diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-07-16 13:18:39 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-07-16 23:23:05 +1000 |
| commit | 16dd8b2c78a0de106c7429e2a294d203f6bda3c7 (patch) | |
| tree | c1f6e71fe7aa7985f055b6a66926def4c876dcb7 /ssh-keygen.c | |
| parent | 45478898f9590b5cc8bc7104e573b84be67443b0 (diff) | |
upstream: remove mostly vestigal uuencode.[ch]; moving the only unique
functionality there (wrapping of base64-encoded data) to sshbuf functions;
feedback and ok markus@
OpenBSD-Commit-ID: 4dba6735d88c57232f6fccec8a08bdcfea44ac4c
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 53 |
1 files changed, 25 insertions, 28 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 5dcad1f61..c2cfe8df0 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.336 2019/07/15 13:16:29 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.337 2019/07/16 13:18:39 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -43,7 +43,6 @@ | |||
| 43 | #include "xmalloc.h" | 43 | #include "xmalloc.h" |
| 44 | #include "sshkey.h" | 44 | #include "sshkey.h" |
| 45 | #include "authfile.h" | 45 | #include "authfile.h" |
| 46 | #include "uuencode.h" | ||
| 47 | #include "sshbuf.h" | 46 | #include "sshbuf.h" |
| 48 | #include "pathnames.h" | 47 | #include "pathnames.h" |
| 49 | #include "log.h" | 48 | #include "log.h" |
| @@ -301,25 +300,30 @@ load_identity(char *filename) | |||
| 301 | static void | 300 | static void |
| 302 | do_convert_to_ssh2(struct passwd *pw, struct sshkey *k) | 301 | do_convert_to_ssh2(struct passwd *pw, struct sshkey *k) |
| 303 | { | 302 | { |
| 304 | size_t len; | 303 | struct sshbuf *b; |
| 305 | u_char *blob; | 304 | char comment[61], *b64; |
| 306 | char comment[61]; | ||
| 307 | int r; | 305 | int r; |
| 308 | 306 | ||
| 309 | if ((r = sshkey_to_blob(k, &blob, &len)) != 0) | 307 | if ((b = sshbuf_new()) == NULL) |
| 308 | fatal("%s: sshbuf_new failed", __func__); | ||
| 309 | if ((r = sshkey_putb(k, b)) != 0) | ||
| 310 | fatal("key_to_blob failed: %s", ssh_err(r)); | 310 | fatal("key_to_blob failed: %s", ssh_err(r)); |
| 311 | if ((b64 = sshbuf_dtob64_string(b, 1)) == NULL) | ||
| 312 | fatal("%s: sshbuf_dtob64_string failed", __func__); | ||
| 313 | |||
| 311 | /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ | 314 | /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ |
| 312 | snprintf(comment, sizeof(comment), | 315 | snprintf(comment, sizeof(comment), |
| 313 | "%u-bit %s, converted by %s@%s from OpenSSH", | 316 | "%u-bit %s, converted by %s@%s from OpenSSH", |
| 314 | sshkey_size(k), sshkey_type(k), | 317 | sshkey_size(k), sshkey_type(k), |
| 315 | pw->pw_name, hostname); | 318 | pw->pw_name, hostname); |
| 316 | 319 | ||
| 320 | sshkey_free(k); | ||
| 321 | sshbuf_free(b); | ||
| 322 | |||
| 317 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); | 323 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); |
| 318 | fprintf(stdout, "Comment: \"%s\"\n", comment); | 324 | fprintf(stdout, "Comment: \"%s\"\n%s", comment, b64); |
| 319 | dump_base64(stdout, blob, len); | ||
| 320 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); | 325 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); |
| 321 | sshkey_free(k); | 326 | free(b64); |
| 322 | free(blob); | ||
| 323 | exit(0); | 327 | exit(0); |
| 324 | } | 328 | } |
| 325 | 329 | ||
| @@ -413,9 +417,8 @@ buffer_get_bignum_bits(struct sshbuf *b, BIGNUM *value) | |||
| 413 | } | 417 | } |
| 414 | 418 | ||
| 415 | static struct sshkey * | 419 | static struct sshkey * |
| 416 | do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | 420 | do_convert_private_ssh2(struct sshbuf *b) |
| 417 | { | 421 | { |
| 418 | struct sshbuf *b; | ||
| 419 | struct sshkey *key = NULL; | 422 | struct sshkey *key = NULL; |
| 420 | char *type, *cipher; | 423 | char *type, *cipher; |
| 421 | u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345"; | 424 | u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345"; |
| @@ -427,15 +430,13 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |||
| 427 | BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; | 430 | BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; |
| 428 | BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; | 431 | BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; |
| 429 | BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL; | 432 | BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL; |
| 430 | if ((b = sshbuf_from(blob, blen)) == NULL) | 433 | |
| 431 | fatal("%s: sshbuf_from failed", __func__); | ||
| 432 | if ((r = sshbuf_get_u32(b, &magic)) != 0) | 434 | if ((r = sshbuf_get_u32(b, &magic)) != 0) |
| 433 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 435 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 434 | 436 | ||
| 435 | if (magic != SSH_COM_PRIVATE_KEY_MAGIC) { | 437 | if (magic != SSH_COM_PRIVATE_KEY_MAGIC) { |
| 436 | error("bad magic 0x%x != 0x%x", magic, | 438 | error("bad magic 0x%x != 0x%x", magic, |
| 437 | SSH_COM_PRIVATE_KEY_MAGIC); | 439 | SSH_COM_PRIVATE_KEY_MAGIC); |
| 438 | sshbuf_free(b); | ||
| 439 | return NULL; | 440 | return NULL; |
| 440 | } | 441 | } |
| 441 | if ((r = sshbuf_get_u32(b, &i1)) != 0 || | 442 | if ((r = sshbuf_get_u32(b, &i1)) != 0 || |
| @@ -449,7 +450,6 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |||
| 449 | if (strcmp(cipher, "none") != 0) { | 450 | if (strcmp(cipher, "none") != 0) { |
| 450 | error("unsupported cipher %s", cipher); | 451 | error("unsupported cipher %s", cipher); |
| 451 | free(cipher); | 452 | free(cipher); |
| 452 | sshbuf_free(b); | ||
| 453 | free(type); | 453 | free(type); |
| 454 | return NULL; | 454 | return NULL; |
| 455 | } | 455 | } |
| @@ -460,7 +460,6 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |||
| 460 | } else if (strstr(type, "rsa")) { | 460 | } else if (strstr(type, "rsa")) { |
| 461 | ktype = KEY_RSA; | 461 | ktype = KEY_RSA; |
| 462 | } else { | 462 | } else { |
| 463 | sshbuf_free(b); | ||
| 464 | free(type); | 463 | free(type); |
| 465 | return NULL; | 464 | return NULL; |
| 466 | } | 465 | } |
| @@ -507,7 +506,6 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |||
| 507 | fatal("%s: BN_new", __func__); | 506 | fatal("%s: BN_new", __func__); |
| 508 | if (!BN_set_word(rsa_e, e)) { | 507 | if (!BN_set_word(rsa_e, e)) { |
| 509 | BN_clear_free(rsa_e); | 508 | BN_clear_free(rsa_e); |
| 510 | sshbuf_free(b); | ||
| 511 | sshkey_free(key); | 509 | sshkey_free(key); |
| 512 | return NULL; | 510 | return NULL; |
| 513 | } | 511 | } |
| @@ -535,9 +533,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |||
| 535 | } | 533 | } |
| 536 | rlen = sshbuf_len(b); | 534 | rlen = sshbuf_len(b); |
| 537 | if (rlen != 0) | 535 | if (rlen != 0) |
| 538 | error("do_convert_private_ssh2_from_blob: " | 536 | error("%s: remaining bytes in key blob %d", __func__, rlen); |
| 539 | "remaining bytes in key blob %d", rlen); | ||
| 540 | sshbuf_free(b); | ||
| 541 | 537 | ||
| 542 | /* try the key */ | 538 | /* try the key */ |
| 543 | if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || | 539 | if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || |
| @@ -582,10 +578,12 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private) | |||
| 582 | int r, blen, escaped = 0; | 578 | int r, blen, escaped = 0; |
| 583 | u_int len; | 579 | u_int len; |
| 584 | char line[1024]; | 580 | char line[1024]; |
| 585 | u_char blob[8096]; | 581 | struct sshbuf *buf; |
| 586 | char encoded[8096]; | 582 | char encoded[8096]; |
| 587 | FILE *fp; | 583 | FILE *fp; |
| 588 | 584 | ||
| 585 | if ((buf = sshbuf_new()) == NULL) | ||
| 586 | fatal("sshbuf_new failed"); | ||
| 589 | if ((fp = fopen(identity_file, "r")) == NULL) | 587 | if ((fp = fopen(identity_file, "r")) == NULL) |
| 590 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); | 588 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); |
| 591 | encoded[0] = '\0'; | 589 | encoded[0] = '\0'; |
| @@ -615,12 +613,11 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private) | |||
| 615 | (encoded[len-2] == '=') && | 613 | (encoded[len-2] == '=') && |
| 616 | (encoded[len-3] == '=')) | 614 | (encoded[len-3] == '=')) |
| 617 | encoded[len-3] = '\0'; | 615 | encoded[len-3] = '\0'; |
| 618 | blen = uudecode(encoded, blob, sizeof(blob)); | 616 | if ((r = sshbuf_b64tod(buf, encoded)) != 0) |
| 619 | if (blen < 0) | 617 | fatal("%s: base64 decoding failed: %s", __func__, ssh_err(r)); |
| 620 | fatal("uudecode failed."); | ||
| 621 | if (*private) | 618 | if (*private) |
| 622 | *k = do_convert_private_ssh2_from_blob(blob, blen); | 619 | *k = do_convert_private_ssh2(buf); |
| 623 | else if ((r = sshkey_from_blob(blob, blen, k)) != 0) | 620 | else if ((r = sshkey_fromb(buf, k)) != 0) |
| 624 | fatal("decode blob failed: %s", ssh_err(r)); | 621 | fatal("decode blob failed: %s", ssh_err(r)); |
| 625 | fclose(fp); | 622 | fclose(fp); |
| 626 | } | 623 | } |
| @@ -1739,7 +1736,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, | |||
| 1739 | } | 1736 | } |
| 1740 | if (n > SSHKEY_CERT_MAX_PRINCIPALS) | 1737 | if (n > SSHKEY_CERT_MAX_PRINCIPALS) |
| 1741 | fatal("Too many certificate principals specified"); | 1738 | fatal("Too many certificate principals specified"); |
| 1742 | 1739 | ||
| 1743 | tmp = tilde_expand_filename(argv[i], pw->pw_uid); | 1740 | tmp = tilde_expand_filename(argv[i], pw->pw_uid); |
| 1744 | if ((r = sshkey_load_public(tmp, &public, &comment)) != 0) | 1741 | if ((r = sshkey_load_public(tmp, &public, &comment)) != 0) |
| 1745 | fatal("%s: unable to open \"%s\": %s", | 1742 | fatal("%s: unable to open \"%s\": %s", |