RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-03 08:12:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

upstream: sshkey_unshield_private() contains a exact duplicate of

Browse Source 
the code in private2_check_padding(). Pull private2_check_padding() up so the
code can be reused. From Martin Vahlensieck, ok deraadt@

OpenBSD-Commit-ID: 876884c3f0e62e8fd8d1594bab06900f971c9c85
This commit is contained in:
djm@openbsd.org 2022-05-05 01:04:14 +00:00 committed by Damien Miller
parent 0e44db4d9c
commit 457dce2cfe
1 changed files with 32 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
sshkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey.c,v 1.120 2022/01/06 22:05:42 djm Exp $ */ /* $OpenBSD: sshkey.c,v 1.121 2022/05/05 01:04:14 djm Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@ -2125,14 +2125,38 @@ sshkey_shield_private(struct sshkey *k)
return r; return r;
} }
/* Check deterministic padding after private key */
static int
private2_check_padding(struct sshbuf *decrypted)
{
u_char pad;
size_t i;
int r;
i = 0;
while (sshbuf_len(decrypted)) {
if ((r = sshbuf_get_u8(decrypted, &pad)) != 0)
goto out;
if (pad != (++i & 0xff)) {
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
}
/* success */
r = 0;
out:
explicit_bzero(&pad, sizeof(pad));
explicit_bzero(&i, sizeof(i));
return r;
}
int int
sshkey_unshield_private(struct sshkey *k) sshkey_unshield_private(struct sshkey *k)
{ {
struct sshbuf *prvbuf = NULL; struct sshbuf *prvbuf = NULL;
u_char pad, *cp, keyiv[SSH_DIGEST_MAX_LENGTH]; u_char *cp, keyiv[SSH_DIGEST_MAX_LENGTH];
struct sshcipher_ctx *cctx = NULL; struct sshcipher_ctx *cctx = NULL;
const struct sshcipher *cipher; const struct sshcipher *cipher;
size_t i;
struct sshkey *kswap = NULL, tmp; struct sshkey *kswap = NULL, tmp;
int r = SSH_ERR_INTERNAL_ERROR; int r = SSH_ERR_INTERNAL_ERROR;
@ -2194,16 +2218,9 @@ sshkey_unshield_private(struct sshkey *k)
/* Parse private key */ /* Parse private key */
if ((r = sshkey_private_deserialize(prvbuf, &kswap)) != 0) if ((r = sshkey_private_deserialize(prvbuf, &kswap)) != 0)
goto out; goto out;
/* Check deterministic padding */
i = 0; if ((r = private2_check_padding(prvbuf)) != 0)
while (sshbuf_len(prvbuf)) { goto out;
if ((r = sshbuf_get_u8(prvbuf, &pad)) != 0)
goto out;
if (pad != (++i & 0xff)) {
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
}
/* Swap the parsed key back into place */ /* Swap the parsed key back into place */
tmp = *kswap; tmp = *kswap;
@ -4257,31 +4274,6 @@ private2_decrypt(struct sshbuf *decoded, const char *passphrase,
return r; return r;
} }
/* Check deterministic padding after private key */
static int
private2_check_padding(struct sshbuf *decrypted)
{
u_char pad;
size_t i;
int r = SSH_ERR_INTERNAL_ERROR;
i = 0;
while (sshbuf_len(decrypted)) {
if ((r = sshbuf_get_u8(decrypted, &pad)) != 0)
goto out;
if (pad != (++i & 0xff)) {
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
}
/* success */
r = 0;
out:
explicit_bzero(&pad, sizeof(pad));
explicit_bzero(&i, sizeof(i));
return r;
}
static int static int
sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
struct sshkey **keyp, char **commentp) struct sshkey **keyp, char **commentp)