1 files changed, 24 insertions, 30 deletions
diff --git a/key.c b/key.c
index 239a35919..5563608ec 100644
--- a/key.c
+++ b/key.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: key.c,v 1.68 2006/11/06 21:25:28 markus Exp $ */
 /*
 * read_bignum():
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -31,17 +32,22 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.58 2005/06/17 02:44:32 djm Exp $");
+#include <sys/types.h>
 #include <openssl/evp.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
 #include "xmalloc.h"
 #include "key.h"
 #include "rsa.h"
 #include "uuencode.h"
 #include "buffer.h"
-#include "bufaux.h"
 #include "log.h"
 Key *
@@ -50,9 +56,8 @@ key_new(int type)
        Key *k;
        RSA *rsa;
        DSA *dsa;
-        k = xmalloc(sizeof(*k));
+        k = xcalloc(1, sizeof(*k));
        k->type = type;
-        k->flags = 0;
        k->dsa = NULL;
        k->rsa = NULL;
        switch (k->type) {
@@ -123,6 +128,8 @@ key_new_private(int type)
 void
 key_free(Key *k)
 {
+        if (k == NULL)
+                fatal("key_free: key is NULL");
        switch (k->type) {
        case KEY_RSA1:
        case KEY_RSA:
@@ -155,14 +162,12 @@ key_equal(const Key *a, const Key *b)
                return a->rsa != NULL && b->rsa != NULL &&
                    BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
                    BN_cmp(a->rsa->n, b->rsa->n) == 0;
-                break;
        case KEY_DSA:
                return a->dsa != NULL && b->dsa != NULL &&
                    BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
                    BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
                    BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
                    BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
-                break;
        default:
                fatal("key_equal: bad key type %d", a->type);
                break;
@@ -209,7 +214,6 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
                break;
        case KEY_UNSPEC:
                return retval;
-                break;
        default:
                fatal("key_fingerprint_raw: bad key type %d", k->type);
                break;
@@ -233,8 +237,7 @@ key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
        char *retval;
        u_int i;
-        retval = xmalloc(dgst_raw_len * 3 + 1);
+        retval = xcalloc(1, dgst_raw_len * 3 + 1);
-        retval[0] = '\0';
        for (i = 0; i < dgst_raw_len; i++) {
                char hex[4];
                snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
@@ -256,7 +259,7 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
        char *retval;
        rounds = (dgst_raw_len / 2) + 1;
-        retval = xmalloc(sizeof(char) * (rounds*6));
+        retval = xcalloc((rounds * 6), sizeof(char));
        retval[j++] = 'x';
        for (i = 0; i < rounds; i++) {
                u_int idx0, idx1, idx2, idx3, idx4;
@@ -530,13 +533,10 @@ key_type(const Key *k)
        switch (k->type) {
        case KEY_RSA1:
                return "RSA1";
-                break;
        case KEY_RSA:
                return "RSA";
-                break;
        case KEY_DSA:
                return "DSA";
-                break;
        }
        return "unknown";
 }
@@ -547,10 +547,8 @@ key_ssh_name(const Key *k)
        switch (k->type) {
        case KEY_RSA:
                return "ssh-rsa";
-                break;
        case KEY_DSA:
                return "ssh-dss";
-                break;
        }
        return "ssh-unknown";
 }
@@ -562,10 +560,8 @@ key_size(const Key *k)
        case KEY_RSA1:
        case KEY_RSA:
                return BN_num_bits(k->rsa->n);
-                break;
        case KEY_DSA:
                return BN_num_bits(k->dsa->p);
-                break;
        }
        return 0;
 }
@@ -574,6 +570,7 @@ static RSA *
 rsa_generate_private_key(u_int bits)
 {
        RSA *private;
        private = RSA_generate_key(bits, 35, NULL, NULL);
        if (private == NULL)
                fatal("rsa_generate_private_key: key generation failed.");
@@ -584,6 +581,7 @@ static DSA*
 dsa_generate_private_key(u_int bits)
 {
        DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
        if (private == NULL)
                fatal("dsa_generate_private_key: DSA_generate_parameters failed");
        if (!DSA_generate_key(private))
@@ -619,16 +617,18 @@ key_from_private(const Key *k)
        switch (k->type) {
        case KEY_DSA:
                n = key_new(k->type);
-                BN_copy(n->dsa->p, k->dsa->p);
+                if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
-                BN_copy(n->dsa->q, k->dsa->q);
+                    (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
-                BN_copy(n->dsa->g, k->dsa->g);
+                    (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
-                BN_copy(n->dsa->pub_key, k->dsa->pub_key);
+                    (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL))
+                        fatal("key_from_private: BN_copy failed");
                break;
        case KEY_RSA:
        case KEY_RSA1:
                n = key_new(k->type);
-                BN_copy(n->rsa->n, k->rsa->n);
+                if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
-                BN_copy(n->rsa->e, k->rsa->e);
+                    (BN_copy(n->rsa->e, k->rsa->e) == NULL))
+                        fatal("key_from_private: BN_copy failed");
                break;
        default:
                fatal("key_from_private: unknown type %d", k->type);
@@ -795,14 +795,11 @@ key_sign(
        switch (key->type) {
        case KEY_DSA:
                return ssh_dss_sign(key, sigp, lenp, data, datalen);
-                break;
        case KEY_RSA:
                return ssh_rsa_sign(key, sigp, lenp, data, datalen);
-                break;
        default:
                error("key_sign: invalid key type %d", key->type);
                return -1;
-                break;
        }
 }
@@ -822,14 +819,11 @@ key_verify(
        switch (key->type) {
        case KEY_DSA:
                return ssh_dss_verify(key, signature, signaturelen, data, datalen);
-                break;
        case KEY_RSA:
                return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
-                break;
        default:
                error("key_verify: invalid key type %d", key->type);
                return -1;
-                break;
        }
 }
@@ -839,7 +833,7 @@ key_demote(const Key *k)
 {
        Key *pk;
-        pk = xmalloc(sizeof(*pk));
+        pk = xcalloc(1, sizeof(*pk));
        pk->type = k->type;
        pk->flags = k->flags;
        pk->dsa = NULL;

diff --git a/key.c b/key.c index 239a35919..5563608ec 100644 --- a/key.c +++ b/key.c
@@ -1,3 +1,4 @@
		1	/* $OpenBSD: key.c,v 1.68 2006/11/06 21:25:28 markus Exp $ */
1	/*	2	/*
2	* read_bignum():	3	* read_bignum():
3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -31,17 +32,22 @@
31	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	32	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	33	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33	*/	34	*/
		35
34	#include "includes.h"	36	#include "includes.h"
35	RCSID("$OpenBSD: key.c,v 1.58 2005/06/17 02:44:32 djm Exp $");	37
		38	#include <sys/types.h>
36		39
37	#include <openssl/evp.h>	40	#include <openssl/evp.h>
38		41
		42	#include <stdarg.h>
		43	#include <stdio.h>
		44	#include <string.h>
		45
39	#include "xmalloc.h"	46	#include "xmalloc.h"
40	#include "key.h"	47	#include "key.h"
41	#include "rsa.h"	48	#include "rsa.h"
42	#include "uuencode.h"	49	#include "uuencode.h"
43	#include "buffer.h"	50	#include "buffer.h"
44	#include "bufaux.h"
45	#include "log.h"	51	#include "log.h"
46		52
47	Key *	53	Key *
@@ -50,9 +56,8 @@ key_new(int type)
50	Key *k;	56	Key *k;
51	RSA *rsa;	57	RSA *rsa;
52	DSA *dsa;	58	DSA *dsa;
53	k = xmalloc(sizeof(*k));	59	k = xcalloc(1, sizeof(*k));
54	k->type = type;	60	k->type = type;
55	k->flags = 0;
56	k->dsa = NULL;	61	k->dsa = NULL;
57	k->rsa = NULL;	62	k->rsa = NULL;
58	switch (k->type) {	63	switch (k->type) {
@@ -123,6 +128,8 @@ key_new_private(int type)
123	void	128	void
124	key_free(Key *k)	129	key_free(Key *k)
125	{	130	{
		131	if (k == NULL)
		132	fatal("key_free: key is NULL");
126	switch (k->type) {	133	switch (k->type) {
127	case KEY_RSA1:	134	case KEY_RSA1:
128	case KEY_RSA:	135	case KEY_RSA:
@@ -155,14 +162,12 @@ key_equal(const Key a, const Key b)
155	return a->rsa != NULL && b->rsa != NULL &&	162	return a->rsa != NULL && b->rsa != NULL &&
156	BN_cmp(a->rsa->e, b->rsa->e) == 0 &&	163	BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
157	BN_cmp(a->rsa->n, b->rsa->n) == 0;	164	BN_cmp(a->rsa->n, b->rsa->n) == 0;
158	break;
159	case KEY_DSA:	165	case KEY_DSA:
160	return a->dsa != NULL && b->dsa != NULL &&	166	return a->dsa != NULL && b->dsa != NULL &&
161	BN_cmp(a->dsa->p, b->dsa->p) == 0 &&	167	BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
162	BN_cmp(a->dsa->q, b->dsa->q) == 0 &&	168	BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
163	BN_cmp(a->dsa->g, b->dsa->g) == 0 &&	169	BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
164	BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;	170	BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
165	break;
166	default:	171	default:
167	fatal("key_equal: bad key type %d", a->type);	172	fatal("key_equal: bad key type %d", a->type);
168	break;	173	break;
@@ -209,7 +214,6 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
209	break;	214	break;
210	case KEY_UNSPEC:	215	case KEY_UNSPEC:
211	return retval;	216	return retval;
212	break;
213	default:	217	default:
214	fatal("key_fingerprint_raw: bad key type %d", k->type);	218	fatal("key_fingerprint_raw: bad key type %d", k->type);
215	break;	219	break;
@@ -233,8 +237,7 @@ key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
233	char *retval;	237	char *retval;
234	u_int i;	238	u_int i;
235		239
236	retval = xmalloc(dgst_raw_len * 3 + 1);	240	retval = xcalloc(1, dgst_raw_len * 3 + 1);
237	retval[0] = '\0';
238	for (i = 0; i < dgst_raw_len; i++) {	241	for (i = 0; i < dgst_raw_len; i++) {
239	char hex[4];	242	char hex[4];
240	snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);	243	snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
@@ -256,7 +259,7 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
256	char *retval;	259	char *retval;
257		260
258	rounds = (dgst_raw_len / 2) + 1;	261	rounds = (dgst_raw_len / 2) + 1;
259	retval = xmalloc(sizeof(char) * (rounds*6));	262	retval = xcalloc((rounds * 6), sizeof(char));
260	retval[j++] = 'x';	263	retval[j++] = 'x';
261	for (i = 0; i < rounds; i++) {	264	for (i = 0; i < rounds; i++) {
262	u_int idx0, idx1, idx2, idx3, idx4;	265	u_int idx0, idx1, idx2, idx3, idx4;
@@ -530,13 +533,10 @@ key_type(const Key *k)
530	switch (k->type) {	533	switch (k->type) {
531	case KEY_RSA1:	534	case KEY_RSA1:
532	return "RSA1";	535	return "RSA1";
533	break;
534	case KEY_RSA:	536	case KEY_RSA:
535	return "RSA";	537	return "RSA";
536	break;
537	case KEY_DSA:	538	case KEY_DSA:
538	return "DSA";	539	return "DSA";
539	break;
540	}	540	}
541	return "unknown";	541	return "unknown";
542	}	542	}
@@ -547,10 +547,8 @@ key_ssh_name(const Key *k)
547	switch (k->type) {	547	switch (k->type) {
548	case KEY_RSA:	548	case KEY_RSA:
549	return "ssh-rsa";	549	return "ssh-rsa";
550	break;
551	case KEY_DSA:	550	case KEY_DSA:
552	return "ssh-dss";	551	return "ssh-dss";
553	break;
554	}	552	}
555	return "ssh-unknown";	553	return "ssh-unknown";
556	}	554	}
@@ -562,10 +560,8 @@ key_size(const Key *k)
562	case KEY_RSA1:	560	case KEY_RSA1:
563	case KEY_RSA:	561	case KEY_RSA:
564	return BN_num_bits(k->rsa->n);	562	return BN_num_bits(k->rsa->n);
565	break;
566	case KEY_DSA:	563	case KEY_DSA:
567	return BN_num_bits(k->dsa->p);	564	return BN_num_bits(k->dsa->p);
568	break;
569	}	565	}
570	return 0;	566	return 0;
571	}	567	}
@@ -574,6 +570,7 @@ static RSA *
574	rsa_generate_private_key(u_int bits)	570	rsa_generate_private_key(u_int bits)
575	{	571	{
576	RSA *private;	572	RSA *private;
		573
577	private = RSA_generate_key(bits, 35, NULL, NULL);	574	private = RSA_generate_key(bits, 35, NULL, NULL);
578	if (private == NULL)	575	if (private == NULL)
579	fatal("rsa_generate_private_key: key generation failed.");	576	fatal("rsa_generate_private_key: key generation failed.");
@@ -584,6 +581,7 @@ static DSA*
584	dsa_generate_private_key(u_int bits)	581	dsa_generate_private_key(u_int bits)
585	{	582	{
586	DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);	583	DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
		584
587	if (private == NULL)	585	if (private == NULL)
588	fatal("dsa_generate_private_key: DSA_generate_parameters failed");	586	fatal("dsa_generate_private_key: DSA_generate_parameters failed");
589	if (!DSA_generate_key(private))	587	if (!DSA_generate_key(private))
@@ -619,16 +617,18 @@ key_from_private(const Key *k)
619	switch (k->type) {	617	switch (k->type) {
620	case KEY_DSA:	618	case KEY_DSA:
621	n = key_new(k->type);	619	n = key_new(k->type);
622	BN_copy(n->dsa->p, k->dsa->p);	620	if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) \|\|
623	BN_copy(n->dsa->q, k->dsa->q);	621	(BN_copy(n->dsa->q, k->dsa->q) == NULL) \|\|
624	BN_copy(n->dsa->g, k->dsa->g);	622	(BN_copy(n->dsa->g, k->dsa->g) == NULL) \|\|
625	BN_copy(n->dsa->pub_key, k->dsa->pub_key);	623	(BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL))
		624	fatal("key_from_private: BN_copy failed");
626	break;	625	break;
627	case KEY_RSA:	626	case KEY_RSA:
628	case KEY_RSA1:	627	case KEY_RSA1:
629	n = key_new(k->type);	628	n = key_new(k->type);
630	BN_copy(n->rsa->n, k->rsa->n);	629	if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) \|\|
631	BN_copy(n->rsa->e, k->rsa->e);	630	(BN_copy(n->rsa->e, k->rsa->e) == NULL))
		631	fatal("key_from_private: BN_copy failed");
632	break;	632	break;
633	default:	633	default:
634	fatal("key_from_private: unknown type %d", k->type);	634	fatal("key_from_private: unknown type %d", k->type);
@@ -795,14 +795,11 @@ key_sign(
795	switch (key->type) {	795	switch (key->type) {
796	case KEY_DSA:	796	case KEY_DSA:
797	return ssh_dss_sign(key, sigp, lenp, data, datalen);	797	return ssh_dss_sign(key, sigp, lenp, data, datalen);
798	break;
799	case KEY_RSA:	798	case KEY_RSA:
800	return ssh_rsa_sign(key, sigp, lenp, data, datalen);	799	return ssh_rsa_sign(key, sigp, lenp, data, datalen);
801	break;
802	default:	800	default:
803	error("key_sign: invalid key type %d", key->type);	801	error("key_sign: invalid key type %d", key->type);
804	return -1;	802	return -1;
805	break;
806	}	803	}
807	}	804	}
808		805
@@ -822,14 +819,11 @@ key_verify(
822	switch (key->type) {	819	switch (key->type) {
823	case KEY_DSA:	820	case KEY_DSA:
824	return ssh_dss_verify(key, signature, signaturelen, data, datalen);	821	return ssh_dss_verify(key, signature, signaturelen, data, datalen);
825	break;
826	case KEY_RSA:	822	case KEY_RSA:
827	return ssh_rsa_verify(key, signature, signaturelen, data, datalen);	823	return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
828	break;
829	default:	824	default:
830	error("key_verify: invalid key type %d", key->type);	825	error("key_verify: invalid key type %d", key->type);
831	return -1;	826	return -1;
832	break;
833	}	827	}
834	}	828	}
835		829
@@ -839,7 +833,7 @@ key_demote(const Key *k)
839	{	833	{
840	Key *pk;	834	Key *pk;
841		835
842	pk = xmalloc(sizeof(*pk));	836	pk = xcalloc(1, sizeof(*pk));
843	pk->type = k->type;	837	pk->type = k->type;
844	pk->flags = k->flags;	838	pk->flags = k->flags;
845	pk->dsa = NULL;	839	pk->dsa = NULL;