summaryrefslogtreecommitdiff
path: root/ssh-agent.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-07-02 15:28:02 +1000
committerDamien Miller <djm@mindrot.org>2014-07-02 15:28:02 +1000
commit8668706d0f52654fe64c0ca41a96113aeab8d2b8 (patch)
tree73e78e1ea3d39206e39870bbe0af17d6c430fb51 /ssh-agent.c
parent2cd7929250cf9e9f658d70dcd452f529ba08c942 (diff)
- djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c [sshconnect2.c sshd.c sshkey.c sshkey.h [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e.
Diffstat (limited to 'ssh-agent.c')
-rw-r--r--ssh-agent.c24
1 files changed, 16 insertions, 8 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index bc96ad705..693d763e2 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.185 2014/04/29 18:01:49 markus Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.186 2014/06/24 01:13:21 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -278,7 +278,7 @@ process_authentication_challenge1(SocketEntry *e)
278 if (id != NULL && (!id->confirm || confirm_key(id) == 0)) { 278 if (id != NULL && (!id->confirm || confirm_key(id) == 0)) {
279 Key *private = id->key; 279 Key *private = id->key;
280 /* Decrypt the challenge using the private key. */ 280 /* Decrypt the challenge using the private key. */
281 if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0) 281 if (rsa_private_decrypt(challenge, challenge, private->rsa) != 0)
282 goto failure; 282 goto failure;
283 283
284 /* The response is MD5 of decrypted challenge plus session id. */ 284 /* The response is MD5 of decrypted challenge plus session id. */
@@ -365,12 +365,16 @@ process_sign_request2(SocketEntry *e)
365static void 365static void
366process_remove_identity(SocketEntry *e, int version) 366process_remove_identity(SocketEntry *e, int version)
367{ 367{
368 u_int blen, bits; 368 u_int blen;
369 int success = 0; 369 int success = 0;
370 Key *key = NULL; 370 Key *key = NULL;
371 u_char *blob; 371 u_char *blob;
372#ifdef WITH_SSH1
373 u_int bits;
374#endif /* WITH_SSH1 */
372 375
373 switch (version) { 376 switch (version) {
377#ifdef WITH_SSH1
374 case 1: 378 case 1:
375 key = key_new(KEY_RSA1); 379 key = key_new(KEY_RSA1);
376 bits = buffer_get_int(&e->request); 380 bits = buffer_get_int(&e->request);
@@ -381,6 +385,7 @@ process_remove_identity(SocketEntry *e, int version)
381 logit("Warning: identity keysize mismatch: actual %u, announced %u", 385 logit("Warning: identity keysize mismatch: actual %u, announced %u",
382 key_size(key), bits); 386 key_size(key), bits);
383 break; 387 break;
388#endif /* WITH_SSH1 */
384 case 2: 389 case 2:
385 blob = buffer_get_string(&e->request, &blen); 390 blob = buffer_get_string(&e->request, &blen);
386 key = key_from_blob(blob, blen); 391 key = key_from_blob(blob, blen);
@@ -477,6 +482,7 @@ process_add_identity(SocketEntry *e, int version)
477 Key *k = NULL; 482 Key *k = NULL;
478 483
479 switch (version) { 484 switch (version) {
485#ifdef WITH_SSH1
480 case 1: 486 case 1:
481 k = key_new_private(KEY_RSA1); 487 k = key_new_private(KEY_RSA1);
482 (void) buffer_get_int(&e->request); /* ignored */ 488 (void) buffer_get_int(&e->request); /* ignored */
@@ -490,7 +496,9 @@ process_add_identity(SocketEntry *e, int version)
490 buffer_get_bignum(&e->request, k->rsa->p); /* q */ 496 buffer_get_bignum(&e->request, k->rsa->p); /* q */
491 497
492 /* Generate additional parameters */ 498 /* Generate additional parameters */
493 rsa_generate_additional_parameters(k->rsa); 499 if (rsa_generate_additional_parameters(k->rsa) != 0)
500 fatal("%s: rsa_generate_additional_parameters "
501 "error", __func__);
494 502
495 /* enable blinding */ 503 /* enable blinding */
496 if (RSA_blinding_on(k->rsa, NULL) != 1) { 504 if (RSA_blinding_on(k->rsa, NULL) != 1) {
@@ -499,6 +507,7 @@ process_add_identity(SocketEntry *e, int version)
499 goto send; 507 goto send;
500 } 508 }
501 break; 509 break;
510#endif /* WITH_SSH1 */
502 case 2: 511 case 2:
503 k = key_private_deserialize(&e->request); 512 k = key_private_deserialize(&e->request);
504 if (k == NULL) { 513 if (k == NULL) {
@@ -507,11 +516,10 @@ process_add_identity(SocketEntry *e, int version)
507 } 516 }
508 break; 517 break;
509 } 518 }
510 comment = buffer_get_string(&e->request, NULL); 519 if (k == NULL)
511 if (k == NULL) {
512 free(comment);
513 goto send; 520 goto send;
514 } 521 comment = buffer_get_string(&e->request, NULL);
522
515 while (buffer_len(&e->request)) { 523 while (buffer_len(&e->request)) {
516 switch ((type = buffer_get_char(&e->request))) { 524 switch ((type = buffer_get_char(&e->request))) {
517 case SSH_AGENT_CONSTRAIN_LIFETIME: 525 case SSH_AGENT_CONSTRAIN_LIFETIME:
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-28 23:10:15 +0000