ssh signing: use sigc struct to pass payload

To be able to extend the payload metadata with things like its creation
timestamp or the creators ident we remove the payload parameters to
check_signature() and use the already existing sigc->payload field
instead, only adding the length field to the struct. This also allows
us to get rid of the xmemdupz() calls in the verify functions. Since
sigc is now used to input data as well as output the result move it to
the front of the function list.

 - Add payload_length to struct signature_check
 - Populate sigc.payload/payload_len on all call sites
 - Remove payload parameters to check_signature()
 - Remove payload parameters to internal verify_* functions and use sigc
   instead
 - Remove xmemdupz() used for verbose output since payload is now already
   populated.

Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
index 49b846d960522ad1a5f29f7394bca4fa24e5b622..61ab63c2ea6cf791b0bede6c6bdde8699cecaa08 100644 (file)
--- a/builtin/receive-pack.c
+++ b/builtin/receive-pack.c
@@ -769,8 +769,10 @@ static void prepare_push_cert_sha1(struct child_process *proc)
                memset(&sigcheck, '\0', sizeof(sigcheck));
 
                bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
-               check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
-                               push_cert.len - bogs, &sigcheck);
+               sigcheck.payload = xmemdupz(push_cert.buf, bogs);
+               sigcheck.payload_len = bogs;
+               check_signature(&sigcheck, push_cert.buf + bogs,
+                               push_cert.len - bogs);
 
                nonce_status = check_nonce(push_cert.buf, bogs);
        }

diff --git a/commit.c b/commit.c
index 551de4903c1f4f5d21a4e30bc012109c593054c8..64e040a99b23a268995e48438b0a20b1db575066 100644 (file)
--- a/commit.c
+++ b/commit.c
@@ -1212,8 +1212,9 @@ int check_commit_signature(const struct commit *commit, struct signature_check *
 
        if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
                goto out;
-       ret = check_signature(payload.buf, payload.len, signature.buf,
-               signature.len, sigc);
+
+       sigc->payload = strbuf_detach(&payload, &sigc->payload_len);
+       ret = check_signature(sigc, signature.buf, signature.len);
 
  out:
        strbuf_release(&payload);

diff --git a/fmt-merge-msg.c b/fmt-merge-msg.c
index 5216191488e20115949418aab527988ba7b81e7c..deca1ea3a3a9ea02d1d4e8598ca070c4d4615354 100644 (file)
--- a/fmt-merge-msg.c
+++ b/fmt-merge-msg.c
@@ -533,8 +533,8 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
                else {
                        buf = payload.buf;
                        len = payload.len;
-                       if (check_signature(payload.buf, payload.len, sig.buf,
-                                           sig.len, &sigc) &&
+                       sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
+                       if (check_signature(&sigc, sig.buf, sig.len) &&
                            !sigc.output)
                                strbuf_addstr(&sig, "gpg verification failed.\n");
                        else

diff --git a/gpg-interface.c b/gpg-interface.c
index 3e7255a2a91103323232f55a6ae7770266595f9a..75ab6faacbefdedb7e60b548714bf9a6fcef1102 100644 (file)
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -19,8 +19,8 @@ struct gpg_format {
        const char **verify_args;
        const char **sigs;
        int (*verify_signed_buffer)(struct signature_check *sigc,
-                                   struct gpg_format *fmt, const char *payload,
-                                   size_t payload_size, const char *signature,
+                                   struct gpg_format *fmt,
+                                   const char *signature,
                                    size_t signature_size);
        int (*sign_buffer)(struct strbuf *buffer, struct strbuf *signature,
                           const char *signing_key);
@@ -53,12 +53,12 @@ static const char *ssh_sigs[] = {
 };
 
 static int verify_gpg_signed_buffer(struct signature_check *sigc,
-                                   struct gpg_format *fmt, const char *payload,
-                                   size_t payload_size, const char *signature,
+                                   struct gpg_format *fmt,
+                                   const char *signature,
                                    size_t signature_size);
 static int verify_ssh_signed_buffer(struct signature_check *sigc,
-                                   struct gpg_format *fmt, const char *payload,
-                                   size_t payload_size, const char *signature,
+                                   struct gpg_format *fmt,
+                                   const char *signature,
                                    size_t signature_size);
 static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature,
                           const char *signing_key);
@@ -314,8 +314,8 @@ error:
 }
 
 static int verify_gpg_signed_buffer(struct signature_check *sigc,
-                                   struct gpg_format *fmt, const char *payload,
-                                   size_t payload_size, const char *signature,
+                                   struct gpg_format *fmt,
+                                   const char *signature,
                                    size_t signature_size)
 {
        struct child_process gpg = CHILD_PROCESS_INIT;
@@ -343,14 +343,13 @@ static int verify_gpg_signed_buffer(struct signature_check *sigc,
                     NULL);
 
        sigchain_push(SIGPIPE, SIG_IGN);
-       ret = pipe_command(&gpg, payload, payload_size, &gpg_stdout, 0,
+       ret = pipe_command(&gpg, sigc->payload, sigc->payload_len, &gpg_stdout, 0,
                           &gpg_stderr, 0);
        sigchain_pop(SIGPIPE);
 
        delete_tempfile(&temp);
 
        ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG ");
-       sigc->payload = xmemdupz(payload, payload_size);
        sigc->output = strbuf_detach(&gpg_stderr, NULL);
        sigc->gpg_status = strbuf_detach(&gpg_stdout, NULL);
 
@@ -426,8 +425,8 @@ cleanup:
 }
 
 static int verify_ssh_signed_buffer(struct signature_check *sigc,
-                                   struct gpg_format *fmt, const char *payload,
-                                   size_t payload_size, const char *signature,
+                                   struct gpg_format *fmt,
+                                   const char *signature,
                                    size_t signature_size)
 {
        struct child_process ssh_keygen = CHILD_PROCESS_INIT;
@@ -480,7 +479,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
                             "-n", "git",
                             "-s", buffer_file->filename.buf,
                             NULL);
-               pipe_command(&ssh_keygen, payload, payload_size,
+               pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len,
                                   &ssh_keygen_out, 0, &ssh_keygen_err, 0);
 
                /*
@@ -526,7 +525,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
                        }
 
                        sigchain_push(SIGPIPE, SIG_IGN);
-                       ret = pipe_command(&ssh_keygen, payload, payload_size,
+                       ret = pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len,
                                           &ssh_keygen_out, 0, &ssh_keygen_err, 0);
                        sigchain_pop(SIGPIPE);
 
@@ -540,7 +539,6 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
                }
        }
 
-       sigc->payload = xmemdupz(payload, payload_size);
        strbuf_stripspace(&ssh_keygen_out, 0);
        strbuf_stripspace(&ssh_keygen_err, 0);
        /* Add stderr outputs to show the user actual ssh-keygen errors */
@@ -562,8 +560,8 @@ out:
        return ret;
 }
 
-int check_signature(const char *payload, size_t plen, const char *signature,
-       size_t slen, struct signature_check *sigc)
+int check_signature(struct signature_check *sigc,
+                   const char *signature, size_t slen)
 {
        struct gpg_format *fmt;
        int status;
@@ -575,8 +573,7 @@ int check_signature(const char *payload, size_t plen, const char *signature,
        if (!fmt)
                die(_("bad/incompatible signature '%s'"), signature);
 
-       status = fmt->verify_signed_buffer(sigc, fmt, payload, plen, signature,
-                                          slen);
+       status = fmt->verify_signed_buffer(sigc, fmt, signature, slen);
 
        if (status && !sigc->output)
                return !!status;
@@ -593,7 +590,7 @@ void print_signature_buffer(const struct signature_check *sigc, unsigned flags)
                                                            sigc->output;
 
        if (flags & GPG_VERIFY_VERBOSE && sigc->payload)
-               fputs(sigc->payload, stdout);
+               fwrite(sigc->payload, 1, sigc->payload_len, stdout);
 
        if (output)
                fputs(output, stderr);

diff --git a/gpg-interface.h b/gpg-interface.h
index beefacbb1e9025b8d65a83aea74c6ce3913535cd..5ee7d8b6b9f1540a9939a064a07a052d1689256e 100644 (file)
--- a/gpg-interface.h
+++ b/gpg-interface.h
@@ -17,6 +17,7 @@ enum signature_trust_level {
 
 struct signature_check {
        char *payload;
+       size_t payload_len;
        char *output;
        char *gpg_status;
 
@@ -70,9 +71,8 @@ const char *get_signing_key(void);
  * Either a GPG KeyID or a SSH Key Fingerprint
  */
 const char *get_signing_key_id(void);
-int check_signature(const char *payload, size_t plen,
-                   const char *signature, size_t slen,
-                   struct signature_check *sigc);
+int check_signature(struct signature_check *sigc,
+                   const char *signature, size_t slen);
 void print_signature_buffer(const struct signature_check *sigc,
                            unsigned flags);
 

diff --git a/log-tree.c b/log-tree.c
index 644893fd8cfff6a9ee9cda0b512c2adb9c8a6953..a46cf60e1e93e78e7d0265bfb0fca693547705cb 100644 (file)
--- a/log-tree.c
+++ b/log-tree.c
@@ -513,8 +513,8 @@ static void show_signature(struct rev_info *opt, struct commit *commit)
        if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
                goto out;
 
-       status = check_signature(payload.buf, payload.len, signature.buf,
-                                signature.len, &sigc);
+       sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
+       status = check_signature(&sigc, signature.buf, signature.len);
        if (status && !sigc.output)
                show_sig_lines(opt, status, "No signature\n");
        else
@@ -583,8 +583,8 @@ static int show_one_mergetag(struct commit *commit,
        status = -1;
        if (parse_signature(extra->value, extra->len, &payload, &signature)) {
                /* could have a good signature */
-               status = check_signature(payload.buf, payload.len,
-                                        signature.buf, signature.len, &sigc);
+               sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
+               status = check_signature(&sigc, signature.buf, signature.len);
                if (sigc.output)
                        strbuf_addstr(&verify_message, sigc.output);
                else

diff --git a/tag.c b/tag.c
index 3e18a41841485e8138d7ccaf36e24cc99e5d81cd..62fb09f5a5f6a9bb059b788dea2f8f5117329549 100644 (file)
--- a/tag.c
+++ b/tag.c
@@ -25,8 +25,8 @@ static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags)
                return error("no signature found");
        }
 
-       ret = check_signature(payload.buf, payload.len, signature.buf,
-                               signature.len, &sigc);
+       sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
+       ret = check_signature(&sigc, signature.buf, signature.len);
 
        if (!(flags & GPG_VERIFY_OMIT_STATUS))
                print_signature_buffer(&sigc, flags);