diff options
| author |   djm <djm@openbsd.org> | 2019-07-16 13:18:39 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2019-07-16 13:18:39 +0000 |
| commit | bbb0e5b662297f18d17f1b7582a0477cd86ab8ba (patch) | |
| tree | b4bb90d08f4853d421a3d5623b75249f91d67b0e /usr.bin/ssh/ssh-keygen.c | |
| parent | Fix long line by wrapping with 80 chars (diff) | |
| download | wireguard-openbsd-bbb0e5b662297f18d17f1b7582a0477cd86ab8ba.tar.xz wireguard-openbsd-bbb0e5b662297f18d17f1b7582a0477cd86ab8ba.zip | |
remove mostly vestigal uuencode.[ch]; moving the only unique
functionality there (wrapping of base64-encoded data) to sshbuf
functions; feedback and ok markus@
Diffstat (limited to 'usr.bin/ssh/ssh-keygen.c')
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 53 |
1 files changed, 25 insertions, 28 deletions
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index bc999415079..96b0bc6dadc 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.336 2019/07/15 13:16:29 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.337 2019/07/16 13:18:39 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -33,7 +33,6 @@ #include "xmalloc.h" #include "sshkey.h" #include "authfile.h" -#include "uuencode.h" #include "sshbuf.h" #include "pathnames.h" #include "log.h" @@ -288,25 +287,30 @@ load_identity(char *filename) static void do_convert_to_ssh2(struct passwd *pw, struct sshkey *k) { - size_t len; - u_char *blob; - char comment[61]; + struct sshbuf *b; + char comment[61], *b64; int r; - if ((r = sshkey_to_blob(k, &blob, &len)) != 0) + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshkey_putb(k, b)) != 0) fatal("key_to_blob failed: %s", ssh_err(r)); + if ((b64 = sshbuf_dtob64_string(b, 1)) == NULL) + fatal("%s: sshbuf_dtob64_string failed", __func__); + /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ snprintf(comment, sizeof(comment), "%u-bit %s, converted by %s@%s from OpenSSH", sshkey_size(k), sshkey_type(k), pw->pw_name, hostname); + sshkey_free(k); + sshbuf_free(b); + fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); - fprintf(stdout, "Comment: \"%s\"\n", comment); - dump_base64(stdout, blob, len); + fprintf(stdout, "Comment: \"%s\"\n%s", comment, b64); fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); - sshkey_free(k); - free(blob); + free(b64); exit(0); } @@ -398,9 +402,8 @@ buffer_get_bignum_bits(struct sshbuf *b, BIGNUM *value) } static struct sshkey * -do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) +do_convert_private_ssh2(struct sshbuf *b) { - struct sshbuf *b; struct sshkey *key = NULL; char *type, *cipher; u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345"; @@ -412,15 +415,13 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL; - if ((b = sshbuf_from(blob, blen)) == NULL) - fatal("%s: sshbuf_from failed", __func__); + if ((r = sshbuf_get_u32(b, &magic)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (magic != SSH_COM_PRIVATE_KEY_MAGIC) { error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC); - sshbuf_free(b); return NULL; } if ((r = sshbuf_get_u32(b, &i1)) != 0 || @@ -434,7 +435,6 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) if (strcmp(cipher, "none") != 0) { error("unsupported cipher %s", cipher); free(cipher); - sshbuf_free(b); free(type); return NULL; } @@ -445,7 +445,6 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) } else if (strstr(type, "rsa")) { ktype = KEY_RSA; } else { - sshbuf_free(b); free(type); return NULL; } @@ -492,7 +491,6 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) fatal("%s: BN_new", __func__); if (!BN_set_word(rsa_e, e)) { BN_clear_free(rsa_e); - sshbuf_free(b); sshkey_free(key); return NULL; } @@ -520,9 +518,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) } rlen = sshbuf_len(b); if (rlen != 0) - error("do_convert_private_ssh2_from_blob: " - "remaining bytes in key blob %d", rlen); - sshbuf_free(b); + error("%s: remaining bytes in key blob %d", __func__, rlen); /* try the key */ if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || @@ -567,10 +563,12 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private) int r, blen, escaped = 0; u_int len; char line[1024]; - u_char blob[8096]; + struct sshbuf *buf; char encoded[8096]; FILE *fp; + if ((buf = sshbuf_new()) == NULL) + fatal("sshbuf_new failed"); if ((fp = fopen(identity_file, "r")) == NULL) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); encoded[0] = '\0'; @@ -600,12 +598,11 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private) (encoded[len-2] == '=') && (encoded[len-3] == '=')) encoded[len-3] = '\0'; - blen = uudecode(encoded, blob, sizeof(blob)); - if (blen < 0) - fatal("uudecode failed."); + if ((r = sshbuf_b64tod(buf, encoded)) != 0) + fatal("%s: base64 decoding failed: %s", __func__, ssh_err(r)); if (*private) - *k = do_convert_private_ssh2_from_blob(blob, blen); - else if ((r = sshkey_from_blob(blob, blen, k)) != 0) + *k = do_convert_private_ssh2(buf); + else if ((r = sshkey_fromb(buf, k)) != 0) fatal("decode blob failed: %s", ssh_err(r)); fclose(fp); } @@ -1718,7 +1715,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, } if (n > SSHKEY_CERT_MAX_PRINCIPALS) fatal("Too many certificate principals specified"); - + tmp = tilde_expand_filename(argv[i], pw->pw_uid); if ((r = sshkey_load_public(tmp, &public, &comment)) != 0) fatal("%s: unable to open \"%s\": %s", |