*/
#include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.22 2000/12/19 22:43:44 markus Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.28 2001/02/21 09:05:54 deraadt Exp $");
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include <openssl/err.h>
-#include <openssl/pem.h>
#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include "cipher.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
-#include "ssh.h"
#include "key.h"
+#include "ssh.h"
+#include "log.h"
+#include "authfile.h"
/* Version identification string for identity files. */
-#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
+static const char authfile_id_string[] =
+ "SSH PRIVATE KEY FILE FORMAT 1.1\n";
/*
* Saves the authentication (private) key in a file, encrypting it with
buffer_init(&encrypted);
/* First store keyfile id string. */
- cp = AUTHFILE_ID_STRING;
- for (i = 0; cp[i]; i++)
- buffer_put_char(&encrypted, cp[i]);
+ for (i = 0; authfile_id_string[i]; i++)
+ buffer_put_char(&encrypted, authfile_id_string[i]);
buffer_put_char(&encrypted, 0);
/* Store cipher type. */
}
close(fd);
- /* Check that it is at least big enought to contain the ID string. */
- if (len < strlen(AUTHFILE_ID_STRING) + 1) {
+ /* Check that it is at least big enough to contain the ID string. */
+ if (len < sizeof(authfile_id_string)) {
debug3("Bad RSA1 key file %.200s.", filename);
buffer_free(&buffer);
return 0;
* Make sure it begins with the id string. Consume the id string
* from the buffer.
*/
- for (i = 0; i < (u_int) strlen(AUTHFILE_ID_STRING) + 1; i++)
- if (buffer_get_char(&buffer) != (u_char) AUTHFILE_ID_STRING[i]) {
+ for (i = 0; i < sizeof(authfile_id_string); i++)
+ if (buffer_get_char(&buffer) != authfile_id_string[i]) {
debug3("Bad RSA1 key file %.200s.", filename);
buffer_free(&buffer);
return 0;
close(fd);
return 0;
}
- close(fd);
- /* Check that it is at least big enought to contain the ID string. */
- if (len < strlen(AUTHFILE_ID_STRING) + 1) {
+ /* Check that it is at least big enough to contain the ID string. */
+ if (len < sizeof(authfile_id_string)) {
debug3("Bad RSA1 key file %.200s.", filename);
buffer_free(&buffer);
+ close(fd);
return 0;
}
/*
* Make sure it begins with the id string. Consume the id string
* from the buffer.
*/
- for (i = 0; i < (u_int) strlen(AUTHFILE_ID_STRING) + 1; i++)
- if (buffer_get_char(&buffer) != (u_char) AUTHFILE_ID_STRING[i]) {
+ for (i = 0; i < sizeof(authfile_id_string); i++)
+ if (buffer_get_char(&buffer) != authfile_id_string[i]) {
debug3("Bad RSA1 key file %.200s.", filename);
buffer_free(&buffer);
+ close(fd);
return 0;
}
+
/* Read cipher type. */
cipher_type = buffer_get_char(&buffer);
(void) buffer_get_int(&buffer); /* Reserved data. */
prv->e = NULL;
if (comment_return)
xfree(*comment_return);
+ close(fd);
return 0;
}
/* Read the rest of the private key. */
BN_CTX_free(ctx);
buffer_free(&decrypted);
-
+ close(fd);
return 1;
}
fp = fdopen(fd, "r");
if (fp == NULL) {
error("fdopen failed");
+ close(fd);
return 0;
}
pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("Bad ownership or mode(0%3.3o) for '%s'.",
- st.st_mode & 0777, filename);
+ st.st_mode & 0777, filename);
error("It is recommended that your private key files are NOT accessible by others.");
return 0;
}
key->rsa->n = NULL;
}
ret = load_private_key_rsa1(fd, filename, passphrase,
- key->rsa, comment_return);
+ key->rsa, comment_return); /* closes fd */
+
break;
case KEY_DSA:
case KEY_RSA:
case KEY_UNSPEC:
- ret = load_private_key_ssh2(fd, passphrase, key, comment_return);
+ ret = load_private_key_ssh2(fd, passphrase, key,
+ comment_return); /* closes fd */
+ break;
default:
+ close(fd);
break;
}
- close(fd);
return ret;
}