diff options
author | Colin Watson <cjwatson@debian.org> | 2011-01-24 11:46:57 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2011-01-24 11:46:57 +0000 |
commit | 0970072c89b079b022538e3c366fbfa2c53fc821 (patch) | |
tree | b7024712d74234bb5a8b036ccbc9109e2e211296 /ssh-agent.c | |
parent | 4e8aa4da57000c7bba8e5c49163bc0c0ca383f78 (diff) | |
parent | 478ff799463ca926a8dfbabf058f4e84aaffc65a (diff) |
merge 5.7p1
Diffstat (limited to 'ssh-agent.c')
-rw-r--r-- | ssh-agent.c | 67 |
1 files changed, 63 insertions, 4 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 2c0e28696..afba413d7 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.166 2010/04/16 01:47:26 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -468,6 +468,11 @@ process_add_identity(SocketEntry *e, int version) | |||
468 | int type, success = 0, death = 0, confirm = 0; | 468 | int type, success = 0, death = 0, confirm = 0; |
469 | char *type_name, *comment; | 469 | char *type_name, *comment; |
470 | Key *k = NULL; | 470 | Key *k = NULL; |
471 | #ifdef OPENSSL_HAS_ECC | ||
472 | BIGNUM *exponent; | ||
473 | EC_POINT *q; | ||
474 | char *curve; | ||
475 | #endif | ||
471 | u_char *cert; | 476 | u_char *cert; |
472 | u_int len; | 477 | u_int len; |
473 | 478 | ||
@@ -490,7 +495,6 @@ process_add_identity(SocketEntry *e, int version) | |||
490 | case 2: | 495 | case 2: |
491 | type_name = buffer_get_string(&e->request, NULL); | 496 | type_name = buffer_get_string(&e->request, NULL); |
492 | type = key_type_from_name(type_name); | 497 | type = key_type_from_name(type_name); |
493 | xfree(type_name); | ||
494 | switch (type) { | 498 | switch (type) { |
495 | case KEY_DSA: | 499 | case KEY_DSA: |
496 | k = key_new_private(type); | 500 | k = key_new_private(type); |
@@ -509,6 +513,59 @@ process_add_identity(SocketEntry *e, int version) | |||
509 | key_add_private(k); | 513 | key_add_private(k); |
510 | buffer_get_bignum2(&e->request, k->dsa->priv_key); | 514 | buffer_get_bignum2(&e->request, k->dsa->priv_key); |
511 | break; | 515 | break; |
516 | #ifdef OPENSSL_HAS_ECC | ||
517 | case KEY_ECDSA: | ||
518 | k = key_new_private(type); | ||
519 | k->ecdsa_nid = key_ecdsa_nid_from_name(type_name); | ||
520 | curve = buffer_get_string(&e->request, NULL); | ||
521 | if (k->ecdsa_nid != key_curve_name_to_nid(curve)) | ||
522 | fatal("%s: curve names mismatch", __func__); | ||
523 | xfree(curve); | ||
524 | k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); | ||
525 | if (k->ecdsa == NULL) | ||
526 | fatal("%s: EC_KEY_new_by_curve_name failed", | ||
527 | __func__); | ||
528 | q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa)); | ||
529 | if (q == NULL) | ||
530 | fatal("%s: BN_new failed", __func__); | ||
531 | if ((exponent = BN_new()) == NULL) | ||
532 | fatal("%s: BN_new failed", __func__); | ||
533 | buffer_get_ecpoint(&e->request, | ||
534 | EC_KEY_get0_group(k->ecdsa), q); | ||
535 | buffer_get_bignum2(&e->request, exponent); | ||
536 | if (EC_KEY_set_public_key(k->ecdsa, q) != 1) | ||
537 | fatal("%s: EC_KEY_set_public_key failed", | ||
538 | __func__); | ||
539 | if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) | ||
540 | fatal("%s: EC_KEY_set_private_key failed", | ||
541 | __func__); | ||
542 | if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | ||
543 | EC_KEY_get0_public_key(k->ecdsa)) != 0) | ||
544 | fatal("%s: bad ECDSA public key", __func__); | ||
545 | if (key_ec_validate_private(k->ecdsa) != 0) | ||
546 | fatal("%s: bad ECDSA private key", __func__); | ||
547 | BN_clear_free(exponent); | ||
548 | EC_POINT_free(q); | ||
549 | break; | ||
550 | case KEY_ECDSA_CERT: | ||
551 | cert = buffer_get_string(&e->request, &len); | ||
552 | if ((k = key_from_blob(cert, len)) == NULL) | ||
553 | fatal("Certificate parse failed"); | ||
554 | xfree(cert); | ||
555 | key_add_private(k); | ||
556 | if ((exponent = BN_new()) == NULL) | ||
557 | fatal("%s: BN_new failed", __func__); | ||
558 | buffer_get_bignum2(&e->request, exponent); | ||
559 | if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) | ||
560 | fatal("%s: EC_KEY_set_private_key failed", | ||
561 | __func__); | ||
562 | if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | ||
563 | EC_KEY_get0_public_key(k->ecdsa)) != 0 || | ||
564 | key_ec_validate_private(k->ecdsa) != 0) | ||
565 | fatal("%s: bad ECDSA key", __func__); | ||
566 | BN_clear_free(exponent); | ||
567 | break; | ||
568 | #endif /* OPENSSL_HAS_ECC */ | ||
512 | case KEY_RSA: | 569 | case KEY_RSA: |
513 | k = key_new_private(type); | 570 | k = key_new_private(type); |
514 | buffer_get_bignum2(&e->request, k->rsa->n); | 571 | buffer_get_bignum2(&e->request, k->rsa->n); |
@@ -534,9 +591,11 @@ process_add_identity(SocketEntry *e, int version) | |||
534 | buffer_get_bignum2(&e->request, k->rsa->q); | 591 | buffer_get_bignum2(&e->request, k->rsa->q); |
535 | break; | 592 | break; |
536 | default: | 593 | default: |
594 | xfree(type_name); | ||
537 | buffer_clear(&e->request); | 595 | buffer_clear(&e->request); |
538 | goto send; | 596 | goto send; |
539 | } | 597 | } |
598 | xfree(type_name); | ||
540 | break; | 599 | break; |
541 | } | 600 | } |
542 | /* enable blinding */ | 601 | /* enable blinding */ |
@@ -1092,7 +1151,7 @@ main(int ac, char **av) | |||
1092 | prctl(PR_SET_DUMPABLE, 0); | 1151 | prctl(PR_SET_DUMPABLE, 0); |
1093 | #endif | 1152 | #endif |
1094 | 1153 | ||
1095 | SSLeay_add_all_algorithms(); | 1154 | OpenSSL_add_all_algorithms(); |
1096 | 1155 | ||
1097 | __progname = ssh_get_progname(av[0]); | 1156 | __progname = ssh_get_progname(av[0]); |
1098 | init_rng(); | 1157 | init_rng(); |
@@ -1173,7 +1232,7 @@ main(int ac, char **av) | |||
1173 | 1232 | ||
1174 | if (agentsocket == NULL) { | 1233 | if (agentsocket == NULL) { |
1175 | /* Create private directory for agent socket */ | 1234 | /* Create private directory for agent socket */ |
1176 | strlcpy(socket_dir, "/tmp/ssh-XXXXXXXXXX", sizeof socket_dir); | 1235 | mktemp_proto(socket_dir, sizeof(socket_dir)); |
1177 | if (mkdtemp(socket_dir) == NULL) { | 1236 | if (mkdtemp(socket_dir) == NULL) { |
1178 | perror("mkdtemp: private socket dir"); | 1237 | perror("mkdtemp: private socket dir"); |
1179 | exit(1); | 1238 | exit(1); |