diff options
-rw-r--r-- | ssh-pkcs11-client.c | 65 |
1 files changed, 42 insertions, 23 deletions
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index de5aa8305..6cecf4863 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11-client.c,v 1.13 2019/01/20 22:54:30 djm Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11-client.c,v 1.14 2019/01/20 22:57:45 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. | 4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. |
@@ -117,19 +117,25 @@ pkcs11_terminate(void) | |||
117 | static int | 117 | static int |
118 | rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) | 118 | rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) |
119 | { | 119 | { |
120 | struct sshkey key; /* XXX */ | 120 | struct sshkey *key = NULL; |
121 | u_char *blob, *signature = NULL; | 121 | struct sshbuf *msg = NULL; |
122 | u_char *blob = NULL, *signature = NULL; | ||
122 | size_t blen, slen = 0; | 123 | size_t blen, slen = 0; |
123 | int r, ret = -1; | 124 | int r, ret = -1; |
124 | struct sshbuf *msg; | ||
125 | 125 | ||
126 | if (padding != RSA_PKCS1_PADDING) | 126 | if (padding != RSA_PKCS1_PADDING) |
127 | return (-1); | 127 | goto fail; |
128 | key.type = KEY_RSA; | 128 | key = sshkey_new(KEY_UNSPEC); |
129 | key.rsa = rsa; | 129 | if (key == NULL) { |
130 | if ((r = sshkey_to_blob(&key, &blob, &blen)) != 0) { | 130 | error("%s: sshkey_new failed", __func__); |
131 | goto fail; | ||
132 | } | ||
133 | key->type = KEY_RSA; | ||
134 | RSA_up_ref(rsa); | ||
135 | key->rsa = rsa; | ||
136 | if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) { | ||
131 | error("%s: sshkey_to_blob: %s", __func__, ssh_err(r)); | 137 | error("%s: sshkey_to_blob: %s", __func__, ssh_err(r)); |
132 | return -1; | 138 | goto fail; |
133 | } | 139 | } |
134 | if ((msg = sshbuf_new()) == NULL) | 140 | if ((msg = sshbuf_new()) == NULL) |
135 | fatal("%s: sshbuf_new failed", __func__); | 141 | fatal("%s: sshbuf_new failed", __func__); |
@@ -138,7 +144,6 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) | |||
138 | (r = sshbuf_put_string(msg, from, flen)) != 0 || | 144 | (r = sshbuf_put_string(msg, from, flen)) != 0 || |
139 | (r = sshbuf_put_u32(msg, 0)) != 0) | 145 | (r = sshbuf_put_u32(msg, 0)) != 0) |
140 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 146 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
141 | free(blob); | ||
142 | send_msg(msg); | 147 | send_msg(msg); |
143 | sshbuf_reset(msg); | 148 | sshbuf_reset(msg); |
144 | 149 | ||
@@ -151,6 +156,9 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) | |||
151 | } | 156 | } |
152 | free(signature); | 157 | free(signature); |
153 | } | 158 | } |
159 | fail: | ||
160 | free(blob); | ||
161 | sshkey_free(key); | ||
154 | sshbuf_free(msg); | 162 | sshbuf_free(msg); |
155 | return (ret); | 163 | return (ret); |
156 | } | 164 | } |
@@ -159,24 +167,33 @@ static ECDSA_SIG * | |||
159 | ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, | 167 | ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, |
160 | const BIGNUM *rp, EC_KEY *ec) | 168 | const BIGNUM *rp, EC_KEY *ec) |
161 | { | 169 | { |
162 | struct sshkey key; /* XXX */ | 170 | struct sshkey *key = NULL; |
163 | u_char *blob, *signature = NULL; | 171 | struct sshbuf *msg = NULL; |
172 | ECDSA_SIG *ret = NULL; | ||
164 | const u_char *cp; | 173 | const u_char *cp; |
174 | u_char *blob = NULL, *signature = NULL; | ||
165 | size_t blen, slen = 0; | 175 | size_t blen, slen = 0; |
166 | ECDSA_SIG *ret = NULL; | 176 | int r, nid; |
167 | struct sshbuf *msg; | ||
168 | int r; | ||
169 | 177 | ||
170 | key.type = KEY_ECDSA; | 178 | nid = sshkey_ecdsa_key_to_nid(ec); |
171 | key.ecdsa = ec; | 179 | if (nid < 0) { |
172 | key.ecdsa_nid = sshkey_ecdsa_key_to_nid(ec); | ||
173 | if (key.ecdsa_nid < 0) { | ||
174 | error("%s: couldn't get curve nid", __func__); | 180 | error("%s: couldn't get curve nid", __func__); |
175 | return (NULL); | 181 | goto fail; |
182 | } | ||
183 | |||
184 | key = sshkey_new(KEY_UNSPEC); | ||
185 | if (key == NULL) { | ||
186 | error("%s: sshkey_new failed", __func__); | ||
187 | goto fail; | ||
176 | } | 188 | } |
177 | if ((r = sshkey_to_blob(&key, &blob, &blen)) != 0) { | 189 | key->ecdsa = ec; |
190 | key->ecdsa_nid = nid; | ||
191 | key->type = KEY_ECDSA; | ||
192 | EC_KEY_up_ref(ec); | ||
193 | |||
194 | if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) { | ||
178 | error("%s: sshkey_to_blob: %s", __func__, ssh_err(r)); | 195 | error("%s: sshkey_to_blob: %s", __func__, ssh_err(r)); |
179 | return (NULL); | 196 | goto fail; |
180 | } | 197 | } |
181 | if ((msg = sshbuf_new()) == NULL) | 198 | if ((msg = sshbuf_new()) == NULL) |
182 | fatal("%s: sshbuf_new failed", __func__); | 199 | fatal("%s: sshbuf_new failed", __func__); |
@@ -185,7 +202,6 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, | |||
185 | (r = sshbuf_put_string(msg, dgst, dgst_len)) != 0 || | 202 | (r = sshbuf_put_string(msg, dgst, dgst_len)) != 0 || |
186 | (r = sshbuf_put_u32(msg, 0)) != 0) | 203 | (r = sshbuf_put_u32(msg, 0)) != 0) |
187 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 204 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
188 | free(blob); | ||
189 | send_msg(msg); | 205 | send_msg(msg); |
190 | sshbuf_reset(msg); | 206 | sshbuf_reset(msg); |
191 | 207 | ||
@@ -197,6 +213,9 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, | |||
197 | free(signature); | 213 | free(signature); |
198 | } | 214 | } |
199 | 215 | ||
216 | fail: | ||
217 | free(blob); | ||
218 | sshkey_free(key); | ||
200 | sshbuf_free(msg); | 219 | sshbuf_free(msg); |
201 | return (ret); | 220 | return (ret); |
202 | } | 221 | } |