comparison keyimport.c @ 340:454a34b2dfd1

Fixes from Erik Hovland: cli-authpubkey.c: fix leak of keybuf cli-kex.c: fix leak of fingerprint fp cli-service.c: remove commented out code dropbearkey.c: don't attepmt to free NULL key on failure common-kex.c: only free key if it is initialised keyimport.c: remove dead encrypted-key code don't leak a FILE* loading OpenSSH keys rsa.c, dss.c: check return values for some libtommath functions svr-kex.c: check return value retrieving DH kex mpint svr-tcpfwd.c: fix null-dereference if remote tcp forward request fails tcp-accept.c: don't incorrectly free the tcpinfo var
author Matt Johnston <matt@ucc.asn.au>
date Fri, 07 Jul 2006 09:17:18 +0000
parents ac890087b8c1
children 9dbc0c443497
comparison
equal deleted inserted replaced
339:31743c9bdf78 340:454a34b2dfd1
359 }; 359 };
360 360
361 static struct openssh_key *load_openssh_key(const char *filename) 361 static struct openssh_key *load_openssh_key(const char *filename)
362 { 362 {
363 struct openssh_key *ret; 363 struct openssh_key *ret;
364 FILE *fp; 364 FILE *fp = NULL;
365 char buffer[256]; 365 char buffer[256];
366 char *errmsg = NULL, *p = NULL; 366 char *errmsg = NULL, *p = NULL;
367 int headers_done; 367 int headers_done;
368 unsigned long len, outlen; 368 unsigned long len, outlen;
369 369
480 m_free(ret->keyblob); 480 m_free(ret->keyblob);
481 } 481 }
482 memset(&ret, 0, sizeof(ret)); 482 memset(&ret, 0, sizeof(ret));
483 m_free(ret); 483 m_free(ret);
484 } 484 }
485 if (fp) {
486 fclose(fp);
487 }
485 if (errmsg) { 488 if (errmsg) {
486 fprintf(stderr, "Error: %s\n", errmsg); 489 fprintf(stderr, "Error: %s\n", errmsg);
487 } 490 }
488 return NULL; 491 return NULL;
489 } 492 }
924 * Encrypt the key. 927 * Encrypt the key.
925 */ 928 */
926 if (passphrase) { 929 if (passphrase) {
927 fprintf(stderr, "Encrypted keys aren't supported currently\n"); 930 fprintf(stderr, "Encrypted keys aren't supported currently\n");
928 goto error; 931 goto error;
929 #if 0
930 /*
931 * Invent an iv. Then derive encryption key from passphrase
932 * and iv/salt:
933 *
934 * - let block A equal MD5(passphrase || iv)
935 * - let block B equal MD5(A || passphrase || iv)
936 * - block C would be MD5(B || passphrase || iv) and so on
937 * - encryption key is the first N bytes of A || B
938 */
939 struct MD5Context md5c;
940 unsigned char keybuf[32];
941
942 for (i = 0; i < 8; i++) iv[i] = random_byte();
943
944 MD5Init(&md5c);
945 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
946 MD5Update(&md5c, iv, 8);
947 MD5Final(keybuf, &md5c);
948
949 MD5Init(&md5c);
950 MD5Update(&md5c, keybuf, 16);
951 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
952 MD5Update(&md5c, iv, 8);
953 MD5Final(keybuf+16, &md5c);
954
955 /*
956 * Now encrypt the key blob.
957 */
958 des3_encrypt_pubkey_ossh(keybuf, iv, outblob, outlen);
959
960 memset(&md5c, 0, sizeof(md5c));
961 memset(keybuf, 0, sizeof(keybuf));
962 #endif
963 } 932 }
964 933
965 /* 934 /*
966 * And save it. We'll use Unix line endings just in case it's 935 * And save it. We'll use Unix line endings just in case it's
967 * subsequently transferred in binary mode. 936 * subsequently transferred in binary mode.
974 if (!fp) { 943 if (!fp) {
975 fprintf(stderr, "Failed opening output file\n"); 944 fprintf(stderr, "Failed opening output file\n");
976 goto error; 945 goto error;
977 } 946 }
978 fputs(header, fp); 947 fputs(header, fp);
979 if (passphrase) {
980 fprintf(fp, "Proc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,");
981 for (i = 0; i < 8; i++)
982 fprintf(fp, "%02X", iv[i]);
983 fprintf(fp, "\n\n");
984 }
985 base64_encode_fp(fp, outblob, outlen, 64); 948 base64_encode_fp(fp, outblob, outlen, 64);
986 fputs(footer, fp); 949 fputs(footer, fp);
987 fclose(fp); 950 fclose(fp);
988 ret = 1; 951 ret = 1;
989 952