- [email protected] 2001/12/27 18:22:16

[auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c] call fatal() for openssl allocation failures
ueno · Jan 22, 2002 · da75516 · da75516
1 parent 154dda7
commit da75516
Show file tree

Hide file tree

Showing 14 changed files with 146 additions and 143 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -35,6 +35,10 @@
    - [email protected] 2001/12/27 18:10:29
      [ssh-keygen.c]
      -t is only needed for key generation (unbreaks -i, -e, etc).
+   - [email protected] 2001/12/27 18:22:16
+     [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c]
+     [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
+     call fatal() for openssl allocation failures
 
 20020121
  - (djm) Rework ssh-rand-helper:
@@ -7182,4 +7186,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1732 2002/01/22 12:08:16 djm Exp $
+$Id: ChangeLog,v 1.1733 2002/01/22 12:09:22 djm Exp $
diff --git a/auth-rsa.c b/auth-rsa.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.46 2001/12/18 10:06:24 jakob Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.47 2001/12/27 18:22:16 markus Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -68,12 +68,15 @@ auth_rsa_challenge_dialog(RSA *pk)
 	u_int i;
 	int plen, len;
 
-	encrypted_challenge = BN_new();
-	challenge = BN_new();
+	if ((encrypted_challenge = BN_new()) == NULL)
+		fatal("auth_rsa_challenge_dialog: BN_new() failed");
+	if ((challenge = BN_new()) == NULL)
+		fatal("auth_rsa_challenge_dialog: BN_new() failed");
 
 	/* Generate a random challenge. */
 	BN_rand(challenge, 256, 0, 0);
-	ctx = BN_CTX_new();
+	if ((ctx = BN_CTX_new()) == NULL)
+		fatal("auth_rsa_challenge_dialog: BN_CTX_new() failed");
 	BN_mod(challenge, challenge, pk->n, ctx);
 	BN_CTX_free(ctx);
 

diff --git a/auth1.c b/auth1.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.28 2001/12/25 18:53:00 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.29 2001/12/27 18:22:16 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -66,7 +66,7 @@ do_authloop(Authctxt *authctxt)
 {
 	int authenticated = 0;
 	u_int bits;
-	RSA *client_host_key;
+	Key *client_host_key;
 	BIGNUM *n;
 	char *client_user, *password;
 	char info[1024];
@@ -202,24 +202,20 @@ do_authloop(Authctxt *authctxt)
 			client_user = packet_get_string(&ulen);
 
 			/* Get the client host key. */
-			client_host_key = RSA_new();
-			if (client_host_key == NULL)
-				fatal("RSA_new failed");
-			client_host_key->e = BN_new();
-			client_host_key->n = BN_new();
-			if (client_host_key->e == NULL || client_host_key->n == NULL)
-				fatal("BN_new failed");
+			client_host_key = key_new(KEY_RSA1);
 			bits = packet_get_int();
-			packet_get_bignum(client_host_key->e, &elen);
-			packet_get_bignum(client_host_key->n, &nlen);
+			packet_get_bignum(client_host_key->rsa->e, &elen);
+			packet_get_bignum(client_host_key->rsa->n, &nlen);
 
-			if (bits != BN_num_bits(client_host_key->n))
+			if (bits != BN_num_bits(client_host_key->rsa->n))
 				verbose("Warning: keysize mismatch for client_host_key: "
-				    "actual %d, announced %d", BN_num_bits(client_host_key->n), bits);
+				    "actual %d, announced %d",
+				     BN_num_bits(client_host_key->rsa->n), bits);
 			packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type);
 
-			authenticated = auth_rhosts_rsa(pw, client_user, client_host_key);
-			RSA_free(client_host_key);
+			authenticated = auth_rhosts_rsa(pw, client_user,
+			    client_host_key->rsa);
+			key_free(client_host_key);
 
 			snprintf(info, sizeof info, " ruser %.100s", client_user);
 			break;
@@ -230,9 +226,8 @@ do_authloop(Authctxt *authctxt)
 				break;
 			}
 			/* RSA authentication requested. */
-			n = BN_new();
-			if (n == NULL)
-				fatal("BN_new failed");
+			if ((n = BN_new()) == NULL)
+				fatal("do_authloop: BN_new failed");
 			packet_get_bignum(n, &nlen);
 			packet_integrity_check(plen, nlen, type);
 			authenticated = auth_rsa(pw, n);

diff --git a/authfile.c b/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.42 2001/12/19 17:16:13 stevesk Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.43 2001/12/27 18:22:16 markus Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -316,8 +316,6 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
 	char *cp;
 	CipherContext ciphercontext;
 	Cipher *cipher;
-	BN_CTX *ctx;
-	BIGNUM *aux;
 	Key *prv = NULL;
 
 	len = lseek(fd, (off_t) 0, SEEK_END);
@@ -406,17 +404,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
 	buffer_get_bignum(&decrypted, prv->rsa->p);		/* q */
 
 	/* calculate p-1 and q-1 */
-	ctx = BN_CTX_new();
-	aux = BN_new();
-
-	BN_sub(aux, prv->rsa->q, BN_value_one());
-	BN_mod(prv->rsa->dmq1, prv->rsa->d, aux, ctx);
-
-	BN_sub(aux, prv->rsa->p, BN_value_one());
-	BN_mod(prv->rsa->dmp1, prv->rsa->d, aux, ctx);
-
-	BN_clear_free(aux);
-	BN_CTX_free(ctx);
+	rsa_generate_additional_parameters(prv->rsa);
 
 	buffer_free(&decrypted);
 	close(fd);

diff --git a/dh.c b/dh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.17 2001/06/23 15:12:18 itojun Exp $");
+RCSID("$OpenBSD: dh.c,v 1.18 2001/12/27 18:22:16 markus Exp $");
 
 #include "xmalloc.h"
 
@@ -78,8 +78,10 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 	if (cp != NULL || *prime == '\0')
 		goto fail;
 
-	dhg->g = BN_new();
-	dhg->p = BN_new();
+	if ((dhg->g = BN_new()) == NULL)
+		fatal("parse_prime: BN_new failed");
+	if ((dhg->p = BN_new()) == NULL)
+		fatal("parse_prime: BN_new failed");
 	if (BN_hex2bn(&dhg->g, gen) == 0)
 		goto failclean;
 
@@ -202,8 +204,7 @@ dh_gen_key(DH *dh, int need)
 	do {
 		if (dh->priv_key != NULL)
 			BN_free(dh->priv_key);
-		dh->priv_key = BN_new();
-		if (dh->priv_key == NULL)
+		if ((dh->priv_key = BN_new()) == NULL)
 			fatal("dh_gen_key: BN_new failed");
 		/* generate a 2*need bits random private exponent */
 		if (!BN_rand(dh->priv_key, 2*need, 0, 0))
@@ -225,9 +226,8 @@ dh_new_group_asc(const char *gen, const char *modulus)
 {
 	DH *dh;
 
-	dh = DH_new();
-	if (dh == NULL)
-		fatal("DH_new");
+	if ((dh = DH_new()) == NULL)
+		fatal("dh_new_group_asc: DH_new");
 
 	if (BN_hex2bn(&dh->p, modulus) == 0)
 		fatal("BN_hex2bn p");
@@ -247,9 +247,8 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus)
 {
 	DH *dh;
 
-	dh = DH_new();
-	if (dh == NULL)
-		fatal("DH_new");
+	if ((dh = DH_new()) == NULL)
+		fatal("dh_new_group: DH_new");
 	dh->p = modulus;
 	dh->g = gen;
 

diff --git a/kexdh.c b/kexdh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.7 2001/09/17 19:27:15 stevesk Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.8 2001/12/27 18:22:16 markus Exp $");
 
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
@@ -129,8 +129,7 @@ kexdh_client(Kex *kex)
 		fatal("server_host_key verification failed");
 
 	/* DH paramter f, server public DH key */
-	dh_server_pub = BN_new();
-	if (dh_server_pub == NULL)
+	if ((dh_server_pub = BN_new()) == NULL)
 		fatal("dh_server_pub == NULL");
 	packet_get_bignum2(dh_server_pub, &dlen);
 
@@ -154,7 +153,8 @@ kexdh_client(Kex *kex)
 #ifdef DEBUG_KEXDH
 	dump_digest("shared secret", kbuf, kout);
 #endif
-	shared_secret = BN_new();
+	if ((shared_secret = BN_new()) == NULL)
+		fatal("kexdh_client: BN_new failed");
 	BN_bin2bn(kbuf, kout, shared_secret);
 	memset(kbuf, 0, klen);
 	xfree(kbuf);
@@ -217,8 +217,7 @@ kexdh_server(Kex *kex)
 		fatal("Unsupported hostkey type %d", kex->hostkey_type);
 
 	/* key, cert */
-	dh_client_pub = BN_new();
-	if (dh_client_pub == NULL)
+	if ((dh_client_pub = BN_new()) == NULL)
 		fatal("dh_client_pub == NULL");
 	packet_get_bignum2(dh_client_pub, &dlen);
 
@@ -244,7 +243,8 @@ kexdh_server(Kex *kex)
 #ifdef DEBUG_KEXDH
 	dump_digest("shared secret", kbuf, kout);
 #endif
-	shared_secret = BN_new();
+	if ((shared_secret = BN_new()) == NULL)
+		fatal("kexdh_server: BN_new failed");
 	BN_bin2bn(kbuf, kout, shared_secret);
 	memset(kbuf, 0, klen);
 	xfree(kbuf);

diff --git a/kexgex.c b/kexgex.c
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.10 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.11 2001/12/27 18:22:16 markus Exp $");
 
 #include <openssl/bn.h>
 
@@ -183,8 +183,7 @@ kexgex_client(Kex *kex)
 		fatal("server_host_key verification failed");
 
 	/* DH paramter f, server public DH key */
-	dh_server_pub = BN_new();
-	if (dh_server_pub == NULL)
+	if ((dh_server_pub = BN_new()) == NULL)
 		fatal("dh_server_pub == NULL");
 	packet_get_bignum2(dh_server_pub, &dlen);
 
@@ -208,7 +207,8 @@ kexgex_client(Kex *kex)
 #ifdef DEBUG_KEXDH
 	dump_digest("shared secret", kbuf, kout);
 #endif
-	shared_secret = BN_new();
+	if ((shared_secret = BN_new()) == NULL)
+		fatal("kexgex_client: BN_new failed");
 	BN_bin2bn(kbuf, kout, shared_secret);
 	memset(kbuf, 0, klen);
 	xfree(kbuf);
@@ -315,8 +315,7 @@ kexgex_server(Kex *kex)
 	packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_INIT);
 
 	/* key, cert */
-	dh_client_pub = BN_new();
-	if (dh_client_pub == NULL)
+	if ((dh_client_pub = BN_new()) == NULL)
 		fatal("dh_client_pub == NULL");
 	packet_get_bignum2(dh_client_pub, &dlen);
 
@@ -342,7 +341,8 @@ kexgex_server(Kex *kex)
 #ifdef DEBUG_KEXDH
 	dump_digest("shared secret", kbuf, kout);
 #endif
-	shared_secret = BN_new();
+	if ((shared_secret = BN_new()) == NULL)
+		fatal("kexgex_server: BN_new failed");
 	BN_bin2bn(kbuf, kout, shared_secret);
 	memset(kbuf, 0, klen);
 	xfree(kbuf);

diff --git a/key.c b/key.c
@@ -32,7 +32,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.37 2001/12/25 18:49:56 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.38 2001/12/27 18:22:16 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -60,22 +60,25 @@ key_new(int type)
 	switch (k->type) {
 	case KEY_RSA1:
 	case KEY_RSA:
-		rsa = RSA_new();
-		rsa->n = BN_new();
-		rsa->e = BN_new();
-		if (rsa == NULL || rsa->n == NULL || rsa->e == NULL)
-			fatal("key_new: malloc failure");
+		if ((rsa = RSA_new()) == NULL)
+			fatal("key_new: RSA_new failed");
+		if ((rsa->n = BN_new()) == NULL)
+			fatal("key_new: BN_new failed");
+		if ((rsa->e = BN_new()) == NULL)
+			fatal("key_new: BN_new failed");
 		k->rsa = rsa;
 		break;
 	case KEY_DSA:
-		dsa = DSA_new();
-		dsa->p = BN_new();
-		dsa->q = BN_new();
-		dsa->g = BN_new();
-		dsa->pub_key = BN_new();
-		if (dsa == NULL || dsa->p == NULL || dsa->q == NULL ||
-		    dsa->g == NULL || dsa->pub_key == NULL)
-			fatal("key_new: malloc failure");
+		if ((dsa = DSA_new()) == NULL)
+			fatal("key_new: DSA_new failed");
+		if ((dsa->p = BN_new()) == NULL)
+			fatal("key_new: BN_new failed");
+		if ((dsa->q = BN_new()) == NULL)
+			fatal("key_new: BN_new failed");
+		if ((dsa->g = BN_new()) == NULL)
+			fatal("key_new: BN_new failed");
+		if ((dsa->pub_key = BN_new()) == NULL)
+			fatal("key_new: BN_new failed");
 		k->dsa = dsa;
 		break;
 	case KEY_UNSPEC:
@@ -93,15 +96,22 @@ key_new_private(int type)
 	switch (k->type) {
 	case KEY_RSA1:
 	case KEY_RSA:
-		k->rsa->d = BN_new();
-		k->rsa->iqmp = BN_new();
-		k->rsa->q = BN_new();
-		k->rsa->p = BN_new();
-		k->rsa->dmq1 = BN_new();
-		k->rsa->dmp1 = BN_new();
+		if ((k->rsa->d = BN_new()) == NULL)
+			fatal("key_new_private: BN_new failed");
+		if ((k->rsa->iqmp = BN_new()) == NULL)
+			fatal("key_new_private: BN_new failed");
+		if ((k->rsa->q = BN_new()) == NULL)
+			fatal("key_new_private: BN_new failed");
+		if ((k->rsa->p = BN_new()) == NULL)
+			fatal("key_new_private: BN_new failed");
+		if ((k->rsa->dmq1 = BN_new()) == NULL)
+			fatal("key_new_private: BN_new failed");
+		if ((k->rsa->dmp1 = BN_new()) == NULL)
+			fatal("key_new_private: BN_new failed");
 		break;
 	case KEY_DSA:
-		k->dsa->priv_key = BN_new();
+		if ((k->dsa->priv_key = BN_new()) == NULL)
+			fatal("key_new_private: BN_new failed");
 		break;
 	case KEY_UNSPEC:
 		break;