vendor/openssh/6.3p1

author: Dag-Erling Smørgrav <des@FreeBSD.org> 2013-09-18 17:27:38 +0000
committer: Dag-Erling Smørgrav <des@FreeBSD.org> 2013-09-18 17:27:38 +0000
commit: 0dddc34c88de4b0421dbb5279ad265a3615cc0bf (patch)
tree: a3ace41867a87a4a940a57f82cd20c283e6aa7cb /key.c
parent: caafb97d9eb8cad8284ac8a5ce9c3926538bb862 (diff)
download: src-test2-0dddc34c88de4b0421dbb5279ad265a3615cc0bf.tar.gz
src-test2-0dddc34c88de4b0421dbb5279ad265a3615cc0bf.zip
1 files changed, 125 insertions, 161 deletions
diff --git a/key.c b/key.c
index 4cc5c5d35a83..55ee78998b74 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.100 2013/01/17 23:00:01 djm Exp $ */
+/* $OpenBSD: key.c,v 1.104 2013/05/19 02:42:42 djm Exp $ */
 /*
  * read_bignum():
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -187,14 +187,13 @@ cert_free(struct KeyCert *cert)
 	buffer_free(&cert->certblob);
 	buffer_free(&cert->critical);
 	buffer_free(&cert->extensions);
-	if (cert->key_id != NULL)
-		xfree(cert->key_id);
+	free(cert->key_id);
 	for (i = 0; i < cert->nprincipals; i++)
-		xfree(cert->principals[i]);
-	if (cert->principals != NULL)
-		xfree(cert->principals);
+		free(cert->principals[i]);
+	free(cert->principals);
 	if (cert->signature_key != NULL)
 		key_free(cert->signature_key);
+	free(cert);
 }
 
 void
@@ -238,7 +237,7 @@ key_free(Key *k)
 		k->cert = NULL;
 	}
 
-	xfree(k);
+	free(k);
 }
 
 static int
@@ -388,7 +387,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
 		EVP_DigestUpdate(&ctx, blob, len);
 		EVP_DigestFinal(&ctx, retval, dgst_raw_length);
 		memset(blob, 0, len);
-		xfree(blob);
+		free(blob);
 	} else {
 		fatal("key_fingerprint_raw: blob is null");
 	}
@@ -570,7 +569,7 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
 }
 
 char *
-key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
+key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
 {
 	char *retval = NULL;
 	u_char *dgst_raw;
@@ -595,7 +594,7 @@ key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
 		break;
 	}
 	memset(dgst_raw, 0, dgst_raw_len);
-	xfree(dgst_raw);
+	free(dgst_raw);
 	return retval;
 }
 
@@ -740,11 +739,11 @@ key_read(Key *ret, char **cpp)
 		n = uudecode(cp, blob, len);
 		if (n < 0) {
 			error("key_read: uudecode %s failed", cp);
-			xfree(blob);
+			free(blob);
 			return -1;
 		}
 		k = key_from_blob(blob, (u_int)n);
-		xfree(blob);
+		free(blob);
 		if (k == NULL) {
 			error("key_read: key_from_blob %s failed", cp);
 			return -1;
@@ -885,43 +884,13 @@ key_write(const Key *key, FILE *f)
 		fprintf(f, "%s %s", key_ssh_name(key), uu);
 		success = 1;
 	}
-	xfree(blob);
-	xfree(uu);
+	free(blob);
+	free(uu);
 
 	return success;
 }
 
 const char *
-key_type(const Key *k)
-{
-	switch (k->type) {
-	case KEY_RSA1:
-		return "RSA1";
-	case KEY_RSA:
-		return "RSA";
-	case KEY_DSA:
-		return "DSA";
-#ifdef OPENSSL_HAS_ECC
-	case KEY_ECDSA:
-		return "ECDSA";
-#endif
-	case KEY_RSA_CERT_V00:
-		return "RSA-CERT-V00";
-	case KEY_DSA_CERT_V00:
-		return "DSA-CERT-V00";
-	case KEY_RSA_CERT:
-		return "RSA-CERT";
-	case KEY_DSA_CERT:
-		return "DSA-CERT";
-#ifdef OPENSSL_HAS_ECC
-	case KEY_ECDSA_CERT:
-		return "ECDSA-CERT";
-#endif
-	}
-	return "unknown";
-}
-
-const char *
 key_cert_type(const Key *k)
 {
 	switch (k->cert->type) {
@@ -934,48 +903,59 @@ key_cert_type(const Key *k)
 	}
 }
 
+struct keytype {
+	char *name;
+	char *shortname;
+	int type;
+	int nid;
+	int cert;
+};
+static const struct keytype keytypes[] = {
+	{ NULL, "RSA1", KEY_RSA1, 0, 0 },
+	{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
+	{ "ssh-dss", "DSA", KEY_DSA, 0, 0 },
+#ifdef OPENSSL_HAS_ECC
+	{ "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 },
+	{ "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 },
+	{ "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 },
+#endif /* OPENSSL_HAS_ECC */
+	{ "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 },
+	{ "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 },
+#ifdef OPENSSL_HAS_ECC
+	{ "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT",
+	    KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 },
+	{ "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT",
+	    KEY_ECDSA_CERT, NID_secp384r1, 1 },
+	{ "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT",
+	    KEY_ECDSA_CERT, NID_secp521r1, 1 },
+#endif /* OPENSSL_HAS_ECC */
+	{ "ssh-rsa-cert-v00@openssh.com", "RSA-CERT-V00",
+	    KEY_RSA_CERT_V00, 0, 1 },
+	{ "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00",
+	    KEY_DSA_CERT_V00, 0, 1 },
+	{ NULL, NULL, -1, -1, 0 }
+};
+
+const char *
+key_type(const Key *k)
+{
+	const struct keytype *kt;
+
+	for (kt = keytypes; kt->type != -1; kt++) {
+		if (kt->type == k->type)
+			return kt->shortname;
+	}
+	return "unknown";
+}
+
 static const char *
 key_ssh_name_from_type_nid(int type, int nid)
 {
-	switch (type) {
-	case KEY_RSA:
-		return "ssh-rsa";
-	case KEY_DSA:
-		return "ssh-dss";
-	case KEY_RSA_CERT_V00:
-		return "ssh-rsa-cert-v00@openssh.com";
-	case KEY_DSA_CERT_V00:
-		return "ssh-dss-cert-v00@openssh.com";
-	case KEY_RSA_CERT:
-		return "ssh-rsa-cert-v01@openssh.com";
-	case KEY_DSA_CERT:
-		return "ssh-dss-cert-v01@openssh.com";
-#ifdef OPENSSL_HAS_ECC
-	case KEY_ECDSA:
-		switch (nid) {
-		case NID_X9_62_prime256v1:
-			return "ecdsa-sha2-nistp256";
-		case NID_secp384r1:
-			return "ecdsa-sha2-nistp384";
-		case NID_secp521r1:
-			return "ecdsa-sha2-nistp521";
-		default:
-			break;
-		}
-		break;
-	case KEY_ECDSA_CERT:
-		switch (nid) {
-		case NID_X9_62_prime256v1:
-			return "ecdsa-sha2-nistp256-cert-v01@openssh.com";
-		case NID_secp384r1:
-			return "ecdsa-sha2-nistp384-cert-v01@openssh.com";
-		case NID_secp521r1:
-			return "ecdsa-sha2-nistp521-cert-v01@openssh.com";
-		default:
-			break;
-		}
-		break;
-#endif /* OPENSSL_HAS_ECC */
+	const struct keytype *kt;
+
+	for (kt = keytypes; kt->type != -1; kt++) {
+		if (kt->type == type && (kt->nid == 0 || kt->nid == nid))
+			return kt->name;
 	}
 	return "ssh-unknown";
 }
@@ -993,6 +973,56 @@ key_ssh_name_plain(const Key *k)
 	    k->ecdsa_nid);
 }
 
+int
+key_type_from_name(char *name)
+{
+	const struct keytype *kt;
+
+	for (kt = keytypes; kt->type != -1; kt++) {
+		/* Only allow shortname matches for plain key types */
+		if ((kt->name != NULL && strcmp(name, kt->name) == 0) ||
+		    (!kt->cert && strcasecmp(kt->shortname, name) == 0))
+			return kt->type;
+	}
+	debug2("key_type_from_name: unknown key type '%s'", name);
+	return KEY_UNSPEC;
+}
+
+int
+key_ecdsa_nid_from_name(const char *name)
+{
+	const struct keytype *kt;
+
+	for (kt = keytypes; kt->type != -1; kt++) {
+		if (kt->type != KEY_ECDSA && kt->type != KEY_ECDSA_CERT)
+			continue;
+		if (kt->name != NULL && strcmp(name, kt->name) == 0)
+			return kt->nid;
+	}
+	debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name);
+	return -1;
+}
+
+char *
+key_alg_list(void)
+{
+	char *ret = NULL;
+	size_t nlen, rlen = 0;
+	const struct keytype *kt;
+
+	for (kt = keytypes; kt->type != -1; kt++) {
+		if (kt->name == NULL)
+			continue;
+		if (ret != NULL)
+			ret[rlen++] = '\n';
+		nlen = strlen(kt->name);
+		ret = xrealloc(ret, 1, rlen + nlen + 2);
+		memcpy(ret + rlen, kt->name, nlen + 1);
+		rlen += nlen;
+	}
+	return ret;
+}
+
 u_int
 key_size(const Key *k)
 {
@@ -1248,65 +1278,6 @@ key_from_private(const Key *k)
 }
 
 int
-key_type_from_name(char *name)
-{
-	if (strcmp(name, "rsa1") == 0) {
-		return KEY_RSA1;
-	} else if (strcmp(name, "rsa") == 0) {
-		return KEY_RSA;
-	} else if (strcmp(name, "dsa") == 0) {
-		return KEY_DSA;
-	} else if (strcmp(name, "ssh-rsa") == 0) {
-		return KEY_RSA;
-	} else if (strcmp(name, "ssh-dss") == 0) {
-		return KEY_DSA;
-#ifdef OPENSSL_HAS_ECC
-	} else if (strcmp(name, "ecdsa") == 0 ||
-	    strcmp(name, "ecdsa-sha2-nistp256") == 0 ||
-	    strcmp(name, "ecdsa-sha2-nistp384") == 0 ||
-	    strcmp(name, "ecdsa-sha2-nistp521") == 0) {
-		return KEY_ECDSA;
-#endif
-	} else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) {
-		return KEY_RSA_CERT_V00;
-	} else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) {
-		return KEY_DSA_CERT_V00;
-	} else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) {
-		return KEY_RSA_CERT;
-	} else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
-		return KEY_DSA_CERT;
-#ifdef OPENSSL_HAS_ECC
-	} else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0 ||
-	    strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0 ||
-	    strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) {
-		return KEY_ECDSA_CERT;
-#endif
-	}
-
-	debug2("key_type_from_name: unknown key type '%s'", name);
-	return KEY_UNSPEC;
-}
-
-int
-key_ecdsa_nid_from_name(const char *name)
-{
-#ifdef OPENSSL_HAS_ECC
-	if (strcmp(name, "ecdsa-sha2-nistp256") == 0 ||
-	    strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0)
-		return NID_X9_62_prime256v1;
-	if (strcmp(name, "ecdsa-sha2-nistp384") == 0 ||
-	    strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0)
-		return NID_secp384r1;
-	if (strcmp(name, "ecdsa-sha2-nistp521") == 0 ||
-	    strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0)
-		return NID_secp521r1;
-#endif /* OPENSSL_HAS_ECC */
-
-	debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name);
-	return -1;
-}
-
-int
 key_names_valid2(const char *names)
 {
 	char *s, *cp, *p;
@@ -1319,12 +1290,12 @@ key_names_valid2(const char *names)
 		switch (key_type_from_name(p)) {
 		case KEY_RSA1:
 		case KEY_UNSPEC:
-			xfree(s);
+			free(s);
 			return 0;
 		}
 	}
 	debug3("key names ok: [%s]", names);
-	xfree(s);
+	free(s);
 	return 1;
 }
 
@@ -1446,16 +1417,11 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen)
 
  out:
 	buffer_free(&tmp);
-	if (principals != NULL)
-		xfree(principals);
-	if (critical != NULL)
-		xfree(critical);
-	if (exts != NULL)
-		xfree(exts);
-	if (sig_key != NULL)
-		xfree(sig_key);
-	if (sig != NULL)
-		xfree(sig);
+	free(principals);
+	free(critical);
+	free(exts);
+	free(sig_key);
+	free(sig);
 	return ret;
 }
 
@@ -1575,10 +1541,8 @@ key_from_blob(const u_char *blob, u_int blen)
 	if (key != NULL && rlen != 0)
 		error("key_from_blob: remaining bytes in key blob %d", rlen);
  out:
-	if (ktype != NULL)
-		xfree(ktype);
-	if (curve != NULL)
-		xfree(curve);
+	free(ktype);
+	free(curve);
 #ifdef OPENSSL_HAS_ECC
 	if (q != NULL)
 		EC_POINT_free(q);
@@ -1928,7 +1892,7 @@ key_certify(Key *k, Key *ca)
 	default:
 		error("%s: key has incorrect type %s", __func__, key_type(k));
 		buffer_clear(&k->cert->certblob);
-		xfree(ca_blob);
+		free(ca_blob);
 		return -1;
 	}
 
@@ -1964,7 +1928,7 @@ key_certify(Key *k, Key *ca)
 
 	buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */
 	buffer_put_string(&k->cert->certblob, ca_blob, ca_len);
-	xfree(ca_blob);
+	free(ca_blob);
 
 	/* Sign the whole mess */
 	if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob),
@@ -1975,7 +1939,7 @@ key_certify(Key *k, Key *ca)
 	}
 	/* Append signature and we are done */
 	buffer_put_string(&k->cert->certblob, sig_blob, sig_len);
-	xfree(sig_blob);
+	free(sig_blob);
 
 	return 0;
 }
author	Dag-Erling Smørgrav <des@FreeBSD.org>	2013-09-18 17:27:38 +0000
committer	Dag-Erling Smørgrav <des@FreeBSD.org>	2013-09-18 17:27:38 +0000
commit	0dddc34c88de4b0421dbb5279ad265a3615cc0bf (patch)
tree	a3ace41867a87a4a940a57f82cd20c283e6aa7cb /key.c
parent	caafb97d9eb8cad8284ac8a5ce9c3926538bb862 (diff)
download	src-test2-0dddc34c88de4b0421dbb5279ad265a3615cc0bf.tar.gz src-test2-0dddc34c88de4b0421dbb5279ad265a3615cc0bf.zip