lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-27 13:21:11 +03:00
Code Activity

pki: Factor out the backend-specifics from cleaning the key structure

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
This commit is contained in:
Jakub Jelen
2022-08-18 14:08:04 +02:00
parent bc0c027ac0
commit 382ff38caa
5 changed files with 64 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/libssh/pki_priv.h
View File

@@ -49,6 +49,8 @@ enum ssh_key_e {
SSH_KEY_PRIVATE SSH_KEY_PRIVATE
}; };
void pki_key_clean(ssh_key key);
int pki_key_ecdsa_nid_from_name(const char *name); int pki_key_ecdsa_nid_from_name(const char *name);
const char *pki_key_ecdsa_nid_to_name(int nid); const char *pki_key_ecdsa_nid_to_name(int nid);
const char *ssh_key_signature_to_char(enum ssh_keytypes_e type, const char *ssh_key_signature_to_char(enum ssh_keytypes_e type,

49
src/pki.c
View File

@@ -154,37 +154,9 @@ void ssh_key_clean (ssh_key key)
{ {
if (key == NULL) if (key == NULL)
return; return;
#ifdef HAVE_LIBGCRYPT
if(key->dsa) gcry_sexp_release(key->dsa);
if(key->rsa) gcry_sexp_release(key->rsa);
if(key->ecdsa) gcry_sexp_release(key->ecdsa);
#elif defined HAVE_LIBCRYPTO
#if OPENSSL_VERSION_NUMBER < 0x30000000L
if(key->dsa) DSA_free(key->dsa);
if(key->rsa) RSA_free(key->rsa);
#else
if(key->key) EVP_PKEY_free(key->key);
#endif /* OPENSSL_VERSION_NUMBER */
#ifdef HAVE_OPENSSL_ECC
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* Move whole HAVE_OPENSSL_EC into #if < 0x3 above
*/
#if 1
if(key->ecdsa) EC_KEY_free(key->ecdsa);
#endif
#endif /* HAVE_OPENSSL_ECC */
#elif defined HAVE_LIBMBEDCRYPTO
if (key->rsa != NULL) {
mbedtls_pk_free(key->rsa);
SAFE_FREE(key->rsa);
}
if (key->ecdsa != NULL) { pki_key_clean(key);
mbedtls_ecdsa_free(key->ecdsa);
SAFE_FREE(key->ecdsa);
}
#endif
if (key->ed25519_privkey != NULL){ if (key->ed25519_privkey != NULL){
#ifdef HAVE_OPENSSL_ED25519 #ifdef HAVE_OPENSSL_ED25519
/* In OpenSSL implementation the private key is only the private /* In OpenSSL implementation the private key is only the private
@@ -208,21 +180,10 @@ void ssh_key_clean (ssh_key key)
ssh_string_free(key->sk_application); ssh_string_free(key->sk_application);
} }
key->cert_type = SSH_KEYTYPE_UNKNOWN; key->cert_type = SSH_KEYTYPE_UNKNOWN;
key->flags=SSH_KEY_FLAG_EMPTY; key->flags = SSH_KEY_FLAG_EMPTY;
key->type=SSH_KEYTYPE_UNKNOWN; key->type = SSH_KEYTYPE_UNKNOWN;
key->ecdsa_nid = 0; key->ecdsa_nid = 0;
key->type_c=NULL; key->type_c = NULL;
#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
key->dsa = NULL;
key->rsa = NULL;
#else
key->key = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* Move into #if OPENSSL_VERSION_NUMBER < 0x3 above
*/
key->ecdsa = NULL;
} }
/** /**

24
src/pki_crypto.c
View File

@@ -87,6 +87,30 @@ static int pem_get_password(char *buf, int size, int rwflag, void *userdata) {
return 0; return 0;
} }
void pki_key_clean(ssh_key key)
{
if (key == NULL)
return;
#if OPENSSL_VERSION_NUMBER < 0x30000000L
DSA_free(key->dsa);
key->dsa = NULL;
RSA_free(key->rsa);
key->rsa = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
#ifdef HAVE_OPENSSL_ECC
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* Move whole HAVE_OPENSSL_ECC into #if < 0x3 above
*/
#if 1
EC_KEY_free(key->ecdsa);
key->ecdsa = NULL;
#endif
#endif /* HAVE_OPENSSL_ECC */
EVP_PKEY_free(key->key);
key->key = NULL;
}
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys /* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624 * https://github.com/openssl/openssl/pull/16624

17
src/pki_gcrypt.c
View File

@@ -283,6 +283,23 @@ static int passphrase_to_key(char *data, unsigned int datalen,
return 0; return 0;
} }
void pki_key_clean(ssh_key key)
{
if (key == NULL)
return;
if (key->dsa)
gcry_sexp_release(key->dsa);
if (key->rsa)
gcry_sexp_release(key->rsa);
if (key->ecdsa)
gcry_sexp_release(key->ecdsa);
key->dsa = NULL;
key->rsa = NULL;
key->ecdsa = NULL;
}
static int privatekey_decrypt(int algo, int mode, unsigned int key_len, static int privatekey_decrypt(int algo, int mode, unsigned int key_len,
unsigned char *iv, unsigned int iv_len, unsigned char *iv, unsigned int iv_len,
ssh_buffer data, ssh_auth_callback cb, ssh_buffer data, ssh_auth_callback cb,

16
src/pki_mbedcrypto.c
View File

@@ -38,6 +38,22 @@
#define MAX_PASSPHRASE_SIZE 1024 #define MAX_PASSPHRASE_SIZE 1024
#define MAX_KEY_SIZE 32 #define MAX_KEY_SIZE 32
void pki_key_clean(ssh_key key)
{
if (key == NULL)
return;
if (key->rsa != NULL) {
mbedtls_pk_free(key->rsa);
SAFE_FREE(key->rsa);
}
if (key->ecdsa != NULL) {
mbedtls_ecdsa_free(key->ecdsa);
SAFE_FREE(key->ecdsa);
}
}
ssh_string pki_private_key_to_pem(const ssh_key key, const char *passphrase, ssh_string pki_private_key_to_pem(const ssh_key key, const char *passphrase,
ssh_auth_callback auth_fn, void *auth_data) ssh_auth_callback auth_fn, void *auth_data)
{ {