From b0d1aa89a29bf9e02a30f85af7fcb073fe6a2c26 Mon Sep 17 00:00:00 2001 From: Ted Unangst Date: Mon, 17 Mar 2014 02:10:55 +0000 Subject: move fingerprint check into verifymsg (stop printing fingerprints here; probably not that helpful) --- usr.bin/signify/signify.c | 31 ++++++++++--------------------- 1 file changed, 10 insertions(+), 21 deletions(-) (limited to 'usr.bin/signify') diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c index bc3091e0cae..c06587e627e 100644 --- a/usr.bin/signify/signify.c +++ b/usr.bin/signify/signify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: signify.c,v 1.61 2014/03/17 01:23:58 deraadt Exp $ */ +/* $OpenBSD: signify.c,v 1.62 2014/03/17 02:10:54 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst * @@ -418,19 +418,22 @@ inspect(const char *seckeyfile, const char *pubkeyfile, const char *sigfile) #endif static void -verifymsg(uint8_t *pubkey, uint8_t *msg, unsigned long long msglen, - uint8_t *sig, int quiet) +verifymsg(struct pubkey *pubkey, uint8_t *msg, unsigned long long msglen, + struct sig *sig, int quiet) { uint8_t *sigbuf, *dummybuf; unsigned long long siglen, dummylen; + if (memcmp(pubkey->fingerprint, sig->fingerprint, FPLEN)) + errx(1, "verification failed: checked against wrong key"); + siglen = SIGBYTES + msglen; sigbuf = xmalloc(siglen); dummybuf = xmalloc(siglen); - memcpy(sigbuf, sig, SIGBYTES); + memcpy(sigbuf, sig->sig, SIGBYTES); memcpy(sigbuf + SIGBYTES, msg, msglen); if (crypto_sign_ed25519_open(dummybuf, &dummylen, sigbuf, siglen, - pubkey) == -1) + pubkey->pubkey) == -1) errx(1, "signature verification failed"); if (!quiet) printf("Signature Verified\n"); @@ -470,14 +473,7 @@ verify(const char *pubkeyfile, const char *msgfile, const char *sigfile, } readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); - if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) { -#ifndef VERIFYONLY - inspect(NULL, pubkeyfile, sigfile); -#endif - errx(1, "verification failed: checked against wrong key"); - } - - verifymsg(pubkey.pubkey, msg, msglen, sig.sig, quiet); + verifymsg(&pubkey, msg, msglen, &sig, quiet); if (embedded) { fd = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666); writeall(fd, msg, msglen, msgfile); @@ -605,14 +601,7 @@ check(const char *pubkeyfile, const char *sigfile, int quiet, int argc, msg += siglen; msglen -= siglen; - if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) { -#ifndef VERIFYONLY - inspect(NULL, pubkeyfile, sigfile); -#endif - errx(1, "verification failed: checked against wrong key"); - } - - verifymsg(pubkey.pubkey, msg, msglen, sig.sig, quiet); + verifymsg(&pubkey, msg, msglen, &sig, quiet); verifychecksums((char *)msg, argc, argv, quiet); free(msg - siglen); -- cgit v1.2.3