Import openssh_6.5p1.orig.tar.gz

author: Colin Watson <cjwatson@debian.org> 2014-02-10 00:18:28 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-02-10 00:18:28 +0000
commit: 9a975a9faed7c4f334e8c8490db3e77e102f2b21 (patch)
tree: 764a885ec9a963f6a8b15de6e1765f16b9ac4738 /ssh-agent.c
parent: ee196dab7c5f97f0b80c8099343a375bead92010 (diff)
parent: cdb6c90811caa5df2df856be9b0b16db020fe31d (diff)
1 files changed, 14 insertions, 122 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index c3b11729c..95117e076 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.177 2013/07/20 01:50:20 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.181 2013/12/19 01:19:41 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -464,16 +464,9 @@ process_add_identity(SocketEntry *e, int version)
        Idtab *tab = idtab_lookup(version);
        Identity *id;
        int type, success = 0, confirm = 0;
-        char *type_name, *comment;
+        char *comment;
        time_t death = 0;
        Key *k = NULL;
-#ifdef OPENSSL_HAS_ECC
-        BIGNUM *exponent;
-        EC_POINT *q;
-        char *curve;
-#endif
-        u_char *cert;
-        u_int len;
        switch (version) {
        case 1:
@@ -490,125 +483,21 @@ process_add_identity(SocketEntry *e, int version)
                /* Generate additional parameters */
                rsa_generate_additional_parameters(k->rsa);
-                break;
-        case 2:
+                /* enable blinding */
-                type_name = buffer_get_string(&e->request, NULL);
-                type = key_type_from_name(type_name);
-                switch (type) {
-                case KEY_DSA:
-                        k = key_new_private(type);
-                        buffer_get_bignum2(&e->request, k->dsa->p);
-                        buffer_get_bignum2(&e->request, k->dsa->q);
-                        buffer_get_bignum2(&e->request, k->dsa->g);
-                        buffer_get_bignum2(&e->request, k->dsa->pub_key);
-                        buffer_get_bignum2(&e->request, k->dsa->priv_key);
-                        break;
-                case KEY_DSA_CERT_V00:
-                case KEY_DSA_CERT:
-                        cert = buffer_get_string(&e->request, &len);
-                        if ((k = key_from_blob(cert, len)) == NULL)
-                                fatal("Certificate parse failed");
-                        free(cert);
-                        key_add_private(k);
-                        buffer_get_bignum2(&e->request, k->dsa->priv_key);
-                        break;
-#ifdef OPENSSL_HAS_ECC
-                case KEY_ECDSA:
-                        k = key_new_private(type);
-                        k->ecdsa_nid = key_ecdsa_nid_from_name(type_name);
-                        curve = buffer_get_string(&e->request, NULL);
-                        if (k->ecdsa_nid != key_curve_name_to_nid(curve))
-                                fatal("%s: curve names mismatch", __func__);
-                        free(curve);
-                        k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
-                        if (k->ecdsa == NULL)
-                                fatal("%s: EC_KEY_new_by_curve_name failed",
-                                    __func__);
-                        q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
-                        if (q == NULL)
-                                fatal("%s: BN_new failed", __func__);
-                        if ((exponent = BN_new()) == NULL)
-                                fatal("%s: BN_new failed", __func__);
-                        buffer_get_ecpoint(&e->request,
-                                EC_KEY_get0_group(k->ecdsa), q);
-                        buffer_get_bignum2(&e->request, exponent);
-                        if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
-                                fatal("%s: EC_KEY_set_public_key failed",
-                                    __func__);
-                        if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
-                                fatal("%s: EC_KEY_set_private_key failed",
-                                    __func__);
-                        if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
-                            EC_KEY_get0_public_key(k->ecdsa)) != 0)
-                                fatal("%s: bad ECDSA public key", __func__);
-                        if (key_ec_validate_private(k->ecdsa) != 0)
-                                fatal("%s: bad ECDSA private key", __func__);
-                        BN_clear_free(exponent);
-                        EC_POINT_free(q);
-                        break;
-                case KEY_ECDSA_CERT:
-                        cert = buffer_get_string(&e->request, &len);
-                        if ((k = key_from_blob(cert, len)) == NULL)
-                                fatal("Certificate parse failed");
-                        free(cert);
-                        key_add_private(k);
-                        if ((exponent = BN_new()) == NULL)
-                                fatal("%s: BN_new failed", __func__);
-                        buffer_get_bignum2(&e->request, exponent);
-                        if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
-                                fatal("%s: EC_KEY_set_private_key failed",
-                                    __func__);
-                        if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
-                            EC_KEY_get0_public_key(k->ecdsa)) != 0 ||
-                            key_ec_validate_private(k->ecdsa) != 0)
-                                fatal("%s: bad ECDSA key", __func__);
-                        BN_clear_free(exponent);
-                        break;
-#endif /* OPENSSL_HAS_ECC */
-                case KEY_RSA:
-                        k = key_new_private(type);
-                        buffer_get_bignum2(&e->request, k->rsa->n);
-                        buffer_get_bignum2(&e->request, k->rsa->e);
-                        buffer_get_bignum2(&e->request, k->rsa->d);
-                        buffer_get_bignum2(&e->request, k->rsa->iqmp);
-                        buffer_get_bignum2(&e->request, k->rsa->p);
-                        buffer_get_bignum2(&e->request, k->rsa->q);
-                        /* Generate additional parameters */
-                        rsa_generate_additional_parameters(k->rsa);
-                        break;
-                case KEY_RSA_CERT_V00:
-                case KEY_RSA_CERT:
-                        cert = buffer_get_string(&e->request, &len);
-                        if ((k = key_from_blob(cert, len)) == NULL)
-                                fatal("Certificate parse failed");
-                        free(cert);
-                        key_add_private(k);
-                        buffer_get_bignum2(&e->request, k->rsa->d);
-                        buffer_get_bignum2(&e->request, k->rsa->iqmp);
-                        buffer_get_bignum2(&e->request, k->rsa->p);
-                        buffer_get_bignum2(&e->request, k->rsa->q);
-                        break;
-                default:
-                        free(type_name);
-                        buffer_clear(&e->request);
-                        goto send;
-                }
-                free(type_name);
-                break;
-        }
-        /* enable blinding */
-        switch (k->type) {
-        case KEY_RSA:
-        case KEY_RSA_CERT_V00:
-        case KEY_RSA_CERT:
-        case KEY_RSA1:
                if (RSA_blinding_on(k->rsa, NULL) != 1) {
                        error("process_add_identity: RSA_blinding_on failed");
                        key_free(k);
                        goto send;
                }
                break;
+        case 2:
+                k = key_private_deserialize(&e->request);
+                if (k == NULL) {
+                        buffer_clear(&e->request);
+                        goto send;
+                }
+                break;
        }
        comment = buffer_get_string(&e->request, NULL);
        if (k == NULL) {
@@ -771,6 +660,9 @@ process_remove_smartcard_key(SocketEntry *e)
                tab = idtab_lookup(version);
                for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
                        nxt = TAILQ_NEXT(id, next);
+                        /* Skip file--based keys */
+                        if (id->provider == NULL)
+                                continue;
                        if (!strcmp(provider, id->provider)) {
                                TAILQ_REMOVE(&tab->idlist, id, next);
                                free_identity(id);
author	Colin Watson <cjwatson@debian.org>	2014-02-10 00:18:28 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-02-10 00:18:28 +0000
commit	9a975a9faed7c4f334e8c8490db3e77e102f2b21 (patch)
tree	764a885ec9a963f6a8b15de6e1765f16b9ac4738 /ssh-agent.c
parent	ee196dab7c5f97f0b80c8099343a375bead92010 (diff)
parent	cdb6c90811caa5df2df856be9b0b16db020fe31d (diff)

diff --git a/ssh-agent.c b/ssh-agent.c index c3b11729c..95117e076 100644 --- a/ssh-agent.c +++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-agent.c,v 1.177 2013/07/20 01:50:20 djm Exp $ */	1	/* $OpenBSD: ssh-agent.c,v 1.181 2013/12/19 01:19:41 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -464,16 +464,9 @@ process_add_identity(SocketEntry *e, int version)
464	Idtab *tab = idtab_lookup(version);	464	Idtab *tab = idtab_lookup(version);
465	Identity *id;	465	Identity *id;
466	int type, success = 0, confirm = 0;	466	int type, success = 0, confirm = 0;
467	char type_name, comment;	467	char *comment;
468	time_t death = 0;	468	time_t death = 0;
469	Key *k = NULL;	469	Key *k = NULL;
470	#ifdef OPENSSL_HAS_ECC
471	BIGNUM *exponent;
472	EC_POINT *q;
473	char *curve;
474	#endif
475	u_char *cert;
476	u_int len;
477		470
478	switch (version) {	471	switch (version) {
479	case 1:	472	case 1:
@@ -490,125 +483,21 @@ process_add_identity(SocketEntry *e, int version)
490		483
491	/* Generate additional parameters */	484	/* Generate additional parameters */
492	rsa_generate_additional_parameters(k->rsa);	485	rsa_generate_additional_parameters(k->rsa);
493	break;	486
494	case 2:	487	/* enable blinding */
495	type_name = buffer_get_string(&e->request, NULL);
496	type = key_type_from_name(type_name);
497	switch (type) {
498	case KEY_DSA:
499	k = key_new_private(type);
500	buffer_get_bignum2(&e->request, k->dsa->p);
501	buffer_get_bignum2(&e->request, k->dsa->q);
502	buffer_get_bignum2(&e->request, k->dsa->g);
503	buffer_get_bignum2(&e->request, k->dsa->pub_key);
504	buffer_get_bignum2(&e->request, k->dsa->priv_key);
505	break;
506	case KEY_DSA_CERT_V00:
507	case KEY_DSA_CERT:
508	cert = buffer_get_string(&e->request, &len);
509	if ((k = key_from_blob(cert, len)) == NULL)
510	fatal("Certificate parse failed");
511	free(cert);
512	key_add_private(k);
513	buffer_get_bignum2(&e->request, k->dsa->priv_key);
514	break;
515	#ifdef OPENSSL_HAS_ECC
516	case KEY_ECDSA:
517	k = key_new_private(type);
518	k->ecdsa_nid = key_ecdsa_nid_from_name(type_name);
519	curve = buffer_get_string(&e->request, NULL);
520	if (k->ecdsa_nid != key_curve_name_to_nid(curve))
521	fatal("%s: curve names mismatch", __func__);
522	free(curve);
523	k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
524	if (k->ecdsa == NULL)
525	fatal("%s: EC_KEY_new_by_curve_name failed",
526	__func__);
527	q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
528	if (q == NULL)
529	fatal("%s: BN_new failed", __func__);
530	if ((exponent = BN_new()) == NULL)
531	fatal("%s: BN_new failed", __func__);
532	buffer_get_ecpoint(&e->request,
533	EC_KEY_get0_group(k->ecdsa), q);
534	buffer_get_bignum2(&e->request, exponent);
535	if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
536	fatal("%s: EC_KEY_set_public_key failed",
537	__func__);
538	if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
539	fatal("%s: EC_KEY_set_private_key failed",
540	__func__);
541	if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
542	EC_KEY_get0_public_key(k->ecdsa)) != 0)
543	fatal("%s: bad ECDSA public key", __func__);
544	if (key_ec_validate_private(k->ecdsa) != 0)
545	fatal("%s: bad ECDSA private key", __func__);
546	BN_clear_free(exponent);
547	EC_POINT_free(q);
548	break;
549	case KEY_ECDSA_CERT:
550	cert = buffer_get_string(&e->request, &len);
551	if ((k = key_from_blob(cert, len)) == NULL)
552	fatal("Certificate parse failed");
553	free(cert);
554	key_add_private(k);
555	if ((exponent = BN_new()) == NULL)
556	fatal("%s: BN_new failed", __func__);
557	buffer_get_bignum2(&e->request, exponent);
558	if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
559	fatal("%s: EC_KEY_set_private_key failed",
560	__func__);
561	if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
562	EC_KEY_get0_public_key(k->ecdsa)) != 0 \|\|
563	key_ec_validate_private(k->ecdsa) != 0)
564	fatal("%s: bad ECDSA key", __func__);
565	BN_clear_free(exponent);
566	break;
567	#endif /* OPENSSL_HAS_ECC */
568	case KEY_RSA:
569	k = key_new_private(type);
570	buffer_get_bignum2(&e->request, k->rsa->n);
571	buffer_get_bignum2(&e->request, k->rsa->e);
572	buffer_get_bignum2(&e->request, k->rsa->d);
573	buffer_get_bignum2(&e->request, k->rsa->iqmp);
574	buffer_get_bignum2(&e->request, k->rsa->p);
575	buffer_get_bignum2(&e->request, k->rsa->q);
576
577	/* Generate additional parameters */
578	rsa_generate_additional_parameters(k->rsa);
579	break;
580	case KEY_RSA_CERT_V00:
581	case KEY_RSA_CERT:
582	cert = buffer_get_string(&e->request, &len);
583	if ((k = key_from_blob(cert, len)) == NULL)
584	fatal("Certificate parse failed");
585	free(cert);
586	key_add_private(k);
587	buffer_get_bignum2(&e->request, k->rsa->d);
588	buffer_get_bignum2(&e->request, k->rsa->iqmp);
589	buffer_get_bignum2(&e->request, k->rsa->p);
590	buffer_get_bignum2(&e->request, k->rsa->q);
591	break;
592	default:
593	free(type_name);
594	buffer_clear(&e->request);
595	goto send;
596	}
597	free(type_name);
598	break;
599	}
600	/* enable blinding */
601	switch (k->type) {
602	case KEY_RSA:
603	case KEY_RSA_CERT_V00:
604	case KEY_RSA_CERT:
605	case KEY_RSA1:
606	if (RSA_blinding_on(k->rsa, NULL) != 1) {	488	if (RSA_blinding_on(k->rsa, NULL) != 1) {
607	error("process_add_identity: RSA_blinding_on failed");	489	error("process_add_identity: RSA_blinding_on failed");
608	key_free(k);	490	key_free(k);
609	goto send;	491	goto send;
610	}	492	}
611	break;	493	break;
		494	case 2:
		495	k = key_private_deserialize(&e->request);
		496	if (k == NULL) {
		497	buffer_clear(&e->request);
		498	goto send;
		499	}
		500	break;
612	}	501	}
613	comment = buffer_get_string(&e->request, NULL);	502	comment = buffer_get_string(&e->request, NULL);
614	if (k == NULL) {	503	if (k == NULL) {
@@ -771,6 +660,9 @@ process_remove_smartcard_key(SocketEntry *e)
771	tab = idtab_lookup(version);	660	tab = idtab_lookup(version);
772	for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {	661	for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
773	nxt = TAILQ_NEXT(id, next);	662	nxt = TAILQ_NEXT(id, next);
		663	/* Skip file--based keys */
		664	if (id->provider == NULL)
		665	continue;
774	if (!strcmp(provider, id->provider)) {	666	if (!strcmp(provider, id->provider)) {
775	TAILQ_REMOVE(&tab->idlist, id, next);	667	TAILQ_REMOVE(&tab->idlist, id, next);
776	free_identity(id);	668	free_identity(id);