summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--kexdhc.c11
-rw-r--r--kexdhs.c10
-rw-r--r--kexgexc.c20
-rw-r--r--kexgexs.c8
-rw-r--r--monitor_wrap.c10
-rw-r--r--packet.c7
-rw-r--r--packet.h4
-rw-r--r--ssh-ecdsa.c14
-rw-r--r--sshbuf-getput-crypto.c17
-rw-r--r--sshbuf.h4
-rw-r--r--sshkey.c96
11 files changed, 68 insertions, 133 deletions
diff --git a/kexdhc.c b/kexdhc.c
index b367832d5..236075eec 100644
--- a/kexdhc.c
+++ b/kexdhc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhc.c,v 1.24 2018/12/27 03:25:25 djm Exp $ */ 1/* $OpenBSD: kexdhc.c,v 1.25 2019/01/21 09:54:11 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -136,13 +136,8 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh)
136 r = SSH_ERR_SIGNATURE_INVALID; 136 r = SSH_ERR_SIGNATURE_INVALID;
137 goto out; 137 goto out;
138 } 138 }
139 /* DH parameter f, server public DH key */ 139 /* DH parameter f, server public DH key, signed H */
140 if ((dh_server_pub = BN_new()) == NULL) { 140 if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 ||
141 r = SSH_ERR_ALLOC_FAIL;
142 goto out;
143 }
144 /* signed H */
145 if ((r = sshpkt_get_bignum2(ssh, dh_server_pub)) != 0 ||
146 (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || 141 (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||
147 (r = sshpkt_get_end(ssh)) != 0) 142 (r = sshpkt_get_end(ssh)) != 0)
148 goto out; 143 goto out;
diff --git a/kexdhs.c b/kexdhs.c
index c8be1b2f7..4e4872580 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhs.c,v 1.30 2019/01/19 21:43:56 djm Exp $ */ 1/* $OpenBSD: kexdhs.c,v 1.31 2019/01/21 09:54:11 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -120,14 +120,10 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
120 } 120 }
121 121
122 /* key, cert */ 122 /* key, cert */
123 if ((dh_client_pub = BN_new()) == NULL) { 123 if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 ||
124 r = SSH_ERR_ALLOC_FAIL;
125 goto out;
126 }
127 DH_get0_key(kex->dh, &pub_key, NULL);
128 if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 ||
129 (r = sshpkt_get_end(ssh)) != 0) 124 (r = sshpkt_get_end(ssh)) != 0)
130 goto out; 125 goto out;
126 DH_get0_key(kex->dh, &pub_key, NULL);
131 127
132#ifdef DEBUG_KEXDH 128#ifdef DEBUG_KEXDH
133 fprintf(stderr, "dh_client_pub= "); 129 fprintf(stderr, "dh_client_pub= ");
diff --git a/kexgexc.c b/kexgexc.c
index f2be35ab2..dec01fd4f 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexc.c,v 1.29 2018/12/27 03:25:25 djm Exp $ */ 1/* $OpenBSD: kexgexc.c,v 1.30 2019/01/21 09:54:11 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -100,13 +100,8 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)
100 100
101 debug("got SSH2_MSG_KEX_DH_GEX_GROUP"); 101 debug("got SSH2_MSG_KEX_DH_GEX_GROUP");
102 102
103 if ((p = BN_new()) == NULL || 103 if ((r = sshpkt_get_bignum2(ssh, &p)) != 0 ||
104 (g = BN_new()) == NULL) { 104 (r = sshpkt_get_bignum2(ssh, &g)) != 0 ||
105 r = SSH_ERR_ALLOC_FAIL;
106 goto out;
107 }
108 if ((r = sshpkt_get_bignum2(ssh, p)) != 0 ||
109 (r = sshpkt_get_bignum2(ssh, g)) != 0 ||
110 (r = sshpkt_get_end(ssh)) != 0) 105 (r = sshpkt_get_end(ssh)) != 0)
111 goto out; 106 goto out;
112 if ((bits = BN_num_bits(p)) < 0 || 107 if ((bits = BN_num_bits(p)) < 0 ||
@@ -177,13 +172,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
177 r = SSH_ERR_SIGNATURE_INVALID; 172 r = SSH_ERR_SIGNATURE_INVALID;
178 goto out; 173 goto out;
179 } 174 }
180 /* DH parameter f, server public DH key */ 175 /* DH parameter f, server public DH key, signed H */
181 if ((dh_server_pub = BN_new()) == NULL) { 176 if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 ||
182 r = SSH_ERR_ALLOC_FAIL;
183 goto out;
184 }
185 /* signed H */
186 if ((r = sshpkt_get_bignum2(ssh, dh_server_pub)) != 0 ||
187 (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || 177 (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||
188 (r = sshpkt_get_end(ssh)) != 0) 178 (r = sshpkt_get_end(ssh)) != 0)
189 goto out; 179 goto out;
diff --git a/kexgexs.c b/kexgexs.c
index 3b2ad37e4..2a8997302 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexs.c,v 1.37 2019/01/19 21:43:56 djm Exp $ */ 1/* $OpenBSD: kexgexs.c,v 1.38 2019/01/21 09:54:11 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -150,11 +150,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
150 } 150 }
151 151
152 /* key, cert */ 152 /* key, cert */
153 if ((dh_client_pub = BN_new()) == NULL) { 153 if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 ||
154 r = SSH_ERR_ALLOC_FAIL;
155 goto out;
156 }
157 if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 ||
158 (r = sshpkt_get_end(ssh)) != 0) 154 (r = sshpkt_get_end(ssh)) != 0)
159 goto out; 155 goto out;
160 156
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 9e3c7cd17..186e8f022 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.111 2019/01/19 21:43:56 djm Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.112 2019/01/21 09:54:11 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -202,12 +202,8 @@ mm_choose_dh(int min, int nbits, int max)
202 if (success == 0) 202 if (success == 0)
203 fatal("%s: MONITOR_ANS_MODULI failed", __func__); 203 fatal("%s: MONITOR_ANS_MODULI failed", __func__);
204 204
205 if ((p = BN_new()) == NULL) 205 if ((r = sshbuf_get_bignum2(m, &p)) != 0 ||
206 fatal("%s: BN_new failed", __func__); 206 (r = sshbuf_get_bignum2(m, &g)) != 0)
207 if ((g = BN_new()) == NULL)
208 fatal("%s: BN_new failed", __func__);
209 if ((r = sshbuf_get_bignum2(m, p)) != 0 ||
210 (r = sshbuf_get_bignum2(m, g)) != 0)
211 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 207 fatal("%s: buffer error: %s", __func__, ssh_err(r));
212 208
213 debug3("%s: remaining %zu", __func__, sshbuf_len(m)); 209 debug3("%s: remaining %zu", __func__, sshbuf_len(m));
diff --git a/packet.c b/packet.c
index aa8be8c94..a162791b1 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.280 2019/01/19 21:33:14 djm Exp $ */ 1/* $OpenBSD: packet.c,v 1.281 2019/01/21 09:54:11 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2559,11 +2559,10 @@ sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g)
2559} 2559}
2560#endif /* OPENSSL_HAS_ECC */ 2560#endif /* OPENSSL_HAS_ECC */
2561 2561
2562
2563int 2562int
2564sshpkt_get_bignum2(struct ssh *ssh, BIGNUM *v) 2563sshpkt_get_bignum2(struct ssh *ssh, BIGNUM **valp)
2565{ 2564{
2566 return sshbuf_get_bignum2(ssh->state->incoming_packet, v); 2565 return sshbuf_get_bignum2(ssh->state->incoming_packet, valp);
2567} 2566}
2568#endif /* WITH_OPENSSL */ 2567#endif /* WITH_OPENSSL */
2569 2568
diff --git a/packet.h b/packet.h
index 74bb51108..98338f1f1 100644
--- a/packet.h
+++ b/packet.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.h,v 1.88 2019/01/19 21:33:14 djm Exp $ */ 1/* $OpenBSD: packet.h,v 1.89 2019/01/21 09:54:11 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -200,7 +200,7 @@ int sshpkt_get_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp)
200int sshpkt_peek_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp); 200int sshpkt_peek_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp);
201int sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp); 201int sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp);
202int sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g); 202int sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g);
203int sshpkt_get_bignum2(struct ssh *ssh, BIGNUM *v); 203int sshpkt_get_bignum2(struct ssh *ssh, BIGNUM **valp);
204int sshpkt_get_end(struct ssh *ssh); 204int sshpkt_get_end(struct ssh *ssh);
205void sshpkt_fmt_connection_id(struct ssh *ssh, char *s, size_t l); 205void sshpkt_fmt_connection_id(struct ssh *ssh, char *s, size_t l);
206const u_char *sshpkt_ptr(struct ssh *, size_t *lenp); 206const u_char *sshpkt_ptr(struct ssh *, size_t *lenp);
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
index 2f5531752..599c7199d 100644
--- a/ssh-ecdsa.c
+++ b/ssh-ecdsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-ecdsa.c,v 1.14 2018/02/07 02:06:51 jsing Exp $ */ 1/* $OpenBSD: ssh-ecdsa.c,v 1.16 2019/01/21 09:54:11 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -151,15 +151,13 @@ ssh_ecdsa_verify(const struct sshkey *key,
151 } 151 }
152 152
153 /* parse signature */ 153 /* parse signature */
154 if ((sig = ECDSA_SIG_new()) == NULL || 154 if (sshbuf_get_bignum2(sigbuf, &sig_r) != 0 ||
155 (sig_r = BN_new()) == NULL || 155 sshbuf_get_bignum2(sigbuf, &sig_s) != 0) {
156 (sig_s = BN_new()) == NULL) { 156 ret = SSH_ERR_INVALID_FORMAT;
157 ret = SSH_ERR_ALLOC_FAIL;
158 goto out; 157 goto out;
159 } 158 }
160 if (sshbuf_get_bignum2(sigbuf, sig_r) != 0 || 159 if ((sig = ECDSA_SIG_new()) == NULL) {
161 sshbuf_get_bignum2(sigbuf, sig_s) != 0) { 160 ret = SSH_ERR_ALLOC_FAIL;
162 ret = SSH_ERR_INVALID_FORMAT;
163 goto out; 161 goto out;
164 } 162 }
165 if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) { 163 if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) {
diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c
index a49b72ef7..3dd1e1446 100644
--- a/sshbuf-getput-crypto.c
+++ b/sshbuf-getput-crypto.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf-getput-crypto.c,v 1.6 2019/01/21 09:52:25 djm Exp $ */ 1/* $OpenBSD: sshbuf-getput-crypto.c,v 1.7 2019/01/21 09:54:11 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -32,16 +32,25 @@
32#include "sshbuf.h" 32#include "sshbuf.h"
33 33
34int 34int
35sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v) 35sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp)
36{ 36{
37 BIGNUM *v;
37 const u_char *d; 38 const u_char *d;
38 size_t len; 39 size_t len;
39 int r; 40 int r;
40 41
42 if (valp != NULL)
43 *valp = NULL;
41 if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0) 44 if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0)
42 return r; 45 return r;
43 if (v != NULL && BN_bin2bn(d, len, v) == NULL) 46 if (valp != NULL) {
44 return SSH_ERR_ALLOC_FAIL; 47 if ((v = BN_new()) == NULL ||
48 BN_bin2bn(d, len, v) == NULL) {
49 BN_clear_free(v);
50 return SSH_ERR_ALLOC_FAIL;
51 }
52 *valp = v;
53 }
45 return 0; 54 return 0;
46} 55}
47 56
diff --git a/sshbuf.h b/sshbuf.h
index fa54b4950..7900b82ba 100644
--- a/sshbuf.h
+++ b/sshbuf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf.h,v 1.12 2019/01/21 09:52:25 djm Exp $ */ 1/* $OpenBSD: sshbuf.h,v 1.13 2019/01/21 09:54:11 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -212,7 +212,7 @@ int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len);
212int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, 212int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
213 const u_char **valp, size_t *lenp); 213 const u_char **valp, size_t *lenp);
214#ifdef WITH_OPENSSL 214#ifdef WITH_OPENSSL
215int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v); 215int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp);
216int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); 216int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
217# ifdef OPENSSL_HAS_ECC 217# ifdef OPENSSL_HAS_ECC
218int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g); 218int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g);
diff --git a/sshkey.c b/sshkey.c
index 6555c5ef8..ad1957762 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.c,v 1.72 2018/10/11 00:52:46 djm Exp $ */ 1/* $OpenBSD: sshkey.c,v 1.73 2019/01/21 09:54:11 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved. 4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -2056,13 +2056,8 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
2056 ret = SSH_ERR_ALLOC_FAIL; 2056 ret = SSH_ERR_ALLOC_FAIL;
2057 goto out; 2057 goto out;
2058 } 2058 }
2059 if ((rsa_e = BN_new()) == NULL || 2059 if (sshbuf_get_bignum2(b, &rsa_e) != 0 ||
2060 (rsa_n = BN_new()) == NULL) { 2060 sshbuf_get_bignum2(b, &rsa_n) != 0) {
2061 ret = SSH_ERR_ALLOC_FAIL;
2062 goto out;
2063 }
2064 if (sshbuf_get_bignum2(b, rsa_e) != 0 ||
2065 sshbuf_get_bignum2(b, rsa_n) != 0) {
2066 ret = SSH_ERR_INVALID_FORMAT; 2061 ret = SSH_ERR_INVALID_FORMAT;
2067 goto out; 2062 goto out;
2068 } 2063 }
@@ -2089,17 +2084,10 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
2089 ret = SSH_ERR_ALLOC_FAIL; 2084 ret = SSH_ERR_ALLOC_FAIL;
2090 goto out; 2085 goto out;
2091 } 2086 }
2092 if ((dsa_p = BN_new()) == NULL || 2087 if (sshbuf_get_bignum2(b, &dsa_p) != 0 ||
2093 (dsa_q = BN_new()) == NULL || 2088 sshbuf_get_bignum2(b, &dsa_q) != 0 ||
2094 (dsa_g = BN_new()) == NULL || 2089 sshbuf_get_bignum2(b, &dsa_g) != 0 ||
2095 (dsa_pub_key = BN_new()) == NULL) { 2090 sshbuf_get_bignum2(b, &dsa_pub_key) != 0) {
2096 ret = SSH_ERR_ALLOC_FAIL;
2097 goto out;
2098 }
2099 if (sshbuf_get_bignum2(b, dsa_p) != 0 ||
2100 sshbuf_get_bignum2(b, dsa_q) != 0 ||
2101 sshbuf_get_bignum2(b, dsa_g) != 0 ||
2102 sshbuf_get_bignum2(b, dsa_pub_key) != 0) {
2103 ret = SSH_ERR_INVALID_FORMAT; 2091 ret = SSH_ERR_INVALID_FORMAT;
2104 goto out; 2092 goto out;
2105 } 2093 }
@@ -2941,19 +2929,11 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2941 r = SSH_ERR_ALLOC_FAIL; 2929 r = SSH_ERR_ALLOC_FAIL;
2942 goto out; 2930 goto out;
2943 } 2931 }
2944 if ((dsa_p = BN_new()) == NULL || 2932 if ((r = sshbuf_get_bignum2(buf, &dsa_p)) != 0 ||
2945 (dsa_q = BN_new()) == NULL || 2933 (r = sshbuf_get_bignum2(buf, &dsa_q)) != 0 ||
2946 (dsa_g = BN_new()) == NULL || 2934 (r = sshbuf_get_bignum2(buf, &dsa_g)) != 0 ||
2947 (dsa_pub_key = BN_new()) == NULL || 2935 (r = sshbuf_get_bignum2(buf, &dsa_pub_key)) != 0 ||
2948 (dsa_priv_key = BN_new()) == NULL) { 2936 (r = sshbuf_get_bignum2(buf, &dsa_priv_key)) != 0)
2949 r = SSH_ERR_ALLOC_FAIL;
2950 goto out;
2951 }
2952 if ((r = sshbuf_get_bignum2(buf, dsa_p)) != 0 ||
2953 (r = sshbuf_get_bignum2(buf, dsa_q)) != 0 ||
2954 (r = sshbuf_get_bignum2(buf, dsa_g)) != 0 ||
2955 (r = sshbuf_get_bignum2(buf, dsa_pub_key)) != 0 ||
2956 (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0)
2957 goto out; 2937 goto out;
2958 if (!DSA_set0_pqg(k->dsa, dsa_p, dsa_q, dsa_g)) { 2938 if (!DSA_set0_pqg(k->dsa, dsa_p, dsa_q, dsa_g)) {
2959 r = SSH_ERR_LIBCRYPTO_ERROR; 2939 r = SSH_ERR_LIBCRYPTO_ERROR;
@@ -2967,12 +2947,8 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2967 dsa_pub_key = dsa_priv_key = NULL; /* transferred */ 2947 dsa_pub_key = dsa_priv_key = NULL; /* transferred */
2968 break; 2948 break;
2969 case KEY_DSA_CERT: 2949 case KEY_DSA_CERT:
2970 if ((dsa_priv_key = BN_new()) == NULL) {
2971 r = SSH_ERR_ALLOC_FAIL;
2972 goto out;
2973 }
2974 if ((r = sshkey_froms(buf, &k)) != 0 || 2950 if ((r = sshkey_froms(buf, &k)) != 0 ||
2975 (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0) 2951 (r = sshbuf_get_bignum2(buf, &dsa_priv_key)) != 0)
2976 goto out; 2952 goto out;
2977 if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) { 2953 if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) {
2978 r = SSH_ERR_LIBCRYPTO_ERROR; 2954 r = SSH_ERR_LIBCRYPTO_ERROR;
@@ -2997,12 +2973,12 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2997 goto out; 2973 goto out;
2998 } 2974 }
2999 k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); 2975 k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
3000 if (k->ecdsa == NULL || (exponent = BN_new()) == NULL) { 2976 if (k->ecdsa == NULL) {
3001 r = SSH_ERR_LIBCRYPTO_ERROR; 2977 r = SSH_ERR_LIBCRYPTO_ERROR;
3002 goto out; 2978 goto out;
3003 } 2979 }
3004 if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 || 2980 if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 ||
3005 (r = sshbuf_get_bignum2(buf, exponent))) 2981 (r = sshbuf_get_bignum2(buf, &exponent)))
3006 goto out; 2982 goto out;
3007 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { 2983 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) {
3008 r = SSH_ERR_LIBCRYPTO_ERROR; 2984 r = SSH_ERR_LIBCRYPTO_ERROR;
@@ -3014,12 +2990,8 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
3014 goto out; 2990 goto out;
3015 break; 2991 break;
3016 case KEY_ECDSA_CERT: 2992 case KEY_ECDSA_CERT:
3017 if ((exponent = BN_new()) == NULL) {
3018 r = SSH_ERR_LIBCRYPTO_ERROR;
3019 goto out;
3020 }
3021 if ((r = sshkey_froms(buf, &k)) != 0 || 2993 if ((r = sshkey_froms(buf, &k)) != 0 ||
3022 (r = sshbuf_get_bignum2(buf, exponent)) != 0) 2994 (r = sshbuf_get_bignum2(buf, &exponent)) != 0)
3023 goto out; 2995 goto out;
3024 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { 2996 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) {
3025 r = SSH_ERR_LIBCRYPTO_ERROR; 2997 r = SSH_ERR_LIBCRYPTO_ERROR;
@@ -3036,21 +3008,12 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
3036 r = SSH_ERR_ALLOC_FAIL; 3008 r = SSH_ERR_ALLOC_FAIL;
3037 goto out; 3009 goto out;
3038 } 3010 }
3039 if ((rsa_n = BN_new()) == NULL || 3011 if ((r = sshbuf_get_bignum2(buf, &rsa_n)) != 0 ||
3040 (rsa_e = BN_new()) == NULL || 3012 (r = sshbuf_get_bignum2(buf, &rsa_e)) != 0 ||
3041 (rsa_d = BN_new()) == NULL || 3013 (r = sshbuf_get_bignum2(buf, &rsa_d)) != 0 ||
3042 (rsa_iqmp = BN_new()) == NULL || 3014 (r = sshbuf_get_bignum2(buf, &rsa_iqmp)) != 0 ||
3043 (rsa_p = BN_new()) == NULL || 3015 (r = sshbuf_get_bignum2(buf, &rsa_p)) != 0 ||
3044 (rsa_q = BN_new()) == NULL) { 3016 (r = sshbuf_get_bignum2(buf, &rsa_q)) != 0)
3045 r = SSH_ERR_ALLOC_FAIL;
3046 goto out;
3047 }
3048 if ((r = sshbuf_get_bignum2(buf, rsa_n)) != 0 ||
3049 (r = sshbuf_get_bignum2(buf, rsa_e)) != 0 ||
3050 (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 ||
3051 (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 ||
3052 (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 ||
3053 (r = sshbuf_get_bignum2(buf, rsa_q)) != 0)
3054 goto out; 3017 goto out;
3055 if (!RSA_set0_key(k->rsa, rsa_n, rsa_e, rsa_d)) { 3018 if (!RSA_set0_key(k->rsa, rsa_n, rsa_e, rsa_d)) {
3056 r = SSH_ERR_LIBCRYPTO_ERROR; 3019 r = SSH_ERR_LIBCRYPTO_ERROR;
@@ -3068,18 +3031,11 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
3068 goto out; 3031 goto out;
3069 break; 3032 break;
3070 case KEY_RSA_CERT: 3033 case KEY_RSA_CERT:
3071 if ((rsa_d = BN_new()) == NULL ||
3072 (rsa_iqmp = BN_new()) == NULL ||
3073 (rsa_p = BN_new()) == NULL ||
3074 (rsa_q = BN_new()) == NULL) {
3075 r = SSH_ERR_ALLOC_FAIL;
3076 goto out;
3077 }
3078 if ((r = sshkey_froms(buf, &k)) != 0 || 3034 if ((r = sshkey_froms(buf, &k)) != 0 ||
3079 (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 || 3035 (r = sshbuf_get_bignum2(buf, &rsa_d)) != 0 ||
3080 (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 || 3036 (r = sshbuf_get_bignum2(buf, &rsa_iqmp)) != 0 ||
3081 (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 || 3037 (r = sshbuf_get_bignum2(buf, &rsa_p)) != 0 ||
3082 (r = sshbuf_get_bignum2(buf, rsa_q)) != 0) 3038 (r = sshbuf_get_bignum2(buf, &rsa_q)) != 0)
3083 goto out; 3039 goto out;
3084 if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) { 3040 if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) {
3085 r = SSH_ERR_LIBCRYPTO_ERROR; 3041 r = SSH_ERR_LIBCRYPTO_ERROR;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-24 13:22:11 +0000