[openssh-commits] [openssh] 06/06: upstream: sshkey_unshield_private() contains a exact duplicate of

git+noreply at mindrot.org git+noreply at mindrot.org
Thu May 5 11:35:03 AEST 2022


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 457dce2cfef6a48f5442591cd8b21c7e8cba13f8
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu May 5 01:04:14 2022 +0000

    upstream: sshkey_unshield_private() contains a exact duplicate of
    
    the code in private2_check_padding(). Pull private2_check_padding() up so the
    code can be reused. From Martin Vahlensieck, ok deraadt@
    
    OpenBSD-Commit-ID: 876884c3f0e62e8fd8d1594bab06900f971c9c85
---
 sshkey.c | 72 +++++++++++++++++++++++++++++-----------------------------------
 1 file changed, 32 insertions(+), 40 deletions(-)

diff --git a/sshkey.c b/sshkey.c
index f1e92003..ed2b5dff 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.120 2022/01/06 22:05:42 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.121 2022/05/05 01:04:14 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -2125,14 +2125,38 @@ sshkey_shield_private(struct sshkey *k)
 	return r;
 }
 
+/* Check deterministic padding after private key */
+static int
+private2_check_padding(struct sshbuf *decrypted)
+{
+	u_char pad;
+	size_t i;
+	int r;
+
+	i = 0;
+	while (sshbuf_len(decrypted)) {
+		if ((r = sshbuf_get_u8(decrypted, &pad)) != 0)
+			goto out;
+		if (pad != (++i & 0xff)) {
+			r = SSH_ERR_INVALID_FORMAT;
+			goto out;
+		}
+	}
+	/* success */
+	r = 0;
+ out:
+	explicit_bzero(&pad, sizeof(pad));
+	explicit_bzero(&i, sizeof(i));
+	return r;
+}
+
 int
 sshkey_unshield_private(struct sshkey *k)
 {
 	struct sshbuf *prvbuf = NULL;
-	u_char pad, *cp, keyiv[SSH_DIGEST_MAX_LENGTH];
+	u_char *cp, keyiv[SSH_DIGEST_MAX_LENGTH];
 	struct sshcipher_ctx *cctx = NULL;
 	const struct sshcipher *cipher;
-	size_t i;
 	struct sshkey *kswap = NULL, tmp;
 	int r = SSH_ERR_INTERNAL_ERROR;
 
@@ -2194,16 +2218,9 @@ sshkey_unshield_private(struct sshkey *k)
 	/* Parse private key */
 	if ((r = sshkey_private_deserialize(prvbuf, &kswap)) != 0)
 		goto out;
-	/* Check deterministic padding */
-	i = 0;
-	while (sshbuf_len(prvbuf)) {
-		if ((r = sshbuf_get_u8(prvbuf, &pad)) != 0)
-			goto out;
-		if (pad != (++i & 0xff)) {
-			r = SSH_ERR_INVALID_FORMAT;
-			goto out;
-		}
-	}
+
+	if ((r = private2_check_padding(prvbuf)) != 0)
+		goto out;
 
 	/* Swap the parsed key back into place */
 	tmp = *kswap;
@@ -4028,9 +4045,9 @@ sshkey_private_to_blob2(struct sshkey *prv, struct sshbuf *blob,
 	explicit_bzero(salt, sizeof(salt));
 	if (key != NULL)
 		freezero(key, keylen + ivlen);
-	if (pubkeyblob != NULL) 
+	if (pubkeyblob != NULL)
 		freezero(pubkeyblob, pubkeylen);
-	if (b64 != NULL) 
+	if (b64 != NULL)
 		freezero(b64, strlen(b64));
 	return r;
 }
@@ -4257,31 +4274,6 @@ private2_decrypt(struct sshbuf *decoded, const char *passphrase,
 	return r;
 }
 
-/* Check deterministic padding after private key */
-static int
-private2_check_padding(struct sshbuf *decrypted)
-{
-	u_char pad;
-	size_t i;
-	int r = SSH_ERR_INTERNAL_ERROR;
-
-	i = 0;
-	while (sshbuf_len(decrypted)) {
-		if ((r = sshbuf_get_u8(decrypted, &pad)) != 0)
-			goto out;
-		if (pad != (++i & 0xff)) {
-			r = SSH_ERR_INVALID_FORMAT;
-			goto out;
-		}
-	}
-	/* success */
-	r = 0;
- out:
-	explicit_bzero(&pad, sizeof(pad));
-	explicit_bzero(&i, sizeof(i));
-	return r;
-}
-
 static int
 sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
     struct sshkey **keyp, char **commentp)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list