From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sat, 23 Nov 2019 18:29:13 +0000 (+0000)
Subject: pubkey handling: Call sethash when needed
X-Git-Tag: v0.6.0~131
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=commitdiff_plain;h=77b5ed3f8b450d4889ffb205a098f8aa7821baaf

pubkey handling: Call sethash when needed

Pass defhash about.

Without this, attempts to use these new arrangements (in particular,
keyset_load when there are rsa1 keys involved, which will be the usual
new arrangement) would segfault.

This fixes the bug introduced in:
  site: Read public peer keys from key file

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---

diff --git a/pubkeys.fl.pl b/pubkeys.fl.pl
index 226f4dd..4c30091 100755
--- a/pubkeys.fl.pl
+++ b/pubkeys.fl.pl
@@ -161,6 +161,7 @@ struct pubkeyset_context {
     /* filled in during setup: */
     struct cloc loc; /* line is runtime */
     struct log_if *log;
+    struct hash_if *defhash;
     struct buffer_if *data_buf;
     struct peer_keyset *building;
     /* runtime: */
@@ -230,6 +231,13 @@ static struct pubkeyset_context c[1];
     bool_t ok=c->scheme->loadpub(c->scheme,c->data_buf,
 				 &pubkey,c->log,c->loc);
     if (!ok) break;
+    if (pubkey->sethash) {
+	if (!c->defhash) {
+	    pubkey->dispose(pubkey->st);
+	    DOSKIP("public key requires default hash to load");
+	}
+	pubkey->sethash(pubkey->st,c->defhash);
+    }
     memcpy(c->building->keys[c->building->nkeys].id.b,
 	   c->grpid,
            GRPIDSZ);
@@ -283,9 +291,11 @@ static struct pubkeyset_context c[1];
 
 extern struct peer_keyset *
 keyset_load(const char *path, struct buffer_if *data_buf,
-	    struct log_if *log, int logcl_enoent) {
+	    struct log_if *log, int logcl_enoent,
+	    struct hash_if *defhash) {
     assert(!c->building);
     c->log=log;
+    c->defhash=defhash;
     c->loc.file=path;
     pkyyin = fopen(path, "r");
     if (!pkyyin) {
diff --git a/pubkeys.h b/pubkeys.h
index 0901baa..782240f 100644
--- a/pubkeys.h
+++ b/pubkeys.h
@@ -38,7 +38,8 @@ struct peer_keyset {
 
 extern struct peer_keyset *
 keyset_load(const char *path, struct buffer_if *data_buf,
-	    struct log_if *log, int logcl_enoent);
+	    struct log_if *log, int logcl_enoent,
+	    struct hash_if *defhash);
 
 extern void keyset_dispose(struct peer_keyset **ks);
 
diff --git a/site.c b/site.c
index e37c73b..e8b507f 100644
--- a/site.c
+++ b/site.c
@@ -903,7 +903,7 @@ static void peerkeys_maybe_incorporate(struct site *st, const char *file,
 				       int logcl_enoent)
 {
     struct peer_keyset *atsuffix=
-	keyset_load(file,&st->scratch,st->log,logcl_enoent);
+	keyset_load(file,&st->scratch,st->log,logcl_enoent,st->defhash);
     if (!atsuffix) return;
 
     if (st->peerkeys_current &&
@@ -2547,7 +2547,8 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
 	pathprefix_template_init(&st->peerkeys_tmpl,st->peerkeys_path,
 				 PEERKEYS_SUFFIX_MAXLEN + 1 /* nul */);
 	st->peerkeys_current=keyset_load(st->peerkeys_path,
-					 &st->scratch,st->log,M_ERR);
+					 &st->scratch,st->log,M_ERR,
+					 st->defhash);
 	if (fixed_pubkey) {
 	    fixed_pubkey->dispose(fixed_pubkey->st);
 	}