upstream: refactor sshkey_from_private()

feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
author: djm@openbsd.org <djm@openbsd.org> 2022-10-28 00:41:17 +0000
committer: Damien Miller <djm@mindrot.org> 2022-10-28 12:46:59 +1100
commit: 7d00799c935271ce89300494c5677190779f6453 (patch)
tree: 14b674e5ef56ed3f05af8b38c446b8f1cf5c2f39 /sshkey.c
parent: 262647c2e920492ca57f1b9320d74f4a0f6e482b (diff)
download: openssh-git-7d00799c935271ce89300494c5677190779f6453.tar.gz
1 files changed, 14 insertions, 125 deletions
diff --git a/sshkey.c b/sshkey.c
index 61f1ee4b..93debae3 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.127 2022/10/28 00:39:29 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.128 2022/10/28 00:41:17 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -1439,132 +1439,30 @@ sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key)
 }
 
 int
+sshkey_copy_public_sk(const struct sshkey *from, struct sshkey *to)
+{
+	/* Append security-key application string */
+	if ((to->sk_application = strdup(from->sk_application)) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	return 0;
+}
+
+int
 sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
 {
 	struct sshkey *n = NULL;
 	int r = SSH_ERR_INTERNAL_ERROR;
-#ifdef WITH_OPENSSL
-	const BIGNUM *rsa_n, *rsa_e;
-	BIGNUM *rsa_n_dup = NULL, *rsa_e_dup = NULL;
-	const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;
-	BIGNUM *dsa_p_dup = NULL, *dsa_q_dup = NULL, *dsa_g_dup = NULL;
-	BIGNUM *dsa_pub_key_dup = NULL;
-#endif /* WITH_OPENSSL */
+	const struct sshkey_impl *impl;
 
 	*pkp = NULL;
+	if ((impl = sshkey_impl_from_key(k)) == NULL)
+		return SSH_ERR_KEY_TYPE_UNKNOWN;
 	if ((n = sshkey_new(k->type)) == NULL) {
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	switch (k->type) {
-#ifdef WITH_OPENSSL
-	case KEY_DSA:
-	case KEY_DSA_CERT:
-		DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g);
-		DSA_get0_key(k->dsa, &dsa_pub_key, NULL);
-		if ((dsa_p_dup = BN_dup(dsa_p)) == NULL ||
-		    (dsa_q_dup = BN_dup(dsa_q)) == NULL ||
-		    (dsa_g_dup = BN_dup(dsa_g)) == NULL ||
-		    (dsa_pub_key_dup = BN_dup(dsa_pub_key)) == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		if (!DSA_set0_pqg(n->dsa, dsa_p_dup, dsa_q_dup, dsa_g_dup)) {
-			r = SSH_ERR_LIBCRYPTO_ERROR;
-			goto out;
-		}
-		dsa_p_dup = dsa_q_dup = dsa_g_dup = NULL; /* transferred */
-		if (!DSA_set0_key(n->dsa, dsa_pub_key_dup, NULL)) {
-			r = SSH_ERR_LIBCRYPTO_ERROR;
-			goto out;
-		}
-		dsa_pub_key_dup = NULL; /* transferred */
-
-		break;
-# ifdef OPENSSL_HAS_ECC
-	case KEY_ECDSA:
-	case KEY_ECDSA_CERT:
-	case KEY_ECDSA_SK:
-	case KEY_ECDSA_SK_CERT:
-		n->ecdsa_nid = k->ecdsa_nid;
-		n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
-		if (n->ecdsa == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		if (EC_KEY_set_public_key(n->ecdsa,
-		    EC_KEY_get0_public_key(k->ecdsa)) != 1) {
-			r = SSH_ERR_LIBCRYPTO_ERROR;
-			goto out;
-		}
-		if (k->type != KEY_ECDSA_SK && k->type != KEY_ECDSA_SK_CERT)
-			break;
-		/* Append security-key application string */
-		if ((n->sk_application = strdup(k->sk_application)) == NULL)
-			goto out;
-		break;
-# endif /* OPENSSL_HAS_ECC */
-	case KEY_RSA:
-	case KEY_RSA_CERT:
-		RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL);
-		if ((rsa_n_dup = BN_dup(rsa_n)) == NULL ||
-		    (rsa_e_dup = BN_dup(rsa_e)) == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		if (!RSA_set0_key(n->rsa, rsa_n_dup, rsa_e_dup, NULL)) {
-			r = SSH_ERR_LIBCRYPTO_ERROR;
-			goto out;
-		}
-		rsa_n_dup = rsa_e_dup = NULL; /* transferred */
-		break;
-#endif /* WITH_OPENSSL */
-	case KEY_ED25519:
-	case KEY_ED25519_CERT:
-	case KEY_ED25519_SK:
-	case KEY_ED25519_SK_CERT:
-		if (k->ed25519_pk != NULL) {
-			if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {
-				r = SSH_ERR_ALLOC_FAIL;
-				goto out;
-			}
-			memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
-		}
-		if (k->type != KEY_ED25519_SK &&
-		    k->type != KEY_ED25519_SK_CERT)
-			break;
-		/* Append security-key application string */
-		if ((n->sk_application = strdup(k->sk_application)) == NULL)
-			goto out;
-		break;
-#ifdef WITH_XMSS
-	case KEY_XMSS:
-	case KEY_XMSS_CERT:
-		if ((r = sshkey_xmss_init(n, k->xmss_name)) != 0)
-			goto out;
-		if (k->xmss_pk != NULL) {
-			u_int32_t left;
-			size_t pklen = sshkey_xmss_pklen(k);
-			if (pklen == 0 || sshkey_xmss_pklen(n) != pklen) {
-				r = SSH_ERR_INTERNAL_ERROR;
-				goto out;
-			}
-			if ((n->xmss_pk = malloc(pklen)) == NULL) {
-				r = SSH_ERR_ALLOC_FAIL;
-				goto out;
-			}
-			memcpy(n->xmss_pk, k->xmss_pk, pklen);
-			/* simulate number of signatures left on pubkey */
-			left = sshkey_xmss_signatures_left(k);
-			if (left)
-				sshkey_xmss_enable_maxsign(n, left);
-		}
-		break;
-#endif /* WITH_XMSS */
-	default:
-		r = SSH_ERR_KEY_TYPE_UNKNOWN;
+	if ((r = impl->funcs->copy_public(k, n)) != 0)
 		goto out;
-	}
 	if (sshkey_is_cert(k) && (r = sshkey_cert_copy(k, n)) != 0)
 		goto out;
 	/* success */
@@ -1573,15 +1471,6 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
 	r = 0;
  out:
 	sshkey_free(n);
-#ifdef WITH_OPENSSL
-	BN_clear_free(rsa_n_dup);
-	BN_clear_free(rsa_e_dup);
-	BN_clear_free(dsa_p_dup);
-	BN_clear_free(dsa_q_dup);
-	BN_clear_free(dsa_g_dup);
-	BN_clear_free(dsa_pub_key_dup);
-#endif
-
 	return r;
 }
author	djm@openbsd.org <djm@openbsd.org>	2022-10-28 00:41:17 +0000
committer	Damien Miller <djm@mindrot.org>	2022-10-28 12:46:59 +1100
commit	7d00799c935271ce89300494c5677190779f6453 (patch)
tree	14b674e5ef56ed3f05af8b38c446b8f1cf5c2f39 /sshkey.c
parent	262647c2e920492ca57f1b9320d74f4a0f6e482b (diff)
download	openssh-git-7d00799c935271ce89300494c5677190779f6453.tar.gz