1 files changed, 27 insertions, 17 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 64cee4de0..a12b79a56 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.419 2020/08/27 09:46:04 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.420 2020/09/09 03:08:01 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3072,6 +3072,27 @@ do_download_sk(const char *skprovider, const char *device)
 }
 static void
+save_attestation(struct sshbuf *attest, const char *path)
+{
+        mode_t omask;
+        int r;
+        if (path == NULL)
+                return; /* nothing to do */
+        if (attest == NULL || sshbuf_len(attest) == 0)
+                fatal("Enrollment did not return attestation data");
+        omask = umask(077);
+        r = sshbuf_write_file(path, attest);
+        umask(omask);
+        if (r != 0)
+                fatal("Unable to write attestation data \"%s\": %s", path,
+                    ssh_err(r));
+        if (!quiet)
+                printf("Your FIDO attestation certificate has been saved in "
+                    "%s\n", path);
+}
+static void
 usage(void)
 {
        fprintf(stderr,
@@ -3137,7 +3158,7 @@ main(int argc, char **argv)
        unsigned long long cert_serial = 0;
        char *identity_comment = NULL, *ca_key_path = NULL, **opts = NULL;
        char *sk_application = NULL, *sk_device = NULL, *sk_user = NULL;
-        char *sk_attestaion_path = NULL;
+        char *sk_attestation_path = NULL;
        struct sshbuf *challenge = NULL, *attest = NULL;
        size_t i, nopts = 0;
        u_int32_t bits = 0;
@@ -3593,7 +3614,7 @@ main(int argc, char **argv)
                                }
                        } else if (strncasecmp(opts[i],
                            "write-attestation=", 18) == 0) {
-                                sk_attestaion_path = opts[i] + 18;
+                                sk_attestation_path = opts[i] + 18;
                        } else if (strncasecmp(opts[i],
                            "application=", 12) == 0) {
                                sk_application = xstrdup(opts[i] + 12);
@@ -3715,20 +3736,9 @@ main(int argc, char **argv)
                free(fp);
        }
-        if (sk_attestaion_path != NULL) {
+        if (sk_attestation_path != NULL)
-                if (attest == NULL || sshbuf_len(attest) == 0) {
+                save_attestation(attest, sk_attestation_path);
-                        fatal("Enrollment did not return attestation "
-                            "certificate");
-                }
-                if ((r = sshbuf_write_file(sk_attestaion_path, attest)) != 0) {
-                        fatal("Unable to write attestation certificate "
-                            "\"%s\": %s", sk_attestaion_path, ssh_err(r));
-                }
-                if (!quiet) {
-                        printf("Your FIDO attestation certificate has been "
-                            "saved in %s\n", sk_attestaion_path);
-                }
-        }
        sshbuf_free(attest);
        sshkey_free(public);

diff --git a/ssh-keygen.c b/ssh-keygen.c index 64cee4de0..a12b79a56 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-keygen.c,v 1.419 2020/08/27 09:46:04 djm Exp $ */	1	/* $OpenBSD: ssh-keygen.c,v 1.420 2020/09/09 03:08:01 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3072,6 +3072,27 @@ do_download_sk(const char skprovider, const char device)
3072	}	3072	}
3073		3073
3074	static void	3074	static void
		3075	save_attestation(struct sshbuf attest, const char path)
		3076	{
		3077	mode_t omask;
		3078	int r;
		3079
		3080	if (path == NULL)
		3081	return; /* nothing to do */
		3082	if (attest == NULL \|\| sshbuf_len(attest) == 0)
		3083	fatal("Enrollment did not return attestation data");
		3084	omask = umask(077);
		3085	r = sshbuf_write_file(path, attest);
		3086	umask(omask);
		3087	if (r != 0)
		3088	fatal("Unable to write attestation data \"%s\": %s", path,
		3089	ssh_err(r));
		3090	if (!quiet)
		3091	printf("Your FIDO attestation certificate has been saved in "
		3092	"%s\n", path);
		3093	}
		3094
		3095	static void
3075	usage(void)	3096	usage(void)
3076	{	3097	{
3077	fprintf(stderr,	3098	fprintf(stderr,
@@ -3137,7 +3158,7 @@ main(int argc, char **argv)
3137	unsigned long long cert_serial = 0;	3158	unsigned long long cert_serial = 0;
3138	char identity_comment = NULL, ca_key_path = NULL, **opts = NULL;	3159	char identity_comment = NULL, ca_key_path = NULL, **opts = NULL;
3139	char sk_application = NULL, sk_device = NULL, *sk_user = NULL;	3160	char sk_application = NULL, sk_device = NULL, *sk_user = NULL;
3140	char *sk_attestaion_path = NULL;	3161	char *sk_attestation_path = NULL;
3141	struct sshbuf challenge = NULL, attest = NULL;	3162	struct sshbuf challenge = NULL, attest = NULL;
3142	size_t i, nopts = 0;	3163	size_t i, nopts = 0;
3143	u_int32_t bits = 0;	3164	u_int32_t bits = 0;
@@ -3593,7 +3614,7 @@ main(int argc, char **argv)
3593	}	3614	}
3594	} else if (strncasecmp(opts[i],	3615	} else if (strncasecmp(opts[i],
3595	"write-attestation=", 18) == 0) {	3616	"write-attestation=", 18) == 0) {
3596	sk_attestaion_path = opts[i] + 18;	3617	sk_attestation_path = opts[i] + 18;
3597	} else if (strncasecmp(opts[i],	3618	} else if (strncasecmp(opts[i],
3598	"application=", 12) == 0) {	3619	"application=", 12) == 0) {
3599	sk_application = xstrdup(opts[i] + 12);	3620	sk_application = xstrdup(opts[i] + 12);
@@ -3715,20 +3736,9 @@ main(int argc, char **argv)
3715	free(fp);	3736	free(fp);
3716	}	3737	}
3717		3738
3718	if (sk_attestaion_path != NULL) {	3739	if (sk_attestation_path != NULL)
3719	if (attest == NULL \|\| sshbuf_len(attest) == 0) {	3740	save_attestation(attest, sk_attestation_path);
3720	fatal("Enrollment did not return attestation "	3741
3721	"certificate");
3722	}
3723	if ((r = sshbuf_write_file(sk_attestaion_path, attest)) != 0) {
3724	fatal("Unable to write attestation certificate "
3725	"\"%s\": %s", sk_attestaion_path, ssh_err(r));
3726	}
3727	if (!quiet) {
3728	printf("Your FIDO attestation certificate has been "
3729	"saved in %s\n", sk_attestaion_path);
3730	}
3731	}
3732	sshbuf_free(attest);	3742	sshbuf_free(attest);
3733	sshkey_free(public);	3743	sshkey_free(public);
3734		3744