upstream: cleanup pkcs#11 client code: use sshkey_new in instead

of stack- allocating a sshkey

work by markus@, ok djm@

OpenBSD-Commit-ID: a048eb6ec8aa7fa97330af927022c0da77521f91

diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index de5aa830551571faac27bcb07c51523927455277..6cecf4863a57c2de3c76c588ce726fa422c9a4fb 100644 (file)
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-client.c,v 1.13 2019/01/20 22:54:30 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11-client.c,v 1.14 2019/01/20 22:57:45 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -117,19 +117,25 @@ pkcs11_terminate(void)
 static int
 rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
 {
-       struct sshkey key;      /* XXX */
-       u_char *blob, *signature = NULL;
+       struct sshkey *key = NULL;
+       struct sshbuf *msg = NULL;
+       u_char *blob = NULL, *signature = NULL;
        size_t blen, slen = 0;
        int r, ret = -1;
-       struct sshbuf *msg;
 
        if (padding != RSA_PKCS1_PADDING)
-               return (-1);
-       key.type = KEY_RSA;
-       key.rsa = rsa;
-       if ((r = sshkey_to_blob(&key, &blob, &blen)) != 0) {
+               goto fail;
+       key = sshkey_new(KEY_UNSPEC);
+       if (key == NULL) {
+               error("%s: sshkey_new failed", __func__);
+               goto fail;
+       }
+       key->type = KEY_RSA;
+       RSA_up_ref(rsa);
+       key->rsa = rsa;
+       if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
                error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
-               return -1;
+               goto fail;
        }
        if ((msg = sshbuf_new()) == NULL)
                fatal("%s: sshbuf_new failed", __func__);
@@ -138,7 +144,6 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
            (r = sshbuf_put_string(msg, from, flen)) != 0 ||
            (r = sshbuf_put_u32(msg, 0)) != 0)
                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-       free(blob);
        send_msg(msg);
        sshbuf_reset(msg);
 
@@ -151,6 +156,9 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
                }
                free(signature);
        }
+ fail:
+       free(blob);
+       sshkey_free(key);
        sshbuf_free(msg);
        return (ret);
 }
@@ -159,24 +167,33 @@ static ECDSA_SIG *
 ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
     const BIGNUM *rp, EC_KEY *ec)
 {
-       struct sshkey key; /* XXX */
-       u_char *blob, *signature = NULL;
+       struct sshkey *key = NULL;
+       struct sshbuf *msg = NULL;
+       ECDSA_SIG *ret = NULL;
        const u_char *cp;
+       u_char *blob = NULL, *signature = NULL;
        size_t blen, slen = 0;
-       ECDSA_SIG *ret = NULL;
-       struct sshbuf *msg;
-       int r;
+       int r, nid;
 
-       key.type = KEY_ECDSA;
-       key.ecdsa = ec;
-       key.ecdsa_nid = sshkey_ecdsa_key_to_nid(ec);
-       if (key.ecdsa_nid < 0) {
+       nid = sshkey_ecdsa_key_to_nid(ec);
+       if (nid < 0) {
                error("%s: couldn't get curve nid", __func__);
-               return (NULL);
+               goto fail;
+       }
+
+       key = sshkey_new(KEY_UNSPEC);
+       if (key == NULL) {
+               error("%s: sshkey_new failed", __func__);
+               goto fail;
        }
-       if ((r = sshkey_to_blob(&key, &blob, &blen)) != 0) {
+       key->ecdsa = ec;
+       key->ecdsa_nid = nid;
+       key->type = KEY_ECDSA;
+       EC_KEY_up_ref(ec);
+
+       if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
                error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
-               return (NULL);
+               goto fail;
        }
        if ((msg = sshbuf_new()) == NULL)
                fatal("%s: sshbuf_new failed", __func__);
@@ -185,7 +202,6 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
            (r = sshbuf_put_string(msg, dgst, dgst_len)) != 0 ||
            (r = sshbuf_put_u32(msg, 0)) != 0)
                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-       free(blob);
        send_msg(msg);
        sshbuf_reset(msg);
 
@@ -197,6 +213,9 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
                free(signature);
        }
 
+ fail:
+       free(blob);
+       sshkey_free(key);
        sshbuf_free(msg);
        return (ret);
 }