s", __func__, ssh_err(r)); + error_fr(r, "parse"); r = SSH_ERR_INVALID_FORMAT; goto out; } @@ -219,7 +219,7 @@ } if (EC_KEY_set_public_key(key->ecdsa, q) != 1) { /* XXX assume it is a allocation error */ - error("%s: allocation failed", __func__); + error_f("allocation failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -243,17 +243,17 @@ *keyp = NULL; if (resp->public_key_len != ED25519_PK_SZ) { - error("%s: invalid size: %zu", __func__, resp->public_key_len); + error_f("invalid size: %zu", resp->public_key_len); r = SSH_ERR_INVALID_FORMAT; goto out; } if ((key = sshkey_new(KEY_ED25519_SK)) == NULL) { - error("%s: sshkey_new failed", __func__); + error_f("sshkey_new failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } if ((key->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { - error("%s: malloc failed", __func__); + error_f("malloc failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -278,7 +278,7 @@ /* Check response validity */ if (resp->public_key == NULL || resp->key_handle == NULL) { - error("%s: sk_enroll response invalid", __func__); + error_f("sk_enroll response invalid"); r = SSH_ERR_INVALID_FORMAT; goto out; } @@ -294,25 +294,25 @@ goto out; break; default: - error("%s: unsupported algorithm %d", __func__, alg); + error_f("unsupported algorithm %d", alg); r = SSH_ERR_INVALID_ARGUMENT; goto out; } key->sk_flags = flags; if ((key->sk_key_handle = sshbuf_new()) == NULL || (key->sk_reserved = sshbuf_new()) == NULL) { - error("%s: allocation failed", __func__); + error_f("allocation failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } if ((key->sk_application = strdup(application)) == NULL) { - error("%s: strdup application failed", __func__); + error_f("strdup application failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } if ((r = sshbuf_put(key->sk_key_handle, resp->key_handle, resp->key_handle_len)) != 0) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "put key handle"); goto out; } /* success */ @@ -364,18 +364,18 @@ if ((opts = recallocarray(opts, nopts, nopts + 2, /* extra for NULL */ sizeof(*opts))) == NULL) { - error("%s: array alloc failed", __func__); + error_f("array alloc failed"); return SSH_ERR_ALLOC_FAIL; } *optsp = opts; *noptsp = nopts + 1; if ((opts[nopts] = calloc(1, sizeof(**opts))) == NULL) { - error("%s: alloc failed", __func__); + error_f("alloc failed"); return SSH_ERR_ALLOC_FAIL; } if ((opts[nopts]->name = strdup(name)) == NULL || (opts[nopts]->value = strdup(value)) == NULL) { - error("%s: alloc failed", __func__); + error_f("alloc failed"); return SSH_ERR_ALLOC_FAIL; } opts[nopts]->required = required; @@ -428,7 +428,7 @@ resp->authdata, resp->authdata_len)) != 0 || (r = sshbuf_put_u32(attest, 0)) != 0 || /* resvd flags */ (r = sshbuf_put_string(attest, NULL, 0)) != 0 /* resvd */) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "compose"); return r; } /* success */ @@ -451,8 +451,8 @@ int r = SSH_ERR_INTERNAL_ERROR; int alg; - debug("%s: provider \"%s\", device \"%s\", application \"%s\", " - "userid \"%s\", flags 0x%02x, challenge len %zu%s", __func__, + debug_f("provider \"%s\", device \"%s\", application \"%s\", " + "userid \"%s\", flags 0x%02x, challenge len %zu%s", provider_path, device, application, userid, flags, challenge_buf == NULL ? 0 : sshbuf_len(challenge_buf), (pin != NULL && *pin != '\0') ? " with-pin" : ""); @@ -474,22 +474,22 @@ alg = SSH_SK_ED25519; break; default: - error("%s: unsupported key type", __func__); + error_f("unsupported key type"); r = SSH_ERR_INVALID_ARGUMENT; goto out; } if (provider_path == NULL) { - error("%s: missing provider", __func__); + error_f("missing provider"); r = SSH_ERR_INVALID_ARGUMENT; goto out; } if (application == NULL || *application == '\0') { - error("%s: missing application", __func__); + error_f("missing application"); r = SSH_ERR_INVALID_ARGUMENT; goto out; } if (challenge_buf == NULL) { - debug("%s: using random challenge", __func__); + debug_f("using random challenge"); arc4random_buf(randchall, sizeof(randchall)); challenge = randchall; challenge_len = sizeof(randchall); @@ -500,8 +500,7 @@ } else { challenge = sshbuf_ptr(challenge_buf); challenge_len = sshbuf_len(challenge_buf); - debug3("%s: using explicit challenge len=%zd", - __func__, challenge_len); + debug3_f("using explicit challenge len=%zd", challenge_len); } if ((skp = sshsk_open(provider_path)) == NULL) { r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */ @@ -511,8 +510,7 @@ /* enroll key */ if ((r = skp->sk_enroll(alg, challenge, challenge_len, application, flags, pin, opts, &resp)) != 0) { - debug("%s: provider \"%s\" returned failure %d", __func__, - provider_path, r); + debug_f("provider \"%s\" failure %d", provider_path, r); r = skerr_to_ssherr(r); goto out; } @@ -547,7 +545,7 @@ /* Check response validity */ if (resp->sig_r == NULL || resp->sig_s == NULL) { - error("%s: sk_sign response invalid", __func__); + error_f("sk_sign response invalid"); r = SSH_ERR_INVALID_FORMAT; goto out; } @@ -560,13 +558,13 @@ resp->sig_r, resp->sig_r_len)) != 0 || (r = sshbuf_put_bignum2_bytes(inner_sig, resp->sig_s, resp->sig_s_len)) != 0) { - debug("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "compose inner"); goto out; } if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0 || (r = sshbuf_put_u8(sig, resp->flags)) != 0 || (r = sshbuf_put_u32(sig, resp->counter)) != 0) { - debug("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "compose"); goto out; } #ifdef DEBUG_SK @@ -591,7 +589,7 @@ /* Check response validity */ if (resp->sig_r == NULL) { - error("%s: sk_sign response invalid", __func__); + error_f("sk_sign response invalid"); r = SSH_ERR_INVALID_FORMAT; goto out; } @@ -599,7 +597,7 @@ resp->sig_r, resp->sig_r_len)) != 0 || (r = sshbuf_put_u8(sig, resp->flags)) != 0 || (r = sshbuf_put_u32(sig, resp->counter)) != 0) { - debug("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "compose"); goto out; } #ifdef DEBUG_SK @@ -623,7 +621,7 @@ struct sshbuf *inner_sig = NULL, *sig = NULL; struct sk_option **opts = NULL; - debug("%s: provider \"%s\", key %s, flags 0x%02x%s", __func__, + debug_f("provider \"%s\", key %s, flags 0x%02x%s", provider_path, sshkey_type(key), key->sk_flags, (pin != NULL && *pin != '\0') ? " with-pin" : ""); @@ -658,7 +656,7 @@ if ((r = skp->sk_sign(alg, data, datalen, key->sk_application, sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle), key->sk_flags, pin, opts, &resp)) != 0) { - debug("%s: sk_sign failed with code %d", __func__, r); + debug_f("sk_sign failed with code %d", r); r = skerr_to_ssherr(r); goto out; } @@ -668,7 +666,7 @@ goto out; } if ((r = sshbuf_put_cstring(sig, sshkey_ssh_name_plain(key))) != 0) { - debug("%s: buffer error (outer): %s", __func__, ssh_err(r)); + error_fr(r, "compose outer"); goto out; } switch (type) { @@ -742,7 +740,7 @@ uint8_t flags; struct sk_option **opts = NULL; - debug("%s: provider \"%s\"%s", __func__, provider_path, + debug_f("provider \"%s\"%s", provider_path, (pin != NULL && *pin != '\0') ? ", have-pin": ""); if (keysp == NULL || nkeysp == NULL) @@ -762,9 +760,8 @@ goto out; } for (i = 0; i < nrks; i++) { - debug3("%s: rk %zu: slot = %zu, alg = %d, application = \"%s\"", - __func__, i, rks[i]->slot, rks[i]->alg, - rks[i]->application); + debug3_f("rk %zu: slot = %zu, alg = %d, application = \"%s\"", + i, rks[i]->slot, rks[i]->alg, rks[i]->application); /* XXX need better filter here */ if (strncmp(rks[i]->application, "ssh:", 4) != 0) continue; @@ -783,7 +780,7 @@ goto out; if ((tmp = recallocarray(keys, nkeys, nkeys + 1, sizeof(*tmp))) == NULL) { - error("%s: recallocarray failed", __func__); + error_f("recallocarray failed"); r = SSH_ERR_ALLOC_FAIL; goto out; }