aboutsummaryrefslogtreecommitdiff
path: root/libssh/keys.c
diff options
context:
space:
mode:
authorAndreas Schneider <mail@cynapses.org>2009-04-18 08:50:40 +0000
committerAndreas Schneider <mail@cynapses.org>2009-04-18 08:50:40 +0000
commit57a6388b82d9656f50dc1a7e0585a196f7699ad0 (patch)
treee0a671bca667af03f6096941448745c3b15401bc /libssh/keys.c
parentb9e91ce95ad2f0d44d926b13cbc95c668ec73549 (diff)
downloadlibssh-57a6388b82d9656f50dc1a7e0585a196f7699ad0.tar.gz
libssh-57a6388b82d9656f50dc1a7e0585a196f7699ad0.tar.xz
libssh-57a6388b82d9656f50dc1a7e0585a196f7699ad0.zip
Add more error checks to ssh_encrypt_rsa1().
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@535 7dcaeef0-15fb-0310-b436-a5af3365683c
Diffstat (limited to 'libssh/keys.c')
-rw-r--r--libssh/keys.c82
1 files changed, 56 insertions, 26 deletions
diff --git a/libssh/keys.c b/libssh/keys.c
index 6f544f42..173676f5 100644
--- a/libssh/keys.c
+++ b/libssh/keys.c
@@ -1066,38 +1066,68 @@ STRING *ssh_do_sign(SSH_SESSION *session, BUFFER *sigbuf,
return signature;
}
-STRING *ssh_encrypt_rsa1(SSH_SESSION *session, STRING *data, PUBLIC_KEY *key){
- int len=string_len(data);
+STRING *ssh_encrypt_rsa1(SSH_SESSION *session, STRING *data, PUBLIC_KEY *key) {
+ STRING *str = NULL;
+ size_t len = string_len(data);
+ int size = 0;
#ifdef HAVE_LIBGCRYPT
- STRING *ret;
- gcry_sexp_t ret_sexp;
- gcry_sexp_t data_sexp;
- const char *tmp;
- size_t size;
- gcry_sexp_build(&data_sexp,NULL,"(data(flags pkcs1)(value %b))",len,data->string);
- gcry_pk_encrypt(&ret_sexp,data_sexp,key->rsa_pub);
+ const char *tmp = NULL;
+ gcry_sexp_t ret_sexp;
+ gcry_sexp_t data_sexp;
+
+ if (gcry_sexp_build(&data_sexp, NULL, "(data(flags pkcs1)(value %b))",
+ len, data->string)) {
+ ssh_set_error(session, SSH_FATAL, "RSA1 encrypt: libgcrypt error");
+ return NULL;
+ }
+ if (gcry_pk_encrypt(&ret_sexp, data_sexp, key->rsa_pub)) {
gcry_sexp_release(data_sexp);
- data_sexp=gcry_sexp_find_token(ret_sexp,"a",0);
- tmp=gcry_sexp_nth_data(data_sexp,1,&size);
- if (*tmp == 0)
- {
- size--;
- tmp++;
- }
- ret=string_new(size);
- string_fill(ret,(char *)tmp,size);
+ ssh_set_error(session, SSH_FATAL, "RSA1 encrypt: libgcrypt error");
+ return NULL;
+ }
+
+ gcry_sexp_release(data_sexp);
+
+ data_sexp = gcry_sexp_find_token(ret_sexp, "a", 0);
+ if (data_sexp == NULL) {
+ ssh_set_error(session, SSH_FATAL, "RSA1 encrypt: libgcrypt error");
gcry_sexp_release(ret_sexp);
+ return NULL;
+ }
+ tmp = gcry_sexp_nth_data(data_sexp, 1, &size);
+ if (*tmp == 0) {
+ size--;
+ tmp++;
+ }
+
+ str = string_new(size);
+ if (str == NULL) {
+ ssh_set_error(session, SSH_FATAL, "Not enough space");
+ gcry_sexp_release(data_sexp);
+ gcry_sexp_release(ret_sexp);
+ return NULL;
+ }
+ string_fill(str, tmp, size);
+
+ gcry_sexp_release(data_sexp);
+ gcry_sexp_release(ret_sexp);
#elif defined HAVE_LIBCRYPTO
- int flen=RSA_size(key->rsa_pub);
- STRING *ret=string_new(flen);
- RSA_public_encrypt(len,data->string,ret->string,key->rsa_pub,
- RSA_PKCS1_PADDING);
-#endif
+ size = RSA_size(key->rsa_pub);
- /* unused member variable */
- (void) session;
+ str = string_new(size);
+ if (str == NULL) {
+ ssh_set_error(session, SSH_FATAL, "Not enough space");
+ return NULL;
+ }
+
+ if (RSA_public_encrypt(len, data->string, str->string, key->rsa_pub,
+ RSA_PKCS1_PADDING) < 0) {
+ string_free(str);
+ return NULL;
+ }
+#endif
- return ret;
+ return str;
}