~mdw
/
sgt
/
putty
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix an erroneous "case" fallthrough in ssh1_msg_channel_close, which was
[sgt/putty]
/
import.c
diff --git
a/import.c
b/import.c
index
17bf65b
..
05cfdc1
100644
(file)
--- a/
import.c
+++ b/
import.c
@@
-334,7
+334,7
@@
static struct openssh_key *load_openssh_key(const Filename *filename,
ret->encrypted = 0;
memset(ret->iv, 0, sizeof(ret->iv));
ret->encrypted = 0;
memset(ret->iv, 0, sizeof(ret->iv));
- fp = f_open(
*
filename, "r", FALSE);
+ fp = f_open(filename, "r", FALSE);
if (!fp) {
errmsg = "unable to open key file";
goto error;
if (!fp) {
errmsg = "unable to open key file";
goto error;
@@
-358,7
+358,7
@@
static struct openssh_key *load_openssh_key(const Filename *filename,
errmsg = "unrecognised key type";
goto error;
}
errmsg = "unrecognised key type";
goto error;
}
-
memset(line, 0
, strlen(line));
+
smemclr(line
, strlen(line));
sfree(line);
line = NULL;
sfree(line);
line = NULL;
@@
-442,13
+442,13
@@
static struct openssh_key *load_openssh_key(const Filename *filename,
memcpy(ret->keyblob + ret->keyblob_len, out, len);
ret->keyblob_len += len;
memcpy(ret->keyblob + ret->keyblob_len, out, len);
ret->keyblob_len += len;
-
memset(out, 0
, sizeof(out));
+
smemclr(out
, sizeof(out));
}
p++;
}
}
}
p++;
}
}
-
memset(line, 0
, strlen(line));
+
smemclr(line
, strlen(line));
sfree(line);
line = NULL;
}
sfree(line);
line = NULL;
}
@@
-463,23
+463,23
@@
static struct openssh_key *load_openssh_key(const Filename *filename,
goto error;
}
goto error;
}
-
memset(base64_bit, 0
, sizeof(base64_bit));
+
smemclr(base64_bit
, sizeof(base64_bit));
if (errmsg_p) *errmsg_p = NULL;
return ret;
error:
if (line) {
if (errmsg_p) *errmsg_p = NULL;
return ret;
error:
if (line) {
-
memset(line, 0
, strlen(line));
+
smemclr(line
, strlen(line));
sfree(line);
line = NULL;
}
sfree(line);
line = NULL;
}
-
memset(base64_bit, 0
, sizeof(base64_bit));
+
smemclr(base64_bit
, sizeof(base64_bit));
if (ret) {
if (ret->keyblob) {
if (ret) {
if (ret->keyblob) {
-
memset(ret->keyblob, 0
, ret->keyblob_size);
+
smemclr(ret->keyblob
, ret->keyblob_size);
sfree(ret->keyblob);
}
sfree(ret->keyblob);
}
-
memset(ret, 0
, sizeof(*ret));
+
smemclr(ret
, sizeof(*ret));
sfree(ret);
}
if (errmsg_p) *errmsg_p = errmsg;
sfree(ret);
}
if (errmsg_p) *errmsg_p = errmsg;
@@
-494,9
+494,9
@@
int openssh_encrypted(const Filename *filename)
if (!key)
return 0;
ret = key->encrypted;
if (!key)
return 0;
ret = key->encrypted;
-
memset(key->keyblob, 0
, key->keyblob_size);
+
smemclr(key->keyblob
, key->keyblob_size);
sfree(key->keyblob);
sfree(key->keyblob);
-
memset(key, 0
, sizeof(*key));
+
smemclr(key
, sizeof(*key));
sfree(key);
return ret;
}
sfree(key);
return ret;
}
@@
-529,6
+529,10
@@
struct ssh2_userkey *openssh_read(const Filename *filename, char *passphrase,
* - let block B equal MD5(A || passphrase || iv)
* - block C would be MD5(B || passphrase || iv) and so on
* - encryption key is the first N bytes of A || B
* - let block B equal MD5(A || passphrase || iv)
* - block C would be MD5(B || passphrase || iv) and so on
* - encryption key is the first N bytes of A || B
+ *
+ * (Note that only 8 bytes of the iv are used for key
+ * derivation, even when the key is encrypted with AES and
+ * hence there are 16 bytes available.)
*/
struct MD5Context md5c;
unsigned char keybuf[32];
*/
struct MD5Context md5c;
unsigned char keybuf[32];
@@
-560,8
+564,8
@@
struct ssh2_userkey *openssh_read(const Filename *filename, char *passphrase,
aes_free_context(ctx);
}
aes_free_context(ctx);
}
-
memset(&md5c, 0
, sizeof(md5c));
-
memset(keybuf, 0
, sizeof(keybuf));
+
smemclr(&md5c
, sizeof(md5c));
+
smemclr(keybuf
, sizeof(keybuf));
}
/*
}
/*
@@
-694,12
+698,12
@@
struct ssh2_userkey *openssh_read(const Filename *filename, char *passphrase,
error:
if (blob) {
error:
if (blob) {
-
memset(blob, 0
, blobsize);
+
smemclr(blob
, blobsize);
sfree(blob);
}
sfree(blob);
}
-
memset(key->keyblob, 0
, key->keyblob_size);
+
smemclr(key->keyblob
, key->keyblob_size);
sfree(key->keyblob);
sfree(key->keyblob);
-
memset(key, 0
, sizeof(*key));
+
smemclr(key
, sizeof(*key));
sfree(key);
if (errmsg_p) *errmsg_p = errmsg;
return retval;
sfree(key);
if (errmsg_p) *errmsg_p = errmsg;
return retval;
@@
-872,6
+876,9
@@
int openssh_write(const Filename *filename, struct ssh2_userkey *key,
/*
* Encrypt the key.
/*
* Encrypt the key.
+ *
+ * For the moment, we still encrypt our OpenSSH keys using
+ * old-style 3DES.
*/
if (passphrase) {
/*
*/
if (passphrase) {
/*
@@
-904,15
+911,15
@@
int openssh_write(const Filename *filename, struct ssh2_userkey *key,
*/
des3_encrypt_pubkey_ossh(keybuf, iv, outblob, outlen);
*/
des3_encrypt_pubkey_ossh(keybuf, iv, outblob, outlen);
-
memset(&md5c, 0
, sizeof(md5c));
-
memset(keybuf, 0
, sizeof(keybuf));
+
smemclr(&md5c
, sizeof(md5c));
+
smemclr(keybuf
, sizeof(keybuf));
}
/*
* And save it. We'll use Unix line endings just in case it's
* subsequently transferred in binary mode.
*/
}
/*
* And save it. We'll use Unix line endings just in case it's
* subsequently transferred in binary mode.
*/
- fp = f_open(
*
filename, "wb", TRUE); /* ensure Unix line endings */
+ fp = f_open(filename, "wb", TRUE); /* ensure Unix line endings */
if (!fp)
goto error;
fputs(header, fp);
if (!fp)
goto error;
fputs(header, fp);
@@
-929,19
+936,19
@@
int openssh_write(const Filename *filename, struct ssh2_userkey *key,
error:
if (outblob) {
error:
if (outblob) {
-
memset(outblob, 0
, outlen);
+
smemclr(outblob
, outlen);
sfree(outblob);
}
if (spareblob) {
sfree(outblob);
}
if (spareblob) {
-
memset(spareblob, 0
, sparelen);
+
smemclr(spareblob
, sparelen);
sfree(spareblob);
}
if (privblob) {
sfree(spareblob);
}
if (privblob) {
-
memset(privblob, 0
, privlen);
+
smemclr(privblob
, privlen);
sfree(privblob);
}
if (pubblob) {
sfree(privblob);
}
if (pubblob) {
-
memset(pubblob, 0
, publen);
+
smemclr(pubblob
, publen);
sfree(pubblob);
}
return ret;
sfree(pubblob);
}
return ret;
@@
-1046,7
+1053,7
@@
static struct sshcom_key *load_sshcom_key(const Filename *filename,
ret->keyblob = NULL;
ret->keyblob_len = ret->keyblob_size = 0;
ret->keyblob = NULL;
ret->keyblob_len = ret->keyblob_size = 0;
- fp = f_open(
*
filename, "r", FALSE);
+ fp = f_open(filename, "r", FALSE);
if (!fp) {
errmsg = "unable to open key file";
goto error;
if (!fp) {
errmsg = "unable to open key file";
goto error;
@@
-1060,7
+1067,7
@@
static struct sshcom_key *load_sshcom_key(const Filename *filename,
errmsg = "file does not begin with ssh.com key header";
goto error;
}
errmsg = "file does not begin with ssh.com key header";
goto error;
}
-
memset(line, 0
, strlen(line));
+
smemclr(line
, strlen(line));
sfree(line);
line = NULL;
sfree(line);
line = NULL;
@@
-1105,7
+1112,7
@@
static struct sshcom_key *load_sshcom_key(const Filename *filename,
len += line2len - 1;
assert(!line[len]);
len += line2len - 1;
assert(!line[len]);
-
memset(line2, 0
, strlen(line2));
+
smemclr(line2
, strlen(line2));
sfree(line2);
line2 = NULL;
}
sfree(line2);
line2 = NULL;
}
@@
-1151,7
+1158,7
@@
static struct sshcom_key *load_sshcom_key(const Filename *filename,
p++;
}
}
p++;
}
}
-
memset(line, 0
, strlen(line));
+
smemclr(line
, strlen(line));
sfree(line);
line = NULL;
}
sfree(line);
line = NULL;
}
@@
-1166,16
+1173,16
@@
static struct sshcom_key *load_sshcom_key(const Filename *filename,
error:
if (line) {
error:
if (line) {
-
memset(line, 0
, strlen(line));
+
smemclr(line
, strlen(line));
sfree(line);
line = NULL;
}
if (ret) {
if (ret->keyblob) {
sfree(line);
line = NULL;
}
if (ret) {
if (ret->keyblob) {
-
memset(ret->keyblob, 0
, ret->keyblob_size);
+
smemclr(ret->keyblob
, ret->keyblob_size);
sfree(ret->keyblob);
}
sfree(ret->keyblob);
}
-
memset(ret, 0
, sizeof(*ret));
+
smemclr(ret
, sizeof(*ret));
sfree(ret);
}
if (errmsg_p) *errmsg_p = errmsg;
sfree(ret);
}
if (errmsg_p) *errmsg_p = errmsg;
@@
-1215,9
+1222,9
@@
int sshcom_encrypted(const Filename *filename, char **comment)
done:
*comment = dupstr(key->comment);
done:
*comment = dupstr(key->comment);
-
memset(key->keyblob, 0
, key->keyblob_size);
+
smemclr(key->keyblob
, key->keyblob_size);
sfree(key->keyblob);
sfree(key->keyblob);
-
memset(key, 0
, sizeof(*key));
+
smemclr(key
, sizeof(*key));
sfree(key);
return answer;
}
sfree(key);
return answer;
}
@@
-1383,8
+1390,8
@@
struct ssh2_userkey *sshcom_read(const Filename *filename, char *passphrase,
des3_decrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext,
cipherlen);
des3_decrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext,
cipherlen);
-
memset(&md5c, 0
, sizeof(md5c));
-
memset(keybuf, 0
, sizeof(keybuf));
+
smemclr(&md5c
, sizeof(md5c));
+
smemclr(keybuf
, sizeof(keybuf));
/*
* Hereafter we return WRONG_PASSPHRASE for any parsing
/*
* Hereafter we return WRONG_PASSPHRASE for any parsing
@@
-1487,12
+1494,12
@@
struct ssh2_userkey *sshcom_read(const Filename *filename, char *passphrase,
error:
if (blob) {
error:
if (blob) {
-
memset(blob, 0
, blobsize);
+
smemclr(blob
, blobsize);
sfree(blob);
}
sfree(blob);
}
-
memset(key->keyblob, 0
, key->keyblob_size);
+
smemclr(key->keyblob
, key->keyblob_size);
sfree(key->keyblob);
sfree(key->keyblob);
-
memset(key, 0
, sizeof(*key));
+
smemclr(key
, sizeof(*key));
sfree(key);
if (errmsg_p) *errmsg_p = errmsg;
return ret;
sfree(key);
if (errmsg_p) *errmsg_p = errmsg;
return ret;
@@
-1657,15
+1664,15
@@
int sshcom_write(const Filename *filename, struct ssh2_userkey *key,
des3_encrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext,
cipherlen);
des3_encrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext,
cipherlen);
-
memset(&md5c, 0
, sizeof(md5c));
-
memset(keybuf, 0
, sizeof(keybuf));
+
smemclr(&md5c
, sizeof(md5c));
+
smemclr(keybuf
, sizeof(keybuf));
}
/*
* And save it. We'll use Unix line endings just in case it's
* subsequently transferred in binary mode.
*/
}
/*
* And save it. We'll use Unix line endings just in case it's
* subsequently transferred in binary mode.
*/
- fp = f_open(
*
filename, "wb", TRUE); /* ensure Unix line endings */
+ fp = f_open(filename, "wb", TRUE); /* ensure Unix line endings */
if (!fp)
goto error;
fputs("---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n", fp);
if (!fp)
goto error;
fputs("---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n", fp);
@@
-1693,15
+1700,15
@@
int sshcom_write(const Filename *filename, struct ssh2_userkey *key,
error:
if (outblob) {
error:
if (outblob) {
-
memset(outblob, 0
, outlen);
+
smemclr(outblob
, outlen);
sfree(outblob);
}
if (privblob) {
sfree(outblob);
}
if (privblob) {
-
memset(privblob, 0
, privlen);
+
smemclr(privblob
, privlen);
sfree(privblob);
}
if (pubblob) {
sfree(privblob);
}
if (pubblob) {
-
memset(pubblob, 0
, publen);
+
smemclr(pubblob
, publen);
sfree(pubblob);
}
return ret;
sfree(pubblob);
}
return ret;