diff options
author | djm@openbsd.org <djm@openbsd.org> | 2022-10-28 00:44:44 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2022-10-28 12:47:01 +1100 |
commit | 27267642699342412964aa785b98afd69d952c88 (patch) | |
tree | b2aa59e6b542da8a1ece82e337cf38e4c253067b /ssh-rsa.c | |
parent | 2519a7077a9332f70935e5242ba91ee670ed6b87 (diff) | |
download | openssh-git-27267642699342412964aa785b98afd69d952c88.tar.gz |
upstream: refactor sshkey_private_deserialize
feedback/ok markus@
OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
Diffstat (limited to 'ssh-rsa.c')
-rw-r--r-- | ssh-rsa.c | 57 |
1 files changed, 56 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.76 2022/10/28 00:44:17 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.77 2022/10/28 00:44:44 djm Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> * @@ -233,6 +233,60 @@ ssh_rsa_deserialize_public(const char *ktype, struct sshbuf *b, return ret; } +static int +ssh_rsa_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; + BIGNUM *rsa_iqmp = NULL, *rsa_p = NULL, *rsa_q = NULL; + + /* Note: can't reuse ssh_rsa_deserialize_public: e, n vs. n, e */ + if (!sshkey_is_cert(key)) { + if ((r = sshbuf_get_bignum2(b, &rsa_n)) != 0 || + (r = sshbuf_get_bignum2(b, &rsa_e)) != 0) + goto out; + if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, NULL)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + rsa_n = rsa_e = NULL; /* transferred */ + } + if ((r = sshbuf_get_bignum2(b, &rsa_d)) != 0 || + (r = sshbuf_get_bignum2(b, &rsa_iqmp)) != 0 || + (r = sshbuf_get_bignum2(b, &rsa_p)) != 0 || + (r = sshbuf_get_bignum2(b, &rsa_q)) != 0) + goto out; + if (!RSA_set0_key(key->rsa, NULL, NULL, rsa_d)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + rsa_d = NULL; /* transferred */ + if (!RSA_set0_factors(key->rsa, rsa_p, rsa_q)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + rsa_p = rsa_q = NULL; /* transferred */ + if ((r = sshkey_check_rsa_length(key, 0)) != 0) + goto out; + if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0) + goto out; + if (RSA_blinding_on(key->rsa, NULL) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + /* success */ + r = 0; + out: + BN_clear_free(rsa_n); + BN_clear_free(rsa_e); + BN_clear_free(rsa_d); + BN_clear_free(rsa_p); + BN_clear_free(rsa_q); + BN_clear_free(rsa_iqmp); + return r; +} + static const char * rsa_hash_alg_ident(int hash_alg) { @@ -652,6 +706,7 @@ static const struct sshkey_impl_funcs sshkey_rsa_funcs = { /* .ssh_serialize_public = */ ssh_rsa_serialize_public, /* .ssh_deserialize_public = */ ssh_rsa_deserialize_public, /* .ssh_serialize_private = */ ssh_rsa_serialize_private, + /* .ssh_deserialize_private = */ ssh_rsa_deserialize_private, /* .generate = */ ssh_rsa_generate, /* .copy_public = */ ssh_rsa_copy_public, /* .sign = */ ssh_rsa_sign, |