diff options
Diffstat (limited to 'src/util/crypto/nss')
| -rw-r--r-- | src/util/crypto/nss/nss_obfuscate.c | 51 | ||||
| -rw-r--r-- | src/util/crypto/nss/nss_util.c | 6 |
2 files changed, 33 insertions, 24 deletions
diff --git a/src/util/crypto/nss/nss_obfuscate.c b/src/util/crypto/nss/nss_obfuscate.c index ebe87be4c..fc052ec97 100644 --- a/src/util/crypto/nss/nss_obfuscate.c +++ b/src/util/crypto/nss/nss_obfuscate.c @@ -77,7 +77,7 @@ static struct crypto_mech_data cmdata[] = { static struct crypto_mech_data *get_crypto_mech_data(enum obfmethod meth) { if (meth >= NUM_OBFMETHODS) { - DEBUG(1, "Unsupported cipher type\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported cipher type\n"); return NULL; } return &cmdata[meth]; @@ -97,7 +97,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx, randkey = PK11_KeyGen(slot, mech_props->cipher, NULL, mech_props->keylen, NULL); if (randkey == NULL) { - DEBUG(1, "Failure to generate key (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to generate key (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -105,7 +105,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx, sret = PK11_ExtractKeyValue(randkey); if (sret != SECSuccess) { - DEBUG(1, "Failure to extract key value (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to extract key value (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -113,7 +113,7 @@ static int generate_random_key(TALLOC_CTX *mem_ctx, randkeydata = PK11_GetKeyData(randkey); if (randkeydata == NULL) { - DEBUG(1, "Failure to get key data (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to get key data (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -168,7 +168,7 @@ static int nss_ctx_init(TALLOC_CTX *mem_ctx, cctx->slot = PK11_GetBestSlot(mech_props->cipher, NULL); if (cctx->slot == NULL) { - DEBUG(1, "Unable to find security device (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to find security device (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -194,7 +194,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props, cctx->keyobj = PK11_ImportSymKey(cctx->slot, mech_props->cipher, PK11_OriginUnwrap, op, cctx->key, NULL); if (cctx->keyobj == NULL) { - DEBUG(1, "Failure to import key into NSS (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to import key into NSS (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -203,7 +203,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props, /* turn the raw IV into a initialization vector object */ cctx->sparam = PK11_ParamFromIV(mech_props->cipher, cctx->iv); if (cctx->sparam == NULL) { - DEBUG(1, "Failure to set up PKCS11 param (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Failure to set up PKCS11 param (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -213,7 +213,7 @@ static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props, cctx->ectx = PK11_CreateContextBySymKey(mech_props->cipher, op, cctx->keyobj, cctx->sparam); if (cctx->ectx == NULL) { - DEBUG(1, "Cannot create cipher context (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create cipher context (err %d)\n", PORT_GetError()); ret = EIO; goto done; @@ -265,26 +265,28 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, ret = nss_ctx_init(tmp_ctx, mech_props, &cctx); if (ret) { - DEBUG(1, "Cannot initialize NSS context\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize NSS context\n"); goto done; } /* generate random encryption and IV key */ ret = generate_random_key(cctx, cctx->slot, mech_props, &cctx->key); if (ret != EOK) { - DEBUG(1, "Could not generate encryption key\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not generate encryption key\n"); goto done; } ret = generate_random_key(cctx, cctx->slot, mech_props, &cctx->iv); if (ret != EOK) { - DEBUG(1, "Could not generate initialization vector\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not generate initialization vector\n"); goto done; } ret = nss_encrypt_decrypt_init(mech_props, true, cctx); if (ret) { - DEBUG(1, "Cannot initialize NSS context properties\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot initialize NSS context properties\n"); goto done; } @@ -306,7 +308,8 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, sret = PK11_CipherOp(cctx->ectx, cryptotext, &ctlen, ct_maxsize, plaintext, plen); if (sret != SECSuccess) { - DEBUG(1, "Cannot execute the encryption operation (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot execute the encryption operation (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -315,7 +318,8 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, sret = PK11_DigestFinal(cctx->ectx, cryptotext+ctlen, &digestlen, ct_maxsize-ctlen); if (sret != SECSuccess) { - DEBUG(1, "Cannot execute the digest operation (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot execute the digest operation (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -340,9 +344,9 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, goto done; } - DEBUG(8, "Writing method: %d\n", meth); + DEBUG(SSSDBG_TRACE_INTERNAL, "Writing method: %d\n", meth); SAFEALIGN_SET_UINT16(&obfbuf[p], meth, &p); - DEBUG(8, "Writing bufsize: %d\n", result_len); + DEBUG(SSSDBG_TRACE_INTERNAL, "Writing bufsize: %d\n", result_len); SAFEALIGN_SET_UINT16(&obfbuf[p], result_len, &p); safealign_memcpy(&obfbuf[p], cctx->key->data, mech_props->keylen, &p); safealign_memcpy(&obfbuf[p], cctx->iv->data, mech_props->bsize, &p); @@ -409,9 +413,9 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, /* unpack obfuscation buffer */ SAFEALIGN_COPY_UINT16_CHECK(&meth, obfbuf+p, obflen, &p); - DEBUG(8, "Read method: %d\n", meth); + DEBUG(SSSDBG_TRACE_INTERNAL, "Read method: %d\n", meth); SAFEALIGN_COPY_UINT16_CHECK(&ctsize, obfbuf+p, obflen, &p); - DEBUG(8, "Read bufsize: %d\n", ctsize); + DEBUG(SSSDBG_TRACE_INTERNAL, "Read bufsize: %d\n", ctsize); mech_props = get_crypto_mech_data(meth); if (mech_props == NULL) { @@ -424,7 +428,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, obfbuf + p + mech_props->keylen + mech_props->bsize + ctsize, OBF_BUFFER_SENTINEL_SIZE); if (memcmp(sentinel_check, OBF_BUFFER_SENTINEL, OBF_BUFFER_SENTINEL_SIZE) != 0) { - DEBUG(0, "Obfuscation buffer seems corrupt, aborting\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Obfuscation buffer seems corrupt, aborting\n"); ret = EFAULT; goto done; } @@ -453,7 +458,7 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, ret = nss_ctx_init(tmp_ctx, mech_props, &cctx); if (ret) { - DEBUG(1, "Cannot initialize NSS context\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot initialize NSS context\n"); goto done; } @@ -481,7 +486,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, sret = PK11_CipherOp(cctx->ectx, (unsigned char *) pwdbuf, &plainlen, ctsize, cryptotext, ctsize); if (sret != SECSuccess) { - DEBUG(1, "Cannot execute the encryption operation (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot execute the encryption operation (err %d)\n", PR_GetError()); ret = EIO; goto done; @@ -490,7 +496,8 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, sret = PK11_DigestFinal(cctx->ectx, (unsigned char *) pwdbuf+plainlen, &digestlen, ctsize - plainlen); if (sret != SECSuccess) { - DEBUG(1, "Cannot execute the encryption operation (err %d)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot execute the encryption operation (err %d)\n", PR_GetError()); ret = EIO; goto done; diff --git a/src/util/crypto/nss/nss_util.c b/src/util/crypto/nss/nss_util.c index e93bf206d..55b81c9b1 100644 --- a/src/util/crypto/nss/nss_util.c +++ b/src/util/crypto/nss/nss_util.c @@ -46,7 +46,8 @@ int nspr_nss_init(void) sret = NSS_NoDB_Init(NULL); if (sret != SECSuccess) { - DEBUG(1, "Error initializing connection to NSS [%d]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error initializing connection to NSS [%d]\n", PR_GetError()); return EIO; } @@ -64,7 +65,8 @@ int nspr_nss_cleanup(void) sret = NSS_Shutdown(); if (sret != SECSuccess) { - DEBUG(1, "Error shutting down connection to NSS [%d]\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "Error shutting down connection to NSS [%d]\n", PR_GetError()); return EIO; } |