Merge pull request #12 from grondo/zcert_curve_new-fix

garlick · garlick · commit 3b67cb3826d7 · 2014-09-30T09:35:17.000-07:00
More keygen fixes
diff --git a/src/cmd/flux-keygen.c b/src/cmd/flux-keygen.c
@@ -42,7 +42,7 @@ static const struct option longopts[] = {
 void usage (void)
 {
     fprintf (stderr, 
-"Usage: flux-keygen [--force] [--plain|--curve]\n"
+"Usage: flux-keygen [--force] [--plain]\n"
 );
     exit (1);
 }
@@ -53,7 +53,6 @@ int main (int argc, char *argv[])
     flux_sec_t sec;
     bool force = false;
     bool plain = false;
-    bool curve = false;
 
     log_init ("flux-keygen");
 
@@ -68,24 +67,17 @@ int main (int argc, char *argv[])
             case 'p': /* --plain */
                 plain = true;
                 break;
-            case 'c': /* --curve */
-                curve = true;
-                break;
             default:
                 usage ();
                 break;
         }
     }
     if (optind < argc)
         usage ();
-    if (plain && curve)
-        usage ();
     if (!(sec = flux_sec_create ()))
         err_exit ("flux_sec_create");
     if (plain && flux_sec_enable (sec, FLUX_SEC_TYPE_PLAIN) < 0)
         msg_exit ("PLAIN security is not available");
-    if (curve && flux_sec_enable (sec, FLUX_SEC_TYPE_CURVE) < 0)
-        msg_exit ("CURVE security is not available");
     if (flux_sec_keygen (sec, force, true) < 0)
         msg_exit ("%s", flux_sec_errstr (sec));
     flux_sec_destroy (sec);
diff --git a/src/common/libflux/security.c b/src/common/libflux/security.c
@@ -528,6 +528,8 @@ static zcert_t *zcert_curve_new (flux_sec_t c)
     zcert_t *new;
     char sec[41];
     char pub[41];
+    uint8_t s[32];
+    uint8_t p[32];
 
     if (zmq_curve_keypair (pub, sec) < 0) {
         if (errno == ENOTSUP)
@@ -539,7 +541,12 @@ static zcert_t *zcert_curve_new (flux_sec_t c)
         return NULL;
     }
 
-    if (!(new = zcert_new_from ((byte *)pub, (byte *)sec)))
+    if (!zmq_z85_decode (s, sec) || !zmq_z85_decode (p, pub)) {
+        seterrstr (c, "zcert_curve_new: Failed to decode keys");
+        return NULL;
+    }
+
+    if (!(new = zcert_new_from (p, s)))
         oom ();
 
     return new;
@@ -672,8 +679,6 @@ static int genpasswd (flux_sec_t c, const char *user, bool force, bool verbose)
 done:
     if (passwds)
         zhash_destroy (&passwds);
-    if (passwd)
-        free (passwd);
     if (uuid)
         zuuid_destroy (&uuid);
     return rc;
