Pass private-key to OpenSSL as a filename with BIO_new_file().

This keeps all FILE* handling on the OpenSSL side of the DLL boundary avoiding crashes on Windows while removing the need for libssh2 to read the private key file into memory.  This is now done by OpenSSL which is likely to do a better job of it.
This commit is contained in:
Alexander Lamaison
2009-09-02 14:59:40 +01:00
parent 00fac145ba
commit 0d6aaa1f56
5 changed files with 35 additions and 75 deletions

View File

@@ -114,7 +114,6 @@ hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION * session,
void **abstract) void **abstract)
{ {
libssh2_rsa_ctx *rsactx; libssh2_rsa_ctx *rsactx;
FILE *fp;
int ret; int ret;
if (*abstract) { if (*abstract) {
@@ -122,13 +121,7 @@ hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION * session,
*abstract = NULL; *abstract = NULL;
} }
fp = fopen(privkeyfile, "r"); ret = _libssh2_rsa_new_private(&rsactx, session, privkeyfile, passphrase);
if (!fp) {
return -1;
}
ret = _libssh2_rsa_new_private(&rsactx, session, fp, passphrase);
fclose(fp);
if (ret) { if (ret) {
return -1; return -1;
} }
@@ -296,7 +289,6 @@ hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION * session,
void **abstract) void **abstract)
{ {
libssh2_dsa_ctx *dsactx; libssh2_dsa_ctx *dsactx;
FILE *fp;
int ret; int ret;
if (*abstract) { if (*abstract) {
@@ -304,13 +296,7 @@ hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION * session,
*abstract = NULL; *abstract = NULL;
} }
fp = fopen(privkeyfile, "r"); ret = _libssh2_dsa_new_private(&dsactx, session, privkeyfile, passphrase);
if (!fp) {
return -1;
}
ret = _libssh2_dsa_new_private(&dsactx, session, fp, passphrase);
fclose(fp);
if (ret) { if (ret) {
return -1; return -1;
} }

View File

@@ -149,8 +149,9 @@ _libssh2_dsa_new(libssh2_dsa_ctx ** dsactx,
int int
_libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa, _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
FILE * fp, unsigned const char *passphrase) const char *filename, unsigned const char *passphrase)
{ {
FILE *fp;
unsigned char *data, *save_data; unsigned char *data, *save_data;
unsigned int datalen; unsigned int datalen;
int ret; int ret;
@@ -159,10 +160,16 @@ _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
(void) passphrase; (void) passphrase;
fp = fopen(filename, "r");
if (!fp) {
return -1;
}
ret = _libssh2_pem_parse(session, ret = _libssh2_pem_parse(session,
"-----BEGIN RSA PRIVATE KEY-----", "-----BEGIN RSA PRIVATE KEY-----",
"-----END RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----",
fp, &data, &datalen); fp, &data, &datalen);
fclose(fp)
if (ret) { if (ret) {
return -1; return -1;
} }
@@ -244,8 +251,9 @@ _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
int int
_libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa, _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
FILE * fp, unsigned const char *passphrase) const char *filename, unsigned const char *passphrase)
{ {
FILE *fp;
unsigned char *data, *save_data; unsigned char *data, *save_data;
unsigned int datalen; unsigned int datalen;
int ret; int ret;
@@ -254,10 +262,16 @@ _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
(void) passphrase; (void) passphrase;
fp = fopen(filename);
if (!fp) {
return -1;
}
ret = _libssh2_pem_parse(session, ret = _libssh2_pem_parse(session,
"-----BEGIN DSA PRIVATE KEY-----", "-----BEGIN DSA PRIVATE KEY-----",
"-----END DSA PRIVATE KEY-----", "-----END DSA PRIVATE KEY-----",
fp, &data, &datalen); fp, &data, &datalen);
fclose(fp);
if (ret) { if (ret) {
return -1; return -1;
} }

View File

@@ -112,7 +112,8 @@ int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
const unsigned char *coeffdata, unsigned long coefflen); const unsigned char *coeffdata, unsigned long coefflen);
int _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa, int _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
FILE * fp, unsigned const char *passphrase); const char *filename,
unsigned const char *passphrase);
int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsa, int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsa,
const unsigned char *sig, const unsigned char *sig,
unsigned long sig_len, unsigned long sig_len,
@@ -140,7 +141,8 @@ int _libssh2_dsa_new(libssh2_dsa_ctx ** dsa,
const unsigned char *x, unsigned long x_len); const unsigned char *x, unsigned long x_len);
int _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa, int _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
FILE * fp, unsigned const char *passphrase); const char *filename,
unsigned const char *passphrase);
int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsa, int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsa,
const unsigned char *sig, const unsigned char *sig,
const unsigned char *m, unsigned long m_len); const unsigned char *m, unsigned long m_len);

View File

@@ -43,9 +43,6 @@
#define EVP_MAX_BLOCK_LENGTH 32 #define EVP_MAX_BLOCK_LENGTH 32
#endif #endif
/* Ridiculously large key-file size cap (512KB) */
#define MAX_KEY_FILE_LENGTH 524288
int int
_libssh2_rsa_new(libssh2_rsa_ctx ** rsa, _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
const unsigned char *edata, const unsigned char *edata,
@@ -215,61 +212,21 @@ passphrase_cb(char *buf, int size, int rwflag, char *passphrase)
return passphrase_len; return passphrase_len;
} }
static int
read_file_into_string(char ** key, LIBSSH2_SESSION * session, FILE * fp)
{
long size;
size_t read;
*key = NULL;
fseek(fp, 0, SEEK_END);
size = ftell(fp);
if (size < 0) {
return -1;
}
fseek(fp, 0, SEEK_SET);
size *= sizeof(char);
if (size > MAX_KEY_FILE_LENGTH) {
return -1;
}
*key = LIBSSH2_ALLOC(session, size + 1);
if (!*key) {
return -1;
}
read = fread(*key, 1, size, fp);
if (read != (size_t) size) {
LIBSSH2_FREE(session, *key);
return -1;
}
(*key)[size] = '\0';
return 0;
}
typedef void * (*pem_read_bio_func)(BIO *, void **, pem_password_cb *, typedef void * (*pem_read_bio_func)(BIO *, void **, pem_password_cb *,
void * u); void * u);
static int static int
read_private_key_from_file(void ** key_ctx, LIBSSH2_SESSION * session, read_private_key_from_file(void ** key_ctx, LIBSSH2_SESSION * session,
pem_read_bio_func read_private_key, pem_read_bio_func read_private_key,
FILE * fp, unsigned const char *passphrase) const char * filename,
unsigned const char *passphrase)
{ {
char * key;
BIO * bp; BIO * bp;
*key_ctx = NULL; *key_ctx = NULL;
if(read_file_into_string(&key, session, fp)) { bp = BIO_new_file(filename, "r");
return -1;
}
bp = BIO_new_mem_buf(key, -1);
if (!bp) { if (!bp) {
LIBSSH2_FREE(session, key);
return -1; return -1;
} }
@@ -277,14 +234,13 @@ read_private_key_from_file(void ** key_ctx, LIBSSH2_SESSION * session,
(void *) passphrase); (void *) passphrase);
BIO_free(bp); BIO_free(bp);
LIBSSH2_FREE(session, key);
return (*key_ctx) ? 0 : -1; return (*key_ctx) ? 0 : -1;
} }
int int
_libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa, _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
FILE * fp, unsigned const char *passphrase) const char *filename, unsigned const char *passphrase)
{ {
pem_read_bio_func read_rsa = pem_read_bio_func read_rsa =
(pem_read_bio_func) &PEM_read_bio_RSAPrivateKey; (pem_read_bio_func) &PEM_read_bio_RSAPrivateKey;
@@ -297,14 +253,14 @@ _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
OpenSSL_add_all_ciphers(); OpenSSL_add_all_ciphers();
} }
return read_private_key_from_file((void **) rsa, session, read_rsa, fp, return read_private_key_from_file((void **) rsa, session, read_rsa,
passphrase); filename, passphrase);
} }
int int
_libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa, _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
FILE * fp, unsigned const char *passphrase) const char *filename, unsigned const char *passphrase)
{ {
pem_read_bio_func read_dsa = pem_read_bio_func read_dsa =
(pem_read_bio_func) &PEM_read_bio_DSAPrivateKey; (pem_read_bio_func) &PEM_read_bio_DSAPrivateKey;
@@ -317,8 +273,8 @@ _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
OpenSSL_add_all_ciphers(); OpenSSL_add_all_ciphers();
} }
return read_private_key_from_file((void **) dsa, session, read_dsa, fp, return read_private_key_from_file((void **) dsa, session, read_dsa,
passphrase); filename, passphrase);
} }
int int

View File

@@ -148,7 +148,8 @@ int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
const unsigned char *coeffdata, unsigned long coefflen); const unsigned char *coeffdata, unsigned long coefflen);
int _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa, int _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
FILE * fp, unsigned const char *passphrase); const char *filename,
unsigned const char *passphrase);
int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsa, int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsa,
const unsigned char *sig, const unsigned char *sig,
unsigned long sig_len, unsigned long sig_len,
@@ -176,7 +177,8 @@ int _libssh2_dsa_new(libssh2_dsa_ctx ** dsa,
const unsigned char *x, unsigned long x_len); const unsigned char *x, unsigned long x_len);
int _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa, int _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
LIBSSH2_SESSION * session, LIBSSH2_SESSION * session,
FILE * fp, unsigned const char *passphrase); const char *filename,
unsigned const char *passphrase);
int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx, int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,
const unsigned char *sig, const unsigned char *sig,
const unsigned char *m, unsigned long m_len); const unsigned char *m, unsigned long m_len);