Move some manual freeing into freersakey().

Several pieces of old code were disposing of pieces of an RSAKey by
manually freeing them one at a time. We have a centralised
freersakey(), so we should use that instead wherever possible.

Where it wasn't possible to switch over to that, it was because we
were only freeing the private fields of the key - so I've fixed that
by cutting freersakey() down the middle and exposing the private-only
half as freersapriv().
This commit is contained in:
Simon Tatham 2018-12-14 19:42:47 +00:00
Родитель 55cea187e9
Коммит a80edab4b5
4 изменённых файлов: 38 добавлений и 34 удалений

Просмотреть файл

@ -308,8 +308,7 @@ void pageant_handle_msg(BinarySink *bs,
if (response) if (response)
freebn(response); freebn(response);
freebn(challenge); freebn(challenge);
freebn(reqkey.exponent); freersakey(&reqkey);
freebn(reqkey.modulus);
} }
break; break;
case SSH2_AGENTC_SIGN_REQUEST: case SSH2_AGENTC_SIGN_REQUEST:
@ -526,13 +525,13 @@ void pageant_handle_msg(BinarySink *bs,
plog(logctx, logfn, "request: SSH1_AGENTC_REMOVE_RSA_IDENTITY"); plog(logctx, logfn, "request: SSH1_AGENTC_REMOVE_RSA_IDENTITY");
memset(&reqkey, 0, sizeof(reqkey));
get_rsa_ssh1_pub(msg, &reqkey, RSA_SSH1_EXPONENT_FIRST); get_rsa_ssh1_pub(msg, &reqkey, RSA_SSH1_EXPONENT_FIRST);
if (get_err(msg)) { if (get_err(msg)) {
pageant_failure_msg(bs, "unable to decode request", pageant_failure_msg(bs, "unable to decode request",
logctx, logfn); logctx, logfn);
freebn(reqkey.exponent); freersakey(&reqkey);
freebn(reqkey.modulus);
return; return;
} }
@ -545,8 +544,7 @@ void pageant_handle_msg(BinarySink *bs,
} }
key = find234(rsakeys, &reqkey, NULL); key = find234(rsakeys, &reqkey, NULL);
freebn(reqkey.exponent); freersakey(&reqkey);
freebn(reqkey.modulus);
if (key) { if (key) {
plog(logctx, logfn, "found with comment: %s", key->comment); plog(logctx, logfn, "found with comment: %s", key->comment);

1
ssh.h
Просмотреть файл

@ -514,6 +514,7 @@ bool rsa_verify(struct RSAKey *key);
void rsa_ssh1_public_blob(BinarySink *bs, struct RSAKey *key, void rsa_ssh1_public_blob(BinarySink *bs, struct RSAKey *key,
RsaSsh1Order order); RsaSsh1Order order);
int rsa_ssh1_public_blob_len(void *data, int maxlen); int rsa_ssh1_public_blob_len(void *data, int maxlen);
void freersapriv(struct RSAKey *key);
void freersakey(struct RSAKey *key); void freersakey(struct RSAKey *key);
unsigned long crc32_compute(const void *s, size_t len); unsigned long crc32_compute(const void *s, size_t len);

Просмотреть файл

@ -368,22 +368,8 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
ssh1_bpp_new_cipher(s->ppl.bpp, cipher, s->session_key); ssh1_bpp_new_cipher(s->ppl.bpp, cipher, s->session_key);
} }
if (s->servkey.modulus) { freersakey(&s->servkey);
sfree(s->servkey.modulus); freersakey(&s->hostkey);
s->servkey.modulus = NULL;
}
if (s->servkey.exponent) {
sfree(s->servkey.exponent);
s->servkey.exponent = NULL;
}
if (s->hostkey.modulus) {
sfree(s->hostkey.modulus);
s->hostkey.modulus = NULL;
}
if (s->hostkey.exponent) {
sfree(s->hostkey.exponent);
s->hostkey.exponent = NULL;
}
crMaybeWaitUntilV((pktin = ssh1_login_pop(s)) != NULL); crMaybeWaitUntilV((pktin = ssh1_login_pop(s)) != NULL);
if (pktin->type != SSH1_SMSG_SUCCESS) { if (pktin->type != SSH1_SMSG_SUCCESS) {
@ -745,7 +731,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
return; return;
} }
response = rsa_ssh1_decrypt(challenge, &s->key); response = rsa_ssh1_decrypt(challenge, &s->key);
freebn(s->key.private_exponent);/* burn the evidence */ freersapriv(&s->key); /* burn the evidence */
for (i = 0; i < 32; i++) { for (i = 0; i < 32; i++) {
buffer[i] = bignum_byte(response, 31 - i); buffer[i] = bignum_byte(response, 31 - i);

Просмотреть файл

@ -486,22 +486,41 @@ int rsa_ssh1_public_blob_len(void *data, int maxlen)
return src->pos; return src->pos;
} }
void freersapriv(struct RSAKey *key)
{
if (key->private_exponent) {
freebn(key->private_exponent);
key->private_exponent = NULL;
}
if (key->p) {
freebn(key->p);
key->p = NULL;
}
if (key->q) {
freebn(key->q);
key->q = NULL;
}
if (key->iqmp) {
freebn(key->iqmp);
key->iqmp = NULL;
}
}
void freersakey(struct RSAKey *key) void freersakey(struct RSAKey *key)
{ {
if (key->modulus) freersapriv(key);
if (key->modulus) {
freebn(key->modulus); freebn(key->modulus);
if (key->exponent) key->modulus = NULL;
}
if (key->exponent) {
freebn(key->exponent); freebn(key->exponent);
if (key->private_exponent) key->exponent = NULL;
freebn(key->private_exponent); }
if (key->p) if (key->comment) {
freebn(key->p);
if (key->q)
freebn(key->q);
if (key->iqmp)
freebn(key->iqmp);
if (key->comment)
sfree(key->comment); sfree(key->comment);
key->comment = NULL;
}
} }
/* ---------------------------------------------------------------------- /* ----------------------------------------------------------------------