diff options
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 48 |
1 files changed, 10 insertions, 38 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index d29f97bb3..29013a20f 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.392 2020/01/25 00:03:36 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.393 2020/01/25 23:02:13 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -2189,15 +2189,10 @@ static void | |||
| 2189 | load_krl(const char *path, struct ssh_krl **krlp) | 2189 | load_krl(const char *path, struct ssh_krl **krlp) |
| 2190 | { | 2190 | { |
| 2191 | struct sshbuf *krlbuf; | 2191 | struct sshbuf *krlbuf; |
| 2192 | int r, fd; | 2192 | int r; |
| 2193 | 2193 | ||
| 2194 | if ((krlbuf = sshbuf_new()) == NULL) | 2194 | if ((r = sshbuf_load_file(path, &krlbuf)) != 0) |
| 2195 | fatal("sshbuf_new failed"); | ||
| 2196 | if ((fd = open(path, O_RDONLY)) == -1) | ||
| 2197 | fatal("open %s: %s", path, strerror(errno)); | ||
| 2198 | if ((r = sshkey_load_file(fd, krlbuf)) != 0) | ||
| 2199 | fatal("Unable to load KRL: %s", ssh_err(r)); | 2195 | fatal("Unable to load KRL: %s", ssh_err(r)); |
| 2200 | close(fd); | ||
| 2201 | /* XXX check sigs */ | 2196 | /* XXX check sigs */ |
| 2202 | if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 || | 2197 | if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 || |
| 2203 | *krlp == NULL) | 2198 | *krlp == NULL) |
| @@ -2399,7 +2394,7 @@ do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path, | |||
| 2399 | struct ssh_krl *krl; | 2394 | struct ssh_krl *krl; |
| 2400 | struct stat sb; | 2395 | struct stat sb; |
| 2401 | struct sshkey *ca = NULL; | 2396 | struct sshkey *ca = NULL; |
| 2402 | int fd, i, r, wild_ca = 0; | 2397 | int i, r, wild_ca = 0; |
| 2403 | char *tmp; | 2398 | char *tmp; |
| 2404 | struct sshbuf *kbuf; | 2399 | struct sshbuf *kbuf; |
| 2405 | 2400 | ||
| @@ -2441,12 +2436,8 @@ do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path, | |||
| 2441 | fatal("sshbuf_new failed"); | 2436 | fatal("sshbuf_new failed"); |
| 2442 | if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0) | 2437 | if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0) |
| 2443 | fatal("Couldn't generate KRL"); | 2438 | fatal("Couldn't generate KRL"); |
| 2444 | if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) | 2439 | if ((r = sshbuf_write_file(identity_file, kbuf)) != 0) |
| 2445 | fatal("open %s: %s", identity_file, strerror(errno)); | ||
| 2446 | if (atomicio(vwrite, fd, sshbuf_mutable_ptr(kbuf), sshbuf_len(kbuf)) != | ||
| 2447 | sshbuf_len(kbuf)) | ||
| 2448 | fatal("write %s: %s", identity_file, strerror(errno)); | 2440 | fatal("write %s: %s", identity_file, strerror(errno)); |
| 2449 | close(fd); | ||
| 2450 | sshbuf_free(kbuf); | 2441 | sshbuf_free(kbuf); |
| 2451 | ssh_krl_free(krl); | 2442 | ssh_krl_free(krl); |
| 2452 | sshkey_free(ca); | 2443 | sshkey_free(ca); |
| @@ -2691,25 +2682,18 @@ static int | |||
| 2691 | sig_verify(const char *signature, const char *sig_namespace, | 2682 | sig_verify(const char *signature, const char *sig_namespace, |
| 2692 | const char *principal, const char *allowed_keys, const char *revoked_keys) | 2683 | const char *principal, const char *allowed_keys, const char *revoked_keys) |
| 2693 | { | 2684 | { |
| 2694 | int r, ret = -1, sigfd = -1; | 2685 | int r, ret = -1; |
| 2695 | struct sshbuf *sigbuf = NULL, *abuf = NULL; | 2686 | struct sshbuf *sigbuf = NULL, *abuf = NULL; |
| 2696 | struct sshkey *sign_key = NULL; | 2687 | struct sshkey *sign_key = NULL; |
| 2697 | char *fp = NULL; | 2688 | char *fp = NULL; |
| 2698 | struct sshkey_sig_details *sig_details = NULL; | 2689 | struct sshkey_sig_details *sig_details = NULL; |
| 2699 | 2690 | ||
| 2700 | memset(&sig_details, 0, sizeof(sig_details)); | 2691 | memset(&sig_details, 0, sizeof(sig_details)); |
| 2701 | if ((abuf = sshbuf_new()) == NULL) | 2692 | if ((r = sshbuf_load_file(signature, &abuf)) != 0) { |
| 2702 | fatal("%s: sshbuf_new() failed", __func__); | ||
| 2703 | |||
| 2704 | if ((sigfd = open(signature, O_RDONLY)) < 0) { | ||
| 2705 | error("Couldn't open signature file %s", signature); | ||
| 2706 | goto done; | ||
| 2707 | } | ||
| 2708 | |||
| 2709 | if ((r = sshkey_load_file(sigfd, abuf)) != 0) { | ||
| 2710 | error("Couldn't read signature file: %s", ssh_err(r)); | 2693 | error("Couldn't read signature file: %s", ssh_err(r)); |
| 2711 | goto done; | 2694 | goto done; |
| 2712 | } | 2695 | } |
| 2696 | |||
| 2713 | if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) { | 2697 | if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) { |
| 2714 | error("%s: sshsig_armor: %s", __func__, ssh_err(r)); | 2698 | error("%s: sshsig_armor: %s", __func__, ssh_err(r)); |
| 2715 | goto done; | 2699 | goto done; |
| @@ -2765,8 +2749,6 @@ done: | |||
| 2765 | printf("Could not verify signature.\n"); | 2749 | printf("Could not verify signature.\n"); |
| 2766 | } | 2750 | } |
| 2767 | } | 2751 | } |
| 2768 | if (sigfd != -1) | ||
| 2769 | close(sigfd); | ||
| 2770 | sshbuf_free(sigbuf); | 2752 | sshbuf_free(sigbuf); |
| 2771 | sshbuf_free(abuf); | 2753 | sshbuf_free(abuf); |
| 2772 | sshkey_free(sign_key); | 2754 | sshkey_free(sign_key); |
| @@ -2777,20 +2759,12 @@ done: | |||
| 2777 | 2759 | ||
| 2778 | static int | 2760 | static int |
| 2779 | sig_find_principals(const char *signature, const char *allowed_keys) { | 2761 | sig_find_principals(const char *signature, const char *allowed_keys) { |
| 2780 | int r, ret = -1, sigfd = -1; | 2762 | int r, ret = -1; |
| 2781 | struct sshbuf *sigbuf = NULL, *abuf = NULL; | 2763 | struct sshbuf *sigbuf = NULL, *abuf = NULL; |
| 2782 | struct sshkey *sign_key = NULL; | 2764 | struct sshkey *sign_key = NULL; |
| 2783 | char *principals = NULL, *cp, *tmp; | 2765 | char *principals = NULL, *cp, *tmp; |
| 2784 | 2766 | ||
| 2785 | if ((abuf = sshbuf_new()) == NULL) | 2767 | if ((r = sshbuf_load_file(signature, &abuf)) != 0) { |
| 2786 | fatal("%s: sshbuf_new() failed", __func__); | ||
| 2787 | |||
| 2788 | if ((sigfd = open(signature, O_RDONLY)) < 0) { | ||
| 2789 | error("Couldn't open signature file %s", signature); | ||
| 2790 | goto done; | ||
| 2791 | } | ||
| 2792 | |||
| 2793 | if ((r = sshkey_load_file(sigfd, abuf)) != 0) { | ||
| 2794 | error("Couldn't read signature file: %s", ssh_err(r)); | 2768 | error("Couldn't read signature file: %s", ssh_err(r)); |
| 2795 | goto done; | 2769 | goto done; |
| 2796 | } | 2770 | } |
| @@ -2819,8 +2793,6 @@ done: | |||
| 2819 | } else { | 2793 | } else { |
| 2820 | fprintf(stderr, "No principal matched.\n"); | 2794 | fprintf(stderr, "No principal matched.\n"); |
| 2821 | } | 2795 | } |
| 2822 | if (sigfd != -1) | ||
| 2823 | close(sigfd); | ||
| 2824 | sshbuf_free(sigbuf); | 2796 | sshbuf_free(sigbuf); |
| 2825 | sshbuf_free(abuf); | 2797 | sshbuf_free(abuf); |
| 2826 | sshkey_free(sign_key); | 2798 | sshkey_free(sign_key); |