Address issues of another PR#48 review
This commit is contained in:
parent
c08aa4b8b1
commit
e0e7ed914b
@ -156,7 +156,7 @@ diff -up openssh/dh.c.openssl openssh/dh.c
|
||||
dh_new_group_asc(const char *gen, const char *modulus)
|
||||
{
|
||||
DH *dh;
|
||||
+ BIGNUM *p, *g;
|
||||
+ BIGNUM *p = NULL, *g = NULL;
|
||||
|
||||
- if ((dh = DH_new()) == NULL)
|
||||
- return NULL;
|
||||
@ -225,7 +225,7 @@ diff -up openssh/digest-openssl.c.openssl openssh/digest-openssl.c
|
||||
}
|
||||
|
||||
struct ssh_digest_ctx *
|
||||
@@ -118,8 +118,9 @@ ssh_digest_start(int alg)
|
||||
@@ -118,8 +118,10 @@ ssh_digest_start(int alg)
|
||||
if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL))
|
||||
return NULL;
|
||||
ret->alg = alg;
|
||||
@ -234,6 +234,7 @@ diff -up openssh/digest-openssl.c.openssl openssh/digest-openssl.c
|
||||
+ ret->mdctx = EVP_MD_CTX_new();
|
||||
+ if (ret->mdctx == NULL ||
|
||||
+ EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) {
|
||||
+ EVP_MD_CTX_free(ret->mdctx);
|
||||
free(ret);
|
||||
return NULL;
|
||||
}
|
||||
@ -730,7 +731,7 @@ diff -up openssh/kexgsss.c.openssl openssh/kexgsss.c
|
||||
diff -up openssh/libcrypto-compat.c.openssl openssh/libcrypto-compat.c
|
||||
--- openssh/libcrypto-compat.c.openssl 2017-09-26 13:19:31.798249703 +0200
|
||||
+++ openssh/libcrypto-compat.c 2017-09-26 13:19:31.798249703 +0200
|
||||
@@ -0,0 +1,546 @@
|
||||
@@ -0,0 +1,428 @@
|
||||
+/*
|
||||
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
@ -1013,27 +1014,6 @@ diff -up openssh/libcrypto-compat.c.openssl openssh/libcrypto-compat.c
|
||||
+ *priv_key = dh->priv_key;
|
||||
+}
|
||||
+
|
||||
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
|
||||
+{
|
||||
+ /* If the field pub_key in dh is NULL, the corresponding input
|
||||
+ * parameters MUST be non-NULL. The priv_key field may
|
||||
+ * be left NULL.
|
||||
+ */
|
||||
+ if (dh->pub_key == NULL && pub_key == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (pub_key != NULL) {
|
||||
+ BN_free(dh->pub_key);
|
||||
+ dh->pub_key = pub_key;
|
||||
+ }
|
||||
+ if (priv_key != NULL) {
|
||||
+ BN_free(dh->priv_key);
|
||||
+ dh->priv_key = priv_key;
|
||||
+ }
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int DH_set_length(DH *dh, long length)
|
||||
+{
|
||||
+ dh->length = length;
|
||||
@ -1179,108 +1159,11 @@ diff -up openssh/libcrypto-compat.c.openssl openssh/libcrypto-compat.c
|
||||
+ return pkey->pkey.rsa;
|
||||
+}
|
||||
+
|
||||
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
|
||||
+{
|
||||
+ EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
|
||||
+
|
||||
+ if (cipher != NULL) {
|
||||
+ cipher->nid = cipher_type;
|
||||
+ cipher->block_size = block_size;
|
||||
+ cipher->key_len = key_len;
|
||||
+ }
|
||||
+ return cipher;
|
||||
+}
|
||||
+
|
||||
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
|
||||
+{
|
||||
+ OPENSSL_free(cipher);
|
||||
+}
|
||||
+
|
||||
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
|
||||
+{
|
||||
+ cipher->iv_len = iv_len;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags)
|
||||
+{
|
||||
+ cipher->flags = flags;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
|
||||
+ int (*init) (EVP_CIPHER_CTX *ctx,
|
||||
+ const unsigned char *key,
|
||||
+ const unsigned char *iv,
|
||||
+ int enc))
|
||||
+{
|
||||
+ cipher->init = init;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
|
||||
+ int (*do_cipher) (EVP_CIPHER_CTX *ctx,
|
||||
+ unsigned char *out,
|
||||
+ const unsigned char *in,
|
||||
+ size_t inl))
|
||||
+{
|
||||
+ cipher->do_cipher = do_cipher;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
|
||||
+ int (*cleanup) (EVP_CIPHER_CTX *))
|
||||
+{
|
||||
+ cipher->cleanup = cleanup;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
|
||||
+ int (*ctrl) (EVP_CIPHER_CTX *, int type,
|
||||
+ int arg, void *ptr))
|
||||
+{
|
||||
+ cipher->ctrl = ctrl;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
|
||||
+ const unsigned char *key,
|
||||
+ const unsigned char *iv,
|
||||
+ int enc)
|
||||
+{
|
||||
+ return cipher->init;
|
||||
+}
|
||||
+
|
||||
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
|
||||
+ unsigned char *out,
|
||||
+ const unsigned char *in,
|
||||
+ size_t inl)
|
||||
+{
|
||||
+ return cipher->do_cipher;
|
||||
+}
|
||||
+
|
||||
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *)
|
||||
+{
|
||||
+ return cipher->cleanup;
|
||||
+}
|
||||
+
|
||||
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
|
||||
+ int type, int arg,
|
||||
+ void *ptr)
|
||||
+{
|
||||
+ return cipher->ctrl;
|
||||
+}
|
||||
+
|
||||
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
|
||||
+{
|
||||
+ return ctx->encrypt;
|
||||
+}
|
||||
+
|
||||
+#endif /* OPENSSL_VERSION_NUMBER */
|
||||
diff -up openssh/libcrypto-compat.h.openssl openssh/libcrypto-compat.h
|
||||
--- openssh/libcrypto-compat.h.openssl 2017-09-26 13:19:31.798249703 +0200
|
||||
+++ openssh/libcrypto-compat.h 2017-09-26 13:19:31.798249703 +0200
|
||||
@@ -0,0 +1,98 @@
|
||||
@@ -0,0 +1,59 @@
|
||||
+#ifndef LIBCRYPTO_COMPAT_H
|
||||
+#define LIBCRYPTO_COMPAT_H
|
||||
+
|
||||
@ -1313,7 +1196,6 @@ diff -up openssh/libcrypto-compat.h.openssl openssh/libcrypto-compat.h
|
||||
+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
|
||||
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
|
||||
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
|
||||
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
|
||||
+int DH_set_length(DH *dh, long length);
|
||||
+
|
||||
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
|
||||
@ -1337,44 +1219,6 @@ diff -up openssh/libcrypto-compat.h.openssl openssh/libcrypto-compat.h
|
||||
+
|
||||
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
|
||||
+
|
||||
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
|
||||
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
|
||||
+
|
||||
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
|
||||
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
|
||||
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
|
||||
+ int (*init) (EVP_CIPHER_CTX *ctx,
|
||||
+ const unsigned char *key,
|
||||
+ const unsigned char *iv,
|
||||
+ int enc));
|
||||
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
|
||||
+ int (*do_cipher) (EVP_CIPHER_CTX *ctx,
|
||||
+ unsigned char *out,
|
||||
+ const unsigned char *in,
|
||||
+ size_t inl));
|
||||
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
|
||||
+ int (*cleanup) (EVP_CIPHER_CTX *));
|
||||
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
|
||||
+ int (*ctrl) (EVP_CIPHER_CTX *, int type,
|
||||
+ int arg, void *ptr));
|
||||
+
|
||||
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
|
||||
+ const unsigned char *key,
|
||||
+ const unsigned char *iv,
|
||||
+ int enc);
|
||||
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
|
||||
+ unsigned char *out,
|
||||
+ const unsigned char *in,
|
||||
+ size_t inl);
|
||||
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
|
||||
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
|
||||
+ int type, int arg,
|
||||
+ void *ptr);
|
||||
+
|
||||
+#define EVP_CIPHER_CTX_reset(c) EVP_CIPHER_CTX_init(c)
|
||||
+
|
||||
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
|
||||
+
|
||||
+#endif /* OPENSSL_VERSION_NUMBER */
|
||||
+
|
||||
+#endif /* LIBCRYPTO_COMPAT_H */
|
||||
@ -2652,7 +2496,7 @@ diff -up openssh/sshkey.h.openssl openssh/sshkey.h
|
||||
diff -up openssh/ssh-pkcs11-client.c.openssl openssh/ssh-pkcs11-client.c
|
||||
--- openssh/ssh-pkcs11-client.c.openssl 2017-09-19 06:26:43.000000000 +0200
|
||||
+++ openssh/ssh-pkcs11-client.c 2017-09-26 13:19:31.803249734 +0200
|
||||
@@ -143,12 +143,14 @@ pkcs11_rsa_private_encrypt(int flen, con
|
||||
@@ -143,12 +143,16 @@ pkcs11_rsa_private_encrypt(int flen, con
|
||||
static int
|
||||
wrap_key(RSA *rsa)
|
||||
{
|
||||
@ -2665,6 +2509,8 @@ diff -up openssh/ssh-pkcs11-client.c.openssl openssh/ssh-pkcs11-client.c
|
||||
- RSA_set_method(rsa, &helper_rsa);
|
||||
+ if (helper_rsa == NULL) {
|
||||
+ helper_rsa = RSA_meth_dup(RSA_get_default_method());
|
||||
+ if (helper_rsa == NULL)
|
||||
+ error("RSA_meth_dup failed");
|
||||
+ RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper");
|
||||
+ RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt);
|
||||
+ }
|
||||
@ -2684,6 +2530,14 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
|
||||
char *keyid;
|
||||
int keyid_len;
|
||||
};
|
||||
@@ -183,6 +183,7 @@ pkcs11_rsa_finish(RSA *rsa)
|
||||
if (k11->provider)
|
||||
pkcs11_provider_unref(k11->provider);
|
||||
free(k11->keyid);
|
||||
+ RSA_meth_free(k11->rsa_method);
|
||||
free(k11);
|
||||
}
|
||||
return (rv);
|
||||
@@ -326,13 +326,21 @@ pkcs11_rsa_wrap(struct pkcs11_provider *
|
||||
k11->keyid = xmalloc(k11->keyid_len);
|
||||
memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
|
||||
@ -2721,7 +2575,7 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
|
||||
|
||||
f = p->function_list;
|
||||
session = p->slotinfo[slotidx].session;
|
||||
@@ -512,10 +521,14 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
|
||||
@@ -512,10 +521,16 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
|
||||
if ((rsa = RSA_new()) == NULL) {
|
||||
error("RSA_new failed");
|
||||
} else {
|
||||
@ -2733,6 +2587,8 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
|
||||
- rsa->e = BN_bin2bn(attribs[2].pValue,
|
||||
+ rsa_e = BN_bin2bn(attribs[2].pValue,
|
||||
attribs[2].ulValueLen, NULL);
|
||||
+ if (rsa_n == NULL || rsa_e == NULL)
|
||||
+ error("BN_bin2bn failed");
|
||||
+ if (RSA_set0_key(rsa, rsa_n, rsa_e, NULL) == 0)
|
||||
+ error("RSA_set0_key failed");
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user