annotate gensignkey.c @ 1775:8179eabe16c9

fuzzing - fix some wrong types and -lcrypt on macos
author Matt Johnston <matt@ucc.asn.au>
date Mon, 02 Nov 2020 20:33:48 +0800
parents c795520269f9
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 #include "includes.h"
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 #include "dbutil.h"
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 #include "buffer.h"
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 #include "ecdsa.h"
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 #include "genrsa.h"
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 #include "gendss.h"
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
7 #include "gened25519.h"
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 #include "signkey.h"
858
220f55d540ae rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
9 #include "dbrandom.h"
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 855
diff changeset
11 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
1663
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
12 static int buf_writefile(buffer * buf, const char * filename, int skip_exist) {
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 int ret = DROPBEAR_FAILURE;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 int fd = -1;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 fd = open(filename, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 if (fd < 0) {
1663
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
18 /* If generating keys on connection (skip_exist) it's OK to get EEXIST
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
19 - we probably just lost a race with another connection to generate the key */
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
20 if (skip_exist && errno == EEXIST) {
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
21 ret = DROPBEAR_SUCCESS;
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
22 } else {
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
23 dropbear_log(LOG_ERR, "Couldn't create new file %s: %s",
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
24 filename, strerror(errno));
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
25 }
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
26
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 goto out;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 /* write the file now */
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 while (buf->pos != buf->len) {
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 int len = write(fd, buf_getptr(buf, buf->len - buf->pos),
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 buf->len - buf->pos);
888
6e6ae84d3dba Fix check for EINTR
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
34 if (len == -1 && errno == EINTR) {
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 continue;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37 if (len <= 0) {
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 dropbear_log(LOG_ERR, "Failed writing file %s: %s",
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39 filename, strerror(errno));
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40 goto out;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42 buf_incrpos(buf, len);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 ret = DROPBEAR_SUCCESS;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 out:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 if (fd >= 0) {
983
2b62f26cf808 Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents: 982
diff changeset
49 if (fsync(fd) != 0) {
2b62f26cf808 Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents: 982
diff changeset
50 dropbear_log(LOG_ERR, "fsync of %s failed: %s", filename, strerror(errno));
2b62f26cf808 Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents: 982
diff changeset
51 }
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52 m_close(fd);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 return ret;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57 /* returns 0 on failure */
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58 static int get_default_bits(enum signkey_type keytype)
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 {
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
60 switch (keytype) {
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
61 #if DROPBEAR_RSA
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
62 case DROPBEAR_SIGNKEY_RSA:
1438
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
63 return DROPBEAR_DEFAULT_RSA_SIZE;
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
64 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
65 #if DROPBEAR_DSS
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
66 case DROPBEAR_SIGNKEY_DSS:
1438
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
67 /* DSS for SSH only defines 1024 bits */
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
68 return 1024;
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
70 #if DROPBEAR_ECDSA
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
71 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
72 return ECDSA_DEFAULT_SIZE;
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
73 case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
74 return 521;
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
75 case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
76 return 384;
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
77 case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
78 return 256;
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
79 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
80 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
81 case DROPBEAR_SIGNKEY_ED25519:
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
82 return 256;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
83 #endif
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
84 default:
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
85 return 0;
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
86 }
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
88
1438
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
89 int signkey_generate_get_bits(enum signkey_type keytype, int bits) {
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
90 if (bits == 0)
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
91 {
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
92 bits = get_default_bits(keytype);
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
93 }
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
94 return bits;
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
95 }
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
96
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
97 /* if skip_exist is set it will silently return if the key file exists */
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
98 int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist)
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
99 {
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
100 sign_key * key = NULL;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
101 buffer *buf = NULL;
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
102 char *fn_temp = NULL;
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
103 int ret = DROPBEAR_FAILURE;
1438
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
104 bits = signkey_generate_get_bits(keytype, bits);
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
105
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
106 /* now we can generate the key */
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
107 key = new_sign_key();
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
108
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
109 seedrandom();
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
110
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
111 switch(keytype) {
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
112 #if DROPBEAR_RSA
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
113 case DROPBEAR_SIGNKEY_RSA:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
114 key->rsakey = gen_rsa_priv_key(bits);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
115 break;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
116 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
117 #if DROPBEAR_DSS
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
118 case DROPBEAR_SIGNKEY_DSS:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
119 key->dsskey = gen_dss_priv_key(bits);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
120 break;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
121 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
122 #if DROPBEAR_ECDSA
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
123 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
124 case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
125 case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
126 case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
127 {
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
128 ecc_key *ecckey = gen_ecdsa_priv_key(bits);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
129 keytype = ecdsa_signkey_type(ecckey);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
130 *signkey_key_ptr(key, keytype) = ecckey;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
131 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
132 break;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
133 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
134 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
135 case DROPBEAR_SIGNKEY_ED25519:
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
136 key->ed25519key = gen_ed25519_priv_key(bits);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
137 break;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
138 #endif
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
139 default:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
140 dropbear_exit("Internal error");
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
141 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
142
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
143 seedrandom();
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
144
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
145 buf = buf_new(MAX_PRIVKEY_SIZE);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
146
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
147 buf_put_priv_key(buf, key, keytype);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
148 sign_key_free(key);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
149 key = NULL;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
150 buf_setpos(buf, 0);
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
151
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
152 fn_temp = m_malloc(strlen(filename) + 30);
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
153 snprintf(fn_temp, strlen(filename)+30, "%s.tmp%d", filename, getpid());
1663
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
154 ret = buf_writefile(buf, fn_temp, 0);
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
155
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
156 if (ret == DROPBEAR_FAILURE) {
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
157 goto out;
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
158 }
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
159
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
160 if (link(fn_temp, filename) < 0) {
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
161 /* If generating keys on connection (skipexist) it's OK to get EEXIST
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
162 - we probably just lost a race with another connection to generate the key */
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
163 if (!(skip_exist && errno == EEXIST)) {
1663
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
164 if (errno == EPERM || errno == EACCES) {
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
165 /* Non-atomic fallback when hard-links not allowed or unsupported */
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
166 buf_setpos(buf, 0);
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
167 ret = buf_writefile(buf, filename, skip_exist);
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
168 } else {
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
169 dropbear_log(LOG_ERR, "Failed moving key file to %s: %s", filename,
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
170 strerror(errno));
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
171 ret = DROPBEAR_FAILURE;
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
172 }
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
173
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
174 goto out;
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
175 }
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
176 }
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
177
1658
7402218141d4 bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents: 1438
diff changeset
178 /* ensure directory update is flushed to disk, otherwise we can end up
7402218141d4 bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents: 1438
diff changeset
179 with zero-byte hostkey files if the power goes off */
7402218141d4 bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents: 1438
diff changeset
180 fsync_parent_dir(filename);
7402218141d4 bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents: 1438
diff changeset
181
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
182 out:
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
183 if (buf) {
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
184 buf_burn(buf);
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
185 buf_free(buf);
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
186 }
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
187
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
188 if (fn_temp) {
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
189 unlink(fn_temp);
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
190 m_free(fn_temp);
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
191 }
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
192
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
193 return ret;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
194 }