From 7d00799c935271ce89300494c5677190779f6453 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 28 Oct 2022 00:41:17 +0000 Subject: upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 --- sshkey.c | 139 +++++++-------------------------------------------------------- 1 file changed, 14 insertions(+), 125 deletions(-) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index 61f1ee4b..93debae3 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.127 2022/10/28 00:39:29 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.128 2022/10/28 00:41:17 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1438,133 +1438,31 @@ sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key) return r; } +int +sshkey_copy_public_sk(const struct sshkey *from, struct sshkey *to) +{ + /* Append security-key application string */ + if ((to->sk_application = strdup(from->sk_application)) == NULL) + return SSH_ERR_ALLOC_FAIL; + return 0; +} + int sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) { struct sshkey *n = NULL; int r = SSH_ERR_INTERNAL_ERROR; -#ifdef WITH_OPENSSL - const BIGNUM *rsa_n, *rsa_e; - BIGNUM *rsa_n_dup = NULL, *rsa_e_dup = NULL; - const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; - BIGNUM *dsa_p_dup = NULL, *dsa_q_dup = NULL, *dsa_g_dup = NULL; - BIGNUM *dsa_pub_key_dup = NULL; -#endif /* WITH_OPENSSL */ + const struct sshkey_impl *impl; *pkp = NULL; + if ((impl = sshkey_impl_from_key(k)) == NULL) + return SSH_ERR_KEY_TYPE_UNKNOWN; if ((n = sshkey_new(k->type)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } - switch (k->type) { -#ifdef WITH_OPENSSL - case KEY_DSA: - case KEY_DSA_CERT: - DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g); - DSA_get0_key(k->dsa, &dsa_pub_key, NULL); - if ((dsa_p_dup = BN_dup(dsa_p)) == NULL || - (dsa_q_dup = BN_dup(dsa_q)) == NULL || - (dsa_g_dup = BN_dup(dsa_g)) == NULL || - (dsa_pub_key_dup = BN_dup(dsa_pub_key)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (!DSA_set0_pqg(n->dsa, dsa_p_dup, dsa_q_dup, dsa_g_dup)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_p_dup = dsa_q_dup = dsa_g_dup = NULL; /* transferred */ - if (!DSA_set0_key(n->dsa, dsa_pub_key_dup, NULL)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_pub_key_dup = NULL; /* transferred */ - - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - case KEY_ECDSA_CERT: - case KEY_ECDSA_SK: - case KEY_ECDSA_SK_CERT: - n->ecdsa_nid = k->ecdsa_nid; - n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); - if (n->ecdsa == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (EC_KEY_set_public_key(n->ecdsa, - EC_KEY_get0_public_key(k->ecdsa)) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if (k->type != KEY_ECDSA_SK && k->type != KEY_ECDSA_SK_CERT) - break; - /* Append security-key application string */ - if ((n->sk_application = strdup(k->sk_application)) == NULL) - goto out; - break; -# endif /* OPENSSL_HAS_ECC */ - case KEY_RSA: - case KEY_RSA_CERT: - RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL); - if ((rsa_n_dup = BN_dup(rsa_n)) == NULL || - (rsa_e_dup = BN_dup(rsa_e)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (!RSA_set0_key(n->rsa, rsa_n_dup, rsa_e_dup, NULL)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - rsa_n_dup = rsa_e_dup = NULL; /* transferred */ - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - case KEY_ED25519_SK: - case KEY_ED25519_SK_CERT: - if (k->ed25519_pk != NULL) { - if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); - } - if (k->type != KEY_ED25519_SK && - k->type != KEY_ED25519_SK_CERT) - break; - /* Append security-key application string */ - if ((n->sk_application = strdup(k->sk_application)) == NULL) - goto out; - break; -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: - if ((r = sshkey_xmss_init(n, k->xmss_name)) != 0) - goto out; - if (k->xmss_pk != NULL) { - u_int32_t left; - size_t pklen = sshkey_xmss_pklen(k); - if (pklen == 0 || sshkey_xmss_pklen(n) != pklen) { - r = SSH_ERR_INTERNAL_ERROR; - goto out; - } - if ((n->xmss_pk = malloc(pklen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(n->xmss_pk, k->xmss_pk, pklen); - /* simulate number of signatures left on pubkey */ - left = sshkey_xmss_signatures_left(k); - if (left) - sshkey_xmss_enable_maxsign(n, left); - } - break; -#endif /* WITH_XMSS */ - default: - r = SSH_ERR_KEY_TYPE_UNKNOWN; + if ((r = impl->funcs->copy_public(k, n)) != 0) goto out; - } if (sshkey_is_cert(k) && (r = sshkey_cert_copy(k, n)) != 0) goto out; /* success */ @@ -1573,15 +1471,6 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) r = 0; out: sshkey_free(n); -#ifdef WITH_OPENSSL - BN_clear_free(rsa_n_dup); - BN_clear_free(rsa_e_dup); - BN_clear_free(dsa_p_dup); - BN_clear_free(dsa_q_dup); - BN_clear_free(dsa_g_dup); - BN_clear_free(dsa_pub_key_dup); -#endif - return r; } -- cgit v1.2.1