i += 4;
/* Now the serious stuff. An ordinary SSH 1 public key. */
- i += makekey(buf + i, key, NULL, 1);
- if (len - i < 0)
+ i += makekey(buf + i, len, key, NULL, 1);
+ if (i < 0)
goto end; /* overran */
if (pub_only) {
* decryption exponent, and then the three auxiliary values
* (iqmp, q, p).
*/
- i += makeprivate(buf + i, key);
- if (len - i < 0)
- goto end;
- i += ssh1_read_bignum(buf + i, &key->iqmp);
- if (len - i < 0)
- goto end;
- i += ssh1_read_bignum(buf + i, &key->q);
- if (len - i < 0)
- goto end;
- i += ssh1_read_bignum(buf + i, &key->p);
- if (len - i < 0)
- goto end;
+ j = makeprivate(buf + i, len - i, key);
+ if (j < 0) goto end;
+ i += j;
+ j = ssh1_read_bignum(buf + i, len - i, &key->iqmp);
+ if (j < 0) goto end;
+ i += j;
+ j = ssh1_read_bignum(buf + i, len - i, &key->q);
+ if (j < 0) goto end;
+ i += j;
+ j = ssh1_read_bignum(buf + i, len - i, &key->p);
+ if (j < 0) goto end;
+ i += j;
if (!rsa_verify(key)) {
*error = "rsa_verify failed";
fp = f_open(*filename, "wb");
if (fp) {
int ret = (fwrite(buf, 1, p - buf, fp) == (size_t) (p - buf));
- ret = ret && (fclose(fp) == 0);
+ if (fclose(fp))
+ ret = 0;
return ret;
} else
return 0;
* with "PuTTY-User-Key-File-1" (version number differs). In this
* format the Private-MAC: field only covers the private-plaintext
* field and nothing else (and without the 4-byte string length on
- * the front too). Moreover, for RSA keys the Private-MAC: field
- * can be replaced with a Private-Hash: field which is a plain
- * SHA-1 hash instead of an HMAC. This is not allowable in DSA
- * keys. (Yes, the old format was a mess. Guess why it changed :-)
+ * the front too). Moreover, the Private-MAC: field can be replaced
+ * with a Private-Hash: field which is a plain SHA-1 hash instead of
+ * an HMAC (this was generated for unencrypted keys).
*/
static int read_header(FILE * fp, char *header)
if ((mac = read_body(fp)) == NULL)
goto error;
is_mac = 1;
- } else if (0 == strcmp(header, "Private-Hash") &&
- alg == &ssh_rsa && old_fmt) {
+ } else if (0 == strcmp(header, "Private-Hash") && old_fmt) {
if ((mac = read_body(fp)) == NULL)
goto error;
is_mac = 0;
/* An incorrect MAC is an unconditional Error if the key is
* unencrypted. Otherwise, it means Wrong Passphrase. */
if (cipher) {
+ error = "wrong passphrase";
ret = SSH2_WRONG_PASSPHRASE;
} else {
error = "MAC failed";