Address issues of another PR#48 review
This commit is contained in:
		
							parent
							
								
									c08aa4b8b1
								
							
						
					
					
						commit
						e0e7ed914b
					
				| @ -156,7 +156,7 @@ diff -up openssh/dh.c.openssl openssh/dh.c | ||||
|  dh_new_group_asc(const char *gen, const char *modulus) | ||||
|  { | ||||
|  	DH *dh; | ||||
| +	BIGNUM *p, *g;
 | ||||
| +	BIGNUM *p = NULL, *g = NULL;
 | ||||
|   | ||||
| -	if ((dh = DH_new()) == NULL)
 | ||||
| -		return NULL;
 | ||||
| @ -225,7 +225,7 @@ diff -up openssh/digest-openssl.c.openssl openssh/digest-openssl.c | ||||
|  } | ||||
|   | ||||
|  struct ssh_digest_ctx * | ||||
| @@ -118,8 +118,9 @@ ssh_digest_start(int alg)
 | ||||
| @@ -118,8 +118,10 @@ ssh_digest_start(int alg)
 | ||||
|  	if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL)) | ||||
|  		return NULL; | ||||
|  	ret->alg = alg; | ||||
| @ -234,6 +234,7 @@ diff -up openssh/digest-openssl.c.openssl openssh/digest-openssl.c | ||||
| +	ret->mdctx = EVP_MD_CTX_new();
 | ||||
| +	if (ret->mdctx == NULL ||
 | ||||
| +	    EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) {
 | ||||
| +		EVP_MD_CTX_free(ret->mdctx);
 | ||||
|  		free(ret); | ||||
|  		return NULL; | ||||
|  	} | ||||
| @ -730,7 +731,7 @@ diff -up openssh/kexgsss.c.openssl openssh/kexgsss.c | ||||
| diff -up openssh/libcrypto-compat.c.openssl openssh/libcrypto-compat.c
 | ||||
| --- openssh/libcrypto-compat.c.openssl	2017-09-26 13:19:31.798249703 +0200
 | ||||
| +++ openssh/libcrypto-compat.c	2017-09-26 13:19:31.798249703 +0200
 | ||||
| @@ -0,0 +1,546 @@
 | ||||
| @@ -0,0 +1,428 @@
 | ||||
| +/*
 | ||||
| + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
 | ||||
| + *
 | ||||
| @ -1013,27 +1014,6 @@ diff -up openssh/libcrypto-compat.c.openssl openssh/libcrypto-compat.c | ||||
| +        *priv_key = dh->priv_key;
 | ||||
| +}
 | ||||
| +
 | ||||
| +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
 | ||||
| +{
 | ||||
| +    /* If the field pub_key in dh is NULL, the corresponding input
 | ||||
| +     * parameters MUST be non-NULL.  The priv_key field may
 | ||||
| +     * be left NULL.
 | ||||
| +     */
 | ||||
| +    if (dh->pub_key == NULL && pub_key == NULL)
 | ||||
| +        return 0;
 | ||||
| +
 | ||||
| +    if (pub_key != NULL) {
 | ||||
| +        BN_free(dh->pub_key);
 | ||||
| +        dh->pub_key = pub_key;
 | ||||
| +    }
 | ||||
| +    if (priv_key != NULL) {
 | ||||
| +        BN_free(dh->priv_key);
 | ||||
| +        dh->priv_key = priv_key;
 | ||||
| +    }
 | ||||
| +
 | ||||
| +    return 1;
 | ||||
| +}
 | ||||
| +
 | ||||
| +int DH_set_length(DH *dh, long length)
 | ||||
| +{
 | ||||
| +    dh->length = length;
 | ||||
| @ -1179,108 +1159,11 @@ diff -up openssh/libcrypto-compat.c.openssl openssh/libcrypto-compat.c | ||||
| +    return pkey->pkey.rsa;
 | ||||
| +}
 | ||||
| +
 | ||||
| +EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
 | ||||
| +{
 | ||||
| +    EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
 | ||||
| +
 | ||||
| +    if (cipher != NULL) {
 | ||||
| +        cipher->nid = cipher_type;
 | ||||
| +        cipher->block_size = block_size;
 | ||||
| +        cipher->key_len = key_len;
 | ||||
| +    }
 | ||||
| +    return cipher;
 | ||||
| +}
 | ||||
| +
 | ||||
| +void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
 | ||||
| +{
 | ||||
| +    OPENSSL_free(cipher);
 | ||||
| +}
 | ||||
| +
 | ||||
| +int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
 | ||||
| +{
 | ||||
| +    cipher->iv_len = iv_len;
 | ||||
| +    return 1;
 | ||||
| +}
 | ||||
| +
 | ||||
| +int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags)
 | ||||
| +{
 | ||||
| +    cipher->flags = flags;
 | ||||
| +    return 1;
 | ||||
| +}
 | ||||
| +
 | ||||
| +int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
 | ||||
| +                             int (*init) (EVP_CIPHER_CTX *ctx,
 | ||||
| +                                          const unsigned char *key,
 | ||||
| +                                          const unsigned char *iv,
 | ||||
| +                                          int enc))
 | ||||
| +{
 | ||||
| +    cipher->init = init;
 | ||||
| +    return 1;
 | ||||
| +}
 | ||||
| +
 | ||||
| +int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
 | ||||
| +                                  int (*do_cipher) (EVP_CIPHER_CTX *ctx,
 | ||||
| +                                                    unsigned char *out,
 | ||||
| +                                                    const unsigned char *in,
 | ||||
| +                                                    size_t inl))
 | ||||
| +{
 | ||||
| +    cipher->do_cipher = do_cipher;
 | ||||
| +    return 1;
 | ||||
| +}
 | ||||
| +
 | ||||
| +int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
 | ||||
| +                                int (*cleanup) (EVP_CIPHER_CTX *))
 | ||||
| +{
 | ||||
| +    cipher->cleanup = cleanup;
 | ||||
| +    return 1;
 | ||||
| +}
 | ||||
| +
 | ||||
| +int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
 | ||||
| +                             int (*ctrl) (EVP_CIPHER_CTX *, int type,
 | ||||
| +                                          int arg, void *ptr))
 | ||||
| +{
 | ||||
| +    cipher->ctrl = ctrl;
 | ||||
| +    return 1;
 | ||||
| +}
 | ||||
| +
 | ||||
| +int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
 | ||||
| +                                                          const unsigned char *key,
 | ||||
| +                                                          const unsigned char *iv,
 | ||||
| +                                                          int enc)
 | ||||
| +{
 | ||||
| +    return cipher->init;
 | ||||
| +}
 | ||||
| +
 | ||||
| +int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
 | ||||
| +                                                               unsigned char *out,
 | ||||
| +                                                               const unsigned char *in,
 | ||||
| +                                                               size_t inl)
 | ||||
| +{
 | ||||
| +    return cipher->do_cipher;
 | ||||
| +}
 | ||||
| +
 | ||||
| +int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *)
 | ||||
| +{
 | ||||
| +    return cipher->cleanup;
 | ||||
| +}
 | ||||
| +
 | ||||
| +int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
 | ||||
| +                                                          int type, int arg,
 | ||||
| +                                                          void *ptr)
 | ||||
| +{
 | ||||
| +    return cipher->ctrl;
 | ||||
| +}
 | ||||
| +
 | ||||
| +int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
 | ||||
| +{
 | ||||
| +    return ctx->encrypt;
 | ||||
| +}
 | ||||
| +
 | ||||
| +#endif /* OPENSSL_VERSION_NUMBER */
 | ||||
| diff -up openssh/libcrypto-compat.h.openssl openssh/libcrypto-compat.h
 | ||||
| --- openssh/libcrypto-compat.h.openssl	2017-09-26 13:19:31.798249703 +0200
 | ||||
| +++ openssh/libcrypto-compat.h	2017-09-26 13:19:31.798249703 +0200
 | ||||
| @@ -0,0 +1,98 @@
 | ||||
| @@ -0,0 +1,59 @@
 | ||||
| +#ifndef LIBCRYPTO_COMPAT_H
 | ||||
| +#define LIBCRYPTO_COMPAT_H
 | ||||
| +
 | ||||
| @ -1313,7 +1196,6 @@ diff -up openssh/libcrypto-compat.h.openssl openssh/libcrypto-compat.h | ||||
| +void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
 | ||||
| +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
 | ||||
| +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
 | ||||
| +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
 | ||||
| +int DH_set_length(DH *dh, long length);
 | ||||
| +
 | ||||
| +const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
 | ||||
| @ -1337,44 +1219,6 @@ diff -up openssh/libcrypto-compat.h.openssl openssh/libcrypto-compat.h | ||||
| +
 | ||||
| +RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
 | ||||
| +
 | ||||
| +EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
 | ||||
| +void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
 | ||||
| +
 | ||||
| +int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
 | ||||
| +int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
 | ||||
| +int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
 | ||||
| +                             int (*init) (EVP_CIPHER_CTX *ctx,
 | ||||
| +                                          const unsigned char *key,
 | ||||
| +                                          const unsigned char *iv,
 | ||||
| +                                          int enc));
 | ||||
| +int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
 | ||||
| +                                  int (*do_cipher) (EVP_CIPHER_CTX *ctx,
 | ||||
| +                                                    unsigned char *out,
 | ||||
| +                                                    const unsigned char *in,
 | ||||
| +                                                    size_t inl));
 | ||||
| +int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
 | ||||
| +                                int (*cleanup) (EVP_CIPHER_CTX *));
 | ||||
| +int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
 | ||||
| +                             int (*ctrl) (EVP_CIPHER_CTX *, int type,
 | ||||
| +                                          int arg, void *ptr));
 | ||||
| +
 | ||||
| +int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
 | ||||
| +                                                          const unsigned char *key,
 | ||||
| +                                                          const unsigned char *iv,
 | ||||
| +                                                          int enc);
 | ||||
| +int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
 | ||||
| +                                                               unsigned char *out,
 | ||||
| +                                                               const unsigned char *in,
 | ||||
| +                                                               size_t inl);
 | ||||
| +int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
 | ||||
| +int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
 | ||||
| +                                                          int type, int arg,
 | ||||
| +                                                          void *ptr);
 | ||||
| +
 | ||||
| +#define EVP_CIPHER_CTX_reset(c)      EVP_CIPHER_CTX_init(c)
 | ||||
| +
 | ||||
| +int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
 | ||||
| +
 | ||||
| +#endif /* OPENSSL_VERSION_NUMBER */
 | ||||
| +
 | ||||
| +#endif /* LIBCRYPTO_COMPAT_H */
 | ||||
| @ -2652,7 +2496,7 @@ diff -up openssh/sshkey.h.openssl openssh/sshkey.h | ||||
| diff -up openssh/ssh-pkcs11-client.c.openssl openssh/ssh-pkcs11-client.c
 | ||||
| --- openssh/ssh-pkcs11-client.c.openssl	2017-09-19 06:26:43.000000000 +0200
 | ||||
| +++ openssh/ssh-pkcs11-client.c	2017-09-26 13:19:31.803249734 +0200
 | ||||
| @@ -143,12 +143,14 @@ pkcs11_rsa_private_encrypt(int flen, con
 | ||||
| @@ -143,12 +143,16 @@ pkcs11_rsa_private_encrypt(int flen, con
 | ||||
|  static int | ||||
|  wrap_key(RSA *rsa) | ||||
|  { | ||||
| @ -2665,6 +2509,8 @@ diff -up openssh/ssh-pkcs11-client.c.openssl openssh/ssh-pkcs11-client.c | ||||
| -	RSA_set_method(rsa, &helper_rsa);
 | ||||
| +	if (helper_rsa == NULL) {
 | ||||
| +		helper_rsa = RSA_meth_dup(RSA_get_default_method());
 | ||||
| +		if (helper_rsa == NULL)
 | ||||
| +			error("RSA_meth_dup failed");
 | ||||
| +		RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper");
 | ||||
| +		RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt);
 | ||||
| +	}
 | ||||
| @ -2684,6 +2530,14 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c | ||||
|  	char			*keyid; | ||||
|  	int			keyid_len; | ||||
|  }; | ||||
| @@ -183,6 +183,7 @@ pkcs11_rsa_finish(RSA *rsa)
 | ||||
|  		if (k11->provider) | ||||
|  			pkcs11_provider_unref(k11->provider); | ||||
|  		free(k11->keyid); | ||||
| +		RSA_meth_free(k11->rsa_method);
 | ||||
|  		free(k11); | ||||
|  	} | ||||
|  	return (rv); | ||||
| @@ -326,13 +326,21 @@ pkcs11_rsa_wrap(struct pkcs11_provider *
 | ||||
|  		k11->keyid = xmalloc(k11->keyid_len); | ||||
|  		memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); | ||||
| @ -2721,7 +2575,7 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c | ||||
|   | ||||
|  	f = p->function_list; | ||||
|  	session = p->slotinfo[slotidx].session; | ||||
| @@ -512,10 +521,14 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
 | ||||
| @@ -512,10 +521,16 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
 | ||||
|  			if ((rsa = RSA_new()) == NULL) { | ||||
|  				error("RSA_new failed"); | ||||
|  			} else { | ||||
| @ -2733,6 +2587,8 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c | ||||
| -				rsa->e = BN_bin2bn(attribs[2].pValue,
 | ||||
| +				rsa_e = BN_bin2bn(attribs[2].pValue,
 | ||||
|  				    attribs[2].ulValueLen, NULL); | ||||
| +				if (rsa_n == NULL || rsa_e == NULL)
 | ||||
| +					error("BN_bin2bn failed");
 | ||||
| +				if (RSA_set0_key(rsa, rsa_n, rsa_e, NULL) == 0)
 | ||||
| +					error("RSA_set0_key failed");
 | ||||
|  			} | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user