summaryrefslogtreecommitdiffstats
path: root/ssh-pkcs11.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2020-11-22 23:38:26 +0100
committerDamien Miller <djm@mindrot.org>2020-11-27 01:50:30 +0100
commit19af04e2231155d513e24fdc81fbec2217ae36a6 (patch)
tree1cfcd754a5392030da7cc66727ff43f7e1d90827 /ssh-pkcs11.c
parentupstream: when mentioning that the host key has changed, don't (diff)
downloadopenssh-19af04e2231155d513e24fdc81fbec2217ae36a6.tar.xz
openssh-19af04e2231155d513e24fdc81fbec2217ae36a6.zip
upstream: when loading PKCS#11 keys, include the key fingerprints
and provider/slot information in debug output. OpenBSD-Commit-ID: 969a089575d0166a9a364a9901bb6a8d9b8a1431
Diffstat (limited to 'ssh-pkcs11.c')
-rw-r--r--ssh-pkcs11.c25
1 files changed, 22 insertions, 3 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 5dc63ccc6..844aa9fff 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.51 2020/10/18 11:32:02 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.52 2020/11/22 22:38:26 djm Exp $ */
/*
* Copyright (c) 2010 Markus Friedl. All rights reserved.
* Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -46,6 +46,7 @@
#include "misc.h"
#include "sshkey.h"
#include "ssh-pkcs11.h"
+#include "digest.h"
#include "xmalloc.h"
struct pkcs11_slotinfo {
@@ -1078,6 +1079,22 @@ have_rsa_key(const RSA *rsa)
}
#endif
+static void
+note_key(struct pkcs11_provider *p, CK_ULONG slotidx, const char *context,
+ struct sshkey *key)
+{
+ char *fp;
+
+ if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
+ SSH_FP_DEFAULT)) == NULL) {
+ error_f("sshkey_fingerprint failed");
+ return;
+ }
+ debug2("%s: provider %s slot %lu: %s %s", context, p->name,
+ (u_long)slotidx, sshkey_type(key), fp);
+ free(fp);
+}
+
/*
* lookup certificates for token in slot identified by slotidx,
* add 'wrapped' public keys to the 'keysp' array and increment nkeys.
@@ -1153,8 +1170,9 @@ pkcs11_fetch_certs(struct pkcs11_provider *p, CK_ULONG slotidx,
ck_cert_type);
continue;
}
-
+ note_key(p, slotidx, __func__, key);
if (pkcs11_key_included(keysp, nkeys, key)) {
+ debug2_f("key already included");;
sshkey_free(key);
} else {
/* expand key array and add key */
@@ -1266,8 +1284,9 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
error("failed to fetch key");
continue;
}
-
+ note_key(p, slotidx, __func__, key);
if (pkcs11_key_included(keysp, nkeys, key)) {
+ debug2_f("key already included");;
sshkey_free(key);
} else {
/* expand key array and add key */