summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTed Unangst <tedu@cvs.openbsd.org>2014-03-17 03:07:11 +0000
committerTed Unangst <tedu@cvs.openbsd.org>2014-03-17 03:07:11 +0000
commit5ff93654d445867364e36d34a943b57d5a0b1876 (patch)
tree374eebfbf36bd88eabc1d6edcbb644833226f0be
parent76d660a5ccf2532acc4d20ab576bd37072dcc7c2 (diff)
pull out the pubkey reading bits
-rw-r--r--usr.bin/signify/signify.c49
1 files changed, 24 insertions, 25 deletions
diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c
index 59c8c76bc81..8d15967c64f 100644
--- a/usr.bin/signify/signify.c
+++ b/usr.bin/signify/signify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: signify.c,v 1.63 2014/03/17 02:54:54 tedu Exp $ */
+/* $OpenBSD: signify.c,v 1.64 2014/03/17 03:07:10 tedu Exp $ */
/*
* Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
*
@@ -441,12 +441,28 @@ verifymsg(struct pubkey *pubkey, uint8_t *msg, unsigned long long msglen,
free(dummybuf);
}
+static void
+readpubkey(const char *pubkeyfile, struct pubkey *pubkey,
+ const char *sigcomment)
+{
+
+ if (!pubkeyfile) {
+ if ((pubkeyfile = strstr(sigcomment, VERIFYWITH))) {
+ pubkeyfile += strlen(VERIFYWITH);
+ if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 ||
+ strstr(pubkeyfile, "/../") != NULL)
+ errx(1, "untrusted path %s", pubkeyfile);
+ } else
+ usage("need pubkey");
+ }
+ readb64file(pubkeyfile, pubkey, sizeof(*pubkey), NULL);
+}
static void
verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile,
int quiet)
{
- char comment[COMMENTMAXLEN];
+ char sigcomment[COMMENTMAXLEN];
struct sig sig;
struct pubkey pubkey;
unsigned long long msglen;
@@ -454,17 +470,8 @@ verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile,
msg = readmsg(msgfile, &msglen);
- readb64file(sigfile, &sig, sizeof(sig), comment);
- if (!pubkeyfile) {
- if ((pubkeyfile = strstr(comment, VERIFYWITH))) {
- pubkeyfile += strlen(VERIFYWITH);
- if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 ||
- strstr(pubkeyfile, "/../") != NULL)
- errx(1, "untrusted path %s", pubkeyfile);
- } else
- usage("need pubkey");
- }
- readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
+ readb64file(sigfile, &sig, sizeof(sig), sigcomment);
+ readpubkey(pubkeyfile, &pubkey, sigcomment);
verifymsg(&pubkey, msg, msglen, &sig, quiet);
@@ -475,7 +482,7 @@ static uint8_t *
verifyembedded(const char *pubkeyfile, const char *sigfile,
int quiet, unsigned long long *msglenp)
{
- char comment[COMMENTMAXLEN];
+ char sigcomment[COMMENTMAXLEN];
struct sig sig;
struct pubkey pubkey;
unsigned long long msglen, siglen;
@@ -483,20 +490,12 @@ verifyembedded(const char *pubkeyfile, const char *sigfile,
msg = readmsg(sigfile, &msglen);
- siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), comment);
+ siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), sigcomment);
+ readpubkey(pubkeyfile, &pubkey, sigcomment);
+
msglen -= siglen;
memmove(msg, msg + siglen, msglen);
msg[msglen] = 0;
- if (!pubkeyfile) {
- if ((pubkeyfile = strstr(comment, VERIFYWITH))) {
- pubkeyfile += strlen(VERIFYWITH);
- if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 ||
- strstr(pubkeyfile, "/../") != NULL)
- errx(1, "untrusted path %s", pubkeyfile);
- } else
- usage("need pubkey");
- }
- readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
verifymsg(&pubkey, msg, msglen, &sig, quiet);