diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c index 6710dfb54..4e52272a7 100644 --- a/src/libstrongswan/credentials/builder.c +++ b/src/libstrongswan/credentials/builder.c @@ -17,7 +17,6 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_FROM_FILE", - "BUILD_FROM_FD", "BUILD_AGENT_SOCKET", "BUILD_BLOB", "BUILD_BLOB_ASN1_DER", diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h index 5ab462fa8..103b823c0 100644 --- a/src/libstrongswan/credentials/builder.h +++ b/src/libstrongswan/credentials/builder.h @@ -45,8 +45,6 @@ typedef void* (*builder_function_t)(int subtype, va_list args); enum builder_part_t { /** path to a file encoded in any format, char* */ BUILD_FROM_FILE, - /** file descriptor to read data, encoded in any format, int */ - BUILD_FROM_FD, /** unix socket of a ssh/pgp agent, char* */ BUILD_AGENT_SOCKET, /** An arbitrary blob of data, chunk_t */ diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c index e9d55f3b8..254b1951b 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.c +++ b/src/libstrongswan/plugins/pem/pem_builder.c @@ -454,47 +454,12 @@ static void *load_from_file(char *file, credential_type_t type, int subtype, return cred; } -/** - * load the credential from a file descriptor - */ -static void *load_from_fd(int fd, credential_type_t type, int subtype, - identification_t *subject, x509_flag_t flags) -{ - char buf[8096]; - char *pos = buf; - ssize_t len, total = 0; - - while (TRUE) - { - len = read(fd, pos, buf + sizeof(buf) - pos); - if (len < 0) - { - DBG1(DBG_LIB, "reading from file descriptor failed: %s", - strerror(errno)); - return NULL; - } - if (len == 0) - { - break; - } - total += len; - if (total == sizeof(buf)) - { - DBG1(DBG_LIB, "buffer too small to read from file descriptor"); - return NULL; - } - } - return load_from_blob(chunk_create(buf, total), type, subtype, - subject, flags); -} - /** * Load all kind of PEM encoded credentials. */ static void *pem_load(credential_type_t type, int subtype, va_list args) { char *file = NULL; - int fd = -1; chunk_t pem = chunk_empty; identification_t *subject = NULL; int flags = 0; @@ -506,9 +471,7 @@ static void *pem_load(credential_type_t type, int subtype, va_list args) case BUILD_FROM_FILE: file = va_arg(args, char*); continue; - case BUILD_FROM_FD: - fd = va_arg(args, int); - continue; + case BUILD_BLOB: case BUILD_BLOB_PEM: pem = va_arg(args, chunk_t); continue; @@ -534,10 +497,6 @@ static void *pem_load(credential_type_t type, int subtype, va_list args) { return load_from_file(file, type, subtype, subject, flags); } - if (fd != -1) - { - return load_from_fd(fd, type, subtype, subject, flags); - } return NULL; } diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.c b/src/libstrongswan/plugins/sshkey/sshkey_builder.c index 61e829fdf..569b0b738 100644 --- a/src/libstrongswan/plugins/sshkey/sshkey_builder.c +++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.c @@ -162,22 +162,15 @@ static sshkey_public_key_t *load_from_stream(FILE *file) } /** - * Load SSH key from FD + * Load SSH key from a blob of data (most likely the content of a file) */ -static sshkey_public_key_t *load_from_fd(int fd) +static sshkey_public_key_t *load_from_blob(chunk_t blob) { FILE *stream; - /* dup the FD as it gets closed in fclose() */ - fd = dup(fd); - if (fd == -1) - { - return NULL; - } - stream = fdopen(fd, "r"); + stream = fmemopen(blob.ptr, blob.len, "r"); if (!stream) { - close(fd); return NULL; } return load_from_stream(stream); @@ -204,22 +197,21 @@ static sshkey_public_key_t *load_from_file(char *file) */ sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args) { - chunk_t blob = chunk_empty; + chunk_t sshkey = chunk_empty, blob = chunk_empty; char *file = NULL; - int fd = -1; while (TRUE) { switch (va_arg(args, builder_part_t)) { case BUILD_BLOB_SSHKEY: - blob = va_arg(args, chunk_t); + sshkey = va_arg(args, chunk_t); continue; case BUILD_FROM_FILE: file = va_arg(args, char*); continue; - case BUILD_FROM_FD: - fd = va_arg(args, int); + case BUILD_BLOB: + blob = va_arg(args, chunk_t); continue; case BUILD_END: break; @@ -228,17 +220,17 @@ sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args) } break; } - if (blob.ptr) + if (sshkey.ptr) { - return parse_public_key(blob); + return parse_public_key(sshkey); } if (file) { return load_from_file(file); } - if (fd != -1) + if (blob.ptr) { - return load_from_fd(fd); + return load_from_blob(blob); } return NULL; } diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 9d669dfdd..000f63d1a 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -380,9 +380,13 @@ static int issue() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (!cert_req) { @@ -419,8 +423,12 @@ static int issue() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } } if (!public) diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c index 6d2f7b915..353670e32 100644 --- a/src/pki/commands/keyid.c +++ b/src/pki/commands/keyid.c @@ -87,8 +87,12 @@ static int keyid() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); cred = lib->creds->create(lib->creds, type, subtype, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (!cred) { diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index 90cf254c8..2261e44ff 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -338,7 +338,7 @@ static void print_crl(crl_t *crl) if (crl->is_delta_crl(crl, &chunk)) { - chunk = chunk_skip_zero(chunk); + chunk = chunk_skip_zero(chunk); printf("delta CRL: for serial %#B\n", &chunk); } chunk = crl->get_authKeyIdentifier(crl); @@ -508,8 +508,12 @@ static int print() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); cred = lib->creds->create(lib->creds, type, subtype, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (!cred) { diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c index 537af5159..7f88055ef 100644 --- a/src/pki/commands/pub.c +++ b/src/pki/commands/pub.c @@ -101,13 +101,17 @@ static int pub() chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL); cred = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, - BUILD_PKCS11_KEYID, chunk, BUILD_END); + BUILD_PKCS11_KEYID, chunk, BUILD_END); free(chunk.ptr); } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); cred = lib->creds->create(lib->creds, type, subtype, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (type == CRED_PRIVATE_KEY) diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c index e269f64ea..628463e7b 100644 --- a/src/pki/commands/req.c +++ b/src/pki/commands/req.c @@ -116,8 +116,12 @@ static int req() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (!private) { diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index a1f17c8f9..6bf0b1353 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -271,8 +271,12 @@ static int self() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (!private) { diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c index 11c596d78..96b2b5065 100644 --- a/src/pki/commands/verify.c +++ b/src/pki/commands/verify.c @@ -55,8 +55,12 @@ static int verify() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (!cert) {