X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=crypt.c;h=f1e42d4a228f7c0c498ac505575b6a0f3667bf27;hp=cae47046fe0c8e3f0ebf2c1a479d3343c3955465;hb=b91c9e2f61443577241675cc1eadafd3f2dd8b6e;hpb=dbf829aac09a69f4b51a6a1f9fe15873b99fbdcf diff --git a/crypt.c b/crypt.c index cae47046..f1e42d4a 100644 --- a/crypt.c +++ b/crypt.c @@ -60,41 +60,24 @@ void init_random_seed_or_die(void) srandom(seed); } -static EVP_PKEY *load_key(const char *file, int private) +static int get_private_key(const char *path, RSA **rsa) { - BIO *key; - EVP_PKEY *pkey = NULL; - int ret = check_key_file(file, private); - - if (ret < 0) { - PARA_ERROR_LOG("%s\n", para_strerror(-ret)); - return NULL; - } - key = BIO_new(BIO_s_file()); - if (!key) - return NULL; - if (BIO_read_filename(key, file) > 0) { - if (private == LOAD_PRIVATE_KEY) - pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, NULL); - else - pkey = PEM_read_bio_PUBKEY(key, NULL, NULL, NULL); - } - BIO_free(key); - return pkey; -} - -static int get_openssl_key(const char *key_file, RSA **rsa, int private) -{ - EVP_PKEY *key = load_key(key_file, private); - - if (!key) - return (private == LOAD_PRIVATE_KEY)? -E_PRIVATE_KEY - : -E_PUBLIC_KEY; - *rsa = EVP_PKEY_get1_RSA(key); - EVP_PKEY_free(key); - if (!*rsa) - return -E_RSA; - return RSA_size(*rsa); + EVP_PKEY *pkey; + BIO *bio = BIO_new(BIO_s_file()); + + *rsa = NULL; + if (!bio) + return -E_PRIVATE_KEY; + if (BIO_read_filename(bio, path) <= 0) + goto bio_free; + pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); + if (!pkey) + goto bio_free; + *rsa = EVP_PKEY_get1_RSA(pkey); + EVP_PKEY_free(pkey); +bio_free: + BIO_free(bio); + return *rsa? RSA_size(*rsa) : -E_PRIVATE_KEY; } /* @@ -159,8 +142,7 @@ fail: return ret; } -int get_asymmetric_key(const char *key_file, int private, - struct asymmetric_key **result) +int get_public_key(const char *key_file, struct asymmetric_key **result) { struct asymmetric_key *key = NULL; void *map = NULL; @@ -170,21 +152,13 @@ int get_asymmetric_key(const char *key_file, int private, char *cp; key = para_malloc(sizeof(*key)); - if (private) { - ret = get_openssl_key(key_file, &key->rsa, LOAD_PRIVATE_KEY); - goto out; - } ret = mmap_full_file(key_file, O_RDONLY, &map, &map_size, NULL); if (ret < 0) goto out; ret = is_ssh_rsa_key(map, map_size); if (!ret) { - ret = para_munmap(map, map_size); - map = NULL; - if (ret < 0) - goto out; - ret = get_openssl_key(key_file, &key->rsa, LOAD_PUBLIC_KEY); - goto out; + para_munmap(map, map_size); + return -E_SSH_PARSE; } cp = map + ret; encoded_size = map_size - ret; @@ -214,7 +188,7 @@ out: return ret; } -void free_asymmetric_key(struct asymmetric_key *key) +void free_public_key(struct asymmetric_key *key) { if (!key) return; @@ -228,11 +202,17 @@ int priv_decrypt(const char *key_file, unsigned char *outbuf, struct asymmetric_key *priv; int ret; + ret = check_private_key_file(key_file); + if (ret < 0) + return ret; if (inlen < 0) return -E_RSA; - ret = get_asymmetric_key(key_file, LOAD_PRIVATE_KEY, &priv); - if (ret < 0) + priv = para_malloc(sizeof(*priv)); + ret = get_private_key(key_file, &priv->rsa); + if (ret < 0) { + free(priv); return ret; + } /* * RSA is vulnerable to timing attacks. Generate a random blinding * factor to protect against this kind of attack. @@ -246,7 +226,8 @@ int priv_decrypt(const char *key_file, unsigned char *outbuf, if (ret <= 0) ret = -E_DECRYPT; out: - free_asymmetric_key(priv); + RSA_free(priv->rsa); + free(priv); return ret; }