diff options
Diffstat (limited to 'key.c')
-rw-r--r-- | key.c | 54 |
1 files changed, 24 insertions, 30 deletions
@@ -1,3 +1,4 @@ | |||
1 | /* $OpenBSD: key.c,v 1.68 2006/11/06 21:25:28 markus Exp $ */ | ||
1 | /* | 2 | /* |
2 | * read_bignum(): | 3 | * read_bignum(): |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -31,17 +32,22 @@ | |||
31 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 33 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
33 | */ | 34 | */ |
35 | |||
34 | #include "includes.h" | 36 | #include "includes.h" |
35 | RCSID("$OpenBSD: key.c,v 1.58 2005/06/17 02:44:32 djm Exp $"); | 37 | |
38 | #include <sys/types.h> | ||
36 | 39 | ||
37 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
38 | 41 | ||
42 | #include <stdarg.h> | ||
43 | #include <stdio.h> | ||
44 | #include <string.h> | ||
45 | |||
39 | #include "xmalloc.h" | 46 | #include "xmalloc.h" |
40 | #include "key.h" | 47 | #include "key.h" |
41 | #include "rsa.h" | 48 | #include "rsa.h" |
42 | #include "uuencode.h" | 49 | #include "uuencode.h" |
43 | #include "buffer.h" | 50 | #include "buffer.h" |
44 | #include "bufaux.h" | ||
45 | #include "log.h" | 51 | #include "log.h" |
46 | 52 | ||
47 | Key * | 53 | Key * |
@@ -50,9 +56,8 @@ key_new(int type) | |||
50 | Key *k; | 56 | Key *k; |
51 | RSA *rsa; | 57 | RSA *rsa; |
52 | DSA *dsa; | 58 | DSA *dsa; |
53 | k = xmalloc(sizeof(*k)); | 59 | k = xcalloc(1, sizeof(*k)); |
54 | k->type = type; | 60 | k->type = type; |
55 | k->flags = 0; | ||
56 | k->dsa = NULL; | 61 | k->dsa = NULL; |
57 | k->rsa = NULL; | 62 | k->rsa = NULL; |
58 | switch (k->type) { | 63 | switch (k->type) { |
@@ -123,6 +128,8 @@ key_new_private(int type) | |||
123 | void | 128 | void |
124 | key_free(Key *k) | 129 | key_free(Key *k) |
125 | { | 130 | { |
131 | if (k == NULL) | ||
132 | fatal("key_free: key is NULL"); | ||
126 | switch (k->type) { | 133 | switch (k->type) { |
127 | case KEY_RSA1: | 134 | case KEY_RSA1: |
128 | case KEY_RSA: | 135 | case KEY_RSA: |
@@ -155,14 +162,12 @@ key_equal(const Key *a, const Key *b) | |||
155 | return a->rsa != NULL && b->rsa != NULL && | 162 | return a->rsa != NULL && b->rsa != NULL && |
156 | BN_cmp(a->rsa->e, b->rsa->e) == 0 && | 163 | BN_cmp(a->rsa->e, b->rsa->e) == 0 && |
157 | BN_cmp(a->rsa->n, b->rsa->n) == 0; | 164 | BN_cmp(a->rsa->n, b->rsa->n) == 0; |
158 | break; | ||
159 | case KEY_DSA: | 165 | case KEY_DSA: |
160 | return a->dsa != NULL && b->dsa != NULL && | 166 | return a->dsa != NULL && b->dsa != NULL && |
161 | BN_cmp(a->dsa->p, b->dsa->p) == 0 && | 167 | BN_cmp(a->dsa->p, b->dsa->p) == 0 && |
162 | BN_cmp(a->dsa->q, b->dsa->q) == 0 && | 168 | BN_cmp(a->dsa->q, b->dsa->q) == 0 && |
163 | BN_cmp(a->dsa->g, b->dsa->g) == 0 && | 169 | BN_cmp(a->dsa->g, b->dsa->g) == 0 && |
164 | BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; | 170 | BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; |
165 | break; | ||
166 | default: | 171 | default: |
167 | fatal("key_equal: bad key type %d", a->type); | 172 | fatal("key_equal: bad key type %d", a->type); |
168 | break; | 173 | break; |
@@ -209,7 +214,6 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, | |||
209 | break; | 214 | break; |
210 | case KEY_UNSPEC: | 215 | case KEY_UNSPEC: |
211 | return retval; | 216 | return retval; |
212 | break; | ||
213 | default: | 217 | default: |
214 | fatal("key_fingerprint_raw: bad key type %d", k->type); | 218 | fatal("key_fingerprint_raw: bad key type %d", k->type); |
215 | break; | 219 | break; |
@@ -233,8 +237,7 @@ key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len) | |||
233 | char *retval; | 237 | char *retval; |
234 | u_int i; | 238 | u_int i; |
235 | 239 | ||
236 | retval = xmalloc(dgst_raw_len * 3 + 1); | 240 | retval = xcalloc(1, dgst_raw_len * 3 + 1); |
237 | retval[0] = '\0'; | ||
238 | for (i = 0; i < dgst_raw_len; i++) { | 241 | for (i = 0; i < dgst_raw_len; i++) { |
239 | char hex[4]; | 242 | char hex[4]; |
240 | snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]); | 243 | snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]); |
@@ -256,7 +259,7 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) | |||
256 | char *retval; | 259 | char *retval; |
257 | 260 | ||
258 | rounds = (dgst_raw_len / 2) + 1; | 261 | rounds = (dgst_raw_len / 2) + 1; |
259 | retval = xmalloc(sizeof(char) * (rounds*6)); | 262 | retval = xcalloc((rounds * 6), sizeof(char)); |
260 | retval[j++] = 'x'; | 263 | retval[j++] = 'x'; |
261 | for (i = 0; i < rounds; i++) { | 264 | for (i = 0; i < rounds; i++) { |
262 | u_int idx0, idx1, idx2, idx3, idx4; | 265 | u_int idx0, idx1, idx2, idx3, idx4; |
@@ -530,13 +533,10 @@ key_type(const Key *k) | |||
530 | switch (k->type) { | 533 | switch (k->type) { |
531 | case KEY_RSA1: | 534 | case KEY_RSA1: |
532 | return "RSA1"; | 535 | return "RSA1"; |
533 | break; | ||
534 | case KEY_RSA: | 536 | case KEY_RSA: |
535 | return "RSA"; | 537 | return "RSA"; |
536 | break; | ||
537 | case KEY_DSA: | 538 | case KEY_DSA: |
538 | return "DSA"; | 539 | return "DSA"; |
539 | break; | ||
540 | } | 540 | } |
541 | return "unknown"; | 541 | return "unknown"; |
542 | } | 542 | } |
@@ -547,10 +547,8 @@ key_ssh_name(const Key *k) | |||
547 | switch (k->type) { | 547 | switch (k->type) { |
548 | case KEY_RSA: | 548 | case KEY_RSA: |
549 | return "ssh-rsa"; | 549 | return "ssh-rsa"; |
550 | break; | ||
551 | case KEY_DSA: | 550 | case KEY_DSA: |
552 | return "ssh-dss"; | 551 | return "ssh-dss"; |
553 | break; | ||
554 | } | 552 | } |
555 | return "ssh-unknown"; | 553 | return "ssh-unknown"; |
556 | } | 554 | } |
@@ -562,10 +560,8 @@ key_size(const Key *k) | |||
562 | case KEY_RSA1: | 560 | case KEY_RSA1: |
563 | case KEY_RSA: | 561 | case KEY_RSA: |
564 | return BN_num_bits(k->rsa->n); | 562 | return BN_num_bits(k->rsa->n); |
565 | break; | ||
566 | case KEY_DSA: | 563 | case KEY_DSA: |
567 | return BN_num_bits(k->dsa->p); | 564 | return BN_num_bits(k->dsa->p); |
568 | break; | ||
569 | } | 565 | } |
570 | return 0; | 566 | return 0; |
571 | } | 567 | } |
@@ -574,6 +570,7 @@ static RSA * | |||
574 | rsa_generate_private_key(u_int bits) | 570 | rsa_generate_private_key(u_int bits) |
575 | { | 571 | { |
576 | RSA *private; | 572 | RSA *private; |
573 | |||
577 | private = RSA_generate_key(bits, 35, NULL, NULL); | 574 | private = RSA_generate_key(bits, 35, NULL, NULL); |
578 | if (private == NULL) | 575 | if (private == NULL) |
579 | fatal("rsa_generate_private_key: key generation failed."); | 576 | fatal("rsa_generate_private_key: key generation failed."); |
@@ -584,6 +581,7 @@ static DSA* | |||
584 | dsa_generate_private_key(u_int bits) | 581 | dsa_generate_private_key(u_int bits) |
585 | { | 582 | { |
586 | DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); | 583 | DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); |
584 | |||
587 | if (private == NULL) | 585 | if (private == NULL) |
588 | fatal("dsa_generate_private_key: DSA_generate_parameters failed"); | 586 | fatal("dsa_generate_private_key: DSA_generate_parameters failed"); |
589 | if (!DSA_generate_key(private)) | 587 | if (!DSA_generate_key(private)) |
@@ -619,16 +617,18 @@ key_from_private(const Key *k) | |||
619 | switch (k->type) { | 617 | switch (k->type) { |
620 | case KEY_DSA: | 618 | case KEY_DSA: |
621 | n = key_new(k->type); | 619 | n = key_new(k->type); |
622 | BN_copy(n->dsa->p, k->dsa->p); | 620 | if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || |
623 | BN_copy(n->dsa->q, k->dsa->q); | 621 | (BN_copy(n->dsa->q, k->dsa->q) == NULL) || |
624 | BN_copy(n->dsa->g, k->dsa->g); | 622 | (BN_copy(n->dsa->g, k->dsa->g) == NULL) || |
625 | BN_copy(n->dsa->pub_key, k->dsa->pub_key); | 623 | (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) |
624 | fatal("key_from_private: BN_copy failed"); | ||
626 | break; | 625 | break; |
627 | case KEY_RSA: | 626 | case KEY_RSA: |
628 | case KEY_RSA1: | 627 | case KEY_RSA1: |
629 | n = key_new(k->type); | 628 | n = key_new(k->type); |
630 | BN_copy(n->rsa->n, k->rsa->n); | 629 | if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || |
631 | BN_copy(n->rsa->e, k->rsa->e); | 630 | (BN_copy(n->rsa->e, k->rsa->e) == NULL)) |
631 | fatal("key_from_private: BN_copy failed"); | ||
632 | break; | 632 | break; |
633 | default: | 633 | default: |
634 | fatal("key_from_private: unknown type %d", k->type); | 634 | fatal("key_from_private: unknown type %d", k->type); |
@@ -793,14 +793,11 @@ key_sign( | |||
793 | switch (key->type) { | 793 | switch (key->type) { |
794 | case KEY_DSA: | 794 | case KEY_DSA: |
795 | return ssh_dss_sign(key, sigp, lenp, data, datalen); | 795 | return ssh_dss_sign(key, sigp, lenp, data, datalen); |
796 | break; | ||
797 | case KEY_RSA: | 796 | case KEY_RSA: |
798 | return ssh_rsa_sign(key, sigp, lenp, data, datalen); | 797 | return ssh_rsa_sign(key, sigp, lenp, data, datalen); |
799 | break; | ||
800 | default: | 798 | default: |
801 | error("key_sign: invalid key type %d", key->type); | 799 | error("key_sign: invalid key type %d", key->type); |
802 | return -1; | 800 | return -1; |
803 | break; | ||
804 | } | 801 | } |
805 | } | 802 | } |
806 | 803 | ||
@@ -820,14 +817,11 @@ key_verify( | |||
820 | switch (key->type) { | 817 | switch (key->type) { |
821 | case KEY_DSA: | 818 | case KEY_DSA: |
822 | return ssh_dss_verify(key, signature, signaturelen, data, datalen); | 819 | return ssh_dss_verify(key, signature, signaturelen, data, datalen); |
823 | break; | ||
824 | case KEY_RSA: | 820 | case KEY_RSA: |
825 | return ssh_rsa_verify(key, signature, signaturelen, data, datalen); | 821 | return ssh_rsa_verify(key, signature, signaturelen, data, datalen); |
826 | break; | ||
827 | default: | 822 | default: |
828 | error("key_verify: invalid key type %d", key->type); | 823 | error("key_verify: invalid key type %d", key->type); |
829 | return -1; | 824 | return -1; |
830 | break; | ||
831 | } | 825 | } |
832 | } | 826 | } |
833 | 827 | ||
@@ -837,7 +831,7 @@ key_demote(const Key *k) | |||
837 | { | 831 | { |
838 | Key *pk; | 832 | Key *pk; |
839 | 833 | ||
840 | pk = xmalloc(sizeof(*pk)); | 834 | pk = xcalloc(1, sizeof(*pk)); |
841 | pk->type = k->type; | 835 | pk->type = k->type; |
842 | pk->flags = k->flags; | 836 | pk->flags = k->flags; |
843 | pk->dsa = NULL; | 837 | pk->dsa = NULL; |