diff options
author | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:31:17 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:31:17 +1000 |
commit | a627d42e51ffa71e014d7b2d2c07118122fd3ec3 (patch) | |
tree | 7bda769de81f509e28d800916fa20abd37906d79 /ssh-rsa.c | |
parent | c7aad0058c957afeb26a3f703e8cb0eddeb62365 (diff) |
- djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
dns.c packet.c readpass.c authfd.c moduli.c]
bye, bye xfree(); ok markus@
Diffstat (limited to 'ssh-rsa.c')
-rw-r--r-- | ssh-rsa.c | 23 |
1 files changed, 11 insertions, 12 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-rsa.c,v 1.45 2010/08/31 09:58:37 djm Exp $ */ | 1 | /* $OpenBSD: ssh-rsa.c,v 1.46 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> | 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> |
4 | * | 4 | * |
@@ -72,7 +72,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
72 | 72 | ||
73 | error("ssh_rsa_sign: RSA_sign failed: %s", | 73 | error("ssh_rsa_sign: RSA_sign failed: %s", |
74 | ERR_error_string(ecode, NULL)); | 74 | ERR_error_string(ecode, NULL)); |
75 | xfree(sig); | 75 | free(sig); |
76 | return -1; | 76 | return -1; |
77 | } | 77 | } |
78 | if (len < slen) { | 78 | if (len < slen) { |
@@ -82,7 +82,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
82 | memset(sig, 0, diff); | 82 | memset(sig, 0, diff); |
83 | } else if (len > slen) { | 83 | } else if (len > slen) { |
84 | error("ssh_rsa_sign: slen %u slen2 %u", slen, len); | 84 | error("ssh_rsa_sign: slen %u slen2 %u", slen, len); |
85 | xfree(sig); | 85 | free(sig); |
86 | return -1; | 86 | return -1; |
87 | } | 87 | } |
88 | /* encode signature */ | 88 | /* encode signature */ |
@@ -98,7 +98,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
98 | } | 98 | } |
99 | buffer_free(&b); | 99 | buffer_free(&b); |
100 | memset(sig, 's', slen); | 100 | memset(sig, 's', slen); |
101 | xfree(sig); | 101 | free(sig); |
102 | 102 | ||
103 | return 0; | 103 | return 0; |
104 | } | 104 | } |
@@ -131,23 +131,23 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
131 | if (strcmp("ssh-rsa", ktype) != 0) { | 131 | if (strcmp("ssh-rsa", ktype) != 0) { |
132 | error("ssh_rsa_verify: cannot handle type %s", ktype); | 132 | error("ssh_rsa_verify: cannot handle type %s", ktype); |
133 | buffer_free(&b); | 133 | buffer_free(&b); |
134 | xfree(ktype); | 134 | free(ktype); |
135 | return -1; | 135 | return -1; |
136 | } | 136 | } |
137 | xfree(ktype); | 137 | free(ktype); |
138 | sigblob = buffer_get_string(&b, &len); | 138 | sigblob = buffer_get_string(&b, &len); |
139 | rlen = buffer_len(&b); | 139 | rlen = buffer_len(&b); |
140 | buffer_free(&b); | 140 | buffer_free(&b); |
141 | if (rlen != 0) { | 141 | if (rlen != 0) { |
142 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); | 142 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); |
143 | xfree(sigblob); | 143 | free(sigblob); |
144 | return -1; | 144 | return -1; |
145 | } | 145 | } |
146 | /* RSA_verify expects a signature of RSA_size */ | 146 | /* RSA_verify expects a signature of RSA_size */ |
147 | modlen = RSA_size(key->rsa); | 147 | modlen = RSA_size(key->rsa); |
148 | if (len > modlen) { | 148 | if (len > modlen) { |
149 | error("ssh_rsa_verify: len %u > modlen %u", len, modlen); | 149 | error("ssh_rsa_verify: len %u > modlen %u", len, modlen); |
150 | xfree(sigblob); | 150 | free(sigblob); |
151 | return -1; | 151 | return -1; |
152 | } else if (len < modlen) { | 152 | } else if (len < modlen) { |
153 | u_int diff = modlen - len; | 153 | u_int diff = modlen - len; |
@@ -161,7 +161,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
161 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; | 161 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
162 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { | 162 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
163 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); | 163 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); |
164 | xfree(sigblob); | 164 | free(sigblob); |
165 | return -1; | 165 | return -1; |
166 | } | 166 | } |
167 | EVP_DigestInit(&md, evp_md); | 167 | EVP_DigestInit(&md, evp_md); |
@@ -171,7 +171,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
171 | ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); | 171 | ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
172 | memset(digest, 'd', sizeof(digest)); | 172 | memset(digest, 'd', sizeof(digest)); |
173 | memset(sigblob, 's', len); | 173 | memset(sigblob, 's', len); |
174 | xfree(sigblob); | 174 | free(sigblob); |
175 | debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); | 175 | debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); |
176 | return ret; | 176 | return ret; |
177 | } | 177 | } |
@@ -262,7 +262,6 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen, | |||
262 | } | 262 | } |
263 | ret = 1; | 263 | ret = 1; |
264 | done: | 264 | done: |
265 | if (decrypted) | 265 | free(decrypted); |
266 | xfree(decrypted); | ||
267 | return ret; | 266 | return ret; |
268 | } | 267 | } |