diff options
| author | Moritz Schulte <[email protected]> | 2004-12-09 19:15:50 +0000 |
|---|---|---|
| committer | Moritz Schulte <[email protected]> | 2004-12-09 19:15:50 +0000 |
| commit | fbf6eb0adadabb86cca27a3ec003c7db0501f922 (patch) | |
| tree | b904ab61f67ca2d2e0014b3545f15659e189ef1f | |
| parent | * use x* functions instead of gcry_* memory management function (diff) | |
| download | gnupg-fbf6eb0adadabb86cca27a3ec003c7db0501f922.tar.gz gnupg-fbf6eb0adadabb86cca27a3ec003c7db0501f922.zip | |
command-ssh.c: Fix saving of RSA keys (meaning of p/q/u was borked);GNUPG-1-9-BRANCH-MO
correctly use secure memory for message requests.
| -rw-r--r-- | agent/command-ssh.c | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 7cd180bba..0eb06f987 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -96,6 +96,21 @@ typedef struct ssh_key_type_spec static uint32_t lifetime_default; +/* General utility functions. */ + +static void * +realloc_secure (void *a, size_t n) +{ + void *p; + + if (a) + p = gcry_realloc (a, n); + else + p = gcry_malloc_secure (n); + + return p; +} + /* Primitive I/O functions. */ static gpg_error_t @@ -532,14 +547,14 @@ ssh_key_modifier_rsa (const char *elems, gcry_mpi_t *mpis) /* Modifying only necessary for secret keys. */ goto out; + u = mpis[3]; p = mpis[4]; q = mpis[5]; - u = mpis[3]; - if (gcry_mpi_cmp (p, q)) + if (gcry_mpi_cmp (p, q) > 0) { /* P shall be smaller then Q! Swap primes. iqmp becomes u. */ - gcry_mpi_t tmp = NULL; + gcry_mpi_t tmp; tmp = mpis[4]; mpis[4] = mpis[5]; @@ -656,6 +671,7 @@ ssh_sexp_construct (gcry_sexp_t *sexp, const char *elems; size_t elems_n; unsigned int i; + unsigned int j; void **arg_list; err = 0; @@ -687,7 +703,15 @@ ssh_sexp_construct (gcry_sexp_t *sexp, for (i = 0; i < elems_n; i++) { sprintf (strchr (sexp_template, 0), "(%c %%m)", elems[i]); - arg_list[i] = &mpis[i]; + if (secret) + { + for (j = 0; j < elems_n; j++) + if (key_spec.elems_key_secret[j] == elems[i]) + break; + } + else + j = i; + arg_list[i] = &mpis[j]; } arg_list[i] = &comment; sprintf (strchr (sexp_template, 0), ") (comment %%s))"); @@ -2230,7 +2254,8 @@ start_command_handler_ssh (int sock_client) log_debug ("[ssh-agent] Received request of length: %u\n", request_size); - stream_request = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+"); + stream_request = es_mopen (NULL, 0, 0, 1, + realloc_secure, gcry_free, "r+"); if (! stream_request) { err = gpg_error_from_errno (errno); |