diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2019-07-16 13:18:40 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2019-07-16 13:18:40 +0000 |
commit | b801b220eae1fdb5542417b3ba39a4447af250de (patch) | |
tree | b3a2f496f715a2a32ad052d491c791a30b79e02c /usr.bin | |
parent | d119129fe146c50e0eece307851cdc2314e66472 (diff) |
remove mostly vestigal uuencode.[ch]; moving the only unique
functionality there (wrapping of base64-encoded data) to sshbuf
functions; feedback and ok markus@
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/ssh/auth2-pubkey.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 53 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-keygen/Makefile | 4 | ||||
-rw-r--r-- | usr.bin/ssh/sshbuf-misc.c | 57 | ||||
-rw-r--r-- | usr.bin/ssh/sshbuf.h | 5 | ||||
-rw-r--r-- | usr.bin/ssh/sshkey.c | 27 | ||||
-rw-r--r-- | usr.bin/ssh/uuencode.c | 93 | ||||
-rw-r--r-- | usr.bin/ssh/uuencode.h | 29 |
8 files changed, 85 insertions, 187 deletions
diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c index 94d283cc4dc..daf4600e57b 100644 --- a/usr.bin/ssh/auth2-pubkey.c +++ b/usr.bin/ssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.90 2019/06/21 03:19:59 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.91 2019/07/16 13:18:39 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -106,7 +106,7 @@ userauth_pubkey(struct ssh *ssh) if ((pkbuf = sshbuf_from(pkblob, blen)) == NULL) fatal("%s: sshbuf_from failed", __func__); - if ((keystring = sshbuf_dtob64(pkbuf)) == NULL) + if ((keystring = sshbuf_dtob64_string(pkbuf, 0)) == NULL) fatal("%s: sshbuf_dtob64 failed", __func__); debug2("%s: %s user %s %s public key %s %s", __func__, authctxt->valid ? "valid" : "invalid", authctxt->user, diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index bc999415079..96b0bc6dadc 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.336 2019/07/15 13:16:29 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.337 2019/07/16 13:18:39 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -33,7 +33,6 @@ #include "xmalloc.h" #include "sshkey.h" #include "authfile.h" -#include "uuencode.h" #include "sshbuf.h" #include "pathnames.h" #include "log.h" @@ -288,25 +287,30 @@ load_identity(char *filename) static void do_convert_to_ssh2(struct passwd *pw, struct sshkey *k) { - size_t len; - u_char *blob; - char comment[61]; + struct sshbuf *b; + char comment[61], *b64; int r; - if ((r = sshkey_to_blob(k, &blob, &len)) != 0) + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshkey_putb(k, b)) != 0) fatal("key_to_blob failed: %s", ssh_err(r)); + if ((b64 = sshbuf_dtob64_string(b, 1)) == NULL) + fatal("%s: sshbuf_dtob64_string failed", __func__); + /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ snprintf(comment, sizeof(comment), "%u-bit %s, converted by %s@%s from OpenSSH", sshkey_size(k), sshkey_type(k), pw->pw_name, hostname); + sshkey_free(k); + sshbuf_free(b); + fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); - fprintf(stdout, "Comment: \"%s\"\n", comment); - dump_base64(stdout, blob, len); + fprintf(stdout, "Comment: \"%s\"\n%s", comment, b64); fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); - sshkey_free(k); - free(blob); + free(b64); exit(0); } @@ -398,9 +402,8 @@ buffer_get_bignum_bits(struct sshbuf *b, BIGNUM *value) } static struct sshkey * -do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) +do_convert_private_ssh2(struct sshbuf *b) { - struct sshbuf *b; struct sshkey *key = NULL; char *type, *cipher; u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345"; @@ -412,15 +415,13 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL; - if ((b = sshbuf_from(blob, blen)) == NULL) - fatal("%s: sshbuf_from failed", __func__); + if ((r = sshbuf_get_u32(b, &magic)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (magic != SSH_COM_PRIVATE_KEY_MAGIC) { error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC); - sshbuf_free(b); return NULL; } if ((r = sshbuf_get_u32(b, &i1)) != 0 || @@ -434,7 +435,6 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) if (strcmp(cipher, "none") != 0) { error("unsupported cipher %s", cipher); free(cipher); - sshbuf_free(b); free(type); return NULL; } @@ -445,7 +445,6 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) } else if (strstr(type, "rsa")) { ktype = KEY_RSA; } else { - sshbuf_free(b); free(type); return NULL; } @@ -492,7 +491,6 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) fatal("%s: BN_new", __func__); if (!BN_set_word(rsa_e, e)) { BN_clear_free(rsa_e); - sshbuf_free(b); sshkey_free(key); return NULL; } @@ -520,9 +518,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) } rlen = sshbuf_len(b); if (rlen != 0) - error("do_convert_private_ssh2_from_blob: " - "remaining bytes in key blob %d", rlen); - sshbuf_free(b); + error("%s: remaining bytes in key blob %d", __func__, rlen); /* try the key */ if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || @@ -567,10 +563,12 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private) int r, blen, escaped = 0; u_int len; char line[1024]; - u_char blob[8096]; + struct sshbuf *buf; char encoded[8096]; FILE *fp; + if ((buf = sshbuf_new()) == NULL) + fatal("sshbuf_new failed"); if ((fp = fopen(identity_file, "r")) == NULL) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); encoded[0] = '\0'; @@ -600,12 +598,11 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private) (encoded[len-2] == '=') && (encoded[len-3] == '=')) encoded[len-3] = '\0'; - blen = uudecode(encoded, blob, sizeof(blob)); - if (blen < 0) - fatal("uudecode failed."); + if ((r = sshbuf_b64tod(buf, encoded)) != 0) + fatal("%s: base64 decoding failed: %s", __func__, ssh_err(r)); if (*private) - *k = do_convert_private_ssh2_from_blob(blob, blen); - else if ((r = sshkey_from_blob(blob, blen, k)) != 0) + *k = do_convert_private_ssh2(buf); + else if ((r = sshkey_fromb(buf, k)) != 0) fatal("decode blob failed: %s", ssh_err(r)); fclose(fp); } @@ -1718,7 +1715,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, } if (n > SSHKEY_CERT_MAX_PRINCIPALS) fatal("Too many certificate principals specified"); - + tmp = tilde_expand_filename(argv[i], pw->pw_uid); if ((r = sshkey_load_public(tmp, &public, &comment)) != 0) fatal("%s: unable to open \"%s\": %s", diff --git a/usr.bin/ssh/ssh-keygen/Makefile b/usr.bin/ssh/ssh-keygen/Makefile index d6d69b2dcd6..4902803770c 100644 --- a/usr.bin/ssh/ssh-keygen/Makefile +++ b/usr.bin/ssh/ssh-keygen/Makefile @@ -1,8 +1,8 @@ -# $OpenBSD: Makefile,v 1.29 2019/07/05 12:35:40 deraadt Exp $ +# $OpenBSD: Makefile,v 1.30 2019/07/16 13:18:39 djm Exp $ .PATH: ${.CURDIR}/.. -SRCS= ssh-keygen.c moduli.c uuencode.c +SRCS= ssh-keygen.c moduli.c SRCS+= atomicio.c authfd.c cleanup.c dns.c fatal.c hmac.c hostfile.c \ readpass.c utf8.c SRCS+= ${SRCS_BASE} ${SRCS_KEY} ${SRCS_KEYP} ${SRCS_KRL} ${SRCS_UTL} \ diff --git a/usr.bin/ssh/sshbuf-misc.c b/usr.bin/ssh/sshbuf-misc.c index 7f018c86adc..b36c75d9d36 100644 --- a/usr.bin/ssh/sshbuf-misc.c +++ b/usr.bin/ssh/sshbuf-misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-misc.c,v 1.8 2019/07/15 13:11:38 djm Exp $ */ +/* $OpenBSD: sshbuf-misc.c,v 1.9 2019/07/16 13:18:39 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -85,23 +85,58 @@ sshbuf_dtob16(struct sshbuf *buf) return ret; } +int +sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap) +{ + size_t i, slen = 0; + char *s = NULL; + int r; + + if (d == NULL || b64 == NULL || sshbuf_len(d) >= SIZE_MAX / 2) + return SSH_ERR_INVALID_ARGUMENT; + if (sshbuf_len(d) == 0) + return 0; + slen = ((sshbuf_len(d) + 2) / 3) * 4 + 1; + if ((s = malloc(slen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (b64_ntop(sshbuf_ptr(d), sshbuf_len(d), s, slen) == -1) { + r = SSH_ERR_INTERNAL_ERROR; + goto fail; + } + if (wrap) { + for (i = 0; s[i] != '\0'; i++) { + if ((r = sshbuf_put_u8(b64, s[i])) != 0) + goto fail; + if (i % 70 == 69 && (r = sshbuf_put_u8(b64, '\n')) != 0) + goto fail; + } + if (i % 70 != 69 && (r = sshbuf_put_u8(b64, '\n')) != 0) + goto fail; + } else { + if ((r = sshbuf_put(b64, s, strlen(s))) != 0) + goto fail; + } + /* Success */ + r = 0; + fail: + freezero(s, slen); + return r; +} + char * -sshbuf_dtob64(struct sshbuf *buf) +sshbuf_dtob64_string(const struct sshbuf *buf, int wrap) { - size_t len = sshbuf_len(buf), plen; - const u_char *p = sshbuf_ptr(buf); + struct sshbuf *tmp; char *ret; - if (len == 0) - return strdup(""); - plen = ((len + 2) / 3) * 4 + 1; - if (SIZE_MAX / 2 <= len || (ret = malloc(plen)) == NULL) + if ((tmp = sshbuf_new()) == NULL) return NULL; - if (b64_ntop(p, len, ret, plen) == -1) { - explicit_bzero(ret, plen); - free(ret); + if (sshbuf_dtob64(buf, tmp, wrap) != 0) { + sshbuf_free(tmp); return NULL; } + ret = sshbuf_dup_string(tmp); + sshbuf_free(tmp); return ret; } diff --git a/usr.bin/ssh/sshbuf.h b/usr.bin/ssh/sshbuf.h index 608a9845ec2..045ac3deece 100644 --- a/usr.bin/ssh/sshbuf.h +++ b/usr.bin/ssh/sshbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.h,v 1.15 2019/07/15 13:11:38 djm Exp $ */ +/* $OpenBSD: sshbuf.h,v 1.16 2019/07/16 13:18:39 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -243,7 +243,8 @@ void sshbuf_dump_data(const void *s, size_t len, FILE *f); char *sshbuf_dtob16(struct sshbuf *buf); /* Encode the contents of the buffer as base64 */ -char *sshbuf_dtob64(struct sshbuf *buf); +char *sshbuf_dtob64_string(const struct sshbuf *buf, int wrap); +int sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap); /* Decode base64 data and append it to the buffer */ int sshbuf_b64tod(struct sshbuf *buf, const char *b64); diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c index e814f6e917f..a2b0a1d1527 100644 --- a/usr.bin/ssh/sshkey.c +++ b/usr.bin/ssh/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.80 2019/07/15 13:16:29 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.81 2019/07/16 13:18:39 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1370,7 +1370,7 @@ sshkey_to_base64(const struct sshkey *key, char **b64p) return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_putb(key, b)) != 0) goto out; - if ((uu = sshbuf_dtob64(b)) == NULL) { + if ((uu = sshbuf_dtob64_string(b, 0)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -3649,25 +3649,12 @@ sshkey_private_to_blob2(struct sshkey *prv, struct sshbuf *blob, sshbuf_ptr(encrypted), sshbuf_len(encrypted), 0, authlen)) != 0) goto out; - /* uuencode */ - if ((b64 = sshbuf_dtob64(encoded)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - sshbuf_reset(blob); - if ((r = sshbuf_put(blob, MARK_BEGIN, MARK_BEGIN_LEN)) != 0) - goto out; - for (i = 0; i < strlen(b64); i++) { - if ((r = sshbuf_put_u8(blob, b64[i])) != 0) - goto out; - /* insert line breaks */ - if (i % 70 == 69 && (r = sshbuf_put_u8(blob, '\n')) != 0) - goto out; - } - if (i % 70 != 69 && (r = sshbuf_put_u8(blob, '\n')) != 0) - goto out; - if ((r = sshbuf_put(blob, MARK_END, MARK_END_LEN)) != 0) + + /* assemble uuencoded key */ + if ((r = sshbuf_put(blob, MARK_BEGIN, MARK_BEGIN_LEN)) != 0 || + (r = sshbuf_dtob64(encoded, blob, 1)) != 0 || + (r = sshbuf_put(blob, MARK_END, MARK_END_LEN)) != 0) goto out; /* success */ diff --git a/usr.bin/ssh/uuencode.c b/usr.bin/ssh/uuencode.c deleted file mode 100644 index ade379d6aed..00000000000 --- a/usr.bin/ssh/uuencode.c +++ /dev/null @@ -1,93 +0,0 @@ -/* $OpenBSD: uuencode.c,v 1.28 2015/04/24 01:36:24 deraadt Exp $ */ -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <sys/types.h> -#include <netinet/in.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> - -#include "xmalloc.h" -#include "uuencode.h" - -/* - * Encode binary 'src' of length 'srclength', writing base64-encoded text - * to 'target' of size 'targsize'. Will always nul-terminate 'target'. - * Returns the number of bytes stored in 'target' or -1 on error (inc. - * 'targsize' too small). - */ -int -uuencode(const u_char *src, u_int srclength, - char *target, size_t targsize) -{ - return __b64_ntop(src, srclength, target, targsize); -} - -/* - * Decode base64-encoded 'src' into buffer 'target' of 'targsize' bytes. - * Will skip leading and trailing whitespace. Returns the number of bytes - * stored in 'target' or -1 on error (inc. targsize too small). - */ -int -uudecode(const char *src, u_char *target, size_t targsize) -{ - int len; - char *encoded, *p; - - /* copy the 'readonly' source */ - encoded = xstrdup(src); - /* skip whitespace and data */ - for (p = encoded; *p == ' ' || *p == '\t'; p++) - ; - for (; *p != '\0' && *p != ' ' && *p != '\t'; p++) - ; - /* and remove trailing whitespace because __b64_pton needs this */ - *p = '\0'; - len = __b64_pton(encoded, target, targsize); - free(encoded); - return len; -} - -void -dump_base64(FILE *fp, const u_char *data, u_int len) -{ - char *buf; - int i, n; - - if (len > 65536) { - fprintf(fp, "dump_base64: len > 65536\n"); - return; - } - buf = xreallocarray(NULL, 2, len); - n = uuencode(data, len, buf, 2*len); - for (i = 0; i < n; i++) { - fprintf(fp, "%c", buf[i]); - if (i % 70 == 69) - fprintf(fp, "\n"); - } - if (i % 70 != 69) - fprintf(fp, "\n"); - free(buf); -} diff --git a/usr.bin/ssh/uuencode.h b/usr.bin/ssh/uuencode.h deleted file mode 100644 index 4d9888126cd..00000000000 --- a/usr.bin/ssh/uuencode.h +++ /dev/null @@ -1,29 +0,0 @@ -/* $OpenBSD: uuencode.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */ - -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -int uuencode(const u_char *, u_int, char *, size_t); -int uudecode(const char *, u_char *, size_t); -void dump_base64(FILE *, const u_char *, u_int); |