ssh-agent.c (215116) | ssh-agent.c (221420) |
---|---|
1/* $OpenBSD: ssh-agent.c,v 1.166 2010/04/16 01:47:26 djm Exp $ */ | 1/* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */ |
2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * The authentication agent program. 7 * 8 * As far as I am concerned, the code I have written for this software 9 * can be used freely for any purpose. Any derived versions of this --- 20 unchanged lines hidden (view full) --- 30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37#include "includes.h" | 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * The authentication agent program. 7 * 8 * As far as I am concerned, the code I have written for this software 9 * can be used freely for any purpose. Any derived versions of this --- 20 unchanged lines hidden (view full) --- 30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37#include "includes.h" |
38__RCSID("$FreeBSD: head/crypto/openssh/ssh-agent.c 215116 2010-11-11 11:46:19Z des $"); | 38__RCSID("$FreeBSD: head/crypto/openssh/ssh-agent.c 221420 2011-05-04 07:34:44Z des $"); |
39 40#include <sys/types.h> 41#include <sys/param.h> 42#include <sys/resource.h> 43#include <sys/stat.h> 44#include <sys/socket.h> 45#ifdef HAVE_SYS_TIME_H 46# include <sys/time.h> --- 417 unchanged lines hidden (view full) --- 464static void 465process_add_identity(SocketEntry *e, int version) 466{ 467 Idtab *tab = idtab_lookup(version); 468 Identity *id; 469 int type, success = 0, death = 0, confirm = 0; 470 char *type_name, *comment; 471 Key *k = NULL; | 39 40#include <sys/types.h> 41#include <sys/param.h> 42#include <sys/resource.h> 43#include <sys/stat.h> 44#include <sys/socket.h> 45#ifdef HAVE_SYS_TIME_H 46# include <sys/time.h> --- 417 unchanged lines hidden (view full) --- 464static void 465process_add_identity(SocketEntry *e, int version) 466{ 467 Idtab *tab = idtab_lookup(version); 468 Identity *id; 469 int type, success = 0, death = 0, confirm = 0; 470 char *type_name, *comment; 471 Key *k = NULL; |
472#ifdef OPENSSL_HAS_ECC 473 BIGNUM *exponent; 474 EC_POINT *q; 475 char *curve; 476#endif |
|
472 u_char *cert; 473 u_int len; 474 475 switch (version) { 476 case 1: 477 k = key_new_private(KEY_RSA1); 478 (void) buffer_get_int(&e->request); /* ignored */ 479 buffer_get_bignum(&e->request, k->rsa->n); --- 6 unchanged lines hidden (view full) --- 486 buffer_get_bignum(&e->request, k->rsa->p); /* q */ 487 488 /* Generate additional parameters */ 489 rsa_generate_additional_parameters(k->rsa); 490 break; 491 case 2: 492 type_name = buffer_get_string(&e->request, NULL); 493 type = key_type_from_name(type_name); | 477 u_char *cert; 478 u_int len; 479 480 switch (version) { 481 case 1: 482 k = key_new_private(KEY_RSA1); 483 (void) buffer_get_int(&e->request); /* ignored */ 484 buffer_get_bignum(&e->request, k->rsa->n); --- 6 unchanged lines hidden (view full) --- 491 buffer_get_bignum(&e->request, k->rsa->p); /* q */ 492 493 /* Generate additional parameters */ 494 rsa_generate_additional_parameters(k->rsa); 495 break; 496 case 2: 497 type_name = buffer_get_string(&e->request, NULL); 498 type = key_type_from_name(type_name); |
494 xfree(type_name); | |
495 switch (type) { 496 case KEY_DSA: 497 k = key_new_private(type); 498 buffer_get_bignum2(&e->request, k->dsa->p); 499 buffer_get_bignum2(&e->request, k->dsa->q); 500 buffer_get_bignum2(&e->request, k->dsa->g); 501 buffer_get_bignum2(&e->request, k->dsa->pub_key); 502 buffer_get_bignum2(&e->request, k->dsa->priv_key); 503 break; 504 case KEY_DSA_CERT_V00: 505 case KEY_DSA_CERT: 506 cert = buffer_get_string(&e->request, &len); 507 if ((k = key_from_blob(cert, len)) == NULL) 508 fatal("Certificate parse failed"); 509 xfree(cert); 510 key_add_private(k); 511 buffer_get_bignum2(&e->request, k->dsa->priv_key); 512 break; | 499 switch (type) { 500 case KEY_DSA: 501 k = key_new_private(type); 502 buffer_get_bignum2(&e->request, k->dsa->p); 503 buffer_get_bignum2(&e->request, k->dsa->q); 504 buffer_get_bignum2(&e->request, k->dsa->g); 505 buffer_get_bignum2(&e->request, k->dsa->pub_key); 506 buffer_get_bignum2(&e->request, k->dsa->priv_key); 507 break; 508 case KEY_DSA_CERT_V00: 509 case KEY_DSA_CERT: 510 cert = buffer_get_string(&e->request, &len); 511 if ((k = key_from_blob(cert, len)) == NULL) 512 fatal("Certificate parse failed"); 513 xfree(cert); 514 key_add_private(k); 515 buffer_get_bignum2(&e->request, k->dsa->priv_key); 516 break; |
517#ifdef OPENSSL_HAS_ECC 518 case KEY_ECDSA: 519 k = key_new_private(type); 520 k->ecdsa_nid = key_ecdsa_nid_from_name(type_name); 521 curve = buffer_get_string(&e->request, NULL); 522 if (k->ecdsa_nid != key_curve_name_to_nid(curve)) 523 fatal("%s: curve names mismatch", __func__); 524 xfree(curve); 525 k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); 526 if (k->ecdsa == NULL) 527 fatal("%s: EC_KEY_new_by_curve_name failed", 528 __func__); 529 q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa)); 530 if (q == NULL) 531 fatal("%s: BN_new failed", __func__); 532 if ((exponent = BN_new()) == NULL) 533 fatal("%s: BN_new failed", __func__); 534 buffer_get_ecpoint(&e->request, 535 EC_KEY_get0_group(k->ecdsa), q); 536 buffer_get_bignum2(&e->request, exponent); 537 if (EC_KEY_set_public_key(k->ecdsa, q) != 1) 538 fatal("%s: EC_KEY_set_public_key failed", 539 __func__); 540 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) 541 fatal("%s: EC_KEY_set_private_key failed", 542 __func__); 543 if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), 544 EC_KEY_get0_public_key(k->ecdsa)) != 0) 545 fatal("%s: bad ECDSA public key", __func__); 546 if (key_ec_validate_private(k->ecdsa) != 0) 547 fatal("%s: bad ECDSA private key", __func__); 548 BN_clear_free(exponent); 549 EC_POINT_free(q); 550 break; 551 case KEY_ECDSA_CERT: 552 cert = buffer_get_string(&e->request, &len); 553 if ((k = key_from_blob(cert, len)) == NULL) 554 fatal("Certificate parse failed"); 555 xfree(cert); 556 key_add_private(k); 557 if ((exponent = BN_new()) == NULL) 558 fatal("%s: BN_new failed", __func__); 559 buffer_get_bignum2(&e->request, exponent); 560 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) 561 fatal("%s: EC_KEY_set_private_key failed", 562 __func__); 563 if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), 564 EC_KEY_get0_public_key(k->ecdsa)) != 0 || 565 key_ec_validate_private(k->ecdsa) != 0) 566 fatal("%s: bad ECDSA key", __func__); 567 BN_clear_free(exponent); 568 break; 569#endif /* OPENSSL_HAS_ECC */ |
|
513 case KEY_RSA: 514 k = key_new_private(type); 515 buffer_get_bignum2(&e->request, k->rsa->n); 516 buffer_get_bignum2(&e->request, k->rsa->e); 517 buffer_get_bignum2(&e->request, k->rsa->d); 518 buffer_get_bignum2(&e->request, k->rsa->iqmp); 519 buffer_get_bignum2(&e->request, k->rsa->p); 520 buffer_get_bignum2(&e->request, k->rsa->q); --- 9 unchanged lines hidden (view full) --- 530 xfree(cert); 531 key_add_private(k); 532 buffer_get_bignum2(&e->request, k->rsa->d); 533 buffer_get_bignum2(&e->request, k->rsa->iqmp); 534 buffer_get_bignum2(&e->request, k->rsa->p); 535 buffer_get_bignum2(&e->request, k->rsa->q); 536 break; 537 default: | 570 case KEY_RSA: 571 k = key_new_private(type); 572 buffer_get_bignum2(&e->request, k->rsa->n); 573 buffer_get_bignum2(&e->request, k->rsa->e); 574 buffer_get_bignum2(&e->request, k->rsa->d); 575 buffer_get_bignum2(&e->request, k->rsa->iqmp); 576 buffer_get_bignum2(&e->request, k->rsa->p); 577 buffer_get_bignum2(&e->request, k->rsa->q); --- 9 unchanged lines hidden (view full) --- 587 xfree(cert); 588 key_add_private(k); 589 buffer_get_bignum2(&e->request, k->rsa->d); 590 buffer_get_bignum2(&e->request, k->rsa->iqmp); 591 buffer_get_bignum2(&e->request, k->rsa->p); 592 buffer_get_bignum2(&e->request, k->rsa->q); 593 break; 594 default: |
595 xfree(type_name); |
|
538 buffer_clear(&e->request); 539 goto send; 540 } | 596 buffer_clear(&e->request); 597 goto send; 598 } |
599 xfree(type_name); |
|
541 break; 542 } 543 /* enable blinding */ 544 switch (k->type) { 545 case KEY_RSA: 546 case KEY_RSA_CERT_V00: 547 case KEY_RSA_CERT: 548 case KEY_RSA1: --- 540 unchanged lines hidden (view full) --- 1089 setgid(getgid()); 1090 setuid(geteuid()); 1091 1092#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) 1093 /* Disable ptrace on Linux without sgid bit */ 1094 prctl(PR_SET_DUMPABLE, 0); 1095#endif 1096 | 600 break; 601 } 602 /* enable blinding */ 603 switch (k->type) { 604 case KEY_RSA: 605 case KEY_RSA_CERT_V00: 606 case KEY_RSA_CERT: 607 case KEY_RSA1: --- 540 unchanged lines hidden (view full) --- 1148 setgid(getgid()); 1149 setuid(geteuid()); 1150 1151#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) 1152 /* Disable ptrace on Linux without sgid bit */ 1153 prctl(PR_SET_DUMPABLE, 0); 1154#endif 1155 |
1097 SSLeay_add_all_algorithms(); | 1156 OpenSSL_add_all_algorithms(); |
1098 1099 __progname = ssh_get_progname(av[0]); 1100 init_rng(); 1101 seed_rng(); 1102 1103 while ((ch = getopt(ac, av, "cdksa:t:")) != -1) { 1104 switch (ch) { 1105 case 'c': --- 64 unchanged lines hidden (view full) --- 1170 printf(format, SSH_AGENTPID_ENV_NAME); 1171 printf("echo Agent pid %ld killed;\n", (long)pid); 1172 exit(0); 1173 } 1174 parent_pid = getpid(); 1175 1176 if (agentsocket == NULL) { 1177 /* Create private directory for agent socket */ | 1157 1158 __progname = ssh_get_progname(av[0]); 1159 init_rng(); 1160 seed_rng(); 1161 1162 while ((ch = getopt(ac, av, "cdksa:t:")) != -1) { 1163 switch (ch) { 1164 case 'c': --- 64 unchanged lines hidden (view full) --- 1229 printf(format, SSH_AGENTPID_ENV_NAME); 1230 printf("echo Agent pid %ld killed;\n", (long)pid); 1231 exit(0); 1232 } 1233 parent_pid = getpid(); 1234 1235 if (agentsocket == NULL) { 1236 /* Create private directory for agent socket */ |
1178 strlcpy(socket_dir, "/tmp/ssh-XXXXXXXXXX", sizeof socket_dir); | 1237 mktemp_proto(socket_dir, sizeof(socket_dir)); |
1179 if (mkdtemp(socket_dir) == NULL) { 1180 perror("mkdtemp: private socket dir"); 1181 exit(1); 1182 } 1183 snprintf(socket_name, sizeof socket_name, "%s/agent.%ld", socket_dir, 1184 (long)parent_pid); 1185 } else { 1186 /* Try to use specified agent socket */ --- 127 unchanged lines hidden --- | 1238 if (mkdtemp(socket_dir) == NULL) { 1239 perror("mkdtemp: private socket dir"); 1240 exit(1); 1241 } 1242 snprintf(socket_name, sizeof socket_name, "%s/agent.%ld", socket_dir, 1243 (long)parent_pid); 1244 } else { 1245 /* Try to use specified agent socket */ --- 127 unchanged lines hidden --- |