Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits e9abac3
ssl: burry the raw ssl messages under under the "verify" namespace
Baptiste Daroussin committed 18 days ago
commit e9abac3e39783e2113f6c6002260fbb16023f6cf
parent 0092c01
2 files changed +11 -9
modified libpkg/pkgsign_ossl.c
@@ -188,10 +188,9 @@ ossl_verify_cert_cb(int fd, void *ud)
	free(hash);

	if (ret <= 0 && cbdata->verbose) {

		if (ret < 0)
- 
			pkg_emit_error("rsa verify failed: %s",
+ 
			pkg_dbg(PKG_DBG_VERIFY, 1, "rsa verify failed: %s",

					ERR_error_string(ERR_get_error(), errbuf));
- 
		else
- 
			pkg_emit_error("rsa signature verification failure");
+ 
		pkg_emit_error("signature verification failure");

	}

	if (ret <= 0) {

		EVP_PKEY_CTX_free(ctx);
@@ -303,11 +302,10 @@ ossl_verify_cb(int fd, void *ud)
	free(sha256);

	if (ret <= 0) {

		if (ret < 0)
- 
			pkg_emit_error("%s: %s", cbdata->key,
+ 
			pkg_dbg(PKG_DBG_VERIFY, 1, "%s: %s", cbdata->key,

				ERR_error_string(ERR_get_error(), errbuf));
- 
		else
- 
			pkg_emit_error("%s: rsa signature verification failure",
- 
			    cbdata->key);
+ 
		pkg_emit_error("%s: signature verification failure",
+ 
		    cbdata->key);

#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

		EVP_PKEY_CTX_free(ctx);

#else
@@ -442,8 +440,9 @@ ossl_sign_data(struct pkgsign_ctx *sctx, const unsigned char *msg, size_t msgsz,
	ret = RSA_sign(NID_sha1, msg, msgsz, *sigret, siglen, rsa);

#endif

	if (ret <= 0) {
- 
		pkg_emit_error("%s: %s", keyinfo->sctx.path,
+ 
		pkg_dbg(PKG_DBG_VERIFY, 1, "%s: %s", keyinfo->sctx.path,

		   ERR_error_string(ERR_get_error(), errbuf));
+ 
		pkg_emit_error("%s: signing failed", keyinfo->sctx.path);

#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

		EVP_PKEY_CTX_free(ctx);

#else
@@ -542,8 +541,9 @@ ossl_generate(struct pkgsign_ctx *sctx, const struct iovec *iov __unused,
	keyinfo->key = pkey;

out:

	if (rc != EPKG_OK) {
- 
		pkg_emit_error("%s: %s", path,
+ 
		pkg_dbg(PKG_DBG_VERIFY, 1, "%s: %s", path,

		    ERR_error_string(ERR_get_error(), errbuf));
+ 
		pkg_emit_error("%s: error loading private key", path);



		/* keyinfo claims the pkey on success for any future operations. */

		EVP_PKEY_free(pkey);
modified libpkg/private/event.h
@@ -65,6 +65,7 @@ typedef enum {
	PKG_DBG_PACKAGE = (1UL << 9),

	PKG_DBG_DATABASE = (1UL << 10),

	PKG_DBG_SCHEDULER = (1UL << 11),
+ 
	PKG_DBG_VERIFY = (1UL << 12),

	PKG_DBG_ALL = (1UL << 63),

} pkg_debug_flags;
@@ -86,6 +87,7 @@ static const struct pkg_dbg_flags debug_flags[] = {
	{ PKG_DBG_PACKAGE, "package" },

	{ PKG_DBG_DATABASE, "db" },

	{ PKG_DBG_SCHEDULER, "scheduler" },
+ 
	{ PKG_DBG_VERIFY, "verify" },

	{ PKG_DBG_ALL, "all" },

};