X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/222d54dc209210b6e43589c798e35e21273b4082..d2c2927496535d8d67042980001fadede5e19b99:/sshpubk.c diff --git a/sshpubk.c b/sshpubk.c index 1659acec..26baa431 100644 --- a/sshpubk.c +++ b/sshpubk.c @@ -182,17 +182,22 @@ int loadrsakey(const Filename *filename, struct RSAKey *key, char *passphrase, * key file. */ if (fgets(buf, sizeof(buf), fp) && !strcmp(buf, rsa_signature)) { + /* + * This routine will take care of calling fclose() for us. + */ ret = loadrsakey_main(fp, key, FALSE, NULL, passphrase, &error); + fp = NULL; goto end; } /* * Otherwise, we have nothing. Return empty-handed. */ - fclose(fp); error = "not an SSH-1 RSA file"; end: + if (fp) + fclose(fp); if ((ret != 1) && errorstr) *errorstr = error; return ret; @@ -217,6 +222,9 @@ int rsakey_encrypted(const Filename *filename, char **comment) */ if (fgets(buf, sizeof(buf), fp) && !strcmp(buf, rsa_signature)) { const char *dummy; + /* + * This routine will take care of calling fclose() for us. + */ return loadrsakey_main(fp, NULL, FALSE, comment, NULL, &dummy); } fclose(fp); @@ -258,13 +266,15 @@ int rsakey_pubblob(const Filename *filename, void **blob, int *bloblen, *blob = rsa_public_blob(&key, bloblen); freersakey(&key); ret = 1; + fp = NULL; } } else { error = "not an SSH-1 RSA file"; - fclose(fp); } end: + if (fp) + fclose(fp); if ((ret != 1) && errorstr) *errorstr = error; return ret; @@ -433,8 +443,7 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase) * data "putty-private-key-file-mac-key" * data passphrase * - * Encrypted keys should have a MAC, whereas unencrypted ones must - * have a hash. + * (An empty passphrase is used for unencrypted keys.) * * If the key is encrypted, the encryption key is derived from the * passphrase by means of a succession of SHA-1 hashes. Each hash @@ -606,6 +615,16 @@ struct ssh2_userkey ssh2_wrong_passphrase = { NULL, NULL, NULL }; +const struct ssh_signkey *find_pubkey_alg(const char *name) +{ + if (!strcmp(name, "ssh-rsa")) + return &ssh_rsa; + else if (!strcmp(name, "ssh-dss")) + return &ssh_dss; + else + return NULL; +} + struct ssh2_userkey *ssh2_load_userkey(const Filename *filename, char *passphrase, const char **errorstr) { @@ -647,11 +666,8 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename, if ((b = read_body(fp)) == NULL) goto error; /* Select key algorithm structure. */ - if (!strcmp(b, "ssh-rsa")) - alg = &ssh_rsa; - else if (!strcmp(b, "ssh-dss")) - alg = &ssh_dss; - else { + alg = find_pubkey_alg(b); + if (!alg) { sfree(b); goto error; } @@ -784,7 +800,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename, SHA_Init(&s); SHA_Bytes(&s, header, sizeof(header)-1); - if (passphrase) + if (cipher && passphrase) SHA_Bytes(&s, passphrase, passlen); SHA_Final(&s, mackey); @@ -808,6 +824,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename, /* An incorrect MAC is an unconditional Error if the key is * unencrypted. Otherwise, it means Wrong Passphrase. */ if (cipher) { + error = "wrong passphrase"; ret = SSH2_WRONG_PASSPHRASE; } else { error = "MAC failed"; @@ -836,7 +853,8 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename, sfree(public_blob); sfree(private_blob); sfree(encryption); - *errorstr = NULL; + if (errorstr) + *errorstr = NULL; return ret; /* @@ -890,11 +908,8 @@ char *ssh2_userkey_loadpub(const Filename *filename, char **algorithm, if ((b = read_body(fp)) == NULL) goto error; /* Select key algorithm structure. Currently only ssh-rsa. */ - if (!strcmp(b, "ssh-rsa")) - alg = &ssh_rsa; - else if (!strcmp(b, "ssh-dss")) - alg = &ssh_dss; - else { + alg = find_pubkey_alg(b); + if (!alg) { sfree(b); goto error; }