kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity

ssh signing: use sigc struct to pass payload 

To be able to extend the payload metadata with things like its creation
timestamp or the creators ident we remove the payload parameters to
check_signature() and use the already existing sigc->payload field
instead, only adding the length field to the struct. This also allows
us to get rid of the xmemdupz() calls in the verify functions. Since
sigc is now used to input data as well as output the result move it to
the front of the function list.

 - Add payload_length to struct signature_check
 - Populate sigc.payload/payload_len on all call sites
 - Remove payload parameters to check_signature()
 - Remove payload parameters to internal verify_* functions and use sigc
   instead
 - Remove xmemdupz() used for verbose output since payload is now already
   populated.

Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
maint
Fabian Stelzer 2021-12-09 09:52:43 +01:00 committed by Junio C Hamano
parent cafd34522f
commit 02769437e1
7 changed files with 35 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
builtin/receive-pack.c
View File

@ -769,8 +769,10 @@ static void prepare_push_cert_sha1(struct child_process *proc)
memset(&sigcheck, '\0', sizeof(sigcheck)); memset(&sigcheck, '\0', sizeof(sigcheck));


bogs = parse_signed_buffer(push_cert.buf, push_cert.len); bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
check_signature(push_cert.buf, bogs, push_cert.buf + bogs, sigcheck.payload = xmemdupz(push_cert.buf, bogs);
push_cert.len - bogs, &sigcheck); sigcheck.payload_len = bogs;
check_signature(&sigcheck, push_cert.buf + bogs,
push_cert.len - bogs);


nonce_status = check_nonce(push_cert.buf, bogs); nonce_status = check_nonce(push_cert.buf, bogs);
} }

5
commit.c
View File

@ -1212,8 +1212,9 @@ int check_commit_signature(const struct commit *commit, struct signature_check *


if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0) if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
goto out; goto out;
ret = check_signature(payload.buf, payload.len, signature.buf,
signature.len, sigc); sigc->payload = strbuf_detach(&payload, &sigc->payload_len);
ret = check_signature(sigc, signature.buf, signature.len);


out: out:
strbuf_release(&payload); strbuf_release(&payload);

4
fmt-merge-msg.c
View File

@ -533,8 +533,8 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
else { else {
buf = payload.buf; buf = payload.buf;
len = payload.len; len = payload.len;
if (check_signature(payload.buf, payload.len, sig.buf, sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
sig.len, &sigc) && if (check_signature(&sigc, sig.buf, sig.len) &&
!sigc.output) !sigc.output)
strbuf_addstr(&sig, "gpg verification failed.\n"); strbuf_addstr(&sig, "gpg verification failed.\n");
else else

37
gpg-interface.c
View File

@ -19,8 +19,8 @@ struct gpg_format {
const char **verify_args; const char **verify_args;
const char **sigs; const char **sigs;
int (*verify_signed_buffer)(struct signature_check *sigc, int (*verify_signed_buffer)(struct signature_check *sigc,
struct gpg_format *fmt, const char *payload, struct gpg_format *fmt,
size_t payload_size, const char *signature, const char *signature,
size_t signature_size); size_t signature_size);
int (*sign_buffer)(struct strbuf *buffer, struct strbuf *signature, int (*sign_buffer)(struct strbuf *buffer, struct strbuf *signature,
const char *signing_key); const char *signing_key);
@ -53,12 +53,12 @@ static const char *ssh_sigs[] = {
}; };


static int verify_gpg_signed_buffer(struct signature_check *sigc, static int verify_gpg_signed_buffer(struct signature_check *sigc,
struct gpg_format *fmt, const char *payload, struct gpg_format *fmt,
size_t payload_size, const char *signature, const char *signature,
size_t signature_size); size_t signature_size);
static int verify_ssh_signed_buffer(struct signature_check *sigc, static int verify_ssh_signed_buffer(struct signature_check *sigc,
struct gpg_format *fmt, const char *payload, struct gpg_format *fmt,
size_t payload_size, const char *signature, const char *signature,
size_t signature_size); size_t signature_size);
static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature, static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature,
const char *signing_key); const char *signing_key);
@ -314,8 +314,8 @@ error:
} }


static int verify_gpg_signed_buffer(struct signature_check *sigc, static int verify_gpg_signed_buffer(struct signature_check *sigc,
struct gpg_format *fmt, const char *payload, struct gpg_format *fmt,
size_t payload_size, const char *signature, const char *signature,
size_t signature_size) size_t signature_size)
{ {
struct child_process gpg = CHILD_PROCESS_INIT; struct child_process gpg = CHILD_PROCESS_INIT;
@ -343,14 +343,13 @@ static int verify_gpg_signed_buffer(struct signature_check *sigc,
NULL); NULL);


sigchain_push(SIGPIPE, SIG_IGN); sigchain_push(SIGPIPE, SIG_IGN);
ret = pipe_command(&gpg, payload, payload_size, &gpg_stdout, 0, ret = pipe_command(&gpg, sigc->payload, sigc->payload_len, &gpg_stdout, 0,
&gpg_stderr, 0); &gpg_stderr, 0);
sigchain_pop(SIGPIPE); sigchain_pop(SIGPIPE);


delete_tempfile(&temp); delete_tempfile(&temp);


ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG "); ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG ");
sigc->payload = xmemdupz(payload, payload_size);
sigc->output = strbuf_detach(&gpg_stderr, NULL); sigc->output = strbuf_detach(&gpg_stderr, NULL);
sigc->gpg_status = strbuf_detach(&gpg_stdout, NULL); sigc->gpg_status = strbuf_detach(&gpg_stdout, NULL);


@ -426,8 +425,8 @@ cleanup:
} }


static int verify_ssh_signed_buffer(struct signature_check *sigc, static int verify_ssh_signed_buffer(struct signature_check *sigc,
struct gpg_format *fmt, const char *payload, struct gpg_format *fmt,
size_t payload_size, const char *signature, const char *signature,
size_t signature_size) size_t signature_size)
{ {
struct child_process ssh_keygen = CHILD_PROCESS_INIT; struct child_process ssh_keygen = CHILD_PROCESS_INIT;
@ -480,7 +479,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
"-n", "git", "-n", "git",
"-s", buffer_file->filename.buf, "-s", buffer_file->filename.buf,
NULL); NULL);
pipe_command(&ssh_keygen, payload, payload_size, pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len,
&ssh_keygen_out, 0, &ssh_keygen_err, 0); &ssh_keygen_out, 0, &ssh_keygen_err, 0);


/* /*
@ -526,7 +525,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
} }


sigchain_push(SIGPIPE, SIG_IGN); sigchain_push(SIGPIPE, SIG_IGN);
ret = pipe_command(&ssh_keygen, payload, payload_size, ret = pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len,
&ssh_keygen_out, 0, &ssh_keygen_err, 0); &ssh_keygen_out, 0, &ssh_keygen_err, 0);
sigchain_pop(SIGPIPE); sigchain_pop(SIGPIPE);


@ -540,7 +539,6 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
} }
} }


sigc->payload = xmemdupz(payload, payload_size);
strbuf_stripspace(&ssh_keygen_out, 0); strbuf_stripspace(&ssh_keygen_out, 0);
strbuf_stripspace(&ssh_keygen_err, 0); strbuf_stripspace(&ssh_keygen_err, 0);
/* Add stderr outputs to show the user actual ssh-keygen errors */ /* Add stderr outputs to show the user actual ssh-keygen errors */
@ -562,8 +560,8 @@ out:
return ret; return ret;
} }


int check_signature(const char *payload, size_t plen, const char *signature, int check_signature(struct signature_check *sigc,
size_t slen, struct signature_check *sigc) const char *signature, size_t slen)
{ {
struct gpg_format *fmt; struct gpg_format *fmt;
int status; int status;
@ -575,8 +573,7 @@ int check_signature(const char *payload, size_t plen, const char *signature,
if (!fmt) if (!fmt)
die(_("bad/incompatible signature '%s'"), signature); die(_("bad/incompatible signature '%s'"), signature);


status = fmt->verify_signed_buffer(sigc, fmt, payload, plen, signature, status = fmt->verify_signed_buffer(sigc, fmt, signature, slen);
slen);


if (status && !sigc->output) if (status && !sigc->output)
return !!status; return !!status;
@ -593,7 +590,7 @@ void print_signature_buffer(const struct signature_check *sigc, unsigned flags)
sigc->output; sigc->output;


if (flags & GPG_VERIFY_VERBOSE && sigc->payload) if (flags & GPG_VERIFY_VERBOSE && sigc->payload)
fputs(sigc->payload, stdout); fwrite(sigc->payload, 1, sigc->payload_len, stdout);


if (output) if (output)
fputs(output, stderr); fputs(output, stderr);

6
gpg-interface.h
View File

@ -17,6 +17,7 @@ enum signature_trust_level {


struct signature_check { struct signature_check {
char *payload; char *payload;
size_t payload_len;
char *output; char *output;
char *gpg_status; char *gpg_status;


@ -70,9 +71,8 @@ const char *get_signing_key(void);
* Either a GPG KeyID or a SSH Key Fingerprint * Either a GPG KeyID or a SSH Key Fingerprint
*/ */
const char *get_signing_key_id(void); const char *get_signing_key_id(void);
int check_signature(const char *payload, size_t plen, int check_signature(struct signature_check *sigc,
const char *signature, size_t slen, const char *signature, size_t slen);
struct signature_check *sigc);
void print_signature_buffer(const struct signature_check *sigc, void print_signature_buffer(const struct signature_check *sigc,
unsigned flags); unsigned flags);



8
log-tree.c
View File

@ -513,8 +513,8 @@ static void show_signature(struct rev_info *opt, struct commit *commit)
if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0) if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
goto out; goto out;


status = check_signature(payload.buf, payload.len, signature.buf, sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
signature.len, &sigc); status = check_signature(&sigc, signature.buf, signature.len);
if (status && !sigc.output) if (status && !sigc.output)
show_sig_lines(opt, status, "No signature\n"); show_sig_lines(opt, status, "No signature\n");
else else
@ -583,8 +583,8 @@ static int show_one_mergetag(struct commit *commit,
status = -1; status = -1;
if (parse_signature(extra->value, extra->len, &payload, &signature)) { if (parse_signature(extra->value, extra->len, &payload, &signature)) {
/* could have a good signature */ /* could have a good signature */
status = check_signature(payload.buf, payload.len, sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
signature.buf, signature.len, &sigc); status = check_signature(&sigc, signature.buf, signature.len);
if (sigc.output) if (sigc.output)
strbuf_addstr(&verify_message, sigc.output); strbuf_addstr(&verify_message, sigc.output);
else else

4
tag.c
View File

@ -25,8 +25,8 @@ static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags)
return error("no signature found"); return error("no signature found");
} }


ret = check_signature(payload.buf, payload.len, signature.buf, sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
signature.len, &sigc); ret = check_signature(&sigc, signature.buf, signature.len);


if (!(flags & GPG_VERIFY_OMIT_STATUS)) if (!(flags & GPG_VERIFY_OMIT_STATUS))
print_signature_buffer(&sigc, flags); print_signature_buffer(&sigc, flags);