1 1.14 pgoyette /* $NetBSD: ssh-pkcs11-client.c,v 1.21 2025/10/11 15:45:08 christos Exp $ */ 2 1.21 christos /* $OpenBSD: ssh-pkcs11-client.c,v 1.24 2025/07/30 10:17:13 dtucker Exp $ */ 3 1.17 christos 4 1.1 adam /* 5 1.1 adam * Copyright (c) 2010 Markus Friedl. All rights reserved. 6 1.15 christos * Copyright (c) 2014 Pedro Martelletto. All rights reserved. 7 1.1 adam * 8 1.1 adam * Permission to use, copy, modify, and distribute this software for any 9 1.1 adam * purpose with or without fee is hereby granted, provided that the above 10 1.1 adam * copyright notice and this permission notice appear in all copies. 11 1.1 adam * 12 1.1 adam * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 1.1 adam * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 1.1 adam * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 1.1 adam * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 1.1 adam * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 1.1 adam * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 1.1 adam * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 1.1 adam */ 20 1.2 adam #include "includes.h" 21 1.14 pgoyette __RCSID("$NetBSD: ssh-pkcs11-client.c,v 1.21 2025/10/11 15:45:08 christos Exp $"); 22 1.1 adam 23 1.1 adam #include <sys/types.h> 24 1.1 adam #include <sys/time.h> 25 1.1 adam #include <sys/socket.h> 26 1.1 adam 27 1.1 adam #include <stdarg.h> 28 1.21 christos #include <stdlib.h> 29 1.1 adam #include <string.h> 30 1.1 adam #include <unistd.h> 31 1.1 adam #include <errno.h> 32 1.18 christos #include <limits.h> 33 1.1 adam 34 1.15 christos #include <openssl/ecdsa.h> 35 1.5 christos #include <openssl/rsa.h> 36 1.5 christos 37 1.1 adam #include "pathnames.h" 38 1.1 adam #include "xmalloc.h" 39 1.13 christos #include "sshbuf.h" 40 1.1 adam #include "log.h" 41 1.1 adam #include "misc.h" 42 1.13 christos #include "sshkey.h" 43 1.1 adam #include "authfd.h" 44 1.1 adam #include "atomicio.h" 45 1.1 adam #include "ssh-pkcs11.h" 46 1.13 christos #include "ssherr.h" 47 1.1 adam 48 1.1 adam /* borrows code from sftp-server and ssh-agent */ 49 1.1 adam 50 1.18 christos /* 51 1.18 christos * Maintain a list of ssh-pkcs11-helper subprocesses. These may be looked up 52 1.21 christos * by provider path or their unique keyblobs. 53 1.18 christos */ 54 1.18 christos struct helper { 55 1.18 christos char *path; 56 1.18 christos pid_t pid; 57 1.18 christos int fd; 58 1.21 christos size_t nkeyblobs; 59 1.21 christos struct sshbuf **keyblobs; /* XXX use a tree or something faster */ 60 1.18 christos }; 61 1.18 christos static struct helper **helpers; 62 1.18 christos static size_t nhelpers; 63 1.18 christos 64 1.18 christos static struct helper * 65 1.18 christos helper_by_provider(const char *path) 66 1.18 christos { 67 1.18 christos size_t i; 68 1.18 christos 69 1.18 christos for (i = 0; i < nhelpers; i++) { 70 1.18 christos if (helpers[i] == NULL || helpers[i]->path == NULL || 71 1.18 christos helpers[i]->fd == -1) 72 1.18 christos continue; 73 1.18 christos if (strcmp(helpers[i]->path, path) == 0) 74 1.18 christos return helpers[i]; 75 1.18 christos } 76 1.18 christos return NULL; 77 1.18 christos } 78 1.18 christos 79 1.18 christos static struct helper * 80 1.21 christos helper_by_key(const struct sshkey *key) 81 1.18 christos { 82 1.21 christos size_t i, j; 83 1.21 christos struct sshbuf *keyblob = NULL; 84 1.21 christos int r; 85 1.21 christos 86 1.21 christos if ((keyblob = sshbuf_new()) == NULL) 87 1.21 christos fatal_f("sshbuf_new failed"); 88 1.21 christos if ((r = sshkey_putb(key, keyblob)) != 0) 89 1.21 christos fatal_fr(r, "serialise key"); 90 1.18 christos 91 1.18 christos for (i = 0; i < nhelpers; i++) { 92 1.21 christos if (helpers[i] == NULL) 93 1.21 christos continue; 94 1.21 christos for (j = 0; j < helpers[i]->nkeyblobs; j++) { 95 1.21 christos if (sshbuf_equals(keyblob, 96 1.21 christos helpers[i]->keyblobs[j]) == 0) { 97 1.21 christos sshbuf_free(keyblob); 98 1.21 christos return helpers[i]; 99 1.21 christos } 100 1.21 christos } 101 1.18 christos } 102 1.21 christos sshbuf_free(keyblob); 103 1.18 christos return NULL; 104 1.18 christos 105 1.18 christos } 106 1.18 christos 107 1.21 christos static void 108 1.21 christos helper_add_key(struct helper *helper, struct sshkey *key) 109 1.18 christos { 110 1.21 christos int r; 111 1.18 christos 112 1.21 christos helper->keyblobs = xrecallocarray(helper->keyblobs, helper->nkeyblobs, 113 1.21 christos helper->nkeyblobs + 1, sizeof(*helper->keyblobs)); 114 1.21 christos if ((helper->keyblobs[helper->nkeyblobs] = sshbuf_new()) == NULL) 115 1.21 christos fatal_f("sshbuf_new failed"); 116 1.21 christos if ((r = sshkey_putb(key, helper->keyblobs[helper->nkeyblobs])) != 0) 117 1.21 christos fatal_fr(r, "shkey_putb failed"); 118 1.21 christos helper->nkeyblobs++; 119 1.21 christos debug3_f("added %s key for provider %s, now has %zu keys", 120 1.21 christos sshkey_type(key), helper->path, helper->nkeyblobs); 121 1.18 christos } 122 1.18 christos 123 1.18 christos static void 124 1.21 christos helper_terminate(struct helper *helper) 125 1.18 christos { 126 1.18 christos size_t i; 127 1.18 christos int found = 0; 128 1.18 christos 129 1.18 christos if (helper == NULL) 130 1.18 christos return; 131 1.21 christos if (helper->path == NULL) 132 1.18 christos fatal_f("inconsistent helper"); 133 1.21 christos 134 1.21 christos debug3_f("terminating helper for %s; remaining %zu keys", 135 1.21 christos helper->path, helper->nkeyblobs); 136 1.21 christos 137 1.21 christos close(helper->fd); 138 1.21 christos /* XXX waitpid() */ 139 1.21 christos helper->fd = -1; 140 1.21 christos helper->pid = -1; 141 1.21 christos 142 1.21 christos /* repack helpers */ 143 1.18 christos for (i = 0; i < nhelpers; i++) { 144 1.18 christos if (helpers[i] == helper) { 145 1.18 christos if (found) 146 1.18 christos fatal_f("helper recorded more than once"); 147 1.18 christos found = 1; 148 1.21 christos } else if (found) 149 1.18 christos helpers[i - 1] = helpers[i]; 150 1.18 christos } 151 1.18 christos if (found) { 152 1.18 christos helpers = xrecallocarray(helpers, nhelpers, 153 1.18 christos nhelpers - 1, sizeof(*helpers)); 154 1.18 christos nhelpers--; 155 1.18 christos } 156 1.21 christos for (i = 0; i < helper->nkeyblobs; i++) 157 1.21 christos sshbuf_free(helper->keyblobs[i]); 158 1.18 christos free(helper->path); 159 1.18 christos free(helper); 160 1.18 christos } 161 1.18 christos 162 1.18 christos static void 163 1.18 christos send_msg(int fd, struct sshbuf *m) 164 1.1 adam { 165 1.1 adam u_char buf[4]; 166 1.13 christos size_t mlen = sshbuf_len(m); 167 1.13 christos int r; 168 1.1 adam 169 1.18 christos if (fd == -1) 170 1.18 christos return; 171 1.13 christos POKE_U32(buf, mlen); 172 1.1 adam if (atomicio(vwrite, fd, buf, 4) != 4 || 173 1.13 christos atomicio(vwrite, fd, sshbuf_mutable_ptr(m), 174 1.13 christos sshbuf_len(m)) != sshbuf_len(m)) 175 1.1 adam error("write to helper failed"); 176 1.13 christos if ((r = sshbuf_consume(m, mlen)) != 0) 177 1.17 christos fatal_fr(r, "consume"); 178 1.1 adam } 179 1.1 adam 180 1.1 adam static int 181 1.18 christos recv_msg(int fd, struct sshbuf *m) 182 1.1 adam { 183 1.1 adam u_int l, len; 184 1.13 christos u_char c, buf[1024]; 185 1.13 christos int r; 186 1.1 adam 187 1.18 christos sshbuf_reset(m); 188 1.18 christos if (fd == -1) 189 1.18 christos return 0; /* XXX */ 190 1.1 adam if ((len = atomicio(read, fd, buf, 4)) != 4) { 191 1.1 adam error("read from helper failed: %u", len); 192 1.1 adam return (0); /* XXX */ 193 1.1 adam } 194 1.13 christos len = PEEK_U32(buf); 195 1.1 adam if (len > 256 * 1024) 196 1.1 adam fatal("response too long: %u", len); 197 1.1 adam /* read len bytes into m */ 198 1.1 adam while (len > 0) { 199 1.1 adam l = len; 200 1.1 adam if (l > sizeof(buf)) 201 1.1 adam l = sizeof(buf); 202 1.1 adam if (atomicio(read, fd, buf, l) != l) { 203 1.1 adam error("response from helper failed."); 204 1.1 adam return (0); /* XXX */ 205 1.1 adam } 206 1.13 christos if ((r = sshbuf_put(m, buf, l)) != 0) 207 1.17 christos fatal_fr(r, "sshbuf_put"); 208 1.1 adam len -= l; 209 1.1 adam } 210 1.13 christos if ((r = sshbuf_get_u8(m, &c)) != 0) 211 1.17 christos fatal_fr(r, "parse type"); 212 1.13 christos return c; 213 1.1 adam } 214 1.1 adam 215 1.1 adam int 216 1.1 adam pkcs11_init(int interactive) 217 1.1 adam { 218 1.18 christos return 0; 219 1.1 adam } 220 1.1 adam 221 1.1 adam void 222 1.1 adam pkcs11_terminate(void) 223 1.1 adam { 224 1.18 christos size_t i; 225 1.18 christos 226 1.18 christos debug3_f("terminating %zu helpers", nhelpers); 227 1.18 christos for (i = 0; i < nhelpers; i++) 228 1.18 christos helper_terminate(helpers[i]); 229 1.1 adam } 230 1.1 adam 231 1.21 christos int 232 1.21 christos pkcs11_sign(struct sshkey *key, 233 1.21 christos u_char **sigp, size_t *lenp, 234 1.21 christos const u_char *data, size_t datalen, 235 1.21 christos const char *alg, const char *sk_provider, 236 1.21 christos const char *sk_pin, u_int compat) 237 1.1 adam { 238 1.15 christos struct sshbuf *msg = NULL; 239 1.18 christos struct helper *helper; 240 1.21 christos int status, r; 241 1.21 christos u_char *signature = NULL; 242 1.21 christos size_t signature_len = 0; 243 1.21 christos int ret = SSH_ERR_INTERNAL_ERROR; 244 1.21 christos 245 1.21 christos if (sigp != NULL) 246 1.21 christos *sigp = NULL; 247 1.21 christos if (lenp != NULL) 248 1.21 christos *lenp = 0; 249 1.1 adam 250 1.21 christos if ((helper = helper_by_key(key)) == NULL || helper->fd == -1) 251 1.21 christos fatal_f("no helper for %s key", sshkey_type(key)); 252 1.20 christos 253 1.13 christos if ((msg = sshbuf_new()) == NULL) 254 1.21 christos return SSH_ERR_ALLOC_FAIL; 255 1.13 christos if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || 256 1.21 christos (r = sshkey_puts_plain(key, msg)) != 0 || 257 1.21 christos (r = sshbuf_put_string(msg, data, datalen)) != 0 || 258 1.21 christos (r = sshbuf_put_cstring(msg, alg == NULL ? "" : alg)) != 0 || 259 1.21 christos (r = sshbuf_put_u32(msg, compat)) != 0) 260 1.17 christos fatal_fr(r, "compose"); 261 1.18 christos send_msg(helper->fd, msg); 262 1.13 christos sshbuf_reset(msg); 263 1.1 adam 264 1.21 christos if ((status = recv_msg(helper->fd, msg)) != SSH2_AGENT_SIGN_RESPONSE) { 265 1.21 christos /* XXX translate status to something useful */ 266 1.21 christos debug_fr(r, "recv_msg"); 267 1.21 christos ret = SSH_ERR_AGENT_FAILURE; 268 1.15 christos goto fail; 269 1.15 christos } 270 1.15 christos 271 1.21 christos if ((r = sshbuf_get_string(msg, &signature, &signature_len)) != 0) 272 1.21 christos fatal_fr(r, "parse"); 273 1.15 christos 274 1.21 christos /* success */ 275 1.21 christos if (sigp != NULL) { 276 1.21 christos *sigp = signature; 277 1.21 christos signature = NULL; 278 1.21 christos } 279 1.21 christos if (lenp != NULL) 280 1.21 christos *lenp = signature_len; 281 1.21 christos ret = 0; 282 1.15 christos 283 1.15 christos fail: 284 1.21 christos free(signature); 285 1.15 christos sshbuf_free(msg); 286 1.21 christos return ret; 287 1.15 christos } 288 1.15 christos 289 1.19 christos /* 290 1.19 christos * Make a private PKCS#11-backed certificate by grafting a previously-loaded 291 1.19 christos * PKCS#11 private key and a public certificate key. 292 1.19 christos */ 293 1.19 christos int 294 1.19 christos pkcs11_make_cert(const struct sshkey *priv, 295 1.19 christos const struct sshkey *certpub, struct sshkey **certprivp) 296 1.19 christos { 297 1.19 christos struct helper *helper = NULL; 298 1.19 christos struct sshkey *ret; 299 1.19 christos int r; 300 1.19 christos 301 1.21 christos if ((helper = helper_by_key(priv)) == NULL || helper->fd == -1) 302 1.21 christos fatal_f("no helper for %s key", sshkey_type(priv)); 303 1.21 christos 304 1.21 christos debug3_f("private key type %s cert type %s on provider %s", 305 1.21 christos sshkey_type(priv), sshkey_type(certpub), helper->path); 306 1.21 christos 307 1.19 christos *certprivp = NULL; 308 1.19 christos if (!sshkey_is_cert(certpub) || sshkey_is_cert(priv) || 309 1.19 christos !sshkey_equal_public(priv, certpub)) { 310 1.19 christos error_f("private key %s doesn't match cert %s", 311 1.19 christos sshkey_type(priv), sshkey_type(certpub)); 312 1.19 christos return SSH_ERR_INVALID_ARGUMENT; 313 1.19 christos } 314 1.19 christos *certprivp = NULL; 315 1.21 christos if ((r = sshkey_from_private(priv, &ret)) != 0) 316 1.21 christos fatal_fr(r, "copy key"); 317 1.19 christos 318 1.19 christos ret->flags |= SSHKEY_FLAG_EXT; 319 1.19 christos if ((r = sshkey_to_certified(ret)) != 0 || 320 1.19 christos (r = sshkey_cert_copy(certpub, ret)) != 0) 321 1.19 christos fatal_fr(r, "graft certificate"); 322 1.19 christos 323 1.21 christos helper_add_key(helper, ret); 324 1.15 christos 325 1.21 christos debug3_f("provider %s: %zu remaining keys", 326 1.21 christos helper->path, helper->nkeyblobs); 327 1.15 christos 328 1.21 christos /* success */ 329 1.21 christos *certprivp = ret; 330 1.18 christos return 0; 331 1.1 adam } 332 1.1 adam 333 1.18 christos static struct helper * 334 1.18 christos pkcs11_start_helper(const char *path) 335 1.1 adam { 336 1.1 adam int pair[2]; 337 1.18 christos const char *prog, *verbosity = NULL; 338 1.18 christos struct helper *helper; 339 1.18 christos pid_t pid; 340 1.18 christos 341 1.18 christos if (nhelpers >= INT_MAX) 342 1.18 christos fatal_f("too many helpers"); 343 1.18 christos debug3_f("start helper for %s", path); 344 1.18 christos if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) { 345 1.18 christos error_f("socketpair: %s", strerror(errno)); 346 1.18 christos return NULL; 347 1.15 christos } 348 1.18 christos helper = xcalloc(1, sizeof(*helper)); 349 1.1 adam if ((pid = fork()) == -1) { 350 1.18 christos error_f("fork: %s", strerror(errno)); 351 1.18 christos close(pair[0]); 352 1.18 christos close(pair[1]); 353 1.18 christos free(helper); 354 1.18 christos return NULL; 355 1.1 adam } else if (pid == 0) { 356 1.1 adam if ((dup2(pair[1], STDIN_FILENO) == -1) || 357 1.1 adam (dup2(pair[1], STDOUT_FILENO) == -1)) { 358 1.1 adam fprintf(stderr, "dup2: %s\n", strerror(errno)); 359 1.1 adam _exit(1); 360 1.1 adam } 361 1.1 adam close(pair[0]); 362 1.1 adam close(pair[1]); 363 1.18 christos prog = getenv("SSH_PKCS11_HELPER"); 364 1.18 christos if (prog == NULL || strlen(prog) == 0) 365 1.18 christos prog = _PATH_SSH_PKCS11_HELPER; 366 1.18 christos if (log_level_get() >= SYSLOG_LEVEL_DEBUG1) 367 1.18 christos verbosity = "-vvv"; 368 1.18 christos debug_f("starting %s %s", prog, 369 1.15 christos verbosity == NULL ? "" : verbosity); 370 1.18 christos execlp(prog, prog, verbosity, (char *)NULL); 371 1.18 christos fprintf(stderr, "exec: %s: %s\n", prog, strerror(errno)); 372 1.1 adam _exit(1); 373 1.1 adam } 374 1.1 adam close(pair[1]); 375 1.18 christos helper->fd = pair[0]; 376 1.18 christos helper->path = xstrdup(path); 377 1.18 christos helper->pid = pid; 378 1.18 christos debug3_f("helper %zu for \"%s\" on fd %d pid %ld", nhelpers, 379 1.18 christos helper->path, helper->fd, (long)helper->pid); 380 1.18 christos helpers = xrecallocarray(helpers, nhelpers, 381 1.18 christos nhelpers + 1, sizeof(*helpers)); 382 1.18 christos helpers[nhelpers++] = helper; 383 1.18 christos return helper; 384 1.1 adam } 385 1.1 adam 386 1.1 adam int 387 1.16 christos pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp, 388 1.16 christos char ***labelsp) 389 1.1 adam { 390 1.10 christos struct sshkey *k; 391 1.15 christos int r, type; 392 1.16 christos char *label; 393 1.21 christos u_int ret = -1, nkeys, i; 394 1.13 christos struct sshbuf *msg; 395 1.18 christos struct helper *helper; 396 1.1 adam 397 1.18 christos if ((helper = helper_by_provider(name)) == NULL && 398 1.18 christos (helper = pkcs11_start_helper(name)) == NULL) 399 1.18 christos return -1; 400 1.1 adam 401 1.21 christos debug3_f("add %s", helper->path); 402 1.21 christos 403 1.13 christos if ((msg = sshbuf_new()) == NULL) 404 1.17 christos fatal_f("sshbuf_new failed"); 405 1.13 christos if ((r = sshbuf_put_u8(msg, SSH_AGENTC_ADD_SMARTCARD_KEY)) != 0 || 406 1.13 christos (r = sshbuf_put_cstring(msg, name)) != 0 || 407 1.13 christos (r = sshbuf_put_cstring(msg, pin)) != 0) 408 1.17 christos fatal_fr(r, "compose"); 409 1.18 christos send_msg(helper->fd, msg); 410 1.13 christos sshbuf_reset(msg); 411 1.13 christos 412 1.18 christos type = recv_msg(helper->fd, msg); 413 1.21 christos debug3_f("response %d", type); 414 1.15 christos if (type == SSH2_AGENT_IDENTITIES_ANSWER) { 415 1.13 christos if ((r = sshbuf_get_u32(msg, &nkeys)) != 0) 416 1.17 christos fatal_fr(r, "parse nkeys"); 417 1.21 christos debug3_f("helper return %u keys", nkeys); 418 1.13 christos *keysp = xcalloc(nkeys, sizeof(struct sshkey *)); 419 1.16 christos if (labelsp) 420 1.16 christos *labelsp = xcalloc(nkeys, sizeof(char *)); 421 1.1 adam for (i = 0; i < nkeys; i++) { 422 1.13 christos /* XXX clean up properly instead of fatal() */ 423 1.21 christos if ((r = sshkey_froms(msg, &k)) != 0 || 424 1.16 christos (r = sshbuf_get_cstring(msg, &label, NULL)) != 0) 425 1.17 christos fatal_fr(r, "parse key"); 426 1.21 christos k->flags |= SSHKEY_FLAG_EXT; 427 1.21 christos helper_add_key(helper, k); 428 1.1 adam (*keysp)[i] = k; 429 1.16 christos if (labelsp) 430 1.16 christos (*labelsp)[i] = label; 431 1.16 christos else 432 1.16 christos free(label); 433 1.1 adam } 434 1.21 christos /* success */ 435 1.21 christos ret = 0; 436 1.15 christos } else if (type == SSH2_AGENT_FAILURE) { 437 1.15 christos if ((r = sshbuf_get_u32(msg, &nkeys)) != 0) 438 1.21 christos error_fr(r, "failed to parse failure response"); 439 1.21 christos } 440 1.21 christos if (ret != 0) { 441 1.21 christos debug_f("no keys; terminate helper"); 442 1.21 christos helper_terminate(helper); 443 1.1 adam } 444 1.13 christos sshbuf_free(msg); 445 1.21 christos return ret == 0 ? (int)nkeys : -1; 446 1.1 adam } 447 1.1 adam 448 1.1 adam int 449 1.1 adam pkcs11_del_provider(char *name) 450 1.1 adam { 451 1.18 christos struct helper *helper; 452 1.1 adam 453 1.18 christos /* 454 1.18 christos * ssh-agent deletes keys before calling this, so the helper entry 455 1.18 christos * should be gone before we get here. 456 1.18 christos */ 457 1.21 christos debug3_f("delete %s", name ? name : "(null)"); 458 1.18 christos if ((helper = helper_by_provider(name)) != NULL) 459 1.18 christos helper_terminate(helper); 460 1.18 christos return 0; 461 1.1 adam } 462 1.21 christos 463 1.21 christos void 464 1.21 christos pkcs11_key_free(struct sshkey *key) 465 1.21 christos { 466 1.21 christos struct helper *helper; 467 1.21 christos struct sshbuf *keyblob = NULL; 468 1.21 christos size_t i; 469 1.21 christos int r, found = 0; 470 1.21 christos 471 1.21 christos debug3_f("free %s key", sshkey_type(key)); 472 1.21 christos 473 1.21 christos if ((helper = helper_by_key(key)) == NULL || helper->fd == -1) 474 1.21 christos fatal_f("no helper for %s key", sshkey_type(key)); 475 1.21 christos if ((keyblob = sshbuf_new()) == NULL) 476 1.21 christos fatal_f("sshbuf_new failed"); 477 1.21 christos if ((r = sshkey_putb(key, keyblob)) != 0) 478 1.21 christos fatal_fr(r, "serialise key"); 479 1.21 christos 480 1.21 christos /* repack keys */ 481 1.21 christos for (i = 0; i < helper->nkeyblobs; i++) { 482 1.21 christos if (sshbuf_equals(keyblob, helper->keyblobs[i]) == 0) { 483 1.21 christos if (found) 484 1.21 christos fatal_f("key recorded more than once"); 485 1.21 christos found = 1; 486 1.21 christos } else if (found) 487 1.21 christos helper->keyblobs[i - 1] = helper->keyblobs[i]; 488 1.21 christos } 489 1.21 christos if (found) { 490 1.21 christos helper->keyblobs = xrecallocarray(helper->keyblobs, 491 1.21 christos helper->nkeyblobs, helper->nkeyblobs - 1, 492 1.21 christos sizeof(*helper->keyblobs)); 493 1.21 christos helper->nkeyblobs--; 494 1.21 christos } 495 1.21 christos if (helper->nkeyblobs == 0) 496 1.21 christos helper_terminate(helper); 497 1.21 christos } 498
Indexes created Sat Feb 28 05:31:39 UTC 2026