[openssh-commits] [openssh] 01/02: upstream commit

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Jan 14 20:43:22 EST 2015


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit e7fd952f4ea01f09ceb068721a5431ac2fd416ed
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jan 13 19:04:35 2015 +0000

    upstream commit
    
    sync changes from libopenssh; prepared by markus@ mostly
     debug output tweaks, a couple of error return value changes and some other
     minor stuff
---
 krl.c | 98 +++++++++++++++++++++++++++++++++----------------------------------
 krl.h |  4 +--
 2 files changed, 50 insertions(+), 52 deletions(-)

diff --git a/krl.c b/krl.c
index 47d6d2c..d6bd109 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.c,v 1.24 2015/01/12 19:22:46 markus Exp $ */
+/* $OpenBSD: krl.c,v 1.25 2015/01/13 19:04:35 djm Exp $ */
 
 #include "includes.h"
 
@@ -31,11 +31,11 @@
 #include <unistd.h>
 
 #include "sshbuf.h"
+#include "ssherr.h"
 #include "sshkey.h"
 #include "authfile.h"
 #include "misc.h"
 #include "log.h"
-#include "ssherr.h"
 #include "digest.h"
 
 #include "krl.h"
@@ -230,7 +230,7 @@ revoked_certs_for_ca_key(struct ssh_krl *krl, const struct sshkey *ca_key,
 	RB_INIT(&rc->revoked_serials);
 	RB_INIT(&rc->revoked_key_ids);
 	TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry);
-	debug3("%s: new CA %s", __func__, sshkey_type(ca_key));
+	KRL_DBG(("%s: new CA %s", __func__, sshkey_type(ca_key)));
 	*rcp = rc;
 	return 0;
 }
@@ -255,7 +255,7 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi)
 			KRL_DBG(("%s: bad: ers != NULL", __func__));
 			/* Shouldn't happen */
 			free(irs);
-			return SSH_ERR_ALLOC_FAIL;
+			return SSH_ERR_INTERNAL_ERROR;
 		}
 		ers = irs;
 	} else {
@@ -270,6 +270,7 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi)
 		if (ers->hi < hi)
 			ers->hi = hi;
 	}
+
 	/*
 	 * The inserted or revised range might overlap or abut adjacent ones;
 	 * coalesce as necessary.
@@ -315,14 +316,14 @@ ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, const struct sshkey *ca_key,
 }
 
 int
-ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, const struct sshkey *ca_key,
-    u_int64_t lo, u_int64_t hi)
+ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl,
+    const struct sshkey *ca_key, u_int64_t lo, u_int64_t hi)
 {
 	struct revoked_certs *rc;
 	int r;
 
 	if (lo > hi || lo == 0)
-		return -1;
+		return SSH_ERR_INVALID_ARGUMENT;
 	if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0)
 		return r;
 	return insert_serial_range(&rc->revoked_serials, lo, hi);
@@ -339,7 +340,7 @@ ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const struct sshkey *ca_key,
 	if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0)
 		return r;
 
-	debug3("%s: revoke %s", __func__, key_id);
+	KRL_DBG(("%s: revoke %s", __func__, key_id));
 	if ((rki = calloc(1, sizeof(*rki))) == NULL ||
 	    (rki->key_id = strdup(key_id)) == NULL) {
 		free(rki);
@@ -375,7 +376,7 @@ plain_key_blob(const struct sshkey *key, u_char **blob, size_t *blen)
 
 /* Revoke a key blob. Ownership of blob is transferred to the tree */
 static int
-revoke_blob(struct revoked_blob_tree *rbt, u_char *blob, u_int len)
+revoke_blob(struct revoked_blob_tree *rbt, u_char *blob, size_t len)
 {
 	struct revoked_blob *rb, *erb;
 
@@ -507,14 +508,14 @@ choose_next_state(int current_state, u_int64_t contig, int final,
 		*force_new_section = 1;
 		cost = cost_bitmap_restart;
 	}
-	debug3("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:"
+	KRL_DBG(("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:"
 	    "list %llu range %llu bitmap %llu new bitmap %llu, "
 	    "selected 0x%02x%s", __func__, (long long unsigned)contig,
 	    (long long unsigned)last_gap, (long long unsigned)next_gap, final,
 	    (long long unsigned)cost_list, (long long unsigned)cost_range,
 	    (long long unsigned)cost_bitmap,
 	    (long long unsigned)cost_bitmap_restart, new_state,
-	    *force_new_section ? " restart" : "");
+	    *force_new_section ? " restart" : ""));
 	return new_state;
 }
 
@@ -522,7 +523,7 @@ choose_next_state(int current_state, u_int64_t contig, int final,
 static int
 revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
 {
-	int final, force_new_sect, r = -1;
+	int final, force_new_sect, r = SSH_ERR_INTERNAL_ERROR;
 	u_int64_t i, contig, gap, last = 0, bitmap_start = 0;
 	struct revoked_serial *rs, *nrs;
 	struct revoked_key_id *rki;
@@ -545,9 +546,9 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
 	for (rs = RB_MIN(revoked_serial_tree, &rc->revoked_serials);
 	     rs != NULL;
 	     rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) {
-		debug3("%s: serial %llu:%llu state 0x%02x", __func__,
+		KRL_DBG(("%s: serial %llu:%llu state 0x%02x", __func__,
 		    (long long unsigned)rs->lo, (long long unsigned)rs->hi,
-		    state);
+		    state));
 
 		/* Check contiguous length and gap to next section (if any) */
 		nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs);
@@ -565,7 +566,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
 		 */
 		if (state != 0 && (force_new_sect || next_state != state ||
 		    state == KRL_SECTION_CERT_SERIAL_RANGE)) {
-			debug3("%s: finish state 0x%02x", __func__, state);
+			KRL_DBG(("%s: finish state 0x%02x", __func__, state));
 			switch (state) {
 			case KRL_SECTION_CERT_SERIAL_LIST:
 			case KRL_SECTION_CERT_SERIAL_RANGE:
@@ -585,7 +586,8 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
 
 		/* If we are starting a new section then prepare it now */
 		if (next_state != state || force_new_sect) {
-			debug3("%s: start state 0x%02x", __func__, next_state);
+			KRL_DBG(("%s: start state 0x%02x", __func__,
+			    next_state));
 			state = next_state;
 			sshbuf_reset(sect);
 			switch (state) {
@@ -636,8 +638,8 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
 	}
 	/* Flush the remaining section, if any */
 	if (state != 0) {
-		debug3("%s: serial final flush for state 0x%02x",
-		    __func__, state);
+		KRL_DBG(("%s: serial final flush for state 0x%02x",
+		    __func__, state));
 		switch (state) {
 		case KRL_SECTION_CERT_SERIAL_LIST:
 		case KRL_SECTION_CERT_SERIAL_RANGE:
@@ -653,12 +655,12 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
 		    (r = sshbuf_put_stringb(buf, sect)) != 0)
 			goto out;
 	}
-	debug3("%s: serial done ", __func__);
+	KRL_DBG(("%s: serial done ", __func__));
 
 	/* Now output a section for any revocations by key ID */
 	sshbuf_reset(sect);
 	RB_FOREACH(rki, revoked_key_id_tree, &rc->revoked_key_ids) {
-		debug3("%s: key ID %s", __func__, rki->key_id);
+		KRL_DBG(("%s: key ID %s", __func__, rki->key_id));
 		if ((r = sshbuf_put_cstring(sect, rki->key_id)) != 0)
 			goto out;
 	}
@@ -679,7 +681,7 @@ int
 ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
     const struct sshkey **sign_keys, u_int nsign_keys)
 {
-	int r = -1;
+	int r = SSH_ERR_INTERNAL_ERROR;
 	struct revoked_certs *rc;
 	struct revoked_blob *rb;
 	struct sshbuf *sect;
@@ -715,7 +717,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
 	/* Finally, output sections for revocations by public key/hash */
 	sshbuf_reset(sect);
 	RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) {
-		debug3("%s: key len %zu ", __func__, rb->len);
+		KRL_DBG(("%s: key len %u ", __func__, rb->len));
 		if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
 			goto out;
 	}
@@ -726,7 +728,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
 	}
 	sshbuf_reset(sect);
 	RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) {
-		debug3("%s: hash len %zu ", __func__, rb->len);
+		KRL_DBG(("%s: hash len %u ", __func__, rb->len));
 		if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
 			goto out;
 	}
@@ -742,7 +744,8 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
 		if ((r = sshkey_to_blob_buf(sign_keys[i], sect)) != 0)
 			goto out;
 
-		debug3("%s: signature key len %zu", __func__, sshbuf_len(sect));
+		KRL_DBG(("%s: signature key len %zu", __func__,
+		    sshbuf_len(sect)));
 		if ((r = sshbuf_put_u8(buf, KRL_SECTION_SIGNATURE)) != 0 ||
 		    (r = sshbuf_put_stringb(buf, sect)) != 0)
 			goto out;
@@ -750,7 +753,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
 		if ((r = sshkey_sign(sign_keys[i], &sblob, &slen,
 		    sshbuf_ptr(buf), sshbuf_len(buf), 0)) == -1)
 			goto out;
-		debug3("%s: signature sig len %zu", __func__, slen);
+		KRL_DBG(("%s: signature sig len %u", __func__, slen));
 		if ((r = sshbuf_put_string(buf, sblob, slen)) != 0)
 			goto out;
 	}
@@ -781,7 +784,7 @@ format_timestamp(u_int64_t timestamp, char *ts, size_t nts)
 static int
 parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
 {
-	int r = -1, nbits;
+	int r = SSH_ERR_INTERNAL_ERROR, nbits;
 	u_char type;
 	const u_char *blob;
 	size_t blen;
@@ -809,7 +812,8 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
 		if ((r = sshbuf_get_u8(buf, &type)) != 0 ||
 		    (r = sshbuf_froms(buf, &subsect)) != 0)
 			goto out;
-		debug3("%s: subsection type 0x%02x", __func__, type);
+		KRL_DBG(("%s: subsection type 0x%02x", __func__, type));
+		/* sshbuf_dump(subsect, stderr); */
 
 		switch (type) {
 		case KRL_SECTION_CERT_SERIAL_LIST:
@@ -842,7 +846,7 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
 				r = SSH_ERR_INVALID_FORMAT;
 				goto out;
 			}
-			for (serial = 0; serial < (u_int)nbits; serial++) {
+			for (serial = 0; serial < (u_int64_t)nbits; serial++) {
 				if (serial > 0 && serial_lo + serial == 0) {
 					error("%s: bitmap wraps u64", __func__);
 					r = SSH_ERR_INVALID_FORMAT;
@@ -895,12 +899,12 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
 /* Attempt to parse a KRL, checking its signature (if any) with sign_ca_keys. */
 int
 ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
-    const struct sshkey **sign_ca_keys, u_int nsign_ca_keys)
+    const struct sshkey **sign_ca_keys, size_t nsign_ca_keys)
 {
 	struct sshbuf *copy = NULL, *sect = NULL;
 	struct ssh_krl *krl = NULL;
 	char timestamp[64];
-	int r = -1, sig_seen;
+	int r = SSH_ERR_INTERNAL_ERROR, sig_seen;
 	struct sshkey *key = NULL, **ca_used = NULL, **tmp_ca_used;
 	u_char type, *rdata = NULL;
 	const u_char *blob;
@@ -961,12 +965,12 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
 		if ((r = sshbuf_get_u8(copy, &type)) != 0 ||
 		    (r = sshbuf_get_string_direct(copy, &blob, &blen)) != 0)
 			goto out;
-		debug3("%s: first pass, section 0x%02x", __func__, type);
+		KRL_DBG(("%s: first pass, section 0x%02x", __func__, type));
 		if (type != KRL_SECTION_SIGNATURE) {
 			if (sig_seen) {
-				r = SSH_ERR_INVALID_FORMAT;
 				error("KRL contains non-signature section "
 				    "after signature");
+				r = SSH_ERR_INVALID_FORMAT;
 				goto out;
 			}
 			/* Not interested for now. */
@@ -976,7 +980,6 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
 		/* First string component is the signing key */
 		if ((r = sshkey_from_blob(blob, blen, &key)) != 0) {
 			r = SSH_ERR_INVALID_FORMAT;
-			error("%s: invalid signature key", __func__);
 			goto out;
 		}
 		if (sshbuf_len(buf) < sshbuf_len(copy)) {
@@ -992,16 +995,14 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
 		}
 		/* Check signature over entire KRL up to this point */
 		if ((r = sshkey_verify(key, blob, blen,
-		    sshbuf_ptr(buf), sshbuf_len(buf) - sig_off, 0)) != 0) {
-			error("bad signaure on KRL");
+		    sshbuf_ptr(buf), sshbuf_len(buf) - sig_off, 0)) != 0)
 			goto out;
-		}
 		/* Check if this key has already signed this KRL */
 		for (i = 0; i < nca_used; i++) {
 			if (sshkey_equal(ca_used[i], key)) {
 				error("KRL signed more than once with "
 				    "the same key");
-				r = SSH_ERR_SIGNATURE_INVALID;
+				r = SSH_ERR_INVALID_FORMAT;
 				goto out;
 			}
 		}
@@ -1041,10 +1042,9 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
 			sect = NULL;
 		}
 		if ((r = sshbuf_get_u8(copy, &type)) != 0 ||
-		    (r = sshbuf_froms(copy, &sect)) != 0) {
+		    (r = sshbuf_froms(copy, &sect)) != 0)
 			goto out;
-		}
-		debug3("%s: second pass, section 0x%02x", __func__, type);
+		KRL_DBG(("%s: second pass, section 0x%02x", __func__, type));
 
 		switch (type) {
 		case KRL_SECTION_CERTIFICATES:
@@ -1068,7 +1068,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
 				    &krl->revoked_keys : &krl->revoked_sha1s,
 				    rdata, rlen)) != 0)
 					goto out;
-				rdata = NULL; /* revoke_blob frees blob */
+				rdata = NULL; /* revoke_blob frees rdata */
 			}
 			break;
 		case KRL_SECTION_SIGNATURE:
@@ -1101,8 +1101,8 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
 		}
 	}
 	if (nca_used && !sig_seen) {
-		r = SSH_ERR_SIGNATURE_INVALID;
 		error("All keys used to sign KRL were revoked");
+		r = SSH_ERR_KEY_REVOKED;
 		goto out;
 	}
 
@@ -1159,7 +1159,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
 	erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
 	free(rb.blob);
 	if (erb != NULL) {
-		debug("%s: revoked by key SHA1", __func__);
+		KRL_DBG(("%s: revoked by key SHA1", __func__));
 		return SSH_ERR_KEY_REVOKED;
 	}
 
@@ -1170,7 +1170,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
 	erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
 	free(rb.blob);
 	if (erb != NULL) {
-		debug("%s: revoked by explicit key", __func__);
+		KRL_DBG(("%s: revoked by explicit key", __func__));
 		return SSH_ERR_KEY_REVOKED;
 	}
 
@@ -1189,7 +1189,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
 	rki.key_id = key->cert->key_id;
 	erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki);
 	if (erki != NULL) {
-		debug("%s: revoked by key ID", __func__);
+		KRL_DBG(("%s: revoked by key ID", __func__));
 		return SSH_ERR_KEY_REVOKED;
 	}
 
@@ -1204,13 +1204,11 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
 	rs.lo = rs.hi = key->cert->serial;
 	ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs);
 	if (ers != NULL) {
-		KRL_DBG(("%s: %llu matched %llu:%llu", __func__,
+		KRL_DBG(("%s: revoked serial %llu matched %llu:%llu", __func__,
 		    key->cert->serial, ers->lo, ers->hi));
-		debug("%s: revoked by serial", __func__);
 		return SSH_ERR_KEY_REVOKED;
 	}
 	KRL_DBG(("%s: %llu no match", __func__, key->cert->serial));
-
 	return 0;
 }
 
@@ -1219,7 +1217,7 @@ ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key)
 {
 	int r;
 
-	debug2("%s: checking key", __func__);
+	KRL_DBG(("%s: checking key", __func__));
 	if ((r = is_key_revoked(krl, key)) != 0)
 		return r;
 	if (sshkey_is_cert(key)) {
@@ -1227,7 +1225,7 @@ ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key)
 		if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0)
 			return r;
 	}
-	debug3("%s: key okay", __func__);
+	KRL_DBG(("%s: key okay", __func__));
 	return 0;
 }
 
diff --git a/krl.h b/krl.h
index c98cc13..4e12bef 100644
--- a/krl.h
+++ b/krl.h
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.h,v 1.3 2014/12/04 01:49:59 djm Exp $ */
+/* $OpenBSD: krl.h,v 1.4 2015/01/13 19:06:49 djm Exp $ */
 
 #ifndef _KRL_H
 #define _KRL_H
@@ -57,7 +57,7 @@ int ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key);
 int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
     const struct sshkey **sign_keys, u_int nsign_keys);
 int ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
-    const struct sshkey **sign_ca_keys, u_int nsign_ca_keys);
+    const struct sshkey **sign_ca_keys, size_t nsign_ca_keys);
 int ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key);
 int ssh_krl_file_contains_key(const char *path, const struct sshkey *key);
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list