summaryrefslogtreecommitdiff
path: root/sshkey.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2016-08-03 05:41:57 +0000
committerDarren Tucker <dtucker@zip.com.au>2016-08-09 09:06:52 +1000
commit4706c1d8c15cd5565b59512853c2da9bd4ca26c9 (patch)
tree81ff9de3bdf3627b382bb4b808cf0e0612f4424f /sshkey.c
parente600348a7afd6325cc5cd783cb424065cbc20434 (diff)
upstream commit
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@ Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f
Diffstat (limited to 'sshkey.c')
-rw-r--r--sshkey.c37
1 files changed, 14 insertions, 23 deletions
diff --git a/sshkey.c b/sshkey.c
index c9f04cd6..166ac714 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.35 2016/06/19 07:48:02 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.36 2016/08/03 05:41:57 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -3029,13 +3029,11 @@ sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob,
size_t i, pubkeylen, keylen, ivlen, blocksize, authlen;
u_int check;
int r = SSH_ERR_INTERNAL_ERROR;
- struct sshcipher_ctx ciphercontext;
+ struct sshcipher_ctx *ciphercontext = NULL;
const struct sshcipher *cipher;
const char *kdfname = KDFNAME;
struct sshbuf *encoded = NULL, *encrypted = NULL, *kdf = NULL;
- memset(&ciphercontext, 0, sizeof(ciphercontext));
-
if (rounds <= 0)
rounds = DEFAULT_ROUNDS;
if (passphrase == NULL || !strlen(passphrase)) {
@@ -3122,7 +3120,7 @@ sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob,
if ((r = sshbuf_reserve(encoded,
sshbuf_len(encrypted) + authlen, &cp)) != 0)
goto out;
- if ((r = cipher_crypt(&ciphercontext, 0, cp,
+ if ((r = cipher_crypt(ciphercontext, 0, cp,
sshbuf_ptr(encrypted), sshbuf_len(encrypted), 0, authlen)) != 0)
goto out;
@@ -3154,7 +3152,7 @@ sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob,
sshbuf_free(kdf);
sshbuf_free(encoded);
sshbuf_free(encrypted);
- cipher_cleanup(&ciphercontext);
+ cipher_free(ciphercontext);
explicit_bzero(salt, sizeof(salt));
if (key != NULL) {
explicit_bzero(key, keylen + ivlen);
@@ -3183,12 +3181,11 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
size_t i, keylen = 0, ivlen = 0, authlen = 0, slen = 0;
struct sshbuf *encoded = NULL, *decoded = NULL;
struct sshbuf *kdf = NULL, *decrypted = NULL;
- struct sshcipher_ctx ciphercontext;
+ struct sshcipher_ctx *ciphercontext = NULL;
struct sshkey *k = NULL;
u_char *key = NULL, *salt = NULL, *dp, pad, last;
u_int blocksize, rounds, nkeys, encrypted_len, check1, check2;
- memset(&ciphercontext, 0, sizeof(ciphercontext));
if (keyp != NULL)
*keyp = NULL;
if (commentp != NULL)
@@ -3317,7 +3314,7 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
(r = cipher_init(&ciphercontext, cipher, key, keylen,
key + keylen, ivlen, 0)) != 0)
goto out;
- if ((r = cipher_crypt(&ciphercontext, 0, dp, sshbuf_ptr(decoded),
+ if ((r = cipher_crypt(ciphercontext, 0, dp, sshbuf_ptr(decoded),
encrypted_len, 0, authlen)) != 0) {
/* an integrity error here indicates an incorrect passphrase */
if (r == SSH_ERR_MAC_INVALID)
@@ -3371,7 +3368,7 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
}
out:
pad = 0;
- cipher_cleanup(&ciphercontext);
+ cipher_free(ciphercontext);
free(ciphername);
free(kdfname);
free(comment);
@@ -3405,7 +3402,7 @@ sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob,
struct sshbuf *buffer = NULL, *encrypted = NULL;
u_char buf[8];
int r, cipher_num;
- struct sshcipher_ctx ciphercontext;
+ struct sshcipher_ctx *ciphercontext = NULL;
const struct sshcipher *cipher;
u_char *cp;
@@ -3475,16 +3472,14 @@ sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob,
if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase,
CIPHER_ENCRYPT)) != 0)
goto out;
- if ((r = cipher_crypt(&ciphercontext, 0, cp,
+ if ((r = cipher_crypt(ciphercontext, 0, cp,
sshbuf_ptr(buffer), sshbuf_len(buffer), 0, 0)) != 0)
goto out;
- if ((r = cipher_cleanup(&ciphercontext)) != 0)
- goto out;
r = sshbuf_putb(blob, encrypted);
out:
- explicit_bzero(&ciphercontext, sizeof(ciphercontext));
+ cipher_free(ciphercontext);
explicit_bzero(buf, sizeof(buf));
sshbuf_free(buffer);
sshbuf_free(encrypted);
@@ -3654,7 +3649,7 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase,
struct sshbuf *decrypted = NULL, *copy = NULL;
u_char *cp;
char *comment = NULL;
- struct sshcipher_ctx ciphercontext;
+ struct sshcipher_ctx *ciphercontext = NULL;
const struct sshcipher *cipher;
struct sshkey *prv = NULL;
@@ -3712,12 +3707,8 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase,
if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase,
CIPHER_DECRYPT)) != 0)
goto out;
- if ((r = cipher_crypt(&ciphercontext, 0, cp,
- sshbuf_ptr(copy), sshbuf_len(copy), 0, 0)) != 0) {
- cipher_cleanup(&ciphercontext);
- goto out;
- }
- if ((r = cipher_cleanup(&ciphercontext)) != 0)
+ if ((r = cipher_crypt(ciphercontext, 0, cp,
+ sshbuf_ptr(copy), sshbuf_len(copy), 0, 0)) != 0)
goto out;
if ((r = sshbuf_get_u16(decrypted, &check1)) != 0 ||
@@ -3754,7 +3745,7 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase,
comment = NULL;
}
out:
- explicit_bzero(&ciphercontext, sizeof(ciphercontext));
+ cipher_free(ciphercontext);
free(comment);
sshkey_free(prv);
sshbuf_free(copy);