summaryrefslogtreecommitdiff
path: root/usr.bin/signify/signify.c
diff options
context:
space:
mode:
authorMarc Espie <espie@cvs.openbsd.org>2016-10-06 22:38:26 +0000
committerMarc Espie <espie@cvs.openbsd.org>2016-10-06 22:38:26 +0000
commit6b07d4615c5a6a3e38d1fdda0387ae64e182c9aa (patch)
treec294d19455e195189c45d406354c404c3c3b2b82 /usr.bin/signify/signify.c
parent9babffb950ad1ed3d3f1f7f7ba88b7eb948e370a (diff)
- better check for seckeyname/pubkeyname "equality", remove the path
(you could legitimately store secret keys on a temporary mount - error out if seckeyname does not follow the *.sec pattern for signing, augment the check to deal with that. - special case: seckeyfile can come from a pipe, and then, well, there's no way to store *.pub in the comment. okay tedu@
Diffstat (limited to 'usr.bin/signify/signify.c')
-rw-r--r--usr.bin/signify/signify.c59
1 files changed, 32 insertions, 27 deletions
diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c
index 2f6b4c56126..51583267d0f 100644
--- a/usr.bin/signify/signify.c
+++ b/usr.bin/signify/signify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: signify.c,v 1.125 2016/10/05 15:58:50 tedu Exp $ */
+/* $OpenBSD: signify.c,v 1.126 2016/10/06 22:38:25 espie Exp $ */
/*
* Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
*
@@ -343,23 +343,36 @@ generate(const char *pubkeyfile, const char *seckeyfile, int rounds,
sizeof(pubkey), O_EXCL, 0666);
}
-static void
+static const char *
check_keyname_compliance(const char *pubkeyfile, const char *seckeyfile)
{
- size_t len;
+ const char *pos;
- len = strlen(pubkeyfile);
- if (strlen(seckeyfile) != len)
- goto bad;
+ /* basename may or may not modify input */
+ pos = strrchr(seckeyfile, '/');
+ if (pos != NULL)
+ seckeyfile = pos+1;
+
+ size_t len;
+ len = strlen(seckeyfile);
if (len < 5) /* ?.key */
goto bad;
- if (strcmp(pubkeyfile + len - 4, ".pub") != 0 ||
- strcmp(seckeyfile + len - 4, ".sec") != 0)
- goto bad;
- if (strncmp(pubkeyfile, seckeyfile, len - 4) != 0)
+ if (strcmp(seckeyfile + len - 4, ".sec") != 0)
goto bad;
+ if (pubkeyfile != NULL) {
+ pos = strrchr(pubkeyfile, '/');
+ if (pos != NULL)
+ pubkeyfile = pos+1;
+
+ if (strlen(pubkeyfile) != len)
+ goto bad;
+ if (strcmp(pubkeyfile + len - 4, ".pub") != 0)
+ goto bad;
+ if (strncmp(pubkeyfile, seckeyfile, len - 4) != 0)
+ goto bad;
+ }
- return;
+ return seckeyfile;
bad:
errx(1, "please use naming scheme of keyname.pub and keyname.sec");
}
@@ -372,7 +385,6 @@ createsig(const char *seckeyfile, const char *msgfile, uint8_t *msg,
uint8_t xorkey[sizeof(enckey.seckey)];
struct sig sig;
char *sighdr;
- char *extname;
uint8_t digest[SHA512_DIGEST_LENGTH];
int i, nr, rounds;
SHA2_CTX ctx;
@@ -380,24 +392,17 @@ createsig(const char *seckeyfile, const char *msgfile, uint8_t *msg,
readb64file(seckeyfile, &enckey, sizeof(enckey), comment);
- extname = strrchr(seckeyfile, '.');
- if (extname && strcmp(extname, ".sec") == 0) {
- const char *keyname;
- /* basename may or may not modify input */
- if (!(keyname = strrchr(seckeyfile, '/')))
- keyname = seckeyfile;
- else
- keyname++;
- nr = snprintf(sigcomment, sizeof(sigcomment),
- VERIFYWITH "%.*s.pub", (int)strlen(keyname) - 4, keyname);
- if (nr == -1 || nr >= sizeof(sigcomment))
- errx(1, "comment too long");
+ if (strcmp(seckeyfile, "-") == 0) {
+ nr = snprintf(sigcomment, sizeof(sigcomment),
+ "signature from %s", comment);
} else {
+ const char *keyname = check_keyname_compliance(NULL,
+ seckeyfile);
nr = snprintf(sigcomment, sizeof(sigcomment),
- "signature from %s", comment);
- if (nr == -1 || nr >= sizeof(sigcomment))
- errx(1, "comment too long");
+ VERIFYWITH "%.*s.pub", (int)strlen(keyname) - 4, keyname);
}
+ if (nr == -1 || nr >= sizeof(sigcomment))
+ errx(1, "comment too long");
if (memcmp(enckey.kdfalg, KDFALG, 2) != 0)
errx(1, "unsupported KDF");