summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c48
1 files changed, 10 insertions, 38 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index d29f97bb3..29013a20f 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.392 2020/01/25 00:03:36 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.393 2020/01/25 23:02:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2189,15 +2189,10 @@ static void
2189load_krl(const char *path, struct ssh_krl **krlp) 2189load_krl(const char *path, struct ssh_krl **krlp)
2190{ 2190{
2191 struct sshbuf *krlbuf; 2191 struct sshbuf *krlbuf;
2192 int r, fd; 2192 int r;
2193 2193
2194 if ((krlbuf = sshbuf_new()) == NULL) 2194 if ((r = sshbuf_load_file(path, &krlbuf)) != 0)
2195 fatal("sshbuf_new failed");
2196 if ((fd = open(path, O_RDONLY)) == -1)
2197 fatal("open %s: %s", path, strerror(errno));
2198 if ((r = sshkey_load_file(fd, krlbuf)) != 0)
2199 fatal("Unable to load KRL: %s", ssh_err(r)); 2195 fatal("Unable to load KRL: %s", ssh_err(r));
2200 close(fd);
2201 /* XXX check sigs */ 2196 /* XXX check sigs */
2202 if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 || 2197 if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 ||
2203 *krlp == NULL) 2198 *krlp == NULL)
@@ -2399,7 +2394,7 @@ do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path,
2399 struct ssh_krl *krl; 2394 struct ssh_krl *krl;
2400 struct stat sb; 2395 struct stat sb;
2401 struct sshkey *ca = NULL; 2396 struct sshkey *ca = NULL;
2402 int fd, i, r, wild_ca = 0; 2397 int i, r, wild_ca = 0;
2403 char *tmp; 2398 char *tmp;
2404 struct sshbuf *kbuf; 2399 struct sshbuf *kbuf;
2405 2400
@@ -2441,12 +2436,8 @@ do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path,
2441 fatal("sshbuf_new failed"); 2436 fatal("sshbuf_new failed");
2442 if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0) 2437 if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0)
2443 fatal("Couldn't generate KRL"); 2438 fatal("Couldn't generate KRL");
2444 if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) 2439 if ((r = sshbuf_write_file(identity_file, kbuf)) != 0)
2445 fatal("open %s: %s", identity_file, strerror(errno));
2446 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(kbuf), sshbuf_len(kbuf)) !=
2447 sshbuf_len(kbuf))
2448 fatal("write %s: %s", identity_file, strerror(errno)); 2440 fatal("write %s: %s", identity_file, strerror(errno));
2449 close(fd);
2450 sshbuf_free(kbuf); 2441 sshbuf_free(kbuf);
2451 ssh_krl_free(krl); 2442 ssh_krl_free(krl);
2452 sshkey_free(ca); 2443 sshkey_free(ca);
@@ -2691,25 +2682,18 @@ static int
2691sig_verify(const char *signature, const char *sig_namespace, 2682sig_verify(const char *signature, const char *sig_namespace,
2692 const char *principal, const char *allowed_keys, const char *revoked_keys) 2683 const char *principal, const char *allowed_keys, const char *revoked_keys)
2693{ 2684{
2694 int r, ret = -1, sigfd = -1; 2685 int r, ret = -1;
2695 struct sshbuf *sigbuf = NULL, *abuf = NULL; 2686 struct sshbuf *sigbuf = NULL, *abuf = NULL;
2696 struct sshkey *sign_key = NULL; 2687 struct sshkey *sign_key = NULL;
2697 char *fp = NULL; 2688 char *fp = NULL;
2698 struct sshkey_sig_details *sig_details = NULL; 2689 struct sshkey_sig_details *sig_details = NULL;
2699 2690
2700 memset(&sig_details, 0, sizeof(sig_details)); 2691 memset(&sig_details, 0, sizeof(sig_details));
2701 if ((abuf = sshbuf_new()) == NULL) 2692 if ((r = sshbuf_load_file(signature, &abuf)) != 0) {
2702 fatal("%s: sshbuf_new() failed", __func__);
2703
2704 if ((sigfd = open(signature, O_RDONLY)) < 0) {
2705 error("Couldn't open signature file %s", signature);
2706 goto done;
2707 }
2708
2709 if ((r = sshkey_load_file(sigfd, abuf)) != 0) {
2710 error("Couldn't read signature file: %s", ssh_err(r)); 2693 error("Couldn't read signature file: %s", ssh_err(r));
2711 goto done; 2694 goto done;
2712 } 2695 }
2696
2713 if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) { 2697 if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) {
2714 error("%s: sshsig_armor: %s", __func__, ssh_err(r)); 2698 error("%s: sshsig_armor: %s", __func__, ssh_err(r));
2715 goto done; 2699 goto done;
@@ -2765,8 +2749,6 @@ done:
2765 printf("Could not verify signature.\n"); 2749 printf("Could not verify signature.\n");
2766 } 2750 }
2767 } 2751 }
2768 if (sigfd != -1)
2769 close(sigfd);
2770 sshbuf_free(sigbuf); 2752 sshbuf_free(sigbuf);
2771 sshbuf_free(abuf); 2753 sshbuf_free(abuf);
2772 sshkey_free(sign_key); 2754 sshkey_free(sign_key);
@@ -2777,20 +2759,12 @@ done:
2777 2759
2778static int 2760static int
2779sig_find_principals(const char *signature, const char *allowed_keys) { 2761sig_find_principals(const char *signature, const char *allowed_keys) {
2780 int r, ret = -1, sigfd = -1; 2762 int r, ret = -1;
2781 struct sshbuf *sigbuf = NULL, *abuf = NULL; 2763 struct sshbuf *sigbuf = NULL, *abuf = NULL;
2782 struct sshkey *sign_key = NULL; 2764 struct sshkey *sign_key = NULL;
2783 char *principals = NULL, *cp, *tmp; 2765 char *principals = NULL, *cp, *tmp;
2784 2766
2785 if ((abuf = sshbuf_new()) == NULL) 2767 if ((r = sshbuf_load_file(signature, &abuf)) != 0) {
2786 fatal("%s: sshbuf_new() failed", __func__);
2787
2788 if ((sigfd = open(signature, O_RDONLY)) < 0) {
2789 error("Couldn't open signature file %s", signature);
2790 goto done;
2791 }
2792
2793 if ((r = sshkey_load_file(sigfd, abuf)) != 0) {
2794 error("Couldn't read signature file: %s", ssh_err(r)); 2768 error("Couldn't read signature file: %s", ssh_err(r));
2795 goto done; 2769 goto done;
2796 } 2770 }
@@ -2819,8 +2793,6 @@ done:
2819 } else { 2793 } else {
2820 fprintf(stderr, "No principal matched.\n"); 2794 fprintf(stderr, "No principal matched.\n");
2821 } 2795 }
2822 if (sigfd != -1)
2823 close(sigfd);
2824 sshbuf_free(sigbuf); 2796 sshbuf_free(sigbuf);
2825 sshbuf_free(abuf); 2797 sshbuf_free(abuf);
2826 sshkey_free(sign_key); 2798 sshkey_free(sign_key);