diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-11-22 23:38:26 +0100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-11-27 01:50:30 +0100 |
commit | 19af04e2231155d513e24fdc81fbec2217ae36a6 (patch) | |
tree | 1cfcd754a5392030da7cc66727ff43f7e1d90827 /ssh-pkcs11.c | |
parent | upstream: when mentioning that the host key has changed, don't (diff) | |
download | openssh-19af04e2231155d513e24fdc81fbec2217ae36a6.tar.xz openssh-19af04e2231155d513e24fdc81fbec2217ae36a6.zip |
upstream: when loading PKCS#11 keys, include the key fingerprints
and provider/slot information in debug output.
OpenBSD-Commit-ID: 969a089575d0166a9a364a9901bb6a8d9b8a1431
Diffstat (limited to 'ssh-pkcs11.c')
-rw-r--r-- | ssh-pkcs11.c | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 5dc63ccc6..844aa9fff 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.51 2020/10/18 11:32:02 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.52 2020/11/22 22:38:26 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -46,6 +46,7 @@ #include "misc.h" #include "sshkey.h" #include "ssh-pkcs11.h" +#include "digest.h" #include "xmalloc.h" struct pkcs11_slotinfo { @@ -1078,6 +1079,22 @@ have_rsa_key(const RSA *rsa) } #endif +static void +note_key(struct pkcs11_provider *p, CK_ULONG slotidx, const char *context, + struct sshkey *key) +{ + char *fp; + + if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT, + SSH_FP_DEFAULT)) == NULL) { + error_f("sshkey_fingerprint failed"); + return; + } + debug2("%s: provider %s slot %lu: %s %s", context, p->name, + (u_long)slotidx, sshkey_type(key), fp); + free(fp); +} + /* * lookup certificates for token in slot identified by slotidx, * add 'wrapped' public keys to the 'keysp' array and increment nkeys. @@ -1153,8 +1170,9 @@ pkcs11_fetch_certs(struct pkcs11_provider *p, CK_ULONG slotidx, ck_cert_type); continue; } - + note_key(p, slotidx, __func__, key); if (pkcs11_key_included(keysp, nkeys, key)) { + debug2_f("key already included");; sshkey_free(key); } else { /* expand key array and add key */ @@ -1266,8 +1284,9 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, error("failed to fetch key"); continue; } - + note_key(p, slotidx, __func__, key); if (pkcs11_key_included(keysp, nkeys, key)) { + debug2_f("key already included");; sshkey_free(key); } else { /* expand key array and add key */ |