Introduced wrapper macros snew(), snewn() and sresize() for the

[u/mdw/putty] / sshrsa.c

diff --git a/sshrsa.c b/sshrsa.c
index c60823e..c97dce0 100644 (file)
--- a/sshrsa.c
+++ b/sshrsa.c
@@ -147,15 +147,16 @@ static Bignum rsa_privkey_op(Bignum input, struct RSAKey *key)
     /*
      * RSA blinding relies on the fact that (xy)^d mod n is equal
      * to (x^d mod n) * (y^d mod n) mod n. We invent a random pair
-     * y and y^d; then we multiply x by y, raise to the power e mod
-     * n as usual, and divide by y^d to recover x^d. Thus the
-     * timing of the modpow does not reveal information about x,
-     * but only about xy, which is unpredictable to an attacker.
+     * y and y^d; then we multiply x by y, raise to the power d mod
+     * n as usual, and divide by y^d to recover x^d. Thus an
+     * attacker can't correlate the timing of the modpow with the
+     * input, because they don't know anything about the number
+     * that was input to the actual modpow.
      * 
      * The clever bit is that we don't have to do a huge modpow to
      * get y and y^d; we will use the number we just invented as
-     * _y^d_, and use the RSA public exponent to compute y from it,
-     * which is much faster.
+     * _y^d_, and use the _public_ exponent to compute (y^d)^e = y
+     * from it, which is much faster to do.
      */
     random_encrypted = modpow(random, key->exponent, key->modulus);
     random_inverse = modinv(random, key->modulus);
@@ -315,7 +316,7 @@ unsigned char *rsa_public_blob(struct RSAKey *key, int *len)
 
     length = (ssh1_bignum_length(key->modulus) +
              ssh1_bignum_length(key->exponent) + 4);
-    ret = smalloc(length);
+    ret = snewn(length, unsigned char);
 
     PUT_32BIT(ret, bignum_bitcount(key->modulus));
     pos = 4;
@@ -387,7 +388,7 @@ static void *rsa2_newkey(char *data, int len)
     int slen;
     struct RSAKey *rsa;
 
-    rsa = smalloc(sizeof(struct RSAKey));
+    rsa = snew(struct RSAKey);
     if (!rsa)
        return NULL;
     getstring(&data, &len, &p, &slen);
@@ -418,7 +419,7 @@ static char *rsa2_fmtkey(void *key)
     int len;
 
     len = rsastr_len(rsa);
-    p = smalloc(len);
+    p = snewn(len, char);
     rsastr_fmt(p, rsa);
     return p;
 }
@@ -438,7 +439,7 @@ static unsigned char *rsa2_public_blob(void *key, int *len)
      * (three length fields, 12+7=19).
      */
     bloblen = 19 + elen + mlen;
-    blob = smalloc(bloblen);
+    blob = snewn(bloblen, unsigned char);
     p = blob;
     PUT_32BIT(p, 7);
     p += 4;
@@ -474,7 +475,7 @@ static unsigned char *rsa2_private_blob(void *key, int *len)
      * sum of lengths.
      */
     bloblen = 16 + dlen + plen + qlen + ulen;
-    blob = smalloc(bloblen);
+    blob = snewn(bloblen, unsigned char);
     p = blob;
     PUT_32BIT(p, dlen);
     p += 4;
@@ -522,7 +523,7 @@ static void *rsa2_openssh_createkey(unsigned char **blob, int *len)
     char **b = (char **) blob;
     struct RSAKey *rsa;
 
-    rsa = smalloc(sizeof(struct RSAKey));
+    rsa = snew(struct RSAKey);
     if (!rsa)
        return NULL;
     rsa->comment = NULL;
@@ -607,7 +608,7 @@ static char *rsa2_fingerprint(void *key)
     for (i = 0; i < 16; i++)
        sprintf(buffer + strlen(buffer), "%s%02x", i ? ":" : "",
                digest[i]);
-    ret = smalloc(strlen(buffer) + 1);
+    ret = snewn(strlen(buffer) + 1, char);
     if (ret)
        strcpy(ret, buffer);
     return ret;
@@ -704,7 +705,7 @@ static unsigned char *rsa2_sign(void *key, char *data, int datalen,
     SHA_Simple(data, datalen, hash);
 
     nbytes = (bignum_bitcount(rsa->modulus) - 1) / 8;
-    bytes = smalloc(nbytes);
+    bytes = snewn(nbytes, unsigned char);
 
     bytes[0] = 1;
     for (i = 1; i < nbytes - 20 - ASN1_LEN; i++)
@@ -721,7 +722,7 @@ static unsigned char *rsa2_sign(void *key, char *data, int datalen,
     freebn(in);
 
     nbytes = (bignum_bitcount(out) + 7) / 8;
-    bytes = smalloc(4 + 7 + 4 + nbytes);
+    bytes = snewn(4 + 7 + 4 + nbytes, unsigned char);
     PUT_32BIT(bytes, 7);
     memcpy(bytes + 4, "ssh-rsa", 7);
     PUT_32BIT(bytes + 4 + 7, nbytes);