diff options
author | Ted Unangst <tedu@cvs.openbsd.org> | 2014-03-17 03:07:11 +0000 |
---|---|---|
committer | Ted Unangst <tedu@cvs.openbsd.org> | 2014-03-17 03:07:11 +0000 |
commit | 5ff93654d445867364e36d34a943b57d5a0b1876 (patch) | |
tree | 374eebfbf36bd88eabc1d6edcbb644833226f0be | |
parent | 76d660a5ccf2532acc4d20ab576bd37072dcc7c2 (diff) |
pull out the pubkey reading bits
-rw-r--r-- | usr.bin/signify/signify.c | 49 |
1 files changed, 24 insertions, 25 deletions
diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c index 59c8c76bc81..8d15967c64f 100644 --- a/usr.bin/signify/signify.c +++ b/usr.bin/signify/signify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: signify.c,v 1.63 2014/03/17 02:54:54 tedu Exp $ */ +/* $OpenBSD: signify.c,v 1.64 2014/03/17 03:07:10 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org> * @@ -441,12 +441,28 @@ verifymsg(struct pubkey *pubkey, uint8_t *msg, unsigned long long msglen, free(dummybuf); } +static void +readpubkey(const char *pubkeyfile, struct pubkey *pubkey, + const char *sigcomment) +{ + + if (!pubkeyfile) { + if ((pubkeyfile = strstr(sigcomment, VERIFYWITH))) { + pubkeyfile += strlen(VERIFYWITH); + if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 || + strstr(pubkeyfile, "/../") != NULL) + errx(1, "untrusted path %s", pubkeyfile); + } else + usage("need pubkey"); + } + readb64file(pubkeyfile, pubkey, sizeof(*pubkey), NULL); +} static void verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile, int quiet) { - char comment[COMMENTMAXLEN]; + char sigcomment[COMMENTMAXLEN]; struct sig sig; struct pubkey pubkey; unsigned long long msglen; @@ -454,17 +470,8 @@ verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile, msg = readmsg(msgfile, &msglen); - readb64file(sigfile, &sig, sizeof(sig), comment); - if (!pubkeyfile) { - if ((pubkeyfile = strstr(comment, VERIFYWITH))) { - pubkeyfile += strlen(VERIFYWITH); - if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 || - strstr(pubkeyfile, "/../") != NULL) - errx(1, "untrusted path %s", pubkeyfile); - } else - usage("need pubkey"); - } - readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); + readb64file(sigfile, &sig, sizeof(sig), sigcomment); + readpubkey(pubkeyfile, &pubkey, sigcomment); verifymsg(&pubkey, msg, msglen, &sig, quiet); @@ -475,7 +482,7 @@ static uint8_t * verifyembedded(const char *pubkeyfile, const char *sigfile, int quiet, unsigned long long *msglenp) { - char comment[COMMENTMAXLEN]; + char sigcomment[COMMENTMAXLEN]; struct sig sig; struct pubkey pubkey; unsigned long long msglen, siglen; @@ -483,20 +490,12 @@ verifyembedded(const char *pubkeyfile, const char *sigfile, msg = readmsg(sigfile, &msglen); - siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), comment); + siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), sigcomment); + readpubkey(pubkeyfile, &pubkey, sigcomment); + msglen -= siglen; memmove(msg, msg + siglen, msglen); msg[msglen] = 0; - if (!pubkeyfile) { - if ((pubkeyfile = strstr(comment, VERIFYWITH))) { - pubkeyfile += strlen(VERIFYWITH); - if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 || - strstr(pubkeyfile, "/../") != NULL) - errx(1, "untrusted path %s", pubkeyfile); - } else - usage("need pubkey"); - } - readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); verifymsg(&pubkey, msg, msglen, &sig, quiet); |