forked from rpms/openssh
Address issues of another PR#48 review
This commit is contained in:
parent
c08aa4b8b1
commit
e0e7ed914b
@ -156,7 +156,7 @@ diff -up openssh/dh.c.openssl openssh/dh.c
|
|||||||
dh_new_group_asc(const char *gen, const char *modulus)
|
dh_new_group_asc(const char *gen, const char *modulus)
|
||||||
{
|
{
|
||||||
DH *dh;
|
DH *dh;
|
||||||
+ BIGNUM *p, *g;
|
+ BIGNUM *p = NULL, *g = NULL;
|
||||||
|
|
||||||
- if ((dh = DH_new()) == NULL)
|
- if ((dh = DH_new()) == NULL)
|
||||||
- return NULL;
|
- return NULL;
|
||||||
@ -225,7 +225,7 @@ diff -up openssh/digest-openssl.c.openssl openssh/digest-openssl.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
struct ssh_digest_ctx *
|
struct ssh_digest_ctx *
|
||||||
@@ -118,8 +118,9 @@ ssh_digest_start(int alg)
|
@@ -118,8 +118,10 @@ ssh_digest_start(int alg)
|
||||||
if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL))
|
if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL))
|
||||||
return NULL;
|
return NULL;
|
||||||
ret->alg = alg;
|
ret->alg = alg;
|
||||||
@ -234,6 +234,7 @@ diff -up openssh/digest-openssl.c.openssl openssh/digest-openssl.c
|
|||||||
+ ret->mdctx = EVP_MD_CTX_new();
|
+ ret->mdctx = EVP_MD_CTX_new();
|
||||||
+ if (ret->mdctx == NULL ||
|
+ if (ret->mdctx == NULL ||
|
||||||
+ EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) {
|
+ EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) {
|
||||||
|
+ EVP_MD_CTX_free(ret->mdctx);
|
||||||
free(ret);
|
free(ret);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -730,7 +731,7 @@ diff -up openssh/kexgsss.c.openssl openssh/kexgsss.c
|
|||||||
diff -up openssh/libcrypto-compat.c.openssl openssh/libcrypto-compat.c
|
diff -up openssh/libcrypto-compat.c.openssl openssh/libcrypto-compat.c
|
||||||
--- openssh/libcrypto-compat.c.openssl 2017-09-26 13:19:31.798249703 +0200
|
--- openssh/libcrypto-compat.c.openssl 2017-09-26 13:19:31.798249703 +0200
|
||||||
+++ openssh/libcrypto-compat.c 2017-09-26 13:19:31.798249703 +0200
|
+++ openssh/libcrypto-compat.c 2017-09-26 13:19:31.798249703 +0200
|
||||||
@@ -0,0 +1,546 @@
|
@@ -0,0 +1,428 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
+ *
|
+ *
|
||||||
@ -1013,27 +1014,6 @@ diff -up openssh/libcrypto-compat.c.openssl openssh/libcrypto-compat.c
|
|||||||
+ *priv_key = dh->priv_key;
|
+ *priv_key = dh->priv_key;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
|
|
||||||
+{
|
|
||||||
+ /* If the field pub_key in dh is NULL, the corresponding input
|
|
||||||
+ * parameters MUST be non-NULL. The priv_key field may
|
|
||||||
+ * be left NULL.
|
|
||||||
+ */
|
|
||||||
+ if (dh->pub_key == NULL && pub_key == NULL)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ if (pub_key != NULL) {
|
|
||||||
+ BN_free(dh->pub_key);
|
|
||||||
+ dh->pub_key = pub_key;
|
|
||||||
+ }
|
|
||||||
+ if (priv_key != NULL) {
|
|
||||||
+ BN_free(dh->priv_key);
|
|
||||||
+ dh->priv_key = priv_key;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int DH_set_length(DH *dh, long length)
|
+int DH_set_length(DH *dh, long length)
|
||||||
+{
|
+{
|
||||||
+ dh->length = length;
|
+ dh->length = length;
|
||||||
@ -1179,108 +1159,11 @@ diff -up openssh/libcrypto-compat.c.openssl openssh/libcrypto-compat.c
|
|||||||
+ return pkey->pkey.rsa;
|
+ return pkey->pkey.rsa;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
|
|
||||||
+{
|
|
||||||
+ EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
|
|
||||||
+
|
|
||||||
+ if (cipher != NULL) {
|
|
||||||
+ cipher->nid = cipher_type;
|
|
||||||
+ cipher->block_size = block_size;
|
|
||||||
+ cipher->key_len = key_len;
|
|
||||||
+ }
|
|
||||||
+ return cipher;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
|
|
||||||
+{
|
|
||||||
+ OPENSSL_free(cipher);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
|
|
||||||
+{
|
|
||||||
+ cipher->iv_len = iv_len;
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags)
|
|
||||||
+{
|
|
||||||
+ cipher->flags = flags;
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
|
|
||||||
+ int (*init) (EVP_CIPHER_CTX *ctx,
|
|
||||||
+ const unsigned char *key,
|
|
||||||
+ const unsigned char *iv,
|
|
||||||
+ int enc))
|
|
||||||
+{
|
|
||||||
+ cipher->init = init;
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
|
|
||||||
+ int (*do_cipher) (EVP_CIPHER_CTX *ctx,
|
|
||||||
+ unsigned char *out,
|
|
||||||
+ const unsigned char *in,
|
|
||||||
+ size_t inl))
|
|
||||||
+{
|
|
||||||
+ cipher->do_cipher = do_cipher;
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
|
|
||||||
+ int (*cleanup) (EVP_CIPHER_CTX *))
|
|
||||||
+{
|
|
||||||
+ cipher->cleanup = cleanup;
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
|
|
||||||
+ int (*ctrl) (EVP_CIPHER_CTX *, int type,
|
|
||||||
+ int arg, void *ptr))
|
|
||||||
+{
|
|
||||||
+ cipher->ctrl = ctrl;
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
|
|
||||||
+ const unsigned char *key,
|
|
||||||
+ const unsigned char *iv,
|
|
||||||
+ int enc)
|
|
||||||
+{
|
|
||||||
+ return cipher->init;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
|
|
||||||
+ unsigned char *out,
|
|
||||||
+ const unsigned char *in,
|
|
||||||
+ size_t inl)
|
|
||||||
+{
|
|
||||||
+ return cipher->do_cipher;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *)
|
|
||||||
+{
|
|
||||||
+ return cipher->cleanup;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
|
|
||||||
+ int type, int arg,
|
|
||||||
+ void *ptr)
|
|
||||||
+{
|
|
||||||
+ return cipher->ctrl;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
|
|
||||||
+{
|
|
||||||
+ return ctx->encrypt;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#endif /* OPENSSL_VERSION_NUMBER */
|
+#endif /* OPENSSL_VERSION_NUMBER */
|
||||||
diff -up openssh/libcrypto-compat.h.openssl openssh/libcrypto-compat.h
|
diff -up openssh/libcrypto-compat.h.openssl openssh/libcrypto-compat.h
|
||||||
--- openssh/libcrypto-compat.h.openssl 2017-09-26 13:19:31.798249703 +0200
|
--- openssh/libcrypto-compat.h.openssl 2017-09-26 13:19:31.798249703 +0200
|
||||||
+++ openssh/libcrypto-compat.h 2017-09-26 13:19:31.798249703 +0200
|
+++ openssh/libcrypto-compat.h 2017-09-26 13:19:31.798249703 +0200
|
||||||
@@ -0,0 +1,98 @@
|
@@ -0,0 +1,59 @@
|
||||||
+#ifndef LIBCRYPTO_COMPAT_H
|
+#ifndef LIBCRYPTO_COMPAT_H
|
||||||
+#define LIBCRYPTO_COMPAT_H
|
+#define LIBCRYPTO_COMPAT_H
|
||||||
+
|
+
|
||||||
@ -1313,7 +1196,6 @@ diff -up openssh/libcrypto-compat.h.openssl openssh/libcrypto-compat.h
|
|||||||
+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
|
+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
|
||||||
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
|
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
|
||||||
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
|
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
|
||||||
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
|
|
||||||
+int DH_set_length(DH *dh, long length);
|
+int DH_set_length(DH *dh, long length);
|
||||||
+
|
+
|
||||||
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
|
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
|
||||||
@ -1337,44 +1219,6 @@ diff -up openssh/libcrypto-compat.h.openssl openssh/libcrypto-compat.h
|
|||||||
+
|
+
|
||||||
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
|
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
|
||||||
+
|
+
|
||||||
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
|
|
||||||
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
|
|
||||||
+
|
|
||||||
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
|
|
||||||
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
|
|
||||||
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
|
|
||||||
+ int (*init) (EVP_CIPHER_CTX *ctx,
|
|
||||||
+ const unsigned char *key,
|
|
||||||
+ const unsigned char *iv,
|
|
||||||
+ int enc));
|
|
||||||
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
|
|
||||||
+ int (*do_cipher) (EVP_CIPHER_CTX *ctx,
|
|
||||||
+ unsigned char *out,
|
|
||||||
+ const unsigned char *in,
|
|
||||||
+ size_t inl));
|
|
||||||
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
|
|
||||||
+ int (*cleanup) (EVP_CIPHER_CTX *));
|
|
||||||
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
|
|
||||||
+ int (*ctrl) (EVP_CIPHER_CTX *, int type,
|
|
||||||
+ int arg, void *ptr));
|
|
||||||
+
|
|
||||||
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
|
|
||||||
+ const unsigned char *key,
|
|
||||||
+ const unsigned char *iv,
|
|
||||||
+ int enc);
|
|
||||||
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
|
|
||||||
+ unsigned char *out,
|
|
||||||
+ const unsigned char *in,
|
|
||||||
+ size_t inl);
|
|
||||||
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
|
|
||||||
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
|
|
||||||
+ int type, int arg,
|
|
||||||
+ void *ptr);
|
|
||||||
+
|
|
||||||
+#define EVP_CIPHER_CTX_reset(c) EVP_CIPHER_CTX_init(c)
|
|
||||||
+
|
|
||||||
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
|
|
||||||
+
|
|
||||||
+#endif /* OPENSSL_VERSION_NUMBER */
|
+#endif /* OPENSSL_VERSION_NUMBER */
|
||||||
+
|
+
|
||||||
+#endif /* LIBCRYPTO_COMPAT_H */
|
+#endif /* LIBCRYPTO_COMPAT_H */
|
||||||
@ -2652,7 +2496,7 @@ diff -up openssh/sshkey.h.openssl openssh/sshkey.h
|
|||||||
diff -up openssh/ssh-pkcs11-client.c.openssl openssh/ssh-pkcs11-client.c
|
diff -up openssh/ssh-pkcs11-client.c.openssl openssh/ssh-pkcs11-client.c
|
||||||
--- openssh/ssh-pkcs11-client.c.openssl 2017-09-19 06:26:43.000000000 +0200
|
--- openssh/ssh-pkcs11-client.c.openssl 2017-09-19 06:26:43.000000000 +0200
|
||||||
+++ openssh/ssh-pkcs11-client.c 2017-09-26 13:19:31.803249734 +0200
|
+++ openssh/ssh-pkcs11-client.c 2017-09-26 13:19:31.803249734 +0200
|
||||||
@@ -143,12 +143,14 @@ pkcs11_rsa_private_encrypt(int flen, con
|
@@ -143,12 +143,16 @@ pkcs11_rsa_private_encrypt(int flen, con
|
||||||
static int
|
static int
|
||||||
wrap_key(RSA *rsa)
|
wrap_key(RSA *rsa)
|
||||||
{
|
{
|
||||||
@ -2665,6 +2509,8 @@ diff -up openssh/ssh-pkcs11-client.c.openssl openssh/ssh-pkcs11-client.c
|
|||||||
- RSA_set_method(rsa, &helper_rsa);
|
- RSA_set_method(rsa, &helper_rsa);
|
||||||
+ if (helper_rsa == NULL) {
|
+ if (helper_rsa == NULL) {
|
||||||
+ helper_rsa = RSA_meth_dup(RSA_get_default_method());
|
+ helper_rsa = RSA_meth_dup(RSA_get_default_method());
|
||||||
|
+ if (helper_rsa == NULL)
|
||||||
|
+ error("RSA_meth_dup failed");
|
||||||
+ RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper");
|
+ RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper");
|
||||||
+ RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt);
|
+ RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt);
|
||||||
+ }
|
+ }
|
||||||
@ -2684,6 +2530,14 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
|
|||||||
char *keyid;
|
char *keyid;
|
||||||
int keyid_len;
|
int keyid_len;
|
||||||
};
|
};
|
||||||
|
@@ -183,6 +183,7 @@ pkcs11_rsa_finish(RSA *rsa)
|
||||||
|
if (k11->provider)
|
||||||
|
pkcs11_provider_unref(k11->provider);
|
||||||
|
free(k11->keyid);
|
||||||
|
+ RSA_meth_free(k11->rsa_method);
|
||||||
|
free(k11);
|
||||||
|
}
|
||||||
|
return (rv);
|
||||||
@@ -326,13 +326,21 @@ pkcs11_rsa_wrap(struct pkcs11_provider *
|
@@ -326,13 +326,21 @@ pkcs11_rsa_wrap(struct pkcs11_provider *
|
||||||
k11->keyid = xmalloc(k11->keyid_len);
|
k11->keyid = xmalloc(k11->keyid_len);
|
||||||
memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
|
memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
|
||||||
@ -2721,7 +2575,7 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
|
|||||||
|
|
||||||
f = p->function_list;
|
f = p->function_list;
|
||||||
session = p->slotinfo[slotidx].session;
|
session = p->slotinfo[slotidx].session;
|
||||||
@@ -512,10 +521,14 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
|
@@ -512,10 +521,16 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
|
||||||
if ((rsa = RSA_new()) == NULL) {
|
if ((rsa = RSA_new()) == NULL) {
|
||||||
error("RSA_new failed");
|
error("RSA_new failed");
|
||||||
} else {
|
} else {
|
||||||
@ -2733,6 +2587,8 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
|
|||||||
- rsa->e = BN_bin2bn(attribs[2].pValue,
|
- rsa->e = BN_bin2bn(attribs[2].pValue,
|
||||||
+ rsa_e = BN_bin2bn(attribs[2].pValue,
|
+ rsa_e = BN_bin2bn(attribs[2].pValue,
|
||||||
attribs[2].ulValueLen, NULL);
|
attribs[2].ulValueLen, NULL);
|
||||||
|
+ if (rsa_n == NULL || rsa_e == NULL)
|
||||||
|
+ error("BN_bin2bn failed");
|
||||||
+ if (RSA_set0_key(rsa, rsa_n, rsa_e, NULL) == 0)
|
+ if (RSA_set0_key(rsa, rsa_n, rsa_e, NULL) == 0)
|
||||||
+ error("RSA_set0_key failed");
|
+ error("RSA_set0_key failed");
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user