diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-01-25 23:02:13 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-01-26 10:18:42 +1100 |
commit | 99aa8035554ddb976348d2a9253ab3653019728d (patch) | |
tree | 195dc658a883d04305334be9658ba7b9eba55e94 /ssh-keygen.c | |
parent | 065064fcf455778b0918f783033b374d4ba37a92 (diff) |
upstream: factor out reading/writing sshbufs to dedicated
functions; feedback and ok markus@
OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 48 |
1 files changed, 10 insertions, 38 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index d29f97bb3..29013a20f 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.392 2020/01/25 00:03:36 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.393 2020/01/25 23:02:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -2189,15 +2189,10 @@ static void | |||
2189 | load_krl(const char *path, struct ssh_krl **krlp) | 2189 | load_krl(const char *path, struct ssh_krl **krlp) |
2190 | { | 2190 | { |
2191 | struct sshbuf *krlbuf; | 2191 | struct sshbuf *krlbuf; |
2192 | int r, fd; | 2192 | int r; |
2193 | 2193 | ||
2194 | if ((krlbuf = sshbuf_new()) == NULL) | 2194 | if ((r = sshbuf_load_file(path, &krlbuf)) != 0) |
2195 | fatal("sshbuf_new failed"); | ||
2196 | if ((fd = open(path, O_RDONLY)) == -1) | ||
2197 | fatal("open %s: %s", path, strerror(errno)); | ||
2198 | if ((r = sshkey_load_file(fd, krlbuf)) != 0) | ||
2199 | fatal("Unable to load KRL: %s", ssh_err(r)); | 2195 | fatal("Unable to load KRL: %s", ssh_err(r)); |
2200 | close(fd); | ||
2201 | /* XXX check sigs */ | 2196 | /* XXX check sigs */ |
2202 | if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 || | 2197 | if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 || |
2203 | *krlp == NULL) | 2198 | *krlp == NULL) |
@@ -2399,7 +2394,7 @@ do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path, | |||
2399 | struct ssh_krl *krl; | 2394 | struct ssh_krl *krl; |
2400 | struct stat sb; | 2395 | struct stat sb; |
2401 | struct sshkey *ca = NULL; | 2396 | struct sshkey *ca = NULL; |
2402 | int fd, i, r, wild_ca = 0; | 2397 | int i, r, wild_ca = 0; |
2403 | char *tmp; | 2398 | char *tmp; |
2404 | struct sshbuf *kbuf; | 2399 | struct sshbuf *kbuf; |
2405 | 2400 | ||
@@ -2441,12 +2436,8 @@ do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path, | |||
2441 | fatal("sshbuf_new failed"); | 2436 | fatal("sshbuf_new failed"); |
2442 | if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0) | 2437 | if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0) |
2443 | fatal("Couldn't generate KRL"); | 2438 | fatal("Couldn't generate KRL"); |
2444 | if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) | 2439 | if ((r = sshbuf_write_file(identity_file, kbuf)) != 0) |
2445 | fatal("open %s: %s", identity_file, strerror(errno)); | ||
2446 | if (atomicio(vwrite, fd, sshbuf_mutable_ptr(kbuf), sshbuf_len(kbuf)) != | ||
2447 | sshbuf_len(kbuf)) | ||
2448 | fatal("write %s: %s", identity_file, strerror(errno)); | 2440 | fatal("write %s: %s", identity_file, strerror(errno)); |
2449 | close(fd); | ||
2450 | sshbuf_free(kbuf); | 2441 | sshbuf_free(kbuf); |
2451 | ssh_krl_free(krl); | 2442 | ssh_krl_free(krl); |
2452 | sshkey_free(ca); | 2443 | sshkey_free(ca); |
@@ -2691,25 +2682,18 @@ static int | |||
2691 | sig_verify(const char *signature, const char *sig_namespace, | 2682 | sig_verify(const char *signature, const char *sig_namespace, |
2692 | const char *principal, const char *allowed_keys, const char *revoked_keys) | 2683 | const char *principal, const char *allowed_keys, const char *revoked_keys) |
2693 | { | 2684 | { |
2694 | int r, ret = -1, sigfd = -1; | 2685 | int r, ret = -1; |
2695 | struct sshbuf *sigbuf = NULL, *abuf = NULL; | 2686 | struct sshbuf *sigbuf = NULL, *abuf = NULL; |
2696 | struct sshkey *sign_key = NULL; | 2687 | struct sshkey *sign_key = NULL; |
2697 | char *fp = NULL; | 2688 | char *fp = NULL; |
2698 | struct sshkey_sig_details *sig_details = NULL; | 2689 | struct sshkey_sig_details *sig_details = NULL; |
2699 | 2690 | ||
2700 | memset(&sig_details, 0, sizeof(sig_details)); | 2691 | memset(&sig_details, 0, sizeof(sig_details)); |
2701 | if ((abuf = sshbuf_new()) == NULL) | 2692 | if ((r = sshbuf_load_file(signature, &abuf)) != 0) { |
2702 | fatal("%s: sshbuf_new() failed", __func__); | ||
2703 | |||
2704 | if ((sigfd = open(signature, O_RDONLY)) < 0) { | ||
2705 | error("Couldn't open signature file %s", signature); | ||
2706 | goto done; | ||
2707 | } | ||
2708 | |||
2709 | if ((r = sshkey_load_file(sigfd, abuf)) != 0) { | ||
2710 | error("Couldn't read signature file: %s", ssh_err(r)); | 2693 | error("Couldn't read signature file: %s", ssh_err(r)); |
2711 | goto done; | 2694 | goto done; |
2712 | } | 2695 | } |
2696 | |||
2713 | if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) { | 2697 | if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) { |
2714 | error("%s: sshsig_armor: %s", __func__, ssh_err(r)); | 2698 | error("%s: sshsig_armor: %s", __func__, ssh_err(r)); |
2715 | goto done; | 2699 | goto done; |
@@ -2765,8 +2749,6 @@ done: | |||
2765 | printf("Could not verify signature.\n"); | 2749 | printf("Could not verify signature.\n"); |
2766 | } | 2750 | } |
2767 | } | 2751 | } |
2768 | if (sigfd != -1) | ||
2769 | close(sigfd); | ||
2770 | sshbuf_free(sigbuf); | 2752 | sshbuf_free(sigbuf); |
2771 | sshbuf_free(abuf); | 2753 | sshbuf_free(abuf); |
2772 | sshkey_free(sign_key); | 2754 | sshkey_free(sign_key); |
@@ -2777,20 +2759,12 @@ done: | |||
2777 | 2759 | ||
2778 | static int | 2760 | static int |
2779 | sig_find_principals(const char *signature, const char *allowed_keys) { | 2761 | sig_find_principals(const char *signature, const char *allowed_keys) { |
2780 | int r, ret = -1, sigfd = -1; | 2762 | int r, ret = -1; |
2781 | struct sshbuf *sigbuf = NULL, *abuf = NULL; | 2763 | struct sshbuf *sigbuf = NULL, *abuf = NULL; |
2782 | struct sshkey *sign_key = NULL; | 2764 | struct sshkey *sign_key = NULL; |
2783 | char *principals = NULL, *cp, *tmp; | 2765 | char *principals = NULL, *cp, *tmp; |
2784 | 2766 | ||
2785 | if ((abuf = sshbuf_new()) == NULL) | 2767 | if ((r = sshbuf_load_file(signature, &abuf)) != 0) { |
2786 | fatal("%s: sshbuf_new() failed", __func__); | ||
2787 | |||
2788 | if ((sigfd = open(signature, O_RDONLY)) < 0) { | ||
2789 | error("Couldn't open signature file %s", signature); | ||
2790 | goto done; | ||
2791 | } | ||
2792 | |||
2793 | if ((r = sshkey_load_file(sigfd, abuf)) != 0) { | ||
2794 | error("Couldn't read signature file: %s", ssh_err(r)); | 2768 | error("Couldn't read signature file: %s", ssh_err(r)); |
2795 | goto done; | 2769 | goto done; |
2796 | } | 2770 | } |
@@ -2819,8 +2793,6 @@ done: | |||
2819 | } else { | 2793 | } else { |
2820 | fprintf(stderr, "No principal matched.\n"); | 2794 | fprintf(stderr, "No principal matched.\n"); |
2821 | } | 2795 | } |
2822 | if (sigfd != -1) | ||
2823 | close(sigfd); | ||
2824 | sshbuf_free(sigbuf); | 2796 | sshbuf_free(sigbuf); |
2825 | sshbuf_free(abuf); | 2797 | sshbuf_free(abuf); |
2826 | sshkey_free(sign_key); | 2798 | sshkey_free(sign_key); |