1 files changed, 63 insertions, 4 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index 2c0e28696..afba413d7 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.166 2010/04/16 01:47:26 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -468,6 +468,11 @@ process_add_identity(SocketEntry *e, int version)
        int type, success = 0, death = 0, confirm = 0;
        char *type_name, *comment;
        Key *k = NULL;
+#ifdef OPENSSL_HAS_ECC
+        BIGNUM *exponent;
+        EC_POINT *q;
+        char *curve;
+#endif
        u_char *cert;
        u_int len;
@@ -490,7 +495,6 @@ process_add_identity(SocketEntry *e, int version)
        case 2:
                type_name = buffer_get_string(&e->request, NULL);
                type = key_type_from_name(type_name);
-                xfree(type_name);
                switch (type) {
                case KEY_DSA:
                        k = key_new_private(type);
@@ -509,6 +513,59 @@ process_add_identity(SocketEntry *e, int version)
                        key_add_private(k);
                        buffer_get_bignum2(&e->request, k->dsa->priv_key);
                        break;
+#ifdef OPENSSL_HAS_ECC
+                case KEY_ECDSA:
+                        k = key_new_private(type);
+                        k->ecdsa_nid = key_ecdsa_nid_from_name(type_name);
+                        curve = buffer_get_string(&e->request, NULL);
+                        if (k->ecdsa_nid != key_curve_name_to_nid(curve))
+                                fatal("%s: curve names mismatch", __func__);
+                        xfree(curve);
+                        k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
+                        if (k->ecdsa == NULL)
+                                fatal("%s: EC_KEY_new_by_curve_name failed",
+                                    __func__);
+                        q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
+                        if (q == NULL)
+                                fatal("%s: BN_new failed", __func__);
+                        if ((exponent = BN_new()) == NULL)
+                                fatal("%s: BN_new failed", __func__);
+                        buffer_get_ecpoint(&e->request,
+                                EC_KEY_get0_group(k->ecdsa), q);
+                        buffer_get_bignum2(&e->request, exponent);
+                        if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
+                                fatal("%s: EC_KEY_set_public_key failed",
+                                    __func__);
+                        if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
+                                fatal("%s: EC_KEY_set_private_key failed",
+                                    __func__);
+                        if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
+                            EC_KEY_get0_public_key(k->ecdsa)) != 0)
+                                fatal("%s: bad ECDSA public key", __func__);
+                        if (key_ec_validate_private(k->ecdsa) != 0)
+                                fatal("%s: bad ECDSA private key", __func__);
+                        BN_clear_free(exponent);
+                        EC_POINT_free(q);
+                        break;
+                case KEY_ECDSA_CERT:
+                        cert = buffer_get_string(&e->request, &len);
+                        if ((k = key_from_blob(cert, len)) == NULL)
+                                fatal("Certificate parse failed");
+                        xfree(cert);
+                        key_add_private(k);
+                        if ((exponent = BN_new()) == NULL)
+                                fatal("%s: BN_new failed", __func__);
+                        buffer_get_bignum2(&e->request, exponent);
+                        if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
+                                fatal("%s: EC_KEY_set_private_key failed",
+                                    __func__);
+                        if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
+                            EC_KEY_get0_public_key(k->ecdsa)) != 0 ||
+                            key_ec_validate_private(k->ecdsa) != 0)
+                                fatal("%s: bad ECDSA key", __func__);
+                        BN_clear_free(exponent);
+                        break;
+#endif /* OPENSSL_HAS_ECC */
                case KEY_RSA:
                        k = key_new_private(type);
                        buffer_get_bignum2(&e->request, k->rsa->n);
@@ -534,9 +591,11 @@ process_add_identity(SocketEntry *e, int version)
                        buffer_get_bignum2(&e->request, k->rsa->q);
                        break;
                default:
+                        xfree(type_name);
                        buffer_clear(&e->request);
                        goto send;
                }
+                xfree(type_name);
                break;
        }
        /* enable blinding */
@@ -1092,7 +1151,7 @@ main(int ac, char **av)
        prctl(PR_SET_DUMPABLE, 0);
 #endif
-        SSLeay_add_all_algorithms();
+        OpenSSL_add_all_algorithms();
        __progname = ssh_get_progname(av[0]);
        init_rng();
@@ -1173,7 +1232,7 @@ main(int ac, char **av)
        if (agentsocket == NULL) {
                /* Create private directory for agent socket */
-                strlcpy(socket_dir, "/tmp/ssh-XXXXXXXXXX", sizeof socket_dir);
+                mktemp_proto(socket_dir, sizeof(socket_dir));
                if (mkdtemp(socket_dir) == NULL) {
                        perror("mkdtemp: private socket dir");
                        exit(1);

diff --git a/ssh-agent.c b/ssh-agent.c index 2c0e28696..afba413d7 100644 --- a/ssh-agent.c +++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-agent.c,v 1.166 2010/04/16 01:47:26 djm Exp $ */	1	/* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -468,6 +468,11 @@ process_add_identity(SocketEntry *e, int version)
468	int type, success = 0, death = 0, confirm = 0;	468	int type, success = 0, death = 0, confirm = 0;
469	char type_name, comment;	469	char type_name, comment;
470	Key *k = NULL;	470	Key *k = NULL;
		471	#ifdef OPENSSL_HAS_ECC
		472	BIGNUM *exponent;
		473	EC_POINT *q;
		474	char *curve;
		475	#endif
471	u_char *cert;	476	u_char *cert;
472	u_int len;	477	u_int len;
473		478
@@ -490,7 +495,6 @@ process_add_identity(SocketEntry *e, int version)
490	case 2:	495	case 2:
491	type_name = buffer_get_string(&e->request, NULL);	496	type_name = buffer_get_string(&e->request, NULL);
492	type = key_type_from_name(type_name);	497	type = key_type_from_name(type_name);
493	xfree(type_name);
494	switch (type) {	498	switch (type) {
495	case KEY_DSA:	499	case KEY_DSA:
496	k = key_new_private(type);	500	k = key_new_private(type);
@@ -509,6 +513,59 @@ process_add_identity(SocketEntry *e, int version)
509	key_add_private(k);	513	key_add_private(k);
510	buffer_get_bignum2(&e->request, k->dsa->priv_key);	514	buffer_get_bignum2(&e->request, k->dsa->priv_key);
511	break;	515	break;
		516	#ifdef OPENSSL_HAS_ECC
		517	case KEY_ECDSA:
		518	k = key_new_private(type);
		519	k->ecdsa_nid = key_ecdsa_nid_from_name(type_name);
		520	curve = buffer_get_string(&e->request, NULL);
		521	if (k->ecdsa_nid != key_curve_name_to_nid(curve))
		522	fatal("%s: curve names mismatch", __func__);
		523	xfree(curve);
		524	k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
		525	if (k->ecdsa == NULL)
		526	fatal("%s: EC_KEY_new_by_curve_name failed",
		527	__func__);
		528	q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
		529	if (q == NULL)
		530	fatal("%s: BN_new failed", __func__);
		531	if ((exponent = BN_new()) == NULL)
		532	fatal("%s: BN_new failed", __func__);
		533	buffer_get_ecpoint(&e->request,
		534	EC_KEY_get0_group(k->ecdsa), q);
		535	buffer_get_bignum2(&e->request, exponent);
		536	if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
		537	fatal("%s: EC_KEY_set_public_key failed",
		538	__func__);
		539	if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
		540	fatal("%s: EC_KEY_set_private_key failed",
		541	__func__);
		542	if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
		543	EC_KEY_get0_public_key(k->ecdsa)) != 0)
		544	fatal("%s: bad ECDSA public key", __func__);
		545	if (key_ec_validate_private(k->ecdsa) != 0)
		546	fatal("%s: bad ECDSA private key", __func__);
		547	BN_clear_free(exponent);
		548	EC_POINT_free(q);
		549	break;
		550	case KEY_ECDSA_CERT:
		551	cert = buffer_get_string(&e->request, &len);
		552	if ((k = key_from_blob(cert, len)) == NULL)
		553	fatal("Certificate parse failed");
		554	xfree(cert);
		555	key_add_private(k);
		556	if ((exponent = BN_new()) == NULL)
		557	fatal("%s: BN_new failed", __func__);
		558	buffer_get_bignum2(&e->request, exponent);
		559	if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
		560	fatal("%s: EC_KEY_set_private_key failed",
		561	__func__);
		562	if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
		563	EC_KEY_get0_public_key(k->ecdsa)) != 0 \|\|
		564	key_ec_validate_private(k->ecdsa) != 0)
		565	fatal("%s: bad ECDSA key", __func__);
		566	BN_clear_free(exponent);
		567	break;
		568	#endif /* OPENSSL_HAS_ECC */
512	case KEY_RSA:	569	case KEY_RSA:
513	k = key_new_private(type);	570	k = key_new_private(type);
514	buffer_get_bignum2(&e->request, k->rsa->n);	571	buffer_get_bignum2(&e->request, k->rsa->n);
@@ -534,9 +591,11 @@ process_add_identity(SocketEntry *e, int version)
534	buffer_get_bignum2(&e->request, k->rsa->q);	591	buffer_get_bignum2(&e->request, k->rsa->q);
535	break;	592	break;
536	default:	593	default:
		594	xfree(type_name);
537	buffer_clear(&e->request);	595	buffer_clear(&e->request);
538	goto send;	596	goto send;
539	}	597	}
		598	xfree(type_name);
540	break;	599	break;
541	}	600	}
542	/* enable blinding */	601	/* enable blinding */
@@ -1092,7 +1151,7 @@ main(int ac, char **av)
1092	prctl(PR_SET_DUMPABLE, 0);	1151	prctl(PR_SET_DUMPABLE, 0);
1093	#endif	1152	#endif
1094		1153
1095	SSLeay_add_all_algorithms();	1154	OpenSSL_add_all_algorithms();
1096		1155
1097	__progname = ssh_get_progname(av[0]);	1156	__progname = ssh_get_progname(av[0]);
1098	init_rng();	1157	init_rng();
@@ -1173,7 +1232,7 @@ main(int ac, char **av)
1173		1232
1174	if (agentsocket == NULL) {	1233	if (agentsocket == NULL) {
1175	/* Create private directory for agent socket */	1234	/* Create private directory for agent socket */
1176	strlcpy(socket_dir, "/tmp/ssh-XXXXXXXXXX", sizeof socket_dir);	1235	mktemp_proto(socket_dir, sizeof(socket_dir));
1177	if (mkdtemp(socket_dir) == NULL) {	1236	if (mkdtemp(socket_dir) == NULL) {
1178	perror("mkdtemp: private socket dir");	1237	perror("mkdtemp: private socket dir");
1179	exit(1);	1238	exit(1);