upstream: when loading PKCS#11 keys, include the key fingerprints
and provider/slot information in debug output. OpenBSD-Commit-ID: 969a089575d0166a9a364a9901bb6a8d9b8a1431
This commit is contained in:
parent
9b9465ea85
commit
19af04e223
25
ssh-pkcs11.c
25
ssh-pkcs11.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-pkcs11.c,v 1.51 2020/10/18 11:32:02 djm Exp $ */
|
||||
/* $OpenBSD: ssh-pkcs11.c,v 1.52 2020/11/22 22:38:26 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2010 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2014 Pedro Martelletto. All rights reserved.
|
||||
|
@ -46,6 +46,7 @@
|
|||
#include "misc.h"
|
||||
#include "sshkey.h"
|
||||
#include "ssh-pkcs11.h"
|
||||
#include "digest.h"
|
||||
#include "xmalloc.h"
|
||||
|
||||
struct pkcs11_slotinfo {
|
||||
|
@ -1078,6 +1079,22 @@ have_rsa_key(const RSA *rsa)
|
|||
}
|
||||
#endif
|
||||
|
||||
static void
|
||||
note_key(struct pkcs11_provider *p, CK_ULONG slotidx, const char *context,
|
||||
struct sshkey *key)
|
||||
{
|
||||
char *fp;
|
||||
|
||||
if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
|
||||
SSH_FP_DEFAULT)) == NULL) {
|
||||
error_f("sshkey_fingerprint failed");
|
||||
return;
|
||||
}
|
||||
debug2("%s: provider %s slot %lu: %s %s", context, p->name,
|
||||
(u_long)slotidx, sshkey_type(key), fp);
|
||||
free(fp);
|
||||
}
|
||||
|
||||
/*
|
||||
* lookup certificates for token in slot identified by slotidx,
|
||||
* add 'wrapped' public keys to the 'keysp' array and increment nkeys.
|
||||
|
@ -1153,8 +1170,9 @@ pkcs11_fetch_certs(struct pkcs11_provider *p, CK_ULONG slotidx,
|
|||
ck_cert_type);
|
||||
continue;
|
||||
}
|
||||
|
||||
note_key(p, slotidx, __func__, key);
|
||||
if (pkcs11_key_included(keysp, nkeys, key)) {
|
||||
debug2_f("key already included");;
|
||||
sshkey_free(key);
|
||||
} else {
|
||||
/* expand key array and add key */
|
||||
|
@ -1266,8 +1284,9 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
|
|||
error("failed to fetch key");
|
||||
continue;
|
||||
}
|
||||
|
||||
note_key(p, slotidx, __func__, key);
|
||||
if (pkcs11_key_included(keysp, nkeys, key)) {
|
||||
debug2_f("key already included");;
|
||||
sshkey_free(key);
|
||||
} else {
|
||||
/* expand key array and add key */
|
||||
|
|
Loading…
Reference in New Issue