X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=lib%2Fsecurity%2Fopenssl.c;h=d9dfb95e0dd7d10172d13fb6705d03e11a085787;hb=3b4f88057e95418bc548542b5b9a13910905c93d;hp=03ea3326484fe1e1b1ab96de072163086d7379f7;hpb=8b214b9d1c51f49d977e93b66378ed4f73790c8b;p=petitboot diff --git a/lib/security/openssl.c b/lib/security/openssl.c index 03ea332..d9dfb95 100644 --- a/lib/security/openssl.c +++ b/lib/security/openssl.c @@ -94,7 +94,7 @@ static int get_pkcs12(FILE *keyfile, X509 **cert, EVP_PKEY **priv) */ if (!PKCS12_parse(p12, NULL, priv, cert, NULL) && !PKCS12_parse(p12, "", priv, cert, NULL)) { - pb_log("%s: Error parsing OpenSSL PKCS12:\n", __func__); + pb_log_fn("Error parsing OpenSSL PKCS12:\n"); ERR_print_errors_cb(&pb_log_print_errors_cb, NULL); } else ok = 1; @@ -131,7 +131,7 @@ static STACK_OF(X509) *get_cert_stack(FILE *keyfile) if (cert) sk_X509_push(certs, get_cert(keyfile)); } else { - pb_log("%s: Error allocating OpenSSL X509 stack:\n", __func__); + pb_log_fn("Error allocating OpenSSL X509 stack:\n"); ERR_print_errors_cb(&pb_log_print_errors_cb, NULL); } @@ -168,7 +168,7 @@ static EVP_PKEY *get_public_key(FILE *keyfile) /* handles both cases */ if (!pkey) { - pb_log("%s: Error loading OpenSSL public key:\n", __func__); + pb_log_fn("Error loading OpenSSL public key:\n"); ERR_print_errors_cb(&pb_log_print_errors_cb, NULL); } @@ -240,7 +240,7 @@ int decrypt_file(const char *filename, certs = sk_X509_new_null(); if (!certs) { - pb_log("%s: Error allocating OpenSSL X509 stack:\n", __func__); + pb_log_fn("Error allocating OpenSSL X509 stack:\n"); ERR_print_errors_cb(&pb_log_print_errors_cb, NULL); goto out; } @@ -268,7 +268,7 @@ int decrypt_file(const char *filename, /* in this mode its attached content */ if (!CMS_verify(cms, certs, NULL, content_bio, out_bio, CMS_NO_SIGNER_CERT_VERIFY | CMS_BINARY)) { - pb_log("%s: Failed OpenSSL CMS decrypt verify:\n", __func__); + pb_log_fn("Failed OpenSSL CMS decrypt verify:\n"); ERR_print_errors_cb(&pb_log_print_errors_cb, NULL); goto out; } @@ -359,7 +359,7 @@ int verify_file_signature(const char *plaintext_filename, if (!CMS_verify(cms, certs, NULL, plaintext_bio, NULL, CMS_DETACHED | CMS_NO_SIGNER_CERT_VERIFY | CMS_BINARY)) { - pb_log("%s: Failed OpenSSL CMS verify:\n", __func__); + pb_log_fn("Failed OpenSSL CMS verify:\n"); ERR_print_errors_cb(&pb_log_print_errors_cb, NULL); goto out; } @@ -375,7 +375,7 @@ int verify_file_signature(const char *plaintext_filename, ctx = EVP_MD_CTX_create(); if (!ctx) { - pb_log("%s: Error allocating OpenSSL MD ctx:\n", __func__); + pb_log_fn("Error allocating OpenSSL MD ctx:\n"); ERR_print_errors_cb(&pb_log_print_errors_cb, NULL); goto out; } @@ -385,7 +385,7 @@ int verify_file_signature(const char *plaintext_filename, goto out; if (EVP_DigestVerifyInit(ctx, NULL, s_verify_md, NULL, pkey) < 1) { - pb_log("%s: Error initializing OpenSSL verify:\n", __func__); + pb_log_fn("Error initializing OpenSSL verify:\n"); ERR_print_errors_cb(&pb_log_print_errors_cb, NULL); goto out; } @@ -425,7 +425,7 @@ int verify_file_signature(const char *plaintext_filename, if (EVP_DigestVerifyFinal(ctx, (unsigned char*)sigbuf, siglen)) nok = 0; else { - pb_log("%s: Error finalizing OpenSSL verify:\n", __func__); + pb_log_fn("Error finalizing OpenSSL verify:\n"); ERR_print_errors_cb(&pb_log_print_errors_cb, NULL); } } @@ -456,8 +456,10 @@ int lockdown_status(void) int ret = PB_LOCKDOWN_SIGN; PKCS12 *p12 = NULL; +#if !defined(HARD_LOCKDOWN) if (access(LOCKDOWN_FILE, F_OK) == -1) return PB_LOCKDOWN_NONE; +#endif /* determine lockdown type */ @@ -471,6 +473,6 @@ int lockdown_status(void) fclose(authorized_signatures_handle); } - return ret; + return ret; }