summaryrefslogtreecommitdiff
path: root/ssh-agent.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2011-01-24 11:46:57 +0000
committerColin Watson <cjwatson@debian.org>2011-01-24 11:46:57 +0000
commit0970072c89b079b022538e3c366fbfa2c53fc821 (patch)
treeb7024712d74234bb5a8b036ccbc9109e2e211296 /ssh-agent.c
parent4e8aa4da57000c7bba8e5c49163bc0c0ca383f78 (diff)
parent478ff799463ca926a8dfbabf058f4e84aaffc65a (diff)
merge 5.7p1
Diffstat (limited to 'ssh-agent.c')
-rw-r--r--ssh-agent.c67
1 files changed, 63 insertions, 4 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index 2c0e28696..afba413d7 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.166 2010/04/16 01:47:26 djm Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -468,6 +468,11 @@ process_add_identity(SocketEntry *e, int version)
468 int type, success = 0, death = 0, confirm = 0; 468 int type, success = 0, death = 0, confirm = 0;
469 char *type_name, *comment; 469 char *type_name, *comment;
470 Key *k = NULL; 470 Key *k = NULL;
471#ifdef OPENSSL_HAS_ECC
472 BIGNUM *exponent;
473 EC_POINT *q;
474 char *curve;
475#endif
471 u_char *cert; 476 u_char *cert;
472 u_int len; 477 u_int len;
473 478
@@ -490,7 +495,6 @@ process_add_identity(SocketEntry *e, int version)
490 case 2: 495 case 2:
491 type_name = buffer_get_string(&e->request, NULL); 496 type_name = buffer_get_string(&e->request, NULL);
492 type = key_type_from_name(type_name); 497 type = key_type_from_name(type_name);
493 xfree(type_name);
494 switch (type) { 498 switch (type) {
495 case KEY_DSA: 499 case KEY_DSA:
496 k = key_new_private(type); 500 k = key_new_private(type);
@@ -509,6 +513,59 @@ process_add_identity(SocketEntry *e, int version)
509 key_add_private(k); 513 key_add_private(k);
510 buffer_get_bignum2(&e->request, k->dsa->priv_key); 514 buffer_get_bignum2(&e->request, k->dsa->priv_key);
511 break; 515 break;
516#ifdef OPENSSL_HAS_ECC
517 case KEY_ECDSA:
518 k = key_new_private(type);
519 k->ecdsa_nid = key_ecdsa_nid_from_name(type_name);
520 curve = buffer_get_string(&e->request, NULL);
521 if (k->ecdsa_nid != key_curve_name_to_nid(curve))
522 fatal("%s: curve names mismatch", __func__);
523 xfree(curve);
524 k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
525 if (k->ecdsa == NULL)
526 fatal("%s: EC_KEY_new_by_curve_name failed",
527 __func__);
528 q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
529 if (q == NULL)
530 fatal("%s: BN_new failed", __func__);
531 if ((exponent = BN_new()) == NULL)
532 fatal("%s: BN_new failed", __func__);
533 buffer_get_ecpoint(&e->request,
534 EC_KEY_get0_group(k->ecdsa), q);
535 buffer_get_bignum2(&e->request, exponent);
536 if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
537 fatal("%s: EC_KEY_set_public_key failed",
538 __func__);
539 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
540 fatal("%s: EC_KEY_set_private_key failed",
541 __func__);
542 if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
543 EC_KEY_get0_public_key(k->ecdsa)) != 0)
544 fatal("%s: bad ECDSA public key", __func__);
545 if (key_ec_validate_private(k->ecdsa) != 0)
546 fatal("%s: bad ECDSA private key", __func__);
547 BN_clear_free(exponent);
548 EC_POINT_free(q);
549 break;
550 case KEY_ECDSA_CERT:
551 cert = buffer_get_string(&e->request, &len);
552 if ((k = key_from_blob(cert, len)) == NULL)
553 fatal("Certificate parse failed");
554 xfree(cert);
555 key_add_private(k);
556 if ((exponent = BN_new()) == NULL)
557 fatal("%s: BN_new failed", __func__);
558 buffer_get_bignum2(&e->request, exponent);
559 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
560 fatal("%s: EC_KEY_set_private_key failed",
561 __func__);
562 if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
563 EC_KEY_get0_public_key(k->ecdsa)) != 0 ||
564 key_ec_validate_private(k->ecdsa) != 0)
565 fatal("%s: bad ECDSA key", __func__);
566 BN_clear_free(exponent);
567 break;
568#endif /* OPENSSL_HAS_ECC */
512 case KEY_RSA: 569 case KEY_RSA:
513 k = key_new_private(type); 570 k = key_new_private(type);
514 buffer_get_bignum2(&e->request, k->rsa->n); 571 buffer_get_bignum2(&e->request, k->rsa->n);
@@ -534,9 +591,11 @@ process_add_identity(SocketEntry *e, int version)
534 buffer_get_bignum2(&e->request, k->rsa->q); 591 buffer_get_bignum2(&e->request, k->rsa->q);
535 break; 592 break;
536 default: 593 default:
594 xfree(type_name);
537 buffer_clear(&e->request); 595 buffer_clear(&e->request);
538 goto send; 596 goto send;
539 } 597 }
598 xfree(type_name);
540 break; 599 break;
541 } 600 }
542 /* enable blinding */ 601 /* enable blinding */
@@ -1092,7 +1151,7 @@ main(int ac, char **av)
1092 prctl(PR_SET_DUMPABLE, 0); 1151 prctl(PR_SET_DUMPABLE, 0);
1093#endif 1152#endif
1094 1153
1095 SSLeay_add_all_algorithms(); 1154 OpenSSL_add_all_algorithms();
1096 1155
1097 __progname = ssh_get_progname(av[0]); 1156 __progname = ssh_get_progname(av[0]);
1098 init_rng(); 1157 init_rng();
@@ -1173,7 +1232,7 @@ main(int ac, char **av)
1173 1232
1174 if (agentsocket == NULL) { 1233 if (agentsocket == NULL) {
1175 /* Create private directory for agent socket */ 1234 /* Create private directory for agent socket */
1176 strlcpy(socket_dir, "/tmp/ssh-XXXXXXXXXX", sizeof socket_dir); 1235 mktemp_proto(socket_dir, sizeof(socket_dir));
1177 if (mkdtemp(socket_dir) == NULL) { 1236 if (mkdtemp(socket_dir) == NULL) {
1178 perror("mkdtemp: private socket dir"); 1237 perror("mkdtemp: private socket dir");
1179 exit(1); 1238 exit(1);