~mdw
/
sgt
/
putty
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Patch from Theo Markettos: apparently "BSD-derived IP stacks fall over when
[sgt/putty]
/
sshpubk.c
diff --git
a/sshpubk.c
b/sshpubk.c
index
1659ace
..
26baa43
100644
(file)
--- a/
sshpubk.c
+++ b/
sshpubk.c
@@
-182,17
+182,22
@@
int loadrsakey(const Filename *filename, struct RSAKey *key, char *passphrase,
* key file.
*/
if (fgets(buf, sizeof(buf), fp) && !strcmp(buf, rsa_signature)) {
* key file.
*/
if (fgets(buf, sizeof(buf), fp) && !strcmp(buf, rsa_signature)) {
+ /*
+ * This routine will take care of calling fclose() for us.
+ */
ret = loadrsakey_main(fp, key, FALSE, NULL, passphrase, &error);
ret = loadrsakey_main(fp, key, FALSE, NULL, passphrase, &error);
+ fp = NULL;
goto end;
}
/*
* Otherwise, we have nothing. Return empty-handed.
*/
goto end;
}
/*
* Otherwise, we have nothing. Return empty-handed.
*/
- fclose(fp);
error = "not an SSH-1 RSA file";
end:
error = "not an SSH-1 RSA file";
end:
+ if (fp)
+ fclose(fp);
if ((ret != 1) && errorstr)
*errorstr = error;
return ret;
if ((ret != 1) && errorstr)
*errorstr = error;
return ret;
@@
-217,6
+222,9
@@
int rsakey_encrypted(const Filename *filename, char **comment)
*/
if (fgets(buf, sizeof(buf), fp) && !strcmp(buf, rsa_signature)) {
const char *dummy;
*/
if (fgets(buf, sizeof(buf), fp) && !strcmp(buf, rsa_signature)) {
const char *dummy;
+ /*
+ * This routine will take care of calling fclose() for us.
+ */
return loadrsakey_main(fp, NULL, FALSE, comment, NULL, &dummy);
}
fclose(fp);
return loadrsakey_main(fp, NULL, FALSE, comment, NULL, &dummy);
}
fclose(fp);
@@
-258,13
+266,15
@@
int rsakey_pubblob(const Filename *filename, void **blob, int *bloblen,
*blob = rsa_public_blob(&key, bloblen);
freersakey(&key);
ret = 1;
*blob = rsa_public_blob(&key, bloblen);
freersakey(&key);
ret = 1;
+ fp = NULL;
}
} else {
error = "not an SSH-1 RSA file";
}
} else {
error = "not an SSH-1 RSA file";
- fclose(fp);
}
end:
}
end:
+ if (fp)
+ fclose(fp);
if ((ret != 1) && errorstr)
*errorstr = error;
return ret;
if ((ret != 1) && errorstr)
*errorstr = error;
return ret;
@@
-433,8
+443,7
@@
int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
* data "putty-private-key-file-mac-key"
* data passphrase
*
* data "putty-private-key-file-mac-key"
* data passphrase
*
- * Encrypted keys should have a MAC, whereas unencrypted ones must
- * have a hash.
+ * (An empty passphrase is used for unencrypted keys.)
*
* If the key is encrypted, the encryption key is derived from the
* passphrase by means of a succession of SHA-1 hashes. Each hash
*
* If the key is encrypted, the encryption key is derived from the
* passphrase by means of a succession of SHA-1 hashes. Each hash
@@
-606,6
+615,16
@@
struct ssh2_userkey ssh2_wrong_passphrase = {
NULL, NULL, NULL
};
NULL, NULL, NULL
};
+const struct ssh_signkey *find_pubkey_alg(const char *name)
+{
+ if (!strcmp(name, "ssh-rsa"))
+ return &ssh_rsa;
+ else if (!strcmp(name, "ssh-dss"))
+ return &ssh_dss;
+ else
+ return NULL;
+}
+
struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
char *passphrase, const char **errorstr)
{
struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
char *passphrase, const char **errorstr)
{
@@
-647,11
+666,8
@@
struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
if ((b = read_body(fp)) == NULL)
goto error;
/* Select key algorithm structure. */
if ((b = read_body(fp)) == NULL)
goto error;
/* Select key algorithm structure. */
- if (!strcmp(b, "ssh-rsa"))
- alg = &ssh_rsa;
- else if (!strcmp(b, "ssh-dss"))
- alg = &ssh_dss;
- else {
+ alg = find_pubkey_alg(b);
+ if (!alg) {
sfree(b);
goto error;
}
sfree(b);
goto error;
}
@@
-784,7
+800,7
@@
struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
SHA_Init(&s);
SHA_Bytes(&s, header, sizeof(header)-1);
SHA_Init(&s);
SHA_Bytes(&s, header, sizeof(header)-1);
- if (passphrase)
+ if (
cipher &&
passphrase)
SHA_Bytes(&s, passphrase, passlen);
SHA_Final(&s, mackey);
SHA_Bytes(&s, passphrase, passlen);
SHA_Final(&s, mackey);
@@
-808,6
+824,7
@@
struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
/* An incorrect MAC is an unconditional Error if the key is
* unencrypted. Otherwise, it means Wrong Passphrase. */
if (cipher) {
/* An incorrect MAC is an unconditional Error if the key is
* unencrypted. Otherwise, it means Wrong Passphrase. */
if (cipher) {
+ error = "wrong passphrase";
ret = SSH2_WRONG_PASSPHRASE;
} else {
error = "MAC failed";
ret = SSH2_WRONG_PASSPHRASE;
} else {
error = "MAC failed";
@@
-836,7
+853,8
@@
struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
sfree(public_blob);
sfree(private_blob);
sfree(encryption);
sfree(public_blob);
sfree(private_blob);
sfree(encryption);
- *errorstr = NULL;
+ if (errorstr)
+ *errorstr = NULL;
return ret;
/*
return ret;
/*
@@
-890,11
+908,8
@@
char *ssh2_userkey_loadpub(const Filename *filename, char **algorithm,
if ((b = read_body(fp)) == NULL)
goto error;
/* Select key algorithm structure. Currently only ssh-rsa. */
if ((b = read_body(fp)) == NULL)
goto error;
/* Select key algorithm structure. Currently only ssh-rsa. */
- if (!strcmp(b, "ssh-rsa"))
- alg = &ssh_rsa;
- else if (!strcmp(b, "ssh-dss"))
- alg = &ssh_dss;
- else {
+ alg = find_pubkey_alg(b);
+ if (!alg) {
sfree(b);
goto error;
}
sfree(b);
goto error;
}