diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2022-01-05 05:27:01 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2022-01-05 06:06:01 +0100 |
| commit | 141a14ec9b0924709c98df2dd8013bde5d8d12c7 (patch) | |
| tree | b6dfeb3f6415239233f0d6333aaad9bdc7b1f3e7 /ssh-keygen.c | |
| parent | upstream: regression test for find-principals NULL deref; from Fabian (diff) | |
| download | openssh-141a14ec9b0924709c98df2dd8013bde5d8d12c7.tar.xz openssh-141a14ec9b0924709c98df2dd8013bde5d8d12c7.zip | |
upstream: move sig_process_opts() to before sig_sign(); no
functional code change
OpenBSD-Commit-ID: da02d61f5464f72b4e8b299f83e93c3b657932f9
Diffstat (limited to '')
| -rw-r--r-- | ssh-keygen.c | 77 |
1 files changed, 39 insertions, 38 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index ed8d3b9c3..5dc742053 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.442 2021/11/28 07:14:29 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.443 2022/01/05 04:27:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2603,6 +2603,44 @@ sign_one(struct sshkey *signkey, const char *filename, int fd, } static int +sig_process_opts(char * const *opts, size_t nopts, uint64_t *verify_timep, + int *print_pubkey) +{ + size_t i; + time_t now; + + if (verify_timep != NULL) + *verify_timep = 0; + if (print_pubkey != NULL) + *print_pubkey = 0; + for (i = 0; i < nopts; i++) { + if (verify_timep && + strncasecmp(opts[i], "verify-time=", 12) == 0) { + if (parse_absolute_time(opts[i] + 12, + verify_timep) != 0 || *verify_timep == 0) { + error("Invalid \"verify-time\" option"); + return SSH_ERR_INVALID_ARGUMENT; + } + } else if (print_pubkey && + strcasecmp(opts[i], "print-pubkey") == 0) { + *print_pubkey = 1; + } else { + error("Invalid option \"%s\"", opts[i]); + return SSH_ERR_INVALID_ARGUMENT; + } + } + if (verify_timep && *verify_timep == 0) { + if ((now = time(NULL)) < 0) { + error("Time is before epoch"); + return SSH_ERR_INVALID_ARGUMENT; + } + *verify_timep = (uint64_t)now; + } + return 0; +} + + +static int sig_sign(const char *keypath, const char *sig_namespace, int argc, char **argv) { int i, fd = -1, r, ret = -1; @@ -2674,43 +2712,6 @@ done: } static int -sig_process_opts(char * const *opts, size_t nopts, uint64_t *verify_timep, - int *print_pubkey) -{ - size_t i; - time_t now; - - if (verify_timep != NULL) - *verify_timep = 0; - if (print_pubkey != NULL) - *print_pubkey = 0; - for (i = 0; i < nopts; i++) { - if (verify_timep && - strncasecmp(opts[i], "verify-time=", 12) == 0) { - if (parse_absolute_time(opts[i] + 12, - verify_timep) != 0 || *verify_timep == 0) { - error("Invalid \"verify-time\" option"); - return SSH_ERR_INVALID_ARGUMENT; - } - } else if (print_pubkey && - strcasecmp(opts[i], "print-pubkey") == 0) { - *print_pubkey = 1; - } else { - error("Invalid option \"%s\"", opts[i]); - return SSH_ERR_INVALID_ARGUMENT; - } - } - if (verify_timep && *verify_timep == 0) { - if ((now = time(NULL)) < 0) { - error("Time is before epoch"); - return SSH_ERR_INVALID_ARGUMENT; - } - *verify_timep = (uint64_t)now; - } - return 0; -} - -static int sig_verify(const char *signature, const char *sig_namespace, const char *principal, const char *allowed_keys, const char *revoked_keys, char * const *opts, size_t nopts) |