Mercurial > dropbear
comparison keyimport.c @ 340:454a34b2dfd1
Fixes from Erik Hovland:
cli-authpubkey.c:
fix leak of keybuf
cli-kex.c:
fix leak of fingerprint fp
cli-service.c:
remove commented out code
dropbearkey.c:
don't attepmt to free NULL key on failure
common-kex.c:
only free key if it is initialised
keyimport.c:
remove dead encrypted-key code
don't leak a FILE* loading OpenSSH keys
rsa.c, dss.c:
check return values for some libtommath functions
svr-kex.c:
check return value retrieving DH kex mpint
svr-tcpfwd.c:
fix null-dereference if remote tcp forward request fails
tcp-accept.c:
don't incorrectly free the tcpinfo var
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 07 Jul 2006 09:17:18 +0000 |
parents | ac890087b8c1 |
children | 9dbc0c443497 |
comparison
equal
deleted
inserted
replaced
339:31743c9bdf78 | 340:454a34b2dfd1 |
---|---|
359 }; | 359 }; |
360 | 360 |
361 static struct openssh_key *load_openssh_key(const char *filename) | 361 static struct openssh_key *load_openssh_key(const char *filename) |
362 { | 362 { |
363 struct openssh_key *ret; | 363 struct openssh_key *ret; |
364 FILE *fp; | 364 FILE *fp = NULL; |
365 char buffer[256]; | 365 char buffer[256]; |
366 char *errmsg = NULL, *p = NULL; | 366 char *errmsg = NULL, *p = NULL; |
367 int headers_done; | 367 int headers_done; |
368 unsigned long len, outlen; | 368 unsigned long len, outlen; |
369 | 369 |
480 m_free(ret->keyblob); | 480 m_free(ret->keyblob); |
481 } | 481 } |
482 memset(&ret, 0, sizeof(ret)); | 482 memset(&ret, 0, sizeof(ret)); |
483 m_free(ret); | 483 m_free(ret); |
484 } | 484 } |
485 if (fp) { | |
486 fclose(fp); | |
487 } | |
485 if (errmsg) { | 488 if (errmsg) { |
486 fprintf(stderr, "Error: %s\n", errmsg); | 489 fprintf(stderr, "Error: %s\n", errmsg); |
487 } | 490 } |
488 return NULL; | 491 return NULL; |
489 } | 492 } |
924 * Encrypt the key. | 927 * Encrypt the key. |
925 */ | 928 */ |
926 if (passphrase) { | 929 if (passphrase) { |
927 fprintf(stderr, "Encrypted keys aren't supported currently\n"); | 930 fprintf(stderr, "Encrypted keys aren't supported currently\n"); |
928 goto error; | 931 goto error; |
929 #if 0 | |
930 /* | |
931 * Invent an iv. Then derive encryption key from passphrase | |
932 * and iv/salt: | |
933 * | |
934 * - let block A equal MD5(passphrase || iv) | |
935 * - let block B equal MD5(A || passphrase || iv) | |
936 * - block C would be MD5(B || passphrase || iv) and so on | |
937 * - encryption key is the first N bytes of A || B | |
938 */ | |
939 struct MD5Context md5c; | |
940 unsigned char keybuf[32]; | |
941 | |
942 for (i = 0; i < 8; i++) iv[i] = random_byte(); | |
943 | |
944 MD5Init(&md5c); | |
945 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
946 MD5Update(&md5c, iv, 8); | |
947 MD5Final(keybuf, &md5c); | |
948 | |
949 MD5Init(&md5c); | |
950 MD5Update(&md5c, keybuf, 16); | |
951 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
952 MD5Update(&md5c, iv, 8); | |
953 MD5Final(keybuf+16, &md5c); | |
954 | |
955 /* | |
956 * Now encrypt the key blob. | |
957 */ | |
958 des3_encrypt_pubkey_ossh(keybuf, iv, outblob, outlen); | |
959 | |
960 memset(&md5c, 0, sizeof(md5c)); | |
961 memset(keybuf, 0, sizeof(keybuf)); | |
962 #endif | |
963 } | 932 } |
964 | 933 |
965 /* | 934 /* |
966 * And save it. We'll use Unix line endings just in case it's | 935 * And save it. We'll use Unix line endings just in case it's |
967 * subsequently transferred in binary mode. | 936 * subsequently transferred in binary mode. |
974 if (!fp) { | 943 if (!fp) { |
975 fprintf(stderr, "Failed opening output file\n"); | 944 fprintf(stderr, "Failed opening output file\n"); |
976 goto error; | 945 goto error; |
977 } | 946 } |
978 fputs(header, fp); | 947 fputs(header, fp); |
979 if (passphrase) { | |
980 fprintf(fp, "Proc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,"); | |
981 for (i = 0; i < 8; i++) | |
982 fprintf(fp, "%02X", iv[i]); | |
983 fprintf(fp, "\n\n"); | |
984 } | |
985 base64_encode_fp(fp, outblob, outlen, 64); | 948 base64_encode_fp(fp, outblob, outlen, 64); |
986 fputs(footer, fp); | 949 fputs(footer, fp); |
987 fclose(fp); | 950 fclose(fp); |
988 ret = 1; | 951 ret = 1; |
989 | 952 |