tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-31 01:35:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream: Adapt XMSS to new logging infrastructure. With markus@, ok

Browse Source 
djm@.

OpenBSD-Commit-ID: 9c35ec3aa0f710e4e3325187ceff4fa3791686de
This commit is contained in:
dtucker@openbsd.org 2020-10-19 22:49:23 +00:00 committed by Darren Tucker
parent f7bd11e494
commit eab2888cfc
6 changed files with 27 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
authfd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.c,v 1.124 2020/06/26 05:03:36 djm Exp $ */ /* $OpenBSD: authfd.c,v 1.125 2020/10/19 22:49:23 dtucker Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -507,7 +507,7 @@ ssh_add_identity_constrained(int sock, struct sshkey *key,
SSH2_AGENTC_ADD_IDENTITY; SSH2_AGENTC_ADD_IDENTITY;
if ((r = sshbuf_put_u8(msg, type)) != 0 || if ((r = sshbuf_put_u8(msg, type)) != 0 ||
(r = sshkey_private_serialize_maxsign(key, msg, maxsign, (r = sshkey_private_serialize_maxsign(key, msg, maxsign,
NULL)) != 0 || 0)) != 0 ||
(r = sshbuf_put_cstring(msg, comment)) != 0) (r = sshbuf_put_cstring(msg, comment)) != 0)
goto out; goto out;
break; break;

6
ssh-xmss.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-xmss.c,v 1.3 2020/10/18 11:32:02 djm Exp $*/ /* $OpenBSD: ssh-xmss.c,v 1.4 2020/10/19 22:49:23 dtucker Exp $*/
/* /*
* Copyright (c) 2017 Stefan-Lukas Gazdag. * Copyright (c) 2017 Stefan-Lukas Gazdag.
* Copyright (c) 2017 Markus Friedl. * Copyright (c) 2017 Markus Friedl.
@ -62,7 +62,7 @@ ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
smlen = slen = datalen + required_siglen; smlen = slen = datalen + required_siglen;
if ((sig = malloc(slen)) == NULL) if ((sig = malloc(slen)) == NULL)
return SSH_ERR_ALLOC_FAIL; return SSH_ERR_ALLOC_FAIL;
if ((r = sshkey_xmss_get_state(key, error)) != 0) if ((r = sshkey_xmss_get_state(key, 1)) != 0)
goto out; goto out;
if ((ret = xmss_sign(key->xmss_sk, sshkey_xmss_bds_state(key), sig, &smlen, if ((ret = xmss_sign(key->xmss_sk, sshkey_xmss_bds_state(key), sig, &smlen,
data, datalen, sshkey_xmss_params(key))) != 0 || smlen <= datalen) { data, datalen, sshkey_xmss_params(key))) != 0 || smlen <= datalen) {
@ -90,7 +90,7 @@ ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
/* success */ /* success */
r = 0; r = 0;
out: out:
if ((ret = sshkey_xmss_update_state(key, error)) != 0) { if ((ret = sshkey_xmss_update_state(key, 1)) != 0) {
/* discard signature since we cannot update the state */ /* discard signature since we cannot update the state */
if (r == 0 && sigp != NULL && *sigp != NULL) { if (r == 0 && sigp != NULL && *sigp != NULL) {
explicit_bzero(*sigp, len); explicit_bzero(*sigp, len);

18
sshkey-xmss.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey-xmss.c,v 1.8 2019/11/13 07:53:10 markus Exp $ */ /* $OpenBSD: sshkey-xmss.c,v 1.9 2020/10/19 22:49:23 dtucker Exp $ */
/* /*
* Copyright (c) 2017 Markus Friedl. All rights reserved. * Copyright (c) 2017 Markus Friedl. All rights reserved.
* *
@ -45,6 +45,7 @@
#include "sshkey.h" #include "sshkey.h"
#include "sshkey-xmss.h" #include "sshkey-xmss.h"
#include "atomicio.h" #include "atomicio.h"
#include "log.h"
#include "xmss_fast.h" #include "xmss_fast.h"
@ -79,7 +80,7 @@ int sshkey_xmss_init_bds_state(struct sshkey *);
int sshkey_xmss_init_enc_key(struct sshkey *, const char *); int sshkey_xmss_init_enc_key(struct sshkey *, const char *);
void sshkey_xmss_free_bds(struct sshkey *); void sshkey_xmss_free_bds(struct sshkey *);
int sshkey_xmss_get_state_from_file(struct sshkey *, const char *, int sshkey_xmss_get_state_from_file(struct sshkey *, const char *,
int *, sshkey_printfn *); int *, int);
int sshkey_xmss_encrypt_state(const struct sshkey *, struct sshbuf *, int sshkey_xmss_encrypt_state(const struct sshkey *, struct sshbuf *,
struct sshbuf **); struct sshbuf **);
int sshkey_xmss_decrypt_state(const struct sshkey *, struct sshbuf *, int sshkey_xmss_decrypt_state(const struct sshkey *, struct sshbuf *,
@ -87,7 +88,8 @@ int sshkey_xmss_decrypt_state(const struct sshkey *, struct sshbuf *,
int sshkey_xmss_serialize_enc_key(const struct sshkey *, struct sshbuf *); int sshkey_xmss_serialize_enc_key(const struct sshkey *, struct sshbuf *);
int sshkey_xmss_deserialize_enc_key(struct sshkey *, struct sshbuf *); int sshkey_xmss_deserialize_enc_key(struct sshkey *, struct sshbuf *);
#define PRINT(s...) do { if (pr) pr(s); } while (0) #define PRINT(...) do { if (printerror) sshlog(__FILE__, __func__, __LINE__, \
0, SYSLOG_LEVEL_ERROR, __VA_ARGS__); } while (0)
int int
sshkey_xmss_init(struct sshkey *key, const char *name) sshkey_xmss_init(struct sshkey *key, const char *name)
@ -392,7 +394,7 @@ sshkey_xmss_generate_private_key(struct sshkey *k, u_int bits)
int int
sshkey_xmss_get_state_from_file(struct sshkey *k, const char *filename, sshkey_xmss_get_state_from_file(struct sshkey *k, const char *filename,
int *have_file, sshkey_printfn *pr) int *have_file, int printerror)
{ {
struct sshbuf *b = NULL, *enc = NULL; struct sshbuf *b = NULL, *enc = NULL;
int ret = SSH_ERR_SYSTEM_ERROR, r, fd = -1; int ret = SSH_ERR_SYSTEM_ERROR, r, fd = -1;
@ -440,7 +442,7 @@ done:
} }
int int
sshkey_xmss_get_state(const struct sshkey *k, sshkey_printfn *pr) sshkey_xmss_get_state(const struct sshkey *k, int printerror)
{ {
struct ssh_xmss_state *state = k->xmss_state; struct ssh_xmss_state *state = k->xmss_state;
u_int32_t idx = 0; u_int32_t idx = 0;
@ -493,9 +495,9 @@ sshkey_xmss_get_state(const struct sshkey *k, sshkey_printfn *pr)
} }
/* XXX no longer const */ /* XXX no longer const */
if ((r = sshkey_xmss_get_state_from_file((struct sshkey *)k, if ((r = sshkey_xmss_get_state_from_file((struct sshkey *)k,
statefile, &have_state, pr)) != 0) { statefile, &have_state, printerror)) != 0) {
if ((r = sshkey_xmss_get_state_from_file((struct sshkey *)k, if ((r = sshkey_xmss_get_state_from_file((struct sshkey *)k,
ostatefile, &have_ostate, pr)) == 0) { ostatefile, &have_ostate, printerror)) == 0) {
state->allow_update = 1; state->allow_update = 1;
r = sshkey_xmss_forward_state(k, 1); r = sshkey_xmss_forward_state(k, 1);
state->idx = PEEK_U32(k->xmss_sk); state->idx = PEEK_U32(k->xmss_sk);
@ -563,7 +565,7 @@ sshkey_xmss_forward_state(const struct sshkey *k, u_int32_t reserve)
} }
int int
sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) sshkey_xmss_update_state(const struct sshkey *k, int printerror)
{ {
struct ssh_xmss_state *state = k->xmss_state; struct ssh_xmss_state *state = k->xmss_state;
struct sshbuf *b = NULL, *enc = NULL; struct sshbuf *b = NULL, *enc = NULL;

6
sshkey-xmss.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey-xmss.h,v 1.1 2018/02/23 15:58:38 markus Exp $ */ /* $OpenBSD: sshkey-xmss.h,v 1.2 2020/10/19 22:49:23 dtucker Exp $ */
/* /*
* Copyright (c) 2017 Markus Friedl. All rights reserved. * Copyright (c) 2017 Markus Friedl. All rights reserved.
* *
@ -47,10 +47,10 @@ int sshkey_xmss_deserialize_pk_info(struct sshkey *, struct sshbuf *);
int sshkey_xmss_siglen(const struct sshkey *, size_t *); int sshkey_xmss_siglen(const struct sshkey *, size_t *);
void *sshkey_xmss_params(const struct sshkey *); void *sshkey_xmss_params(const struct sshkey *);
void *sshkey_xmss_bds_state(const struct sshkey *); void *sshkey_xmss_bds_state(const struct sshkey *);
int sshkey_xmss_get_state(const struct sshkey *, sshkey_printfn *); int sshkey_xmss_get_state(const struct sshkey *, int);
int sshkey_xmss_enable_maxsign(struct sshkey *, u_int32_t); int sshkey_xmss_enable_maxsign(struct sshkey *, u_int32_t);
int sshkey_xmss_forward_state(const struct sshkey *, u_int32_t); int sshkey_xmss_forward_state(const struct sshkey *, u_int32_t);
int sshkey_xmss_update_state(const struct sshkey *, sshkey_printfn *); int sshkey_xmss_update_state(const struct sshkey *, int);
u_int32_t sshkey_xmss_signatures_left(const struct sshkey *); u_int32_t sshkey_xmss_signatures_left(const struct sshkey *);
#endif /* SSHKEY_XMSS_H */ #endif /* SSHKEY_XMSS_H */

10
sshkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey.c,v 1.111 2020/08/27 01:06:19 djm Exp $ */ /* $OpenBSD: sshkey.c,v 1.112 2020/10/19 22:49:23 dtucker Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@ -4700,7 +4700,7 @@ sshkey_parse_pubkey_from_private_fileblob_type(struct sshbuf *blob, int type,
*/ */
int int
sshkey_private_serialize_maxsign(struct sshkey *k, struct sshbuf *b, sshkey_private_serialize_maxsign(struct sshkey *k, struct sshbuf *b,
u_int32_t maxsign, sshkey_printfn *pr) u_int32_t maxsign, int printerror)
{ {
int r, rupdate; int r, rupdate;
@ -4708,14 +4708,14 @@ sshkey_private_serialize_maxsign(struct sshkey *k, struct sshbuf *b,
sshkey_type_plain(k->type) != KEY_XMSS) sshkey_type_plain(k->type) != KEY_XMSS)
return sshkey_private_serialize_opt(k, b, return sshkey_private_serialize_opt(k, b,
SSHKEY_SERIALIZE_DEFAULT); SSHKEY_SERIALIZE_DEFAULT);
if ((r = sshkey_xmss_get_state(k, pr)) != 0 || if ((r = sshkey_xmss_get_state(k, printerror)) != 0 ||
(r = sshkey_private_serialize_opt(k, b, (r = sshkey_private_serialize_opt(k, b,
SSHKEY_SERIALIZE_STATE)) != 0 || SSHKEY_SERIALIZE_STATE)) != 0 ||
(r = sshkey_xmss_forward_state(k, maxsign)) != 0) (r = sshkey_xmss_forward_state(k, maxsign)) != 0)
goto out; goto out;
r = 0; r = 0;
out: out:
if ((rupdate = sshkey_xmss_update_state(k, pr)) != 0) { if ((rupdate = sshkey_xmss_update_state(k, printerror)) != 0) {
if (r == 0) if (r == 0)
r = rupdate; r = rupdate;
} }
@ -4754,7 +4754,7 @@ sshkey_set_filename(struct sshkey *k, const char *filename)
#else #else
int int
sshkey_private_serialize_maxsign(struct sshkey *k, struct sshbuf *b, sshkey_private_serialize_maxsign(struct sshkey *k, struct sshbuf *b,
u_int32_t maxsign, sshkey_printfn *pr) u_int32_t maxsign, int printerror)
{ {
return sshkey_private_serialize_opt(k, b, SSHKEY_SERIALIZE_DEFAULT); return sshkey_private_serialize_opt(k, b, SSHKEY_SERIALIZE_DEFAULT);
} }

13
sshkey.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey.h,v 1.46 2020/08/27 01:06:19 djm Exp $ */ /* $OpenBSD: sshkey.h,v 1.47 2020/10/19 22:49:23 dtucker Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -267,17 +267,12 @@ int sshkey_parse_pubkey_from_private_fileblob_type(struct sshbuf *blob,
int ssh_rsa_complete_crt_parameters(struct sshkey *, const BIGNUM *); int ssh_rsa_complete_crt_parameters(struct sshkey *, const BIGNUM *);
/* stateful keys (e.g. XMSS) */ /* stateful keys (e.g. XMSS) */
#ifdef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS
typedef void sshkey_printfn(const char *, ...);
#else
typedef void sshkey_printfn(const char *, ...) __attribute__((format(printf, 1, 2)));
#endif
int sshkey_set_filename(struct sshkey *, const char *); int sshkey_set_filename(struct sshkey *, const char *);
int sshkey_enable_maxsign(struct sshkey *, u_int32_t); int sshkey_enable_maxsign(struct sshkey *, u_int32_t);
u_int32_t sshkey_signatures_left(const struct sshkey *); u_int32_t sshkey_signatures_left(const struct sshkey *);
int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); int sshkey_forward_state(const struct sshkey *, u_int32_t, int);
int sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf, int sshkey_private_serialize_maxsign(struct sshkey *key,
u_int32_t maxsign, sshkey_printfn *pr); struct sshbuf *buf, u_int32_t maxsign, int);
void sshkey_sig_details_free(struct sshkey_sig_details *); void sshkey_sig_details_free(struct sshkey_sig_details *);