summaryrefslogtreecommitdiff
path: root/lib/libkeynote
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>1999-11-03 19:52:23 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>1999-11-03 19:52:23 +0000
commit10d80ee8da6c67ecbb42f54778fc1b2b4036d32f (patch)
treefceb4fc79e5fcbd1769dfe3217e4bae3f5b8a6a0 /lib/libkeynote
parent074acb47bb6c5e0b6a4438c1e4ca2f75dcbfb5f7 (diff)
Handle multiple assertions per file in signature verification, better
detection of malformed credentials, update manpages, sync with release.
Diffstat (limited to 'lib/libkeynote')
-rw-r--r--lib/libkeynote/README4
-rw-r--r--lib/libkeynote/keynote-sigver.c78
-rw-r--r--lib/libkeynote/keynote.16
-rw-r--r--lib/libkeynote/keynote.39
-rw-r--r--lib/libkeynote/parse_assertion.c23
5 files changed, 81 insertions, 39 deletions
diff --git a/lib/libkeynote/README b/lib/libkeynote/README
index 605599904d4..9fca97dda7b 100644
--- a/lib/libkeynote/README
+++ b/lib/libkeynote/README
@@ -1,6 +1,6 @@
-# $OpenBSD: README,v 1.6 1999/10/26 22:31:37 angelos Exp $
+# $OpenBSD: README,v 1.7 1999/11/03 19:52:21 angelos Exp $
-This is release 2.1 of the KeyNote trust management library reference
+This is release 2.2 of the KeyNote trust management library reference
implementation (in case you are wondering, there was never an official 1.0
release).
diff --git a/lib/libkeynote/keynote-sigver.c b/lib/libkeynote/keynote-sigver.c
index 3a3e68cec7b..81332a4ff10 100644
--- a/lib/libkeynote/keynote-sigver.c
+++ b/lib/libkeynote/keynote-sigver.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: keynote-sigver.c,v 1.8 1999/10/26 22:31:38 angelos Exp $ */
+/* $OpenBSD: keynote-sigver.c,v 1.9 1999/11/03 19:52:22 angelos Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
*
@@ -56,9 +56,9 @@ sigverusage(void)
void
keynote_sigver(int argc, char *argv[])
{
+ char *buf, **assertlist;
+ int fd, i, n, j;
struct stat sb;
- int fd, i;
- char *buf;
if (argc != 2)
{
@@ -101,41 +101,61 @@ keynote_sigver(int argc, char *argv[])
close(fd);
- i = kn_verify_assertion(buf, sb.st_size);
- if (i == -1)
+ assertlist = kn_read_asserts(buf, sb.st_size, &n);
+ if ((assertlist == NULL) || (n == 0))
{
- switch (keynote_errno)
- {
- case ERROR_MEMORY:
- fprintf(stderr,
- "Out of memory while parsing the assertion.\n");
- break;
-
- case ERROR_SYNTAX:
- fprintf(stderr,
- "Syntax error while parsing the assertion.\n");
- break;
-
- default:
- fprintf(stderr,
- "Unknown error while parsing the assertion.\n");
- }
-
+ if (keynote_errno == ERROR_MEMORY)
+ fprintf(stderr, "Out of memory while allocating memory for "
+ "assertions.\n");
+ else
+ fprintf(stderr, "No assertions found.\n");
exit(-1);
}
free(buf);
- if (i == SIGRESULT_TRUE)
- fprintf(stdout, "Signature verified.\n");
- else
+ for (j = 0; j < n; j++)
{
- if (keynote_errno != 0)
- fprintf(stdout, "Signature could not be verified "
- "(keynote_errno = %d).\n", keynote_errno);
+ i = kn_verify_assertion(assertlist[j], strlen(assertlist[j]));
+ if (i == -1)
+ {
+ switch (keynote_errno)
+ {
+ case ERROR_MEMORY:
+ fprintf(stderr,
+ "Out of memory while parsing assertion %d.\n", j);
+ break;
+
+ case ERROR_SYNTAX:
+ fprintf(stderr,
+ "Syntax error while parsing assertion %d.\n", j);
+ break;
+
+ default:
+ fprintf(stderr,
+ "Unknown error while parsing assertion %d.\n", j);
+ }
+ }
else
- fprintf(stdout, "Signature did not verify!\n");
+ {
+ if (i == SIGRESULT_TRUE)
+ fprintf(stdout, "Signature on assertion %d verified.\n", j);
+ else
+ {
+ if (keynote_errno != 0)
+ fprintf(stdout,
+ "Signature on assertion %d could not be verified "
+ "(keynote_errno = %d).\n", j, keynote_errno);
+ else
+ fprintf(stdout,
+ "Signature on assertion %d did not verify!\n", j);
+ }
+ }
+
+ free(assertlist[j]);
}
+ free(assertlist);
+
exit(0);
}
diff --git a/lib/libkeynote/keynote.1 b/lib/libkeynote/keynote.1
index b56cc655de2..a3f9c62546b 100644
--- a/lib/libkeynote/keynote.1
+++ b/lib/libkeynote/keynote.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: keynote.1,v 1.12 1999/11/03 03:17:58 angelos Exp $
+.\" $OpenBSD: keynote.1,v 1.13 1999/11/03 19:52:22 angelos Exp $
.\"
.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
.\"
@@ -180,9 +180,9 @@ the end of each line, and the doublequotes at the beginning and end
of the signature encoding. Default values are 12 and 50 respectively.
.Pp
.Sh SIGNATURE VERIFICATION
-"keynote sigver" reads the assertion contained in
+"keynote sigver" reads the assertions contained in
.Fa AssertionFile
-and verifies the public-key signature on it.
+and verifies the public-key signatures on all of them.
.Pp
.Sh QUERY TOOL
For each operand that names a
diff --git a/lib/libkeynote/keynote.3 b/lib/libkeynote/keynote.3
index f1fce699133..ee405941922 100644
--- a/lib/libkeynote/keynote.3
+++ b/lib/libkeynote/keynote.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: keynote.3,v 1.16 1999/10/11 04:39:00 angelos Exp $
+.\" $OpenBSD: keynote.3,v 1.17 1999/11/03 19:52:22 angelos Exp $
.\"
.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
.\"
@@ -443,8 +443,13 @@ parses the string
.Fa array
of length
.Fa arraylen
-and returns an array of strings containing the assertions found in
+and returns an array of pointers to strings containing copies of
+the assertions found in
.Fa array .
+Both the array of pointers and the strings are allocated by
+.Fn kn_read_asserts
+dynamically, and thus should be freed by the programmer when they are
+no longer needed.
.Fa numassertions
contains the number of assertions (and thus strings in the returned
array) found in
diff --git a/lib/libkeynote/parse_assertion.c b/lib/libkeynote/parse_assertion.c
index 13ec503ee59..03110545e22 100644
--- a/lib/libkeynote/parse_assertion.c
+++ b/lib/libkeynote/parse_assertion.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse_assertion.c,v 1.6 1999/10/26 22:31:38 angelos Exp $ */
+/* $OpenBSD: parse_assertion.c,v 1.7 1999/11/03 19:52:22 angelos Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
*
@@ -376,7 +376,7 @@ whichkeyword(char *start, char *end)
struct assertion *
keynote_parse_assertion(char *buf, int len, int assertion_flags)
{
- int i, j, seen_field = 0, ver = 0, end_of_assertion = 0;
+ int k, i, j, seen_field = 0, ver = 0, end_of_assertion = 0;
char *ks, *ke, *ts, *te = (char *) NULL;
struct assertion *as;
@@ -596,7 +596,24 @@ keynote_parse_assertion(char *buf, int len, int assertion_flags)
seen_field = 1;
if (end_of_assertion == 1)
- break;
+ {
+ /* End of buffer, good termination */
+ if ((te == as->as_buf + len) || (te + 1 == as->as_buf + len) ||
+ (*(te) == '\0') || (*(te + 1) == '\0'))
+ break;
+
+ /* Check whether there's something else following */
+ for (k = 1; te + k < as->as_buf + len && *(te + k) != '\n'; k++)
+ if (!isspace(*(te + k)))
+ {
+ printf("here %c\n", *(te + k));
+ keynote_free_assertion(as);
+ keynote_errno = ERROR_SYNTAX;
+ return (struct assertion *) NULL;
+ }
+
+ break; /* Assertion is "properly" terminated */
+ }
}
/* Check that the basic fields are there */