authfile.c (147005) | authfile.c (149753) |
---|---|
1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * This file contains functions for reading and writing identity files, and 6 * for reading the passphrase from the user. 7 * 8 * As far as I am concerned, the code I have written for this software --- 22 unchanged lines hidden (view full) --- 31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38#include "includes.h" | 1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * This file contains functions for reading and writing identity files, and 6 * for reading the passphrase from the user. 7 * 8 * As far as I am concerned, the code I have written for this software --- 22 unchanged lines hidden (view full) --- 31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38#include "includes.h" |
39RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $"); | 39RCSID("$OpenBSD: authfile.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); |
40 41#include <openssl/err.h> 42#include <openssl/evp.h> 43#include <openssl/pem.h> 44 45#include "cipher.h" 46#include "xmalloc.h" 47#include "buffer.h" 48#include "bufaux.h" 49#include "key.h" 50#include "ssh.h" 51#include "log.h" 52#include "authfile.h" 53#include "rsa.h" 54#include "misc.h" | 40 41#include <openssl/err.h> 42#include <openssl/evp.h> 43#include <openssl/pem.h> 44 45#include "cipher.h" 46#include "xmalloc.h" 47#include "buffer.h" 48#include "bufaux.h" 49#include "key.h" 50#include "ssh.h" 51#include "log.h" 52#include "authfile.h" 53#include "rsa.h" 54#include "misc.h" |
55#include "atomicio.h" |
|
55 56/* Version identification string for SSH v1 identity files. */ 57static const char authfile_id_string[] = 58 "SSH PRIVATE KEY FILE FORMAT 1.1\n"; 59 60/* 61 * Saves the authentication (private) key in a file, encrypting it with 62 * passphrase. The identification of the file (lowest 64 bits of n) will --- 79 unchanged lines hidden (view full) --- 142 buffer_free(&buffer); 143 144 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); 145 if (fd < 0) { 146 error("open %s failed: %s.", filename, strerror(errno)); 147 buffer_free(&encrypted); 148 return 0; 149 } | 56 57/* Version identification string for SSH v1 identity files. */ 58static const char authfile_id_string[] = 59 "SSH PRIVATE KEY FILE FORMAT 1.1\n"; 60 61/* 62 * Saves the authentication (private) key in a file, encrypting it with 63 * passphrase. The identification of the file (lowest 64 bits of n) will --- 79 unchanged lines hidden (view full) --- 143 buffer_free(&buffer); 144 145 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); 146 if (fd < 0) { 147 error("open %s failed: %s.", filename, strerror(errno)); 148 buffer_free(&encrypted); 149 return 0; 150 } |
150 if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) != 151 buffer_len(&encrypted)) { | 151 if (atomicio(vwrite, fd, buffer_ptr(&encrypted), 152 buffer_len(&encrypted)) != buffer_len(&encrypted)) { |
152 error("write to key file %s failed: %s", filename, 153 strerror(errno)); 154 buffer_free(&encrypted); 155 close(fd); 156 unlink(filename); 157 return 0; 158 } 159 close(fd); --- 71 unchanged lines hidden (view full) --- 231 232static Key * 233key_load_public_rsa1(int fd, const char *filename, char **commentp) 234{ 235 Buffer buffer; 236 Key *pub; 237 struct stat st; 238 char *cp; | 153 error("write to key file %s failed: %s", filename, 154 strerror(errno)); 155 buffer_free(&encrypted); 156 close(fd); 157 unlink(filename); 158 return 0; 159 } 160 close(fd); --- 71 unchanged lines hidden (view full) --- 232 233static Key * 234key_load_public_rsa1(int fd, const char *filename, char **commentp) 235{ 236 Buffer buffer; 237 Key *pub; 238 struct stat st; 239 char *cp; |
239 int i; | 240 u_int i; |
240 size_t len; 241 242 if (fstat(fd, &st) < 0) { 243 error("fstat for key file %.200s failed: %.100s", 244 filename, strerror(errno)); 245 return NULL; 246 } 247 if (st.st_size > 1*1024*1024) { 248 error("key file %.200s too large", filename); 249 return NULL; 250 } 251 len = (size_t)st.st_size; /* truncated */ 252 253 buffer_init(&buffer); 254 cp = buffer_append_space(&buffer, len); 255 | 241 size_t len; 242 243 if (fstat(fd, &st) < 0) { 244 error("fstat for key file %.200s failed: %.100s", 245 filename, strerror(errno)); 246 return NULL; 247 } 248 if (st.st_size > 1*1024*1024) { 249 error("key file %.200s too large", filename); 250 return NULL; 251 } 252 len = (size_t)st.st_size; /* truncated */ 253 254 buffer_init(&buffer); 255 cp = buffer_append_space(&buffer, len); 256 |
256 if (read(fd, cp, (size_t) len) != (size_t) len) { | 257 if (atomicio(read, fd, cp, len) != len) { |
257 debug("Read from key file %.200s failed: %.100s", filename, 258 strerror(errno)); 259 buffer_free(&buffer); 260 return NULL; 261 } 262 263 /* Check that it is at least big enough to contain the ID string. */ 264 if (len < sizeof(authfile_id_string)) { --- 52 unchanged lines hidden (view full) --- 317 * initializes the private key. 318 * Assumes we are called under uid of the owner of the file. 319 */ 320 321static Key * 322key_load_private_rsa1(int fd, const char *filename, const char *passphrase, 323 char **commentp) 324{ | 258 debug("Read from key file %.200s failed: %.100s", filename, 259 strerror(errno)); 260 buffer_free(&buffer); 261 return NULL; 262 } 263 264 /* Check that it is at least big enough to contain the ID string. */ 265 if (len < sizeof(authfile_id_string)) { --- 52 unchanged lines hidden (view full) --- 318 * initializes the private key. 319 * Assumes we are called under uid of the owner of the file. 320 */ 321 322static Key * 323key_load_private_rsa1(int fd, const char *filename, const char *passphrase, 324 char **commentp) 325{ |
325 int i, check1, check2, cipher_type; | 326 u_int i; 327 int check1, check2, cipher_type; |
326 size_t len; 327 Buffer buffer, decrypted; 328 u_char *cp; 329 CipherContext ciphercontext; 330 Cipher *cipher; 331 Key *prv = NULL; 332 struct stat st; 333 --- 8 unchanged lines hidden (view full) --- 342 close(fd); 343 return (NULL); 344 } 345 len = (size_t)st.st_size; /* truncated */ 346 347 buffer_init(&buffer); 348 cp = buffer_append_space(&buffer, len); 349 | 328 size_t len; 329 Buffer buffer, decrypted; 330 u_char *cp; 331 CipherContext ciphercontext; 332 Cipher *cipher; 333 Key *prv = NULL; 334 struct stat st; 335 --- 8 unchanged lines hidden (view full) --- 344 close(fd); 345 return (NULL); 346 } 347 len = (size_t)st.st_size; /* truncated */ 348 349 buffer_init(&buffer); 350 cp = buffer_append_space(&buffer, len); 351 |
350 if (read(fd, cp, (size_t) len) != (size_t) len) { | 352 if (atomicio(read, fd, cp, len) != len) { |
351 debug("Read from key file %.200s failed: %.100s", filename, 352 strerror(errno)); 353 buffer_free(&buffer); 354 close(fd); 355 return NULL; 356 } 357 358 /* Check that it is at least big enough to contain the ID string. */ --- 307 unchanged lines hidden --- | 353 debug("Read from key file %.200s failed: %.100s", filename, 354 strerror(errno)); 355 buffer_free(&buffer); 356 close(fd); 357 return NULL; 358 } 359 360 /* Check that it is at least big enough to contain the ID string. */ --- 307 unchanged lines hidden --- |