diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-11-19 01:08:55 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-11-19 12:11:37 +1100 |
commit | 499cf36fecd6040e30e2912dd25655bc574739a7 (patch) | |
tree | 26ff48a460c48b89f3e53cbc88345e663ae25e0b | |
parent | bcb7bc77bbb1535d1008c7714085556f3065d99d (diff) |
upstream commit
move the certificate validity formatting code to
sshkey.[ch]
Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523
-rw-r--r-- | ssh-keygen.c | 52 | ||||
-rw-r--r-- | sshkey.c | 39 | ||||
-rw-r--r-- | sshkey.h | 4 |
3 files changed, 49 insertions, 46 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index f9091951e..14dc261f1 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.280 2015/11/18 08:37:28 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.281 2015/11/19 01:08:55 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1487,44 +1487,6 @@ do_change_comment(struct passwd *pw) | |||
1487 | exit(0); | 1487 | exit(0); |
1488 | } | 1488 | } |
1489 | 1489 | ||
1490 | static const char * | ||
1491 | fmt_validity(u_int64_t valid_from, u_int64_t valid_to) | ||
1492 | { | ||
1493 | char from[32], to[32]; | ||
1494 | static char ret[64]; | ||
1495 | time_t tt; | ||
1496 | struct tm *tm; | ||
1497 | |||
1498 | *from = *to = '\0'; | ||
1499 | if (valid_from == 0 && valid_to == 0xffffffffffffffffULL) | ||
1500 | return "forever"; | ||
1501 | |||
1502 | if (valid_from != 0) { | ||
1503 | /* XXX revisit INT_MAX in 2038 :) */ | ||
1504 | tt = valid_from > INT_MAX ? INT_MAX : valid_from; | ||
1505 | tm = localtime(&tt); | ||
1506 | strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm); | ||
1507 | } | ||
1508 | if (valid_to != 0xffffffffffffffffULL) { | ||
1509 | /* XXX revisit INT_MAX in 2038 :) */ | ||
1510 | tt = valid_to > INT_MAX ? INT_MAX : valid_to; | ||
1511 | tm = localtime(&tt); | ||
1512 | strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm); | ||
1513 | } | ||
1514 | |||
1515 | if (valid_from == 0) { | ||
1516 | snprintf(ret, sizeof(ret), "before %s", to); | ||
1517 | return ret; | ||
1518 | } | ||
1519 | if (valid_to == 0xffffffffffffffffULL) { | ||
1520 | snprintf(ret, sizeof(ret), "after %s", from); | ||
1521 | return ret; | ||
1522 | } | ||
1523 | |||
1524 | snprintf(ret, sizeof(ret), "from %s to %s", from, to); | ||
1525 | return ret; | ||
1526 | } | ||
1527 | |||
1528 | static void | 1490 | static void |
1529 | add_flag_option(struct sshbuf *c, const char *name) | 1491 | add_flag_option(struct sshbuf *c, const char *name) |
1530 | { | 1492 | { |
@@ -1618,7 +1580,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1618 | int r, i, fd; | 1580 | int r, i, fd; |
1619 | u_int n; | 1581 | u_int n; |
1620 | struct sshkey *ca, *public; | 1582 | struct sshkey *ca, *public; |
1621 | char *otmp, *tmp, *cp, *out, *comment, **plist = NULL; | 1583 | char valid[64], *otmp, *tmp, *cp, *out, *comment, **plist = NULL; |
1622 | FILE *f; | 1584 | FILE *f; |
1623 | 1585 | ||
1624 | #ifdef ENABLE_PKCS11 | 1586 | #ifdef ENABLE_PKCS11 |
@@ -1693,13 +1655,15 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1693 | fclose(f); | 1655 | fclose(f); |
1694 | 1656 | ||
1695 | if (!quiet) { | 1657 | if (!quiet) { |
1658 | sshkey_format_cert_validity(public->cert, | ||
1659 | valid, sizeof(valid)); | ||
1696 | logit("Signed %s key %s: id \"%s\" serial %llu%s%s " | 1660 | logit("Signed %s key %s: id \"%s\" serial %llu%s%s " |
1697 | "valid %s", sshkey_cert_type(public), | 1661 | "valid %s", sshkey_cert_type(public), |
1698 | out, public->cert->key_id, | 1662 | out, public->cert->key_id, |
1699 | (unsigned long long)public->cert->serial, | 1663 | (unsigned long long)public->cert->serial, |
1700 | cert_principals != NULL ? " for " : "", | 1664 | cert_principals != NULL ? " for " : "", |
1701 | cert_principals != NULL ? cert_principals : "", | 1665 | cert_principals != NULL ? cert_principals : "", |
1702 | fmt_validity(cert_valid_from, cert_valid_to)); | 1666 | valid); |
1703 | } | 1667 | } |
1704 | 1668 | ||
1705 | sshkey_free(public); | 1669 | sshkey_free(public); |
@@ -1899,7 +1863,7 @@ show_options(struct sshbuf *optbuf, int in_critical) | |||
1899 | static void | 1863 | static void |
1900 | print_cert(struct sshkey *key) | 1864 | print_cert(struct sshkey *key) |
1901 | { | 1865 | { |
1902 | char *key_fp, *ca_fp; | 1866 | char valid[64], *key_fp, *ca_fp; |
1903 | u_int i; | 1867 | u_int i; |
1904 | 1868 | ||
1905 | key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); | 1869 | key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); |
@@ -1907,6 +1871,7 @@ print_cert(struct sshkey *key) | |||
1907 | fingerprint_hash, SSH_FP_DEFAULT); | 1871 | fingerprint_hash, SSH_FP_DEFAULT); |
1908 | if (key_fp == NULL || ca_fp == NULL) | 1872 | if (key_fp == NULL || ca_fp == NULL) |
1909 | fatal("%s: sshkey_fingerprint fail", __func__); | 1873 | fatal("%s: sshkey_fingerprint fail", __func__); |
1874 | sshkey_format_cert_validity(key->cert, valid, sizeof(valid)); | ||
1910 | 1875 | ||
1911 | printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), | 1876 | printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), |
1912 | sshkey_cert_type(key)); | 1877 | sshkey_cert_type(key)); |
@@ -1915,8 +1880,7 @@ print_cert(struct sshkey *key) | |||
1915 | sshkey_type(key->cert->signature_key), ca_fp); | 1880 | sshkey_type(key->cert->signature_key), ca_fp); |
1916 | printf(" Key ID: \"%s\"\n", key->cert->key_id); | 1881 | printf(" Key ID: \"%s\"\n", key->cert->key_id); |
1917 | printf(" Serial: %llu\n", (unsigned long long)key->cert->serial); | 1882 | printf(" Serial: %llu\n", (unsigned long long)key->cert->serial); |
1918 | printf(" Valid: %s\n", | 1883 | printf(" Valid: %s\n", valid); |
1919 | fmt_validity(key->cert->valid_after, key->cert->valid_before)); | ||
1920 | printf(" Principals: "); | 1884 | printf(" Principals: "); |
1921 | if (key->cert->nprincipals == 0) | 1885 | if (key->cert->nprincipals == 0) |
1922 | printf("(none)\n"); | 1886 | printf("(none)\n"); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.c,v 1.26 2015/11/16 23:47:52 millert Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.27 2015/11/19 01:08:55 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
@@ -2536,6 +2536,43 @@ sshkey_cert_check_authority(const struct sshkey *k, | |||
2536 | return 0; | 2536 | return 0; |
2537 | } | 2537 | } |
2538 | 2538 | ||
2539 | size_t | ||
2540 | sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l) | ||
2541 | { | ||
2542 | char from[32], to[32], ret[64]; | ||
2543 | time_t tt; | ||
2544 | struct tm *tm; | ||
2545 | |||
2546 | *from = *to = '\0'; | ||
2547 | if (cert->valid_after == 0 && | ||
2548 | cert->valid_before == 0xffffffffffffffffULL) | ||
2549 | return strlcpy(s, "forever", l); | ||
2550 | |||
2551 | if (cert->valid_after != 0) { | ||
2552 | /* XXX revisit INT_MAX in 2038 :) */ | ||
2553 | tt = cert->valid_after > INT_MAX ? | ||
2554 | INT_MAX : cert->valid_after; | ||
2555 | tm = localtime(&tt); | ||
2556 | strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm); | ||
2557 | } | ||
2558 | if (cert->valid_before != 0xffffffffffffffffULL) { | ||
2559 | /* XXX revisit INT_MAX in 2038 :) */ | ||
2560 | tt = cert->valid_before > INT_MAX ? | ||
2561 | INT_MAX : cert->valid_before; | ||
2562 | tm = localtime(&tt); | ||
2563 | strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm); | ||
2564 | } | ||
2565 | |||
2566 | if (cert->valid_after == 0) | ||
2567 | snprintf(ret, sizeof(ret), "before %s", to); | ||
2568 | else if (cert->valid_before == 0xffffffffffffffffULL) | ||
2569 | snprintf(ret, sizeof(ret), "after %s", from); | ||
2570 | else | ||
2571 | snprintf(ret, sizeof(ret), "from %s to %s", from, to); | ||
2572 | |||
2573 | return strlcpy(s, ret, l); | ||
2574 | } | ||
2575 | |||
2539 | int | 2576 | int |
2540 | sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) | 2577 | sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) |
2541 | { | 2578 | { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.h,v 1.10 2015/09/13 14:39:16 tim Exp $ */ | 1 | /* $OpenBSD: sshkey.h,v 1.11 2015/11/19 01:08:55 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -141,6 +141,8 @@ int sshkey_certify(struct sshkey *, struct sshkey *); | |||
141 | int sshkey_cert_copy(const struct sshkey *, struct sshkey *); | 141 | int sshkey_cert_copy(const struct sshkey *, struct sshkey *); |
142 | int sshkey_cert_check_authority(const struct sshkey *, int, int, | 142 | int sshkey_cert_check_authority(const struct sshkey *, int, int, |
143 | const char *, const char **); | 143 | const char *, const char **); |
144 | size_t sshkey_format_cert_validity(const struct sshkey_cert *, | ||
145 | char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); | ||
144 | 146 | ||
145 | int sshkey_ecdsa_nid_from_name(const char *); | 147 | int sshkey_ecdsa_nid_from_name(const char *); |
146 | int sshkey_curve_name_to_nid(const char *); | 148 | int sshkey_curve_name_to_nid(const char *); |