[PATCH 3/4] ssh: update certificate support
Igor Okulist
okigan at gmail.com
Wed Mar 17 10:04:04 CET 2021
remove useful but not feature related log messages
---
agent/command-ssh.c | 30 +++++++++---------------------
agent/findkey.c | 6 ++----
2 files changed, 11 insertions(+), 25 deletions(-)
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index dfdc36f97..3983bbeb4 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -1963,11 +1963,11 @@ ssh_key_to_blob (gcry_sexp_t sexp, int with_secret,
}
else
{
- /* Note: This is also used for EdDSA. */
- err = stream_write_cstring (stream, key_spec.ssh_identifier);
- if (err)
- goto out;
- }
+ /* Note: This is also used for EdDSA. */
+ err = stream_write_cstring (stream, key_spec.ssh_identifier);
+ if (err)
+ goto out;
+ }
}
/* Write the parameters. */
@@ -2016,7 +2016,7 @@ ssh_key_to_blob (gcry_sexp_t sexp, int with_secret,
goto out;
}
}
-
+
done:
if (es_fclose_snatch (stream, &blob, &blob_size))
{
@@ -2096,16 +2096,10 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
if (err)
goto out;
- if (opt.verbose)
- log_info("key type: %s", key_type);
-
err = ssh_key_type_lookup (key_type, 0, &spec);
if (err)
goto out;
- if (opt.verbose)
- log_info("key spec flags: 0x%x", spec.flags);
-
unsigned char *cert_buffer = NULL;
u32 cert_buffer_len = 0;
@@ -2129,10 +2123,6 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
err = stream_read_cstring (cert, &cert_key_type);
if (err)
goto out;
-
- if (opt.verbose)
- log_info ("certificate type: %s", cert_key_type);
-
if (strcmp (cert_key_type, key_type) )
{
xfree (cert_key_type);
@@ -2252,8 +2242,6 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
err = stream_read_cstring (stream, &comment);
if (err)
goto out;
- if (opt.verbose)
- log_info("key comment: %s", comment);
}
if (secret)
@@ -2335,9 +2323,9 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
goto out;
}
else
- {
+ {
err = sexp_key_construct (&key, spec, secret, curve_name, mpi_list,
- comment? comment:"");
+ comment? comment:"");
if (err)
goto out;
}
@@ -3244,7 +3232,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
goto next_try;
}
}
-
+
err = ssh_key_to_protected_buffer (key, pi->pin, &buffer, &buffer_n);
if (err)
goto out;
diff --git a/agent/findkey.c b/agent/findkey.c
index b558ab893..63964ce69 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -1263,7 +1263,7 @@ agent_public_key_from_file (ctrl_t ctrl,
err = read_key_file (grip, &s_skey);
if (err)
return err;
-
+
for (i=0; i < DIM (array); i++)
array[i] = NULL;
@@ -1304,8 +1304,6 @@ agent_public_key_from_file (ctrl_t ctrl,
s_skey = NULL;
- // TODO: the following FIXME is so true -- following code is
- // prone to buffer overrun
/* FIXME: The following thing is pretty ugly code; we should
investigate how to make it cleaner. Probably code to handle
canonical S-expressions in a memory buffer is better suited for
@@ -1314,7 +1312,7 @@ agent_public_key_from_file (ctrl_t ctrl,
them. */
assert (sizeof (size_t) <= sizeof (void*));
- format = xtrymalloc (15+4+7*npkey+10+15+1+1+5+4096);
+ format = xtrymalloc (15+4+7*npkey+10+15+1+1+5+10);
if (!format)
{
err = gpg_error_from_syserror ();
--
2.25.1
More information about the Gnupg-devel
mailing list