diff options
Diffstat (limited to 'sshsig.c')
-rw-r--r-- | sshsig.c | 243 |
1 files changed, 150 insertions, 93 deletions
@@ -1,3 +1,4 @@ +/* $OpenBSD: sshsig.c,v 1.21 2021/07/23 04:00:59 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -53,27 +54,26 @@ sshsig_armor(const struct sshbuf *blob, struct sshbuf **out) *out = NULL; if ((buf = sshbuf_new()) == NULL) { - error("%s: sshbuf_new failed", __func__); + error_f("sshbuf_new failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } if ((r = sshbuf_put(buf, BEGIN_SIGNATURE, sizeof(BEGIN_SIGNATURE)-1)) != 0) { - error("%s: sshbuf_putf failed: %s", __func__, ssh_err(r)); + error_fr(r, "sshbuf_putf"); goto out; } if ((r = sshbuf_dtob64(blob, buf, 1)) != 0) { - error("%s: Couldn't base64 encode signature blob: %s", - __func__, ssh_err(r)); + error_fr(r, "base64 encode signature"); goto out; } if ((r = sshbuf_put(buf, END_SIGNATURE, sizeof(END_SIGNATURE)-1)) != 0 || (r = sshbuf_put_u8(buf, '\n')) != 0) { - error("%s: sshbuf_put failed: %s", __func__, ssh_err(r)); + error_fr(r, "sshbuf_put"); goto out; } /* success */ @@ -95,7 +95,7 @@ sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out) char *b64 = NULL; if ((sbuf = sshbuf_fromb(sig)) == NULL) { - error("%s: sshbuf_fromb failed", __func__); + error_f("sshbuf_fromb failed"); return SSH_ERR_ALLOC_FAIL; } @@ -106,7 +106,7 @@ sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out) } if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE)-1)) != 0) { - error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r)); + error_fr(r, "consume"); goto done; } @@ -117,24 +117,24 @@ sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out) } if ((r = sshbuf_consume_end(sbuf, sshbuf_len(sbuf)-eoffset)) != 0) { - error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r)); + error_fr(r, "consume"); goto done; } if ((b64 = sshbuf_dup_string(sbuf)) == NULL) { - error("%s: sshbuf_dup_string failed", __func__); + error_f("sshbuf_dup_string failed"); r = SSH_ERR_ALLOC_FAIL; goto done; } if ((buf = sshbuf_new()) == NULL) { - error("%s: sshbuf_new() failed", __func__); + error_f("sshbuf_new() failed"); r = SSH_ERR_ALLOC_FAIL; goto done; } if ((r = sshbuf_b64tod(buf, b64)) != 0) { - error("Couldn't decode signature: %s", ssh_err(r)); + error_fr(r, "decode base64"); goto done; } @@ -151,7 +151,7 @@ done: static int sshsig_wrap_sign(struct sshkey *key, const char *hashalg, - const char *sk_provider, const struct sshbuf *h_message, + const char *sk_provider, const char *sk_pin, const struct sshbuf *h_message, const char *sig_namespace, struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) { @@ -164,7 +164,7 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, if ((tosign = sshbuf_new()) == NULL || (blob = sshbuf_new()) == NULL) { - error("%s: sshbuf_new failed", __func__); + error_f("sshbuf_new failed"); r = SSH_ERR_ALLOC_FAIL; goto done; } @@ -174,7 +174,7 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, (r = sshbuf_put_string(tosign, NULL, 0)) != 0 || /* reserved */ (r = sshbuf_put_cstring(tosign, hashalg)) != 0 || (r = sshbuf_put_stringb(tosign, h_message)) != 0) { - error("Couldn't construct message to sign: %s", ssh_err(r)); + error_fr(r, "assemble message to sign"); goto done; } @@ -185,15 +185,15 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, if (signer != NULL) { if ((r = signer(key, &sig, &slen, sshbuf_ptr(tosign), sshbuf_len(tosign), - sign_alg, sk_provider, 0, signer_ctx)) != 0) { - error("Couldn't sign message: %s", ssh_err(r)); + sign_alg, sk_provider, sk_pin, 0, signer_ctx)) != 0) { + error_r(r, "Couldn't sign message (signer)"); goto done; } } else { if ((r = sshkey_sign(key, &sig, &slen, sshbuf_ptr(tosign), sshbuf_len(tosign), - sign_alg, sk_provider, 0)) != 0) { - error("Couldn't sign message: %s", ssh_err(r)); + sign_alg, sk_provider, sk_pin, 0)) != 0) { + error_r(r, "Couldn't sign message"); goto done; } } @@ -205,7 +205,7 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, (r = sshbuf_put_string(blob, NULL, 0)) != 0 || /* reserved */ (r = sshbuf_put_cstring(blob, hashalg)) != 0 || (r = sshbuf_put_string(blob, sig, slen)) != 0) { - error("Couldn't populate blob: %s", ssh_err(r)); + error_fr(r, "assemble signature object"); goto done; } @@ -249,7 +249,7 @@ sshsig_check_hashalg(const char *hashalg) if (hashalg == NULL || match_pattern_list(hashalg, HASHALG_ALLOWED, 0) == 1) return 0; - error("%s: unsupported hash algorithm \"%.100s\"", __func__, hashalg); + error_f("unsupported hash algorithm \"%.100s\"", hashalg); return SSH_ERR_SIGN_ALG_UNSUPPORTED; } @@ -271,7 +271,7 @@ sshsig_peek_hashalg(struct sshbuf *signature, char **hashalgp) (r = sshbuf_get_string(buf, NULL, NULL)) != 0 || (r = sshbuf_get_cstring(buf, &hashalg, NULL)) != 0 || (r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0) { - error("Couldn't parse signature blob: %s", ssh_err(r)); + error_fr(r, "parse signature object"); goto done; } @@ -297,14 +297,14 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, char *got_namespace = NULL, *sigtype = NULL, *sig_hashalg = NULL; size_t siglen; - debug("%s: verify message length %zu", __func__, sshbuf_len(h_message)); + debug_f("verify message length %zu", sshbuf_len(h_message)); if (sig_details != NULL) *sig_details = NULL; if (sign_keyp != NULL) *sign_keyp = NULL; if ((toverify = sshbuf_new()) == NULL) { - error("%s: sshbuf_new failed", __func__); + error_f("sshbuf_new failed"); r = SSH_ERR_ALLOC_FAIL; goto done; } @@ -314,7 +314,7 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, (r = sshbuf_put_string(toverify, NULL, 0)) != 0 || /* reserved */ (r = sshbuf_put_cstring(toverify, hashalg)) != 0 || (r = sshbuf_put_stringb(toverify, h_message)) != 0) { - error("Couldn't construct message to verify: %s", ssh_err(r)); + error_fr(r, "assemble message to verify"); goto done; } @@ -326,7 +326,7 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, (r = sshbuf_get_string(signature, NULL, NULL)) != 0 || (r = sshbuf_get_cstring(signature, &sig_hashalg, NULL)) != 0 || (r = sshbuf_get_string_direct(signature, &sig, &siglen)) != 0) { - error("Couldn't parse signature blob: %s", ssh_err(r)); + error_fr(r, "parse signature object"); goto done; } @@ -338,23 +338,23 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, if (strcmp(expect_namespace, got_namespace) != 0) { error("Couldn't verify signature: namespace does not match"); - debug("%s: expected namespace \"%s\" received \"%s\"", - __func__, expect_namespace, got_namespace); + debug_f("expected namespace \"%s\" received \"%s\"", + expect_namespace, got_namespace); r = SSH_ERR_SIGNATURE_INVALID; goto done; } if (strcmp(hashalg, sig_hashalg) != 0) { error("Couldn't verify signature: hash algorithm mismatch"); - debug("%s: expected algorithm \"%s\" received \"%s\"", - __func__, hashalg, sig_hashalg); + debug_f("expected algorithm \"%s\" received \"%s\"", + hashalg, sig_hashalg); r = SSH_ERR_SIGNATURE_INVALID; goto done; } /* Ensure that RSA keys use an acceptable signature algorithm */ if (sshkey_type_plain(key->type) == KEY_RSA) { if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0) { - error("Couldn't verify signature: unable to get " - "signature type: %s", ssh_err(r)); + error_r(r, "Couldn't verify signature: unable to get " + "signature type"); goto done; } if (match_pattern_list(sigtype, RSA_SIGN_ALLOWED, 0) != 1) { @@ -366,7 +366,7 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, } if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), sshbuf_len(toverify), NULL, 0, sig_details)) != 0) { - error("Signature verification failed: %s", ssh_err(r)); + error_r(r, "Signature verification failed"); goto done; } @@ -399,16 +399,15 @@ hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp) if ((r = sshsig_check_hashalg(hashalg)) != 0) return r; if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { - error("%s: can't look up hash algorithm %s", - __func__, hashalg); + error_f("can't look up hash algorithm %s", hashalg); return SSH_ERR_INTERNAL_ERROR; } if ((r = ssh_digest_buffer(alg, m, hash, sizeof(hash))) != 0) { - error("%s: ssh_digest_buffer failed: %s", __func__, ssh_err(r)); + error_fr(r, "ssh_digest_buffer"); return r; } if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) { - debug3("%s: final hash: %s", __func__, hex); + debug3_f("final hash: %s", hex); freezero(hex, strlen(hex)); } if ((b = sshbuf_new()) == NULL) { @@ -416,7 +415,7 @@ hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp) goto out; } if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) { - error("%s: sshbuf_put: %s", __func__, ssh_err(r)); + error_fr(r, "sshbuf_put"); goto out; } *bp = b; @@ -430,7 +429,8 @@ hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp) } int -sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider, +sshsig_signb(struct sshkey *key, const char *hashalg, + const char *sk_provider, const char *sk_pin, const struct sshbuf *message, const char *sig_namespace, struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) { @@ -442,10 +442,10 @@ sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider, if (out != NULL) *out = NULL; if ((r = hash_buffer(message, hashalg, &b)) != 0) { - error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); + error_fr(r, "hash buffer"); goto out; } - if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, + if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b, sig_namespace, out, signer, signer_ctx)) != 0) goto out; /* success */ @@ -470,9 +470,9 @@ sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, *sign_keyp = NULL; if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) return r; - debug("%s: signature made with hash \"%s\"", __func__, hashalg); + debug_f("signature made with hash \"%s\"", hashalg); if ((r = hash_buffer(message, hashalg, &b)) != 0) { - error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); + error_fr(r, "hash buffer"); goto out; } if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, @@ -501,12 +501,11 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) if ((r = sshsig_check_hashalg(hashalg)) != 0) return r; if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { - error("%s: can't look up hash algorithm %s", - __func__, hashalg); + error_f("can't look up hash algorithm %s", hashalg); return SSH_ERR_INTERNAL_ERROR; } if ((ctx = ssh_digest_start(alg)) == NULL) { - error("%s: ssh_digest_start failed", __func__); + error_f("ssh_digest_start failed"); return SSH_ERR_INTERNAL_ERROR; } for (;;) { @@ -514,28 +513,27 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) if (errno == EINTR || errno == EAGAIN) continue; oerrno = errno; - error("%s: read: %s", __func__, strerror(errno)); + error_f("read: %s", strerror(errno)); ssh_digest_free(ctx); errno = oerrno; r = SSH_ERR_SYSTEM_ERROR; goto out; } else if (n == 0) { - debug2("%s: hashed %zu bytes", __func__, total); + debug2_f("hashed %zu bytes", total); break; /* EOF */ } total += (size_t)n; if ((r = ssh_digest_update(ctx, rbuf, (size_t)n)) != 0) { - error("%s: ssh_digest_update: %s", - __func__, ssh_err(r)); + error_fr(r, "ssh_digest_update"); goto out; } } if ((r = ssh_digest_final(ctx, hash, sizeof(hash))) != 0) { - error("%s: ssh_digest_final: %s", __func__, ssh_err(r)); + error_fr(r, "ssh_digest_final"); goto out; } if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) { - debug3("%s: final hash: %s", __func__, hex); + debug3_f("final hash: %s", hex); freezero(hex, strlen(hex)); } if ((b = sshbuf_new()) == NULL) { @@ -543,7 +541,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) goto out; } if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) { - error("%s: sshbuf_put: %s", __func__, ssh_err(r)); + error_fr(r, "sshbuf_put"); goto out; } *bp = b; @@ -558,7 +556,8 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) } int -sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider, +sshsig_sign_fd(struct sshkey *key, const char *hashalg, + const char *sk_provider, const char *sk_pin, int fd, const char *sig_namespace, struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) { @@ -570,10 +569,10 @@ sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider, if (out != NULL) *out = NULL; if ((r = hash_file(fd, hashalg, &b)) != 0) { - error("%s: hash_file failed: %s", __func__, ssh_err(r)); + error_fr(r, "hash_file"); return r; } - if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, + if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b, sig_namespace, out, signer, signer_ctx)) != 0) goto out; /* success */ @@ -598,9 +597,9 @@ sshsig_verify_fd(struct sshbuf *signature, int fd, *sign_keyp = NULL; if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) return r; - debug("%s: signature made with hash \"%s\"", __func__, hashalg); + debug_f("signature made with hash \"%s\"", hashalg); if ((r = hash_file(fd, hashalg, &b)) != 0) { - error("%s: hash_file failed: %s", __func__, ssh_err(r)); + error_fr(r, "hash_file"); goto out; } if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, @@ -617,6 +616,7 @@ sshsig_verify_fd(struct sshbuf *signature, int fd, struct sshsigopt { int ca; char *namespaces; + uint64_t valid_after, valid_before; }; struct sshsigopt * @@ -625,6 +625,7 @@ sshsigopt_parse(const char *opts, const char *path, u_long linenum, { struct sshsigopt *ret; int r; + char *opt; const char *errstr = NULL; if ((ret = calloc(1, sizeof(*ret))) == NULL) @@ -644,6 +645,34 @@ sshsigopt_parse(const char *opts, const char *path, u_long linenum, ret->namespaces = opt_dequote(&opts, &errstr); if (ret->namespaces == NULL) goto fail; + } else if (opt_match(&opts, "valid-after")) { + if (ret->valid_after != 0) { + errstr = "multiple \"valid-after\" clauses"; + goto fail; + } + if ((opt = opt_dequote(&opts, &errstr)) == NULL) + goto fail; + if (parse_absolute_time(opt, &ret->valid_after) != 0 || + ret->valid_after == 0) { + free(opt); + errstr = "invalid \"valid-after\" time"; + goto fail; + } + free(opt); + } else if (opt_match(&opts, "valid-before")) { + if (ret->valid_before != 0) { + errstr = "multiple \"valid-before\" clauses"; + goto fail; + } + if ((opt = opt_dequote(&opts, &errstr)) == NULL) + goto fail; + if (parse_absolute_time(opt, &ret->valid_before) != 0 || + ret->valid_before == 0) { + free(opt); + errstr = "invalid \"valid-before\" time"; + goto fail; + } + free(opt); } /* * Skip the comma, and move to the next option @@ -662,6 +691,12 @@ sshsigopt_parse(const char *opts, const char *path, u_long linenum, goto fail; } } + /* final consistency check */ + if (ret->valid_after != 0 && ret->valid_before != 0 && + ret->valid_before <= ret->valid_after) { + errstr = "\"valid-before\" time is before \"valid-after\""; + goto fail; + } /* success */ return ret; fail: @@ -710,7 +745,7 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line, goto out; } if ((principals = strdup(tmp)) == NULL) { - error("%s: strdup failed", __func__); + error_f("strdup failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -725,12 +760,12 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line, r = SSH_ERR_KEY_NOT_FOUND; goto out; } - debug("%s: %s:%lu: matched principal \"%s\"", - __func__, path, linenum, required_principal); + debug_f("%s:%lu: matched principal \"%s\"", + path, linenum, required_principal); } if ((key = sshkey_new(KEY_UNSPEC)) == NULL) { - error("%s: sshkey_new failed", __func__); + error_f("sshkey_new failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -780,12 +815,13 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line, static int check_allowed_keys_line(const char *path, u_long linenum, char *line, const struct sshkey *sign_key, const char *principal, - const char *sig_namespace) + const char *sig_namespace, uint64_t verify_time) { struct sshkey *found_key = NULL; - int r, found = 0; + int r, success = 0; const char *reason = NULL; struct sshsigopt *sigopts = NULL; + char tvalid[64], tverify[64]; /* Parse the line */ if ((r = parse_principals_key_and_options(path, linenum, line, @@ -794,44 +830,63 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line, goto done; } - /* Check whether options preclude the use of this key */ - if (sigopts->namespaces != NULL && - match_pattern_list(sig_namespace, sigopts->namespaces, 0) != 1) { - error("%s:%lu: key is not permitted for use in signature " - "namespace \"%s\"", path, linenum, sig_namespace); - goto done; - } - if (!sigopts->ca && sshkey_equal(found_key, sign_key)) { /* Exact match of key */ - debug("%s:%lu: matched key and principal", path, linenum); - /* success */ - found = 1; + debug("%s:%lu: matched key", path, linenum); } else if (sigopts->ca && sshkey_is_cert(sign_key) && sshkey_equal_public(sign_key->cert->signature_key, found_key)) { /* Match of certificate's CA key */ - if ((r = sshkey_cert_check_authority(sign_key, 0, 1, - principal, &reason)) != 0) { + if ((r = sshkey_cert_check_authority(sign_key, 0, 1, 0, + verify_time, principal, &reason)) != 0) { error("%s:%lu: certificate not authorized: %s", path, linenum, reason); goto done; } debug("%s:%lu: matched certificate CA key", path, linenum); - /* success */ - found = 1; } else { - /* Principal matched but key didn't */ + /* Didn't match key */ + goto done; + } + + /* Check whether options preclude the use of this key */ + if (sigopts->namespaces != NULL && + match_pattern_list(sig_namespace, sigopts->namespaces, 0) != 1) { + error("%s:%lu: key is not permitted for use in signature " + "namespace \"%s\"", path, linenum, sig_namespace); + goto done; + } + + /* check key time validity */ + format_absolute_time((uint64_t)verify_time, tverify, sizeof(tverify)); + if (sigopts->valid_after != 0 && + (uint64_t)verify_time < sigopts->valid_after) { + format_absolute_time(sigopts->valid_after, + tvalid, sizeof(tvalid)); + error("%s:%lu: key is not yet valid: " + "verify time %s < valid-after %s", path, linenum, + tverify, tvalid); goto done; } + if (sigopts->valid_before != 0 && + (uint64_t)verify_time > sigopts->valid_before) { + format_absolute_time(sigopts->valid_before, + tvalid, sizeof(tvalid)); + error("%s:%lu: key has expired: " + "verify time %s > valid-before %s", path, linenum, + tverify, tvalid); + goto done; + } + success = 1; + done: sshkey_free(found_key); sshsigopt_free(sigopts); - return found ? 0 : SSH_ERR_KEY_NOT_FOUND; + return success ? 0 : SSH_ERR_KEY_NOT_FOUND; } int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, - const char *principal, const char *sig_namespace) + const char *principal, const char *sig_namespace, uint64_t verify_time) { FILE *f = NULL; char *line = NULL; @@ -851,9 +906,10 @@ sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, while (getline(&line, &linesize, f) != -1) { linenum++; r = check_allowed_keys_line(path, linenum, line, sign_key, - principal, sig_namespace); + principal, sig_namespace, verify_time); free(line); line = NULL; + linesize = 0; if (r == SSH_ERR_KEY_NOT_FOUND) continue; else if (r == 0) { @@ -871,7 +927,7 @@ sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, static int cert_filter_principals(const char *path, u_long linenum, - char **principalsp, const struct sshkey *cert) + char **principalsp, const struct sshkey *cert, uint64_t verify_time) { char *cp, *oprincipals, *principals; const char *reason; @@ -893,15 +949,15 @@ cert_filter_principals(const char *path, u_long linenum, continue; } /* Check against principals list in certificate */ - if ((r = sshkey_cert_check_authority(cert, 0, 1, - cp, &reason)) != 0) { + if ((r = sshkey_cert_check_authority(cert, 0, 1, 0, + verify_time, cp, &reason)) != 0) { debug("%s:%lu: principal \"%s\" not authorized: %s", path, linenum, cp, reason); continue; } if ((r = sshbuf_putf(nprincipals, "%s%s", sshbuf_len(nprincipals) != 0 ? "," : "", cp)) != 0) { - error("%s: buffer error", __func__); + error_f("buffer error"); goto out; } } @@ -911,7 +967,7 @@ cert_filter_principals(const char *path, u_long linenum, goto out; } if ((principals = sshbuf_dup_string(nprincipals)) == NULL) { - error("%s: buffer error", __func__); + error_f("buffer error"); goto out; } /* success */ @@ -925,7 +981,7 @@ cert_filter_principals(const char *path, u_long linenum, static int get_matching_principals_from_line(const char *path, u_long linenum, char *line, - const struct sshkey *sign_key, char **principalsp) + const struct sshkey *sign_key, uint64_t verify_time, char **principalsp) { struct sshkey *found_key = NULL; char *principals = NULL; @@ -951,10 +1007,10 @@ get_matching_principals_from_line(const char *path, u_long linenum, char *line, sshkey_equal_public(sign_key->cert->signature_key, found_key)) { /* Remove principals listed in file but not allowed by cert */ if ((r = cert_filter_principals(path, linenum, - &principals, sign_key)) != 0) { + &principals, sign_key, verify_time)) != 0) { /* error already displayed */ - debug("%s:%lu: cert_filter_principals: %s", - path, linenum, ssh_err(r)); + debug_r(r, "%s:%lu: cert_filter_principals", + path, linenum); goto done; } debug("%s:%lu: matched certificate CA key", path, linenum); @@ -977,7 +1033,7 @@ get_matching_principals_from_line(const char *path, u_long linenum, char *line, int sshsig_find_principals(const char *path, const struct sshkey *sign_key, - char **principals) + uint64_t verify_time, char **principals) { FILE *f = NULL; char *line = NULL; @@ -996,9 +1052,10 @@ sshsig_find_principals(const char *path, const struct sshkey *sign_key, while (getline(&line, &linesize, f) != -1) { linenum++; r = get_matching_principals_from_line(path, linenum, line, - sign_key, principals); + sign_key, verify_time, principals); free(line); line = NULL; + linesize = 0; if (r == SSH_ERR_KEY_NOT_FOUND) continue; else if (r == 0) { |