i += 4;
/* Now the serious stuff. An ordinary SSH 1 public key. */
- i += makekey(buf + i, key, NULL, 1);
- if (len - i < 0)
+ i += makekey(buf + i, len, key, NULL, 1);
+ if (i < 0)
goto end; /* overran */
if (pub_only) {
* decryption exponent, and then the three auxiliary values
* (iqmp, q, p).
*/
- i += makeprivate(buf + i, key);
- if (len - i < 0)
- goto end;
- i += ssh1_read_bignum(buf + i, &key->iqmp);
- if (len - i < 0)
- goto end;
- i += ssh1_read_bignum(buf + i, &key->q);
- if (len - i < 0)
- goto end;
- i += ssh1_read_bignum(buf + i, &key->p);
- if (len - i < 0)
- goto end;
+ j = makeprivate(buf + i, len - i, key);
+ if (j < 0) goto end;
+ i += j;
+ j = ssh1_read_bignum(buf + i, len - i, &key->iqmp);
+ if (j < 0) goto end;
+ i += j;
+ j = ssh1_read_bignum(buf + i, len - i, &key->q);
+ if (j < 0) goto end;
+ i += j;
+ j = ssh1_read_bignum(buf + i, len - i, &key->p);
+ if (j < 0) goto end;
+ i += j;
if (!rsa_verify(key)) {
*error = "rsa_verify failed";
* This routine will take care of calling fclose() for us.
*/
ret = loadrsakey_main(fp, key, FALSE, NULL, passphrase, &error);
+ fp = NULL;
goto end;
}
error = "not an SSH-1 RSA file";
end:
- fclose(fp);
+ if (fp)
+ fclose(fp);
if ((ret != 1) && errorstr)
*errorstr = error;
return ret;
*blob = rsa_public_blob(&key, bloblen);
freersakey(&key);
ret = 1;
+ fp = NULL;
}
} else {
error = "not an SSH-1 RSA file";
fp = f_open(*filename, "wb");
if (fp) {
int ret = (fwrite(buf, 1, p - buf, fp) == (size_t) (p - buf));
- ret = ret && (fclose(fp) == 0);
+ if (fclose(fp))
+ ret = 0;
return ret;
} else
return 0;
NULL, NULL, NULL
};
+const struct ssh_signkey *find_pubkey_alg(const char *name)
+{
+ if (!strcmp(name, "ssh-rsa"))
+ return &ssh_rsa;
+ else if (!strcmp(name, "ssh-dss"))
+ return &ssh_dss;
+ else
+ return NULL;
+}
+
struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
char *passphrase, const char **errorstr)
{
if ((b = read_body(fp)) == NULL)
goto error;
/* Select key algorithm structure. */
- if (!strcmp(b, "ssh-rsa"))
- alg = &ssh_rsa;
- else if (!strcmp(b, "ssh-dss"))
- alg = &ssh_dss;
- else {
+ alg = find_pubkey_alg(b);
+ if (!alg) {
sfree(b);
goto error;
}
/* An incorrect MAC is an unconditional Error if the key is
* unencrypted. Otherwise, it means Wrong Passphrase. */
if (cipher) {
+ error = "wrong passphrase";
ret = SSH2_WRONG_PASSPHRASE;
} else {
error = "MAC failed";
if ((b = read_body(fp)) == NULL)
goto error;
/* Select key algorithm structure. Currently only ssh-rsa. */
- if (!strcmp(b, "ssh-rsa"))
- alg = &ssh_rsa;
- else if (!strcmp(b, "ssh-dss"))
- alg = &ssh_dss;
- else {
+ alg = find_pubkey_alg(b);
+ if (!alg) {
sfree(b);
goto error;
}