X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/28ad39e0d044535e6acd7e61c73723f5ab165b07..51e9d3c00a3471f284e89ec1f59f38ca25f10c5f:/sshpubk.c

diff --git a/sshpubk.c b/sshpubk.c
index 78a35ee7..2d5ff1d7 100644
--- a/sshpubk.c
+++ b/sshpubk.c
@@ -1,7 +1,7 @@
 /*
  * Generic SSH public-key handling operations. In particular,
  * reading of SSH public-key files, and also the generic `sign'
- * operation for ssh2 (which checks the type of the key and
+ * operation for SSH-2 (which checks the type of the key and
  * dispatches to the appropriate key-type specific function).
  */
 
@@ -13,18 +13,6 @@
 #include "ssh.h"
 #include "misc.h"
 
-#define PUT_32BIT(cp, value) do { \
-  (cp)[3] = (value); \
-  (cp)[2] = (value) >> 8; \
-  (cp)[1] = (value) >> 16; \
-  (cp)[0] = (value) >> 24; } while (0)
-
-#define GET_32BIT(cp) \
-    (((unsigned long)(unsigned char)(cp)[0] << 24) | \
-    ((unsigned long)(unsigned char)(cp)[1] << 16) | \
-    ((unsigned long)(unsigned char)(cp)[2] << 8) | \
-    ((unsigned long)(unsigned char)(cp)[3]))
-
 #define rsa_signature "SSH PRIVATE KEY FILE FORMAT 1.1\n"
 
 #define BASE64_TOINT(x) ( (x)-'A'<26 ? (x)-'A'+0 :\
@@ -78,9 +66,9 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only,
 	|| buf[i + 3] != 0) goto end;  /* reserved field nonzero, panic! */
     i += 4;
 
-    /* Now the serious stuff. An ordinary SSH 1 public key. */
-    i += makekey(buf + i, key, NULL, 1);
-    if (len - i < 0)
+    /* Now the serious stuff. An ordinary SSH-1 public key. */
+    i += makekey(buf + i, len, key, NULL, 1);
+    if (i < 0)
 	goto end;		       /* overran */
 
     if (pub_only) {
@@ -138,18 +126,18 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only,
      * decryption exponent, and then the three auxiliary values
      * (iqmp, q, p).
      */
-    i += makeprivate(buf + i, key);
-    if (len - i < 0)
-	goto end;
-    i += ssh1_read_bignum(buf + i, &key->iqmp);
-    if (len - i < 0)
-	goto end;
-    i += ssh1_read_bignum(buf + i, &key->q);
-    if (len - i < 0)
-	goto end;
-    i += ssh1_read_bignum(buf + i, &key->p);
-    if (len - i < 0)
-	goto end;
+    j = makeprivate(buf + i, len - i, key);
+    if (j < 0) goto end;
+    i += j;
+    j = ssh1_read_bignum(buf + i, len - i, &key->iqmp);
+    if (j < 0) goto end;
+    i += j;
+    j = ssh1_read_bignum(buf + i, len - i, &key->q);
+    if (j < 0) goto end;
+    i += j;
+    j = ssh1_read_bignum(buf + i, len - i, &key->p);
+    if (j < 0) goto end;
+    i += j;
 
     if (!rsa_verify(key)) {
 	*error = "rsa_verify failed";
@@ -182,17 +170,22 @@ int loadrsakey(const Filename *filename, struct RSAKey *key, char *passphrase,
      * key file.
      */
     if (fgets(buf, sizeof(buf), fp) && !strcmp(buf, rsa_signature)) {
+	/*
+	 * This routine will take care of calling fclose() for us.
+	 */
 	ret = loadrsakey_main(fp, key, FALSE, NULL, passphrase, &error);
+	fp = NULL;
 	goto end;
     }
 
     /*
      * Otherwise, we have nothing. Return empty-handed.
      */
-    fclose(fp);
     error = "not an SSH-1 RSA file";
 
   end:
+    if (fp)
+	fclose(fp);
     if ((ret != 1) && errorstr)
 	*errorstr = error;
     return ret;
@@ -217,6 +210,9 @@ int rsakey_encrypted(const Filename *filename, char **comment)
      */
     if (fgets(buf, sizeof(buf), fp) && !strcmp(buf, rsa_signature)) {
 	const char *dummy;
+	/*
+	 * This routine will take care of calling fclose() for us.
+	 */
 	return loadrsakey_main(fp, NULL, FALSE, comment, NULL, &dummy);
     }
     fclose(fp);
@@ -258,13 +254,15 @@ int rsakey_pubblob(const Filename *filename, void **blob, int *bloblen,
 	    *blob = rsa_public_blob(&key, bloblen);
 	    freersakey(&key);
 	    ret = 1;
+	    fp = NULL;
 	}
     } else {
 	error = "not an SSH-1 RSA file";
-        fclose(fp);
     }
 
   end:
+    if (fp)
+	fclose(fp);
     if ((ret != 1) && errorstr)
 	*errorstr = error;
     return ret;
@@ -297,7 +295,7 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
     p += 4;
 
     /*
-     * An ordinary SSH 1 public key consists of: a uint32
+     * An ordinary SSH-1 public key consists of: a uint32
      * containing the bit count, then two bignums containing the
      * modulus and exponent respectively.
      */
@@ -366,18 +364,19 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
     fp = f_open(*filename, "wb");
     if (fp) {
 	int ret = (fwrite(buf, 1, p - buf, fp) == (size_t) (p - buf));
-	ret = ret && (fclose(fp) == 0);
+        if (fclose(fp))
+            ret = 0;
 	return ret;
     } else
 	return 0;
 }
 
 /* ----------------------------------------------------------------------
- * SSH2 private key load/store functions.
+ * SSH-2 private key load/store functions.
  */
 
 /*
- * PuTTY's own format for SSH2 keys is as follows:
+ * PuTTY's own format for SSH-2 keys is as follows:
  *
  * The file is text. Lines are terminated by CRLF, although CR-only
  * and LF-only are tolerated on input.
@@ -393,7 +392,7 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
  *
  * Next there is a line saying "Public-Lines: " plus a number N.
  * The following N lines contain a base64 encoding of the public
- * part of the key. This is encoded as the standard SSH2 public key
+ * part of the key. This is encoded as the standard SSH-2 public key
  * blob (with no initial length): so for RSA, for example, it will
  * read
  *
@@ -450,10 +449,9 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
  * with "PuTTY-User-Key-File-1" (version number differs). In this
  * format the Private-MAC: field only covers the private-plaintext
  * field and nothing else (and without the 4-byte string length on
- * the front too). Moreover, for RSA keys the Private-MAC: field
- * can be replaced with a Private-Hash: field which is a plain
- * SHA-1 hash instead of an HMAC. This is not allowable in DSA
- * keys. (Yes, the old format was a mess. Guess why it changed :-)
+ * the front too). Moreover, the Private-MAC: field can be replaced
+ * with a Private-Hash: field which is a plain SHA-1 hash instead of
+ * an HMAC (this was generated for unencrypted keys).
  */
 
 static int read_header(FILE * fp, char *header)
@@ -504,7 +502,7 @@ static char *read_body(FILE * fp)
 	    sfree(text);
 	    return NULL;
 	}
-	if (len + 1 > size) {
+	if (len + 1 >= size) {
 	    size += 128;
 	    text = sresize(text, size, char);
 	}
@@ -605,6 +603,16 @@ struct ssh2_userkey ssh2_wrong_passphrase = {
     NULL, NULL, NULL
 };
 
+const struct ssh_signkey *find_pubkey_alg(const char *name)
+{
+    if (!strcmp(name, "ssh-rsa"))
+	return &ssh_rsa;
+    else if (!strcmp(name, "ssh-dss"))
+	return &ssh_dss;
+    else
+	return NULL;
+}
+
 struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
 				       char *passphrase, const char **errorstr)
 {
@@ -646,11 +654,8 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
     if ((b = read_body(fp)) == NULL)
 	goto error;
     /* Select key algorithm structure. */
-    if (!strcmp(b, "ssh-rsa"))
-	alg = &ssh_rsa;
-    else if (!strcmp(b, "ssh-dss"))
-	alg = &ssh_dss;
-    else {
+    alg = find_pubkey_alg(b);
+    if (!alg) {
 	sfree(b);
 	goto error;
     }
@@ -705,8 +710,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
 	if ((mac = read_body(fp)) == NULL)
 	    goto error;
 	is_mac = 1;
-    } else if (0 == strcmp(header, "Private-Hash") &&
-			   alg == &ssh_rsa && old_fmt) {
+    } else if (0 == strcmp(header, "Private-Hash") && old_fmt) {
 	if ((mac = read_body(fp)) == NULL)
 	    goto error;
 	is_mac = 0;
@@ -807,6 +811,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
 	    /* An incorrect MAC is an unconditional Error if the key is
 	     * unencrypted. Otherwise, it means Wrong Passphrase. */
 	    if (cipher) {
+		error = "wrong passphrase";
 		ret = SSH2_WRONG_PASSPHRASE;
 	    } else {
 		error = "MAC failed";
@@ -835,7 +840,8 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
     sfree(public_blob);
     sfree(private_blob);
     sfree(encryption);
-    *errorstr = NULL;
+    if (errorstr)
+	*errorstr = NULL;
     return ret;
 
     /*
@@ -888,12 +894,9 @@ char *ssh2_userkey_loadpub(const Filename *filename, char **algorithm,
     error = "file format error";
     if ((b = read_body(fp)) == NULL)
 	goto error;
-    /* Select key algorithm structure. Currently only ssh-rsa. */
-    if (!strcmp(b, "ssh-rsa"))
-	alg = &ssh_rsa;
-    else if (!strcmp(b, "ssh-dss"))
-	alg = &ssh_dss;
-    else {
+    /* Select key algorithm structure. */
+    alg = find_pubkey_alg(b);
+    if (!alg) {
 	sfree(b);
 	goto error;
     }
@@ -1198,10 +1201,10 @@ char *key_type_to_str(int type)
     switch (type) {
       case SSH_KEYTYPE_UNOPENABLE: return "unable to open file"; break;
       case SSH_KEYTYPE_UNKNOWN: return "not a private key"; break;
-      case SSH_KEYTYPE_SSH1: return "SSH1 private key"; break;
-      case SSH_KEYTYPE_SSH2: return "PuTTY SSH2 private key"; break;
-      case SSH_KEYTYPE_OPENSSH: return "OpenSSH SSH2 private key"; break;
-      case SSH_KEYTYPE_SSHCOM: return "ssh.com SSH2 private key"; break;
+      case SSH_KEYTYPE_SSH1: return "SSH-1 private key"; break;
+      case SSH_KEYTYPE_SSH2: return "PuTTY SSH-2 private key"; break;
+      case SSH_KEYTYPE_OPENSSH: return "OpenSSH SSH-2 private key"; break;
+      case SSH_KEYTYPE_SSHCOM: return "ssh.com SSH-2 private key"; break;
       default: return "INTERNAL ERROR"; break;
     }
 }