Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/sshkey.c,v rcsdiff: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/sshkey.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.7.2.1 retrieving revision 1.7.2.2 diff -u -p -r1.7.2.1 -r1.7.2.2 --- src/crypto/external/bsd/openssh/dist/sshkey.c 2016/08/06 00:18:39 1.7.2.1 +++ src/crypto/external/bsd/openssh/dist/sshkey.c 2017/01/07 08:53:42 1.7.2.2 @@ -1,5 +1,6 @@ -/* $NetBSD: sshkey.c,v 1.7.2.1 2016/08/06 00:18:39 pgoyette Exp $ */ -/* $OpenBSD: sshkey.c,v 1.35 2016/06/19 07:48:02 djm Exp $ */ +/* $NetBSD: sshkey.c,v 1.7.2.2 2017/01/07 08:53:42 pgoyette Exp $ */ +/* $OpenBSD: sshkey.c,v 1.41 2016/10/24 01:09:17 dtucker Exp $ */ + /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -26,9 +27,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -__RCSID("$NetBSD: sshkey.c,v 1.7.2.1 2016/08/06 00:18:39 pgoyette Exp $"); +__RCSID("$NetBSD: sshkey.c,v 1.7.2.2 2017/01/07 08:53:42 pgoyette Exp $"); -#include /* MIN MAX */ #include #include @@ -187,7 +187,7 @@ sshkey_ecdsa_nid_from_name(const char *n } char * -key_alg_list(int certs_only, int plain_only) +sshkey_alg_list(int certs_only, int plain_only, char sep) { char *tmp, *ret = NULL; size_t nlen, rlen = 0; @@ -199,7 +199,7 @@ key_alg_list(int certs_only, int plain_o if ((certs_only && !kt->cert) || (plain_only && kt->cert)) continue; if (ret != NULL) - ret[rlen++] = '\n'; + ret[rlen++] = sep; nlen = strlen(kt->name); if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { free(ret); @@ -496,7 +496,6 @@ sshkey_new(int type) default: free(k); return NULL; - break; } if (sshkey_is_cert(k)) { @@ -865,9 +864,12 @@ sshkey_fingerprint_raw(const struct sshk int nlen = BN_num_bytes(k->rsa->n); int elen = BN_num_bytes(k->rsa->e); + if (nlen < 0 || elen < 0 || nlen >= INT_MAX - elen) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } blob_len = nlen + elen; - if (nlen >= INT_MAX - elen || - (blob = malloc(blob_len)) == NULL) { + if ((blob = malloc(blob_len)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -1059,10 +1061,10 @@ fingerprint_randomart(const char *alg, u y += (input & 0x2) ? 1 : -1; /* assure we are still in bounds */ - x = MAX(x, 0); - y = MAX(y, 0); - x = MIN(x, FLDSIZE_X - 1); - y = MIN(y, FLDSIZE_Y - 1); + x = MAXIMUM(x, 0); + y = MAXIMUM(y, 0); + x = MINIMUM(x, FLDSIZE_X - 1); + y = MINIMUM(y, FLDSIZE_Y - 1); /* augment the field */ if (field[x][y] < len - 2) @@ -1103,7 +1105,7 @@ fingerprint_randomart(const char *alg, u for (y = 0; y < FLDSIZE_Y; y++) { *p++ = '|'; for (x = 0; x < FLDSIZE_X; x++) - *p++ = augmentation_string[MIN(field[x][y], len)]; + *p++ = augmentation_string[MINIMUM(field[x][y], len)]; *p++ = '|'; *p++ = '\n'; } @@ -2815,6 +2817,14 @@ sshkey_ec_validate_public(const EC_GROUP BIGNUM *order, *x, *y, *tmp; int ret = SSH_ERR_KEY_INVALID_EC_VALUE; + /* + * NB. This assumes OpenSSL has already verified that the public + * point lies on the curve. This is done by EC_POINT_oct2point() + * implicitly calling EC_POINT_is_on_curve(). If this code is ever + * reachable with public points not unmarshalled using + * EC_POINT_oct2point then the caller will need to explicitly check. + */ + if ((bnctx = BN_CTX_new()) == NULL) return SSH_ERR_ALLOC_FAIL; BN_CTX_start(bnctx); @@ -2982,13 +2992,11 @@ sshkey_private_to_blob2(const struct ssh size_t i, pubkeylen, keylen, ivlen, blocksize, authlen; u_int check; int r = SSH_ERR_INTERNAL_ERROR; - struct sshcipher_ctx ciphercontext; + struct sshcipher_ctx *ciphercontext = NULL; const struct sshcipher *cipher; const char *kdfname = KDFNAME; struct sshbuf *encoded = NULL, *encrypted = NULL, *kdf = NULL; - memset(&ciphercontext, 0, sizeof(ciphercontext)); - if (rounds <= 0) rounds = DEFAULT_ROUNDS; if (passphrase == NULL || !strlen(passphrase)) { @@ -3075,7 +3083,7 @@ sshkey_private_to_blob2(const struct ssh if ((r = sshbuf_reserve(encoded, sshbuf_len(encrypted) + authlen, &cp)) != 0) goto out; - if ((r = cipher_crypt(&ciphercontext, 0, cp, + if ((r = cipher_crypt(ciphercontext, 0, cp, sshbuf_ptr(encrypted), sshbuf_len(encrypted), 0, authlen)) != 0) goto out; @@ -3107,7 +3115,7 @@ sshkey_private_to_blob2(const struct ssh sshbuf_free(kdf); sshbuf_free(encoded); sshbuf_free(encrypted); - cipher_cleanup(&ciphercontext); + cipher_free(ciphercontext); explicit_bzero(salt, sizeof(salt)); if (key != NULL) { explicit_bzero(key, keylen + ivlen); @@ -3136,12 +3144,11 @@ sshkey_parse_private2(struct sshbuf *blo size_t i, keylen = 0, ivlen = 0, authlen = 0, slen = 0; struct sshbuf *encoded = NULL, *decoded = NULL; struct sshbuf *kdf = NULL, *decrypted = NULL; - struct sshcipher_ctx ciphercontext; + struct sshcipher_ctx *ciphercontext = NULL; struct sshkey *k = NULL; u_char *key = NULL, *salt = NULL, *dp, pad, last; u_int blocksize, rounds, nkeys, encrypted_len, check1, check2; - memset(&ciphercontext, 0, sizeof(ciphercontext)); if (keyp != NULL) *keyp = NULL; if (commentp != NULL) @@ -3270,7 +3277,7 @@ sshkey_parse_private2(struct sshbuf *blo (r = cipher_init(&ciphercontext, cipher, key, keylen, key + keylen, ivlen, 0)) != 0) goto out; - if ((r = cipher_crypt(&ciphercontext, 0, dp, sshbuf_ptr(decoded), + if ((r = cipher_crypt(ciphercontext, 0, dp, sshbuf_ptr(decoded), encrypted_len, 0, authlen)) != 0) { /* an integrity error here indicates an incorrect passphrase */ if (r == SSH_ERR_MAC_INVALID) @@ -3324,7 +3331,7 @@ sshkey_parse_private2(struct sshbuf *blo } out: pad = 0; - cipher_cleanup(&ciphercontext); + cipher_free(ciphercontext); free(ciphername); free(kdfname); free(comment); @@ -3358,7 +3365,7 @@ sshkey_private_rsa1_to_blob(struct sshke struct sshbuf *buffer = NULL, *encrypted = NULL; u_char buf[8]; int r, cipher_num; - struct sshcipher_ctx ciphercontext; + struct sshcipher_ctx *ciphercontext = NULL; const struct sshcipher *cipher; u_char *cp; @@ -3428,16 +3435,14 @@ sshkey_private_rsa1_to_blob(struct sshke if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase, CIPHER_ENCRYPT)) != 0) goto out; - if ((r = cipher_crypt(&ciphercontext, 0, cp, + if ((r = cipher_crypt(ciphercontext, 0, cp, sshbuf_ptr(buffer), sshbuf_len(buffer), 0, 0)) != 0) goto out; - if ((r = cipher_cleanup(&ciphercontext)) != 0) - goto out; r = sshbuf_putb(blob, encrypted); out: - explicit_bzero(&ciphercontext, sizeof(ciphercontext)); + cipher_free(ciphercontext); explicit_bzero(buf, sizeof(buf)); sshbuf_free(buffer); sshbuf_free(encrypted); @@ -3601,7 +3606,7 @@ sshkey_parse_private_rsa1(struct sshbuf struct sshbuf *decrypted = NULL, *copy = NULL; u_char *cp; char *comment = NULL; - struct sshcipher_ctx ciphercontext; + struct sshcipher_ctx *ciphercontext = NULL; const struct sshcipher *cipher; struct sshkey *prv = NULL; @@ -3659,12 +3664,8 @@ sshkey_parse_private_rsa1(struct sshbuf if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase, CIPHER_DECRYPT)) != 0) goto out; - if ((r = cipher_crypt(&ciphercontext, 0, cp, - sshbuf_ptr(copy), sshbuf_len(copy), 0, 0)) != 0) { - cipher_cleanup(&ciphercontext); - goto out; - } - if ((r = cipher_cleanup(&ciphercontext)) != 0) + if ((r = cipher_crypt(ciphercontext, 0, cp, + sshbuf_ptr(copy), sshbuf_len(copy), 0, 0)) != 0) goto out; if ((r = sshbuf_get_u16(decrypted, &check1)) != 0 || @@ -3701,7 +3702,7 @@ sshkey_parse_private_rsa1(struct sshbuf comment = NULL; } out: - explicit_bzero(&ciphercontext, sizeof(ciphercontext)); + cipher_free(ciphercontext); free(comment); sshkey_free(prv); sshbuf_free(copy);