| krl.c (294464) | krl.c (296633) |
|---|---|
| 1/* 2 * Copyright (c) 2012 Damien Miller <djm@mindrot.org> 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 | 1/* 2 * Copyright (c) 2012 Damien Miller <djm@mindrot.org> 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 |
| 17/* $OpenBSD: krl.c,v 1.33 2015/07/03 03:43:18 djm Exp $ */ | 17/* $OpenBSD: krl.c,v 1.37 2015/12/31 00:33:52 djm Exp $ */ |
| 18 19#include "includes.h" 20 21#include <sys/param.h> /* MIN */ 22#include <sys/types.h> 23#include <openbsd-compat/sys-tree.h> 24#include <openbsd-compat/sys-queue.h> 25 --- 692 unchanged lines hidden (view full) --- 718 719 if ((sect = sshbuf_new()) == NULL) 720 return SSH_ERR_ALLOC_FAIL; 721 722 /* Store the header */ 723 if ((r = sshbuf_put(buf, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0 || 724 (r = sshbuf_put_u32(buf, KRL_FORMAT_VERSION)) != 0 || 725 (r = sshbuf_put_u64(buf, krl->krl_version)) != 0 || | 18 19#include "includes.h" 20 21#include <sys/param.h> /* MIN */ 22#include <sys/types.h> 23#include <openbsd-compat/sys-tree.h> 24#include <openbsd-compat/sys-queue.h> 25 --- 692 unchanged lines hidden (view full) --- 718 719 if ((sect = sshbuf_new()) == NULL) 720 return SSH_ERR_ALLOC_FAIL; 721 722 /* Store the header */ 723 if ((r = sshbuf_put(buf, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0 || 724 (r = sshbuf_put_u32(buf, KRL_FORMAT_VERSION)) != 0 || 725 (r = sshbuf_put_u64(buf, krl->krl_version)) != 0 || |
| 726 (r = sshbuf_put_u64(buf, krl->generated_date) != 0) || | 726 (r = sshbuf_put_u64(buf, krl->generated_date)) != 0 || |
| 727 (r = sshbuf_put_u64(buf, krl->flags)) != 0 || 728 (r = sshbuf_put_string(buf, NULL, 0)) != 0 || 729 (r = sshbuf_put_cstring(buf, krl->comment)) != 0) 730 goto out; 731 732 /* Store sections for revoked certificates */ 733 TAILQ_FOREACH(rc, &krl->revoked_certs, entry) { 734 sshbuf_reset(sect); --- 32 unchanged lines hidden (view full) --- 767 for (i = 0; i < nsign_keys; i++) { 768 KRL_DBG(("%s: signature key %s", __func__, 769 sshkey_ssh_name(sign_keys[i]))); 770 if ((r = sshbuf_put_u8(buf, KRL_SECTION_SIGNATURE)) != 0 || 771 (r = sshkey_puts(sign_keys[i], buf)) != 0) 772 goto out; 773 774 if ((r = sshkey_sign(sign_keys[i], &sblob, &slen, | 727 (r = sshbuf_put_u64(buf, krl->flags)) != 0 || 728 (r = sshbuf_put_string(buf, NULL, 0)) != 0 || 729 (r = sshbuf_put_cstring(buf, krl->comment)) != 0) 730 goto out; 731 732 /* Store sections for revoked certificates */ 733 TAILQ_FOREACH(rc, &krl->revoked_certs, entry) { 734 sshbuf_reset(sect); --- 32 unchanged lines hidden (view full) --- 767 for (i = 0; i < nsign_keys; i++) { 768 KRL_DBG(("%s: signature key %s", __func__, 769 sshkey_ssh_name(sign_keys[i]))); 770 if ((r = sshbuf_put_u8(buf, KRL_SECTION_SIGNATURE)) != 0 || 771 (r = sshkey_puts(sign_keys[i], buf)) != 0) 772 goto out; 773 774 if ((r = sshkey_sign(sign_keys[i], &sblob, &slen, |
| 775 sshbuf_ptr(buf), sshbuf_len(buf), 0)) != 0) | 775 sshbuf_ptr(buf), sshbuf_len(buf), NULL, 0)) != 0) |
| 776 goto out; 777 KRL_DBG(("%s: signature sig len %zu", __func__, slen)); 778 if ((r = sshbuf_put_string(buf, sblob, slen)) != 0) 779 goto out; 780 } 781 782 r = 0; 783 out: --- 37 unchanged lines hidden (view full) --- 821 /* Header: key, reserved */ 822 if ((r = sshbuf_get_string_direct(buf, &blob, &blen)) != 0 || 823 (r = sshbuf_skip_string(buf)) != 0) 824 goto out; 825 if (blen != 0 && (r = sshkey_from_blob(blob, blen, &ca_key)) != 0) 826 goto out; 827 828 while (sshbuf_len(buf) > 0) { | 776 goto out; 777 KRL_DBG(("%s: signature sig len %zu", __func__, slen)); 778 if ((r = sshbuf_put_string(buf, sblob, slen)) != 0) 779 goto out; 780 } 781 782 r = 0; 783 out: --- 37 unchanged lines hidden (view full) --- 821 /* Header: key, reserved */ 822 if ((r = sshbuf_get_string_direct(buf, &blob, &blen)) != 0 || 823 (r = sshbuf_skip_string(buf)) != 0) 824 goto out; 825 if (blen != 0 && (r = sshkey_from_blob(blob, blen, &ca_key)) != 0) 826 goto out; 827 828 while (sshbuf_len(buf) > 0) { |
| 829 if (subsect != NULL) { 830 sshbuf_free(subsect); 831 subsect = NULL; 832 } | 829 sshbuf_free(subsect); 830 subsect = NULL; |
| 833 if ((r = sshbuf_get_u8(buf, &type)) != 0 || 834 (r = sshbuf_froms(buf, &subsect)) != 0) 835 goto out; 836 KRL_DBG(("%s: subsection type 0x%02x", __func__, type)); 837 /* sshbuf_dump(subsect, stderr); */ 838 839 switch (type) { 840 case KRL_SECTION_CERT_SERIAL_LIST: --- 171 unchanged lines hidden (view full) --- 1012 sig_off = sshbuf_len(buf) - sshbuf_len(copy); 1013 /* Second string component is the signature itself */ 1014 if ((r = sshbuf_get_string_direct(copy, &blob, &blen)) != 0) { 1015 r = SSH_ERR_INVALID_FORMAT; 1016 goto out; 1017 } 1018 /* Check signature over entire KRL up to this point */ 1019 if ((r = sshkey_verify(key, blob, blen, | 831 if ((r = sshbuf_get_u8(buf, &type)) != 0 || 832 (r = sshbuf_froms(buf, &subsect)) != 0) 833 goto out; 834 KRL_DBG(("%s: subsection type 0x%02x", __func__, type)); 835 /* sshbuf_dump(subsect, stderr); */ 836 837 switch (type) { 838 case KRL_SECTION_CERT_SERIAL_LIST: --- 171 unchanged lines hidden (view full) --- 1010 sig_off = sshbuf_len(buf) - sshbuf_len(copy); 1011 /* Second string component is the signature itself */ 1012 if ((r = sshbuf_get_string_direct(copy, &blob, &blen)) != 0) { 1013 r = SSH_ERR_INVALID_FORMAT; 1014 goto out; 1015 } 1016 /* Check signature over entire KRL up to this point */ 1017 if ((r = sshkey_verify(key, blob, blen, |
| 1020 sshbuf_ptr(buf), sshbuf_len(buf) - sig_off, 0)) != 0) | 1018 sshbuf_ptr(buf), sig_off, 0)) != 0) |
| 1021 goto out; 1022 /* Check if this key has already signed this KRL */ 1023 for (i = 0; i < nca_used; i++) { 1024 if (sshkey_equal(ca_used[i], key)) { 1025 error("KRL signed more than once with " 1026 "the same key"); 1027 r = SSH_ERR_INVALID_FORMAT; 1028 goto out; --- 4 unchanged lines hidden (view full) --- 1033 sizeof(*ca_used)); 1034 if (tmp_ca_used == NULL) { 1035 r = SSH_ERR_ALLOC_FAIL; 1036 goto out; 1037 } 1038 ca_used = tmp_ca_used; 1039 ca_used[nca_used++] = key; 1040 key = NULL; | 1019 goto out; 1020 /* Check if this key has already signed this KRL */ 1021 for (i = 0; i < nca_used; i++) { 1022 if (sshkey_equal(ca_used[i], key)) { 1023 error("KRL signed more than once with " 1024 "the same key"); 1025 r = SSH_ERR_INVALID_FORMAT; 1026 goto out; --- 4 unchanged lines hidden (view full) --- 1031 sizeof(*ca_used)); 1032 if (tmp_ca_used == NULL) { 1033 r = SSH_ERR_ALLOC_FAIL; 1034 goto out; 1035 } 1036 ca_used = tmp_ca_used; 1037 ca_used[nca_used++] = key; 1038 key = NULL; |
| 1041 break; | |
| 1042 } 1043 1044 if (sshbuf_len(copy) != 0) { 1045 /* Shouldn't happen */ 1046 r = SSH_ERR_INTERNAL_ERROR; 1047 goto out; 1048 } 1049 --- 4 unchanged lines hidden (view full) --- 1054 sshbuf_free(copy); 1055 if ((copy = sshbuf_fromb(buf)) == NULL) { 1056 r = SSH_ERR_ALLOC_FAIL; 1057 goto out; 1058 } 1059 if ((r = sshbuf_consume(copy, sects_off)) != 0) 1060 goto out; 1061 while (sshbuf_len(copy) > 0) { | 1039 } 1040 1041 if (sshbuf_len(copy) != 0) { 1042 /* Shouldn't happen */ 1043 r = SSH_ERR_INTERNAL_ERROR; 1044 goto out; 1045 } 1046 --- 4 unchanged lines hidden (view full) --- 1051 sshbuf_free(copy); 1052 if ((copy = sshbuf_fromb(buf)) == NULL) { 1053 r = SSH_ERR_ALLOC_FAIL; 1054 goto out; 1055 } 1056 if ((r = sshbuf_consume(copy, sects_off)) != 0) 1057 goto out; 1058 while (sshbuf_len(copy) > 0) { |
| 1062 if (sect != NULL) { 1063 sshbuf_free(sect); 1064 sect = NULL; 1065 } | 1059 sshbuf_free(sect); 1060 sect = NULL; |
| 1066 if ((r = sshbuf_get_u8(copy, &type)) != 0 || 1067 (r = sshbuf_froms(copy, §)) != 0) 1068 goto out; 1069 KRL_DBG(("%s: second pass, section 0x%02x", __func__, type)); 1070 1071 switch (type) { 1072 case KRL_SECTION_CERTIFICATES: 1073 if ((r = parse_revoked_certs(sect, krl)) != 0) --- 26 unchanged lines hidden (view full) --- 1100 if ((r = sshbuf_skip_string(copy)) != 0) 1101 goto out; 1102 break; 1103 default: 1104 error("Unsupported KRL section %u", type); 1105 r = SSH_ERR_INVALID_FORMAT; 1106 goto out; 1107 } | 1061 if ((r = sshbuf_get_u8(copy, &type)) != 0 || 1062 (r = sshbuf_froms(copy, §)) != 0) 1063 goto out; 1064 KRL_DBG(("%s: second pass, section 0x%02x", __func__, type)); 1065 1066 switch (type) { 1067 case KRL_SECTION_CERTIFICATES: 1068 if ((r = parse_revoked_certs(sect, krl)) != 0) --- 26 unchanged lines hidden (view full) --- 1095 if ((r = sshbuf_skip_string(copy)) != 0) 1096 goto out; 1097 break; 1098 default: 1099 error("Unsupported KRL section %u", type); 1100 r = SSH_ERR_INVALID_FORMAT; 1101 goto out; 1102 } |
| 1108 if (sshbuf_len(sect) > 0) { | 1103 if (sect != NULL && sshbuf_len(sect) > 0) { |
| 1109 error("KRL section contains unparsed data"); 1110 r = SSH_ERR_INVALID_FORMAT; 1111 goto out; 1112 } 1113 } 1114 1115 /* Check that the key(s) used to sign the KRL weren't revoked */ 1116 sig_seen = 0; --- 187 unchanged lines hidden --- | 1104 error("KRL section contains unparsed data"); 1105 r = SSH_ERR_INVALID_FORMAT; 1106 goto out; 1107 } 1108 } 1109 1110 /* Check that the key(s) used to sign the KRL weren't revoked */ 1111 sig_seen = 0; --- 187 unchanged lines hidden --- |