version 1.114, 2021/01/26 00:49:30 |
version 1.115, 2021/02/02 22:36:46 |
|
|
sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) |
sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) |
{ |
{ |
char *tname = NULL, *curve = NULL, *xmss_name = NULL; |
char *tname = NULL, *curve = NULL, *xmss_name = NULL; |
|
char *expect_sk_application = NULL; |
struct sshkey *k = NULL; |
struct sshkey *k = NULL; |
size_t pklen = 0, sklen = 0; |
size_t pklen = 0, sklen = 0; |
int type, r = SSH_ERR_INTERNAL_ERROR; |
int type, r = SSH_ERR_INTERNAL_ERROR; |
u_char *ed25519_pk = NULL, *ed25519_sk = NULL; |
u_char *ed25519_pk = NULL, *ed25519_sk = NULL; |
|
u_char *expect_ed25519_pk = NULL; |
u_char *xmss_pk = NULL, *xmss_sk = NULL; |
u_char *xmss_pk = NULL, *xmss_sk = NULL; |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
BIGNUM *exponent = NULL; |
BIGNUM *exponent = NULL; |
|
|
r = SSH_ERR_KEY_CERT_MISMATCH; |
r = SSH_ERR_KEY_CERT_MISMATCH; |
goto out; |
goto out; |
} |
} |
|
/* |
|
* Several fields are redundant between certificate and |
|
* private key body, we require these to match. |
|
*/ |
|
expect_sk_application = k->sk_application; |
|
expect_ed25519_pk = k->ed25519_pk; |
|
k->sk_application = NULL; |
|
k->ed25519_pk = NULL; |
} else { |
} else { |
if ((k = sshkey_new(type)) == NULL) { |
if ((k = sshkey_new(type)) == NULL) { |
r = SSH_ERR_ALLOC_FAIL; |
r = SSH_ERR_ALLOC_FAIL; |
|
|
break; |
break; |
} |
} |
#endif /* WITH_OPENSSL */ |
#endif /* WITH_OPENSSL */ |
|
if ((expect_sk_application != NULL && (k->sk_application == NULL || |
|
strcmp(expect_sk_application, k->sk_application) != 0)) || |
|
(expect_ed25519_pk != NULL && (k->ed25519_pk == NULL || |
|
memcmp(expect_ed25519_pk, k->ed25519_pk, ED25519_PK_SZ) != 0))) { |
|
r = SSH_ERR_KEY_CERT_MISMATCH; |
|
goto out; |
|
} |
/* success */ |
/* success */ |
r = 0; |
r = 0; |
if (kp != NULL) { |
if (kp != NULL) { |
|
|
free(xmss_name); |
free(xmss_name); |
freezero(xmss_pk, pklen); |
freezero(xmss_pk, pklen); |
freezero(xmss_sk, sklen); |
freezero(xmss_sk, sklen); |
|
free(expect_sk_application); |
|
free(expect_ed25519_pk); |
return r; |
return r; |
} |
} |
|
|