自学教程：C++ sshkey_free函数代码示例

static voidpublic_fuzz(struct sshkey *k){	struct sshkey *k1;	struct sshbuf *buf;	struct fuzz *fuzz;	ASSERT_PTR_NE(buf = sshbuf_new(), NULL);	ASSERT_INT_EQ(sshkey_to_blob_buf(k, buf), 0);	/* XXX need a way to run the tests in "slow, but complete" mode */	fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* XXX too slow FUZZ_2_BIT_FLIP | */	    FUZZ_1_BYTE_FLIP | /* XXX too slow FUZZ_2_BYTE_FLIP | */	    FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END,	    sshbuf_mutable_ptr(buf), sshbuf_len(buf));	ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(buf), sshbuf_len(buf),	    &k1), 0);	sshkey_free(k1);	sshbuf_free(buf);	TEST_ONERROR(onerror, fuzz);	for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {		if (sshkey_from_blob(fuzz_ptr(fuzz), fuzz_len(fuzz), &k1) == 0)			sshkey_free(k1);	}	fuzz_cleanup(fuzz);}

intsshkey_parse_private(struct sshbuf *buffer, const char *passphrase,    const char *filename, struct sshkey **keyp, char **commentp){	struct sshkey *key;	int r;	*keyp = NULL;	if (commentp != NULL)		*commentp = NULL;	/* it's a SSH v1 key if the public key part is readable */	if ((r = sshkey_parse_public_rsa1(buffer, &key, NULL)) == 0) {		sshkey_free(key);		return sshkey_parse_private_type(buffer, KEY_RSA1, passphrase,		    keyp, commentp);	}	if ((r = sshkey_parse_private_type(buffer, KEY_UNSPEC,	    passphrase, &key, NULL)) != 0)		return r;	if (commentp != NULL &&	    (*commentp = strdup(filename)) == NULL) {		sshkey_free(key);		return SSH_ERR_ALLOC_FAIL;	}	*keyp = key;	return 0;}

static voidpublic_fuzz(struct sshkey *k){	struct sshkey *k1;	struct sshbuf *buf;	struct fuzz *fuzz;	u_int fuzzers = FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP |	    FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END;	if (test_is_fast())		fuzzers &= ~FUZZ_1_BIT_FLIP;	if (test_is_slow())		fuzzers |= FUZZ_2_BIT_FLIP | FUZZ_2_BYTE_FLIP;	ASSERT_PTR_NE(buf = sshbuf_new(), NULL);	ASSERT_INT_EQ(sshkey_putb(k, buf), 0);	fuzz = fuzz_begin(fuzzers, sshbuf_mutable_ptr(buf), sshbuf_len(buf));	ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(buf), sshbuf_len(buf),	    &k1), 0);	sshkey_free(k1);	sshbuf_free(buf);	TEST_ONERROR(onerror, fuzz);	for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {		if (sshkey_from_blob(fuzz_ptr(fuzz), fuzz_len(fuzz), &k1) == 0)			sshkey_free(k1);	}	fuzz_cleanup(fuzz);}

/* * Returns success if the specified "key" is listed in the file "filename", * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error. * If "strict_type" is set then the key type must match exactly, * otherwise a comparison that ignores certficiate data is performed. * If "check_ca" is set and "key" is a certificate, then its CA key is * also checked and sshkey_in_file() will return success if either is found. */intsshkey_in_file(struct sshkey *key, const char *filename, int strict_type,    int check_ca){	FILE *f;	char *line = NULL, *cp;	size_t linesize = 0;	int r = 0;	struct sshkey *pub = NULL;	int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) =	    strict_type ?  sshkey_equal : sshkey_equal_public;	if ((f = fopen(filename, "r")) == NULL)		return SSH_ERR_SYSTEM_ERROR;	while (getline(&line, &linesize, f) != -1) {		sshkey_free(pub);		pub = NULL;		cp = line;		/* Skip leading whitespace. */		for (; *cp && (*cp == ' ' || *cp == '/t'); cp++)			;		/* Skip comments and empty lines */		switch (*cp) {		case '#':		case '/n':		case '/0':			continue;		}		if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {			r = SSH_ERR_ALLOC_FAIL;			goto out;		}		switch (r = sshkey_read(pub, &cp)) {		case 0:			break;		case SSH_ERR_KEY_LENGTH:			continue;		default:			goto out;		}		if (sshkey_compare(key, pub) ||		    (check_ca && sshkey_is_cert(key) &&		    sshkey_compare(key->cert->signature_key, pub))) {			r = 0;			goto out;		}	}	r = SSH_ERR_KEY_NOT_FOUND; out:	free(line);	sshkey_free(pub);	fclose(f);	return r;}

/* * Returns success if the specified "key" is listed in the file "filename", * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error. * If strict_type is set then the key type must match exactly, * otherwise a comparison that ignores certficiate data is performed. */intsshkey_in_file(struct sshkey *key, const char *filename, int strict_type){	FILE *f;	char line[SSH_MAX_PUBKEY_BYTES];	char *cp;	u_long linenum = 0;	int r = 0;	struct sshkey *pub = NULL;	int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) =	    strict_type ?  sshkey_equal : sshkey_equal_public;	if ((f = fopen(filename, "r")) == NULL) {		if (errno == ENOENT)			return SSH_ERR_KEY_NOT_FOUND;		else			return SSH_ERR_SYSTEM_ERROR;	}	while (read_keyfile_line(f, filename, line, sizeof(line),	    &linenum) != -1) {		cp = line;		/* Skip leading whitespace. */		for (; *cp && (*cp == ' ' || *cp == '/t'); cp++)			;		/* Skip comments and empty lines */		switch (*cp) {		case '#':		case '/n':		case '/0':			continue;		}		if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {			r = SSH_ERR_ALLOC_FAIL;			goto out;		}		if ((r = sshkey_read(pub, &cp)) != 0)			goto out;		if (sshkey_compare(key, pub)) {			r = 0;			goto out;		}		sshkey_free(pub);		pub = NULL;	}	r = SSH_ERR_KEY_NOT_FOUND; out:	if (pub != NULL)		sshkey_free(pub);	fclose(f);	return r;}

/* load public key from ssh v1 private or any pubkey file */intsshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp){	struct sshkey *pub = NULL;	char file[MAXPATHLEN];	int r, fd;	*keyp = NULL;	if (commentp != NULL)		*commentp = NULL;	/* try rsa1 private key */	if ((fd = open(filename, O_RDONLY)) < 0)		goto skip;	r = sshkey_load_public_rsa1(fd, filename, keyp, commentp);	close(fd);	switch (r) {	case SSH_ERR_INTERNAL_ERROR:	case SSH_ERR_ALLOC_FAIL:	case SSH_ERR_SYSTEM_ERROR:	case 0:		return r;	}	/* try rsa1 public key */	if ((pub = sshkey_new(KEY_RSA1)) == NULL)		return SSH_ERR_ALLOC_FAIL;	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {		*keyp = pub;		return 0;	}	sshkey_free(pub);	/* try ssh2 public key */	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)		return SSH_ERR_ALLOC_FAIL;	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {		*keyp = pub;		return 0;	} skip:	/* try .pub suffix */	if (pub == NULL && (pub = sshkey_new(KEY_UNSPEC)) == NULL)		return SSH_ERR_ALLOC_FAIL;	r = SSH_ERR_ALLOC_FAIL;	/* in case strlcpy or strlcat fail */	if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&	    (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&	    (r = sshkey_try_load_public(pub, file, commentp)) == 0) {		*keyp = pub;		return 0;	}	sshkey_free(pub);	return r;}

/* Load private key and certificate */intsshkey_load_private_cert(int type, const char *filename, const char *passphrase,    struct sshkey **keyp, int *perm_ok){	struct sshkey *key = NULL, *cert = NULL;	int r;	if (keyp != NULL)		*keyp = NULL;	switch (type) {#ifdef WITH_OPENSSL	case KEY_RSA:	case KEY_DSA:	case KEY_ECDSA:#endif /* WITH_OPENSSL */	case KEY_ED25519:	case KEY_XMSS:	case KEY_UNSPEC:		break;	default:		return SSH_ERR_KEY_TYPE_UNKNOWN;	}	if ((r = sshkey_load_private_type(type, filename,	    passphrase, &key, NULL, perm_ok)) != 0 ||	    (r = sshkey_load_cert(filename, &cert)) != 0)		goto out;	/* Make sure the private key matches the certificate */	if (sshkey_equal_public(key, cert) == 0) {		r = SSH_ERR_KEY_CERT_MISMATCH;		goto out;	}	if ((r = sshkey_to_certified(key)) != 0 ||	    (r = sshkey_cert_copy(cert, key)) != 0)		goto out;	r = 0;	if (keyp != NULL) {		*keyp = key;		key = NULL;	} out:	sshkey_free(key);	sshkey_free(cert);	return r;}

/* Load the certificate associated with the named private key */intsshkey_load_cert(const char *filename, struct sshkey **keyp){	struct sshkey *pub = NULL;	char *file = NULL;	int r = SSH_ERR_INTERNAL_ERROR;	*keyp = NULL;	if (asprintf(&file, "%s-cert.pub", filename) == -1)		return SSH_ERR_ALLOC_FAIL;	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {		goto out;	}	if ((r = sshkey_try_load_public(pub, file, NULL)) != 0)		goto out;	*keyp = pub;	pub = NULL;	r = 0; out:	if (file != NULL)		free(file);	if (pub != NULL)		sshkey_free(pub);	return r;}

/* * Records a public key used in authentication. This is used for logging * and to ensure that the same key is not subsequently accepted again for * multiple authentication. */voidauth2_record_key(Authctxt *authctxt, int authenticated,    const struct sshkey *key){	struct sshkey **tmp, *dup;	int r;	if ((r = sshkey_from_private(key, &dup)) != 0)		fatal("%s: copy key: %s", __func__, ssh_err(r));	sshkey_free(authctxt->auth_method_key);	authctxt->auth_method_key = dup;	if (!authenticated)		return;	/* If authenticated, make sure we don't accept this key again */	if ((r = sshkey_from_private(key, &dup)) != 0)		fatal("%s: copy key: %s", __func__, ssh_err(r));	if (authctxt->nprev_keys >= INT_MAX ||	    (tmp = recallocarray(authctxt->prev_keys, authctxt->nprev_keys,	    authctxt->nprev_keys + 1, sizeof(*authctxt->prev_keys))) == NULL)		fatal("%s: reallocarray failed", __func__);	authctxt->prev_keys = tmp;	authctxt->prev_keys[authctxt->nprev_keys] = dup;	authctxt->nprev_keys++;}

/* Reset method-specific information */void auth2_authctxt_reset_info(Authctxt *authctxt){	sshkey_free(authctxt->auth_method_key);	free(authctxt->auth_method_info);	authctxt->auth_method_key = NULL;	authctxt->auth_method_info = NULL;}

static intdeserialise_identity1(struct sshbuf *ids, struct sshkey **keyp, char **commentp){	struct sshkey *key;	int r, keybits;	u_int32_t bits;	char *comment = NULL;	if ((key = sshkey_new(KEY_RSA1)) == NULL)		return SSH_ERR_ALLOC_FAIL;	if ((r = sshbuf_get_u32(ids, &bits)) != 0 ||	    (r = sshbuf_get_bignum1(ids, key->rsa->e)) != 0 ||	    (r = sshbuf_get_bignum1(ids, key->rsa->n)) != 0 ||	    (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0)		goto out;	keybits = BN_num_bits(key->rsa->n);	/* XXX previously we just warned here. I think we should be strict */	if (keybits < 0 || bits != (u_int)keybits) {		r = SSH_ERR_KEY_BITS_MISMATCH;		goto out;	}	if (keyp != NULL) {		*keyp = key;		key = NULL;	}	if (commentp != NULL) {		*commentp = comment;		comment = NULL;	}	r = 0; out:	sshkey_free(key);	free(comment);	return r;}

/* * Parse the public, unencrypted portion of a RSA1 key. */intsshkey_parse_public_rsa1(struct sshbuf *blob,    struct sshkey **keyp, char **commentp){	int r;	struct sshkey *pub = NULL;	struct sshbuf *copy = NULL;	*keyp = NULL;	if (commentp != NULL)		*commentp = NULL;	/* Check that it is at least big enough to contain the ID string. */	if (sshbuf_len(blob) < sizeof(authfile_id_string))		return SSH_ERR_INVALID_FORMAT;	/*	 * Make sure it begins with the id string.  Consume the id string	 * from the buffer.	 */	if (memcmp(sshbuf_ptr(blob), authfile_id_string,	    sizeof(authfile_id_string)) != 0)		return SSH_ERR_INVALID_FORMAT;	/* Make a working copy of the keyblob and skip past the magic */	if ((copy = sshbuf_fromb(blob)) == NULL)		return SSH_ERR_ALLOC_FAIL;	if ((r = sshbuf_consume(copy, sizeof(authfile_id_string))) != 0)		goto out;	/* Skip cipher type, reserved data and key bits. */	if ((r = sshbuf_get_u8(copy, NULL)) != 0 ||	/* cipher type */	    (r = sshbuf_get_u32(copy, NULL)) != 0 ||	/* reserved */	    (r = sshbuf_get_u32(copy, NULL)) != 0)	/* key bits */		goto out;	/* Read the public key from the buffer. */	if ((pub = sshkey_new(KEY_RSA1)) == NULL ||	    (r = sshbuf_get_bignum1(copy, pub->rsa->n)) != 0 ||	    (r = sshbuf_get_bignum1(copy, pub->rsa->e)) != 0)		goto out;	/* Finally, the comment */	if ((r = sshbuf_get_string(copy, (u_char**)commentp, NULL)) != 0)		goto out;	/* The encrypted private part is not parsed by this function. */	r = 0;	*keyp = pub;	pub = NULL; out:	if (copy != NULL)		sshbuf_free(copy);	if (pub != NULL)		sshkey_free(pub);	return r;}

/* * Performs the RSA authentication dialog with the client.  This returns * 0 if the client could not be authenticated, and 1 if authentication was * successful.  This may exit if there is a serious protocol violation. */intauth_rsa(Authctxt *authctxt, BIGNUM *client_n){	struct ssh *ssh = active_state;	struct sshkey *key;	char *fp;	struct passwd *pw = authctxt->pw;	/* no user given */	if (!authctxt->valid)		return 0;	if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {		auth_clear_options();		return (0);	}	/* Perform the challenge-response dialog for this key. */	if (!auth_rsa_challenge_dialog(key)) {		/* Wrong response. */		verbose("Wrong response to RSA authentication challenge.");		ssh_packet_send_debug(ssh,		    "Wrong response to RSA authentication challenge.");		/*		 * Break out of the loop. Otherwise we might send		 * another challenge and break the protocol.		 */		sshkey_free(key);		return (0);	}	/*	 * Correct response.  The client has been successfully	 * authenticated. Note that we have not yet processed the	 * options; this will be reset if the options cause the	 * authentication to be rejected.	 */	fp = sshkey_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);	verbose("Found matching %s key: %s",	    sshkey_type(key), fp);	xfree(fp);	sshkey_free(key);	ssh_packet_send_debug(ssh, "RSA authentication accepted.");	return (1);}

/* load public key from any pubkey file */intsshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp){	struct sshkey *pub = NULL;	char *file = NULL;	int r;	if (keyp != NULL)		*keyp = NULL;	if (commentp != NULL)		*commentp = NULL;	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)		return SSH_ERR_ALLOC_FAIL;	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {		if (keyp != NULL) {			*keyp = pub;			pub = NULL;		}		r = 0;		goto out;	}	sshkey_free(pub);	/* try .pub suffix */	if (asprintf(&file, "%s.pub", filename) == -1)		return SSH_ERR_ALLOC_FAIL;	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	if ((r = sshkey_try_load_public(pub, file, commentp)) == 0) {		if (keyp != NULL) {			*keyp = pub;			pub = NULL;		}		r = 0;	} out:	free(file);	sshkey_free(pub);	return r;}

/* Load private key and certificate */intsshkey_load_private_cert(int type, const char *filename, const char *passphrase,    struct sshkey **keyp, int *perm_ok){	struct sshkey *key = NULL, *cert = NULL;	int r;	*keyp = NULL;	switch (type) {	case KEY_RSA:	case KEY_DSA:	case KEY_ECDSA:	case KEY_UNSPEC:		break;	default:		return SSH_ERR_KEY_TYPE_UNKNOWN;	}	if ((r = sshkey_load_private_type(type, filename,	    passphrase, &key, NULL, perm_ok)) != 0 ||	    (r = sshkey_load_cert(filename, &cert)) != 0)		goto out;	/* Make sure the private key matches the certificate */	if (sshkey_equal_public(key, cert) == 0) {		r = SSH_ERR_KEY_CERT_MISMATCH;		goto out;	}	if ((r = sshkey_to_certified(key, sshkey_cert_is_legacy(cert))) != 0 ||	    (r = sshkey_cert_copy(cert, key)) != 0)		goto out;	r = 0;	*keyp = key;	key = NULL; out:	if (key != NULL)		sshkey_free(key);	if (cert != NULL)		sshkey_free(cert);	return r;}

intmm_answer_rsa_keyallowed(int sock, struct sshbuf *m){	BIGNUM *client_n;	struct sshkey *key = NULL;	u_char *blob = NULL;	size_t blen = 0;	int r, allowed = 0;	debug3("%s entering", __func__);	auth_method = "rsa";	if (options.rsa_authentication && authctxt->valid) {		if ((client_n = BN_new()) == NULL)			fatal("%s: BN_new", __func__);		if ((r = sshbuf_get_bignum2(m, client_n)) != 0)			fatal("%s: buffer error: %s", __func__, ssh_err(r));		allowed = auth_rsa_key_allowed(authctxt->pw, client_n, &key);		BN_clear_free(client_n);	}	sshbuf_reset(m);	if ((r = sshbuf_put_u32(m, allowed)) != 0 ||	    (r = sshbuf_put_u32(m, forced_command != NULL)) != 0)		fatal("%s: buffer error: %s", __func__, ssh_err(r));	/* clear temporarily storage (used by generate challenge) */	monitor_reset_key_state();	if (allowed && key != NULL) {		key->type = KEY_RSA;	/* cheat for key_to_blob */		if ((r = sshkey_to_blob(key, &blob, &blen)) != 0)			fatal("%s: key_to_blob failed: %s",			    __func__, ssh_err(r));		if ((r = sshbuf_put_string(m, blob, blen)) != 0)			fatal("%s: buffer error: %s", __func__, ssh_err(r));		/* Save temporarily for comparison in verify */		key_blob = blob;		key_bloblen = blen;		key_blobtype = MM_RSAUSERKEY;	}	if (key != NULL)		sshkey_free(key);	mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m);	monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed);	monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0);	return (0);}

voidfree_hostkeys(struct hostkeys *hostkeys){	u_int i;	for (i = 0; i < hostkeys->num_entries; i++) {		free(hostkeys->entries[i].host);		free(hostkeys->entries[i].file);		sshkey_free(hostkeys->entries[i].key);		explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));	}	free(hostkeys->entries);	explicit_bzero(hostkeys, sizeof(*hostkeys));	free(hostkeys);}

voidssh_free_identitylist(struct ssh_identitylist *idl){	size_t i;	if (idl == NULL)		return;	for (i = 0; i < idl->nkeys; i++) {		if (idl->keys != NULL)			sshkey_free(idl->keys[i]);		if (idl->comments != NULL)			free(idl->comments[i]);	}	free(idl);}

intmm_answer_rsa_response(int sock, struct sshbuf *m){	struct sshkey *key = NULL;	u_char *blob, *response;	size_t blen, len;	int r, success;	debug3("%s entering", __func__);	if (!authctxt->valid)		fatal("%s: authctxt not valid", __func__);	if (ssh1_challenge == NULL)		fatal("%s: no ssh1_challenge", __func__);	if ((r = sshbuf_get_string(m, &blob, &blen)) != 0)		fatal("%s: buffer error: %s", __func__, ssh_err(r));	if (!monitor_allowed_key(blob, blen))		fatal("%s: bad key, not previously allowed", __func__);	if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY)		fatal("%s: key type mismatch: %d", __func__, key_blobtype);	if ((r = sshkey_from_blob(blob, blen, &key)) != 0)		fatal("%s: received bad key: %s", __func__, ssh_err(r));	if ((r = sshbuf_get_string(m, &response, &len)) != 0)		fatal("%s: buffer error: %s", __func__, ssh_err(r));	if (len != 16)		fatal("%s: received bad response to challenge", __func__);	success = auth_rsa_verify_response(key, ssh1_challenge, response);	free(blob);	sshkey_free(key);	free(response);	auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa";	/* reset state */	BN_clear_free(ssh1_challenge);	ssh1_challenge = NULL;	monitor_reset_key_state();	sshbuf_reset(m);	if ((r = sshbuf_put_u32(m, success)) != 0)		fatal("%s: buffer error: %s", __func__, ssh_err(r));	mm_request_send(sock, MONITOR_ANS_RSARESPONSE, m);	return (success);}

intmm_answer_rsa_challenge(int sock, struct sshbuf *m){	struct sshkey *key = NULL;	u_char *blob;	size_t blen;	int r;	debug3("%s entering", __func__);	if (!authctxt->valid)		fatal("%s: authctxt not valid", __func__);	if ((r = sshbuf_get_string(m, &blob, &blen)) != 0)		fatal("%s: buffer error: %s", __func__, ssh_err(r));	if (!monitor_allowed_key(blob, blen))		fatal("%s: bad key, not previously allowed", __func__);	if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY)		fatal("%s: key type mismatch", __func__);	if ((r = sshkey_from_blob(blob, blen, &key)) != 0)		fatal("%s: received bad key: %s", __func__, ssh_err(r));	if (key->type != KEY_RSA)		fatal("%s: received bad key type %d", __func__, key->type);	key->type = KEY_RSA1;	if (ssh1_challenge)		BN_clear_free(ssh1_challenge);	ssh1_challenge = auth_rsa_generate_challenge(key);	sshbuf_reset(m);	if ((r = sshbuf_put_bignum2(m, ssh1_challenge)) != 0)		fatal("%s: buffer error: %s", __func__, ssh_err(r));	debug3("%s sending reply", __func__);	mm_request_send(sock, MONITOR_ANS_RSACHALLENGE, m);	monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);	free(blob);	sshkey_free(key);	return (0);}

//.........这里部分代码省略.........	if (sshbuf_len(blob) < sizeof(authfile_id_string))		return SSH_ERR_INVALID_FORMAT;	/*	 * Make sure it begins with the id string.  Consume the id string	 * from the buffer.	 */	if (memcmp(sshbuf_ptr(blob), authfile_id_string,	    sizeof(authfile_id_string)) != 0)		return SSH_ERR_INVALID_FORMAT;	if ((prv = sshkey_new_private(KEY_RSA1)) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	if ((copy = sshbuf_fromb(blob)) == NULL ||	    (decrypted = sshbuf_new()) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	if ((r = sshbuf_consume(copy, sizeof(authfile_id_string))) != 0)		goto out;	/* Read cipher type. */	if ((r = sshbuf_get_u8(copy, &cipher_type)) != 0 ||	    (r = sshbuf_get_u32(copy, NULL)) != 0)	/* reserved */		goto out;	/* Read the public key and comment from the buffer. */	if ((r = sshbuf_get_u32(copy, NULL)) != 0 ||	/* key bits */	    (r = sshbuf_get_bignum1(copy, prv->rsa->n)) != 0 ||	    (r = sshbuf_get_bignum1(copy, prv->rsa->e)) != 0 ||	    (r = sshbuf_get_cstring(copy, &comment, NULL)) != 0)		goto out;	/* Check that it is a supported cipher. */	cipher = cipher_by_number(cipher_type);	if (cipher == NULL) {		r = SSH_ERR_KEY_UNKNOWN_CIPHER;		goto out;	}	/* Initialize space for decrypted data. */	if ((r = sshbuf_reserve(decrypted, sshbuf_len(copy), &cp)) != 0)		goto out;	/* Rest of the buffer is encrypted.  Decrypt it using the passphrase. */	if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase,	    CIPHER_DECRYPT)) != 0)		goto out;	if ((r = cipher_crypt(&ciphercontext, cp,	    sshbuf_ptr(copy), sshbuf_len(copy), 0, 0)) != 0) {		cipher_cleanup(&ciphercontext);		goto out;	}	if ((r = cipher_cleanup(&ciphercontext)) != 0)		goto out;	if ((r = sshbuf_get_u16(decrypted, &check1)) != 0 ||	    (r = sshbuf_get_u16(decrypted, &check2)) != 0)		goto out;	if (check1 != check2) {		r = SSH_ERR_KEY_WRONG_PASSPHRASE;		goto out;	}	/* Read the rest of the private key. */	if ((r = sshbuf_get_bignum1(decrypted, prv->rsa->d)) != 0 ||	    (r = sshbuf_get_bignum1(decrypted, prv->rsa->iqmp)) != 0 ||	    (r = sshbuf_get_bignum1(decrypted, prv->rsa->q)) != 0 ||	    (r = sshbuf_get_bignum1(decrypted, prv->rsa->p)) != 0)		goto out;	/* calculate p-1 and q-1 */	if ((r = rsa_generate_additional_parameters(prv->rsa)) != 0)		goto out;	/* enable blinding */	if (RSA_blinding_on(prv->rsa, NULL) != 1) {		r = SSH_ERR_LIBCRYPTO_ERROR;		goto out;	}	r = 0;	*keyp = prv;	prv = NULL;	if (commentp != NULL) {		*commentp = comment;		comment = NULL;	} out:	bzero(&ciphercontext, sizeof(ciphercontext));	if (comment != NULL)		free(comment);	if (prv != NULL)		sshkey_free(prv);	if (copy != NULL)		sshbuf_free(copy);	if (decrypted != NULL)		sshbuf_free(decrypted);	return r;}

//.........这里部分代码省略.........		goto out;	if (server_host_key->type != kex->hostkey_type) {		r = SSH_ERR_KEY_TYPE_MISMATCH;		goto out;	}	if (kex->verify_host_key(server_host_key, ssh) == -1) {		r = SSH_ERR_SIGNATURE_INVALID;		goto out;	}	/* DH parameter f, server public DH key */	if ((dh_server_pub = BN_new()) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	/* signed H */	if ((r = sshpkt_get_bignum2(ssh, dh_server_pub)) != 0 ||	    (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||	    (r = sshpkt_get_end(ssh)) != 0)		goto out;#ifdef DEBUG_KEXDH	fprintf(stderr, "dh_server_pub= ");	BN_print_fp(stderr, dh_server_pub);	fprintf(stderr, "/n");	debug("bits %d", BN_num_bits(dh_server_pub));#endif	if (!dh_pub_is_valid(kex->dh, dh_server_pub)) {		sshpkt_disconnect(ssh, "bad server public DH value");		r = SSH_ERR_MESSAGE_INCOMPLETE;		goto out;	}	klen = DH_size(kex->dh);	if ((kbuf = malloc(klen)) == NULL ||	    (shared_secret = BN_new()) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	if ((kout = DH_compute_key(kbuf, dh_server_pub, kex->dh)) < 0 ||	    BN_bin2bn(kbuf, kout, shared_secret) == NULL) {		r = SSH_ERR_LIBCRYPTO_ERROR;		goto out;	}#ifdef DEBUG_KEXDH	dump_digest("shared secret", kbuf, kout);#endif	if (ssh->compat & SSH_OLD_DHGEX)		kex->min = kex->max = -1;	/* calc and verify H */	if ((r = kexgex_hash(	    kex->evp_md,	    kex->client_version_string,	    kex->server_version_string,	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),	    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),	    server_host_key_blob, sbloblen,	    kex->min, kex->nbits, kex->max,	    kex->dh->p, kex->dh->g,	    kex->dh->pub_key,	    dh_server_pub,	    shared_secret,	    &hash, &hashlen)) != 0)		goto out;	if ((r = sshkey_verify(server_host_key, signature, slen, hash,	    hashlen, ssh->compat)) != 0)		goto out;	/* save session id */	if (kex->session_id == NULL) {		kex->session_id_len = hashlen;		kex->session_id = malloc(kex->session_id_len);		if (kex->session_id == NULL) {			r = SSH_ERR_ALLOC_FAIL;			goto out;		}		memcpy(kex->session_id, hash, kex->session_id_len);	}	if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)		r = kex_send_newkeys(ssh); out:	DH_free(kex->dh);	kex->dh = NULL;	if (server_host_key_blob)		free(server_host_key_blob);	if (server_host_key)		sshkey_free(server_host_key);	if (dh_server_pub)		BN_clear_free(dh_server_pub);	if (kbuf) {		bzero(kbuf, klen);		free(kbuf);	}	if (shared_secret)		BN_clear_free(shared_secret);	if (signature)		free(signature);	return r;}

/* returns 0 if key verifies or -1 if key does NOT verify */intverify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key){	int r = -1, flags = 0;	char *fp = NULL;	struct sshkey *plain = NULL;	if ((fp = sshkey_fingerprint(host_key,	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {		error("%s: fingerprint host key: %s", __func__, ssh_err(r));		r = -1;		goto out;	}	debug("Server host key: %s %s",	    compat20 ? sshkey_ssh_name(host_key) : sshkey_type(host_key), fp);	if (sshkey_equal(previous_host_key, host_key)) {		debug2("%s: server host key %s %s matches cached key",		    __func__, sshkey_type(host_key), fp);		r = 0;		goto out;	}	/* Check in RevokedHostKeys file if specified */	if (options.revoked_host_keys != NULL) {		r = sshkey_check_revoked(host_key, options.revoked_host_keys);		switch (r) {		case 0:			break; /* not revoked */		case SSH_ERR_KEY_REVOKED:			error("Host key %s %s revoked by file %s",			    sshkey_type(host_key), fp,			    options.revoked_host_keys);			r = -1;			goto out;		default:			error("Error checking host key %s %s in "			    "revoked keys file %s: %s", sshkey_type(host_key),			    fp, options.revoked_host_keys, ssh_err(r));			r = -1;			goto out;		}	}	if (options.verify_host_key_dns) {		/*		 * XXX certs are not yet supported for DNS, so downgrade		 * them and try the plain key.		 */		if ((r = sshkey_from_private(host_key, &plain)) != 0)			goto out;		if (sshkey_is_cert(plain))			sshkey_drop_cert(plain);		if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {			if (flags & DNS_VERIFY_FOUND) {				if (options.verify_host_key_dns == 1 &&				    flags & DNS_VERIFY_MATCH &&				    flags & DNS_VERIFY_SECURE) {					r = 0;					goto out;				}				if (flags & DNS_VERIFY_MATCH) {					matching_host_key_dns = 1;				} else {					warn_changed_key(plain);					error("Update the SSHFP RR in DNS "					    "with the new host key to get rid "					    "of this message.");				}			}		}	}	r = check_host_key(host, hostaddr, options.port, host_key, RDRW,	    options.user_hostfiles, options.num_user_hostfiles,	    options.system_hostfiles, options.num_system_hostfiles);out:	sshkey_free(plain);	free(fp);	if (r == 0 && host_key != NULL) {		key_free(previous_host_key);		previous_host_key = key_from_private(host_key);	}	return r;}

voidsshkey_tests(void){	struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *ke, *kf;	struct sshbuf *b;	TEST_START("new invalid");	k1 = sshkey_new(-42);	ASSERT_PTR_EQ(k1, NULL);	TEST_DONE();	TEST_START("new/free KEY_UNSPEC");	k1 = sshkey_new(KEY_UNSPEC);	ASSERT_PTR_NE(k1, NULL);	sshkey_free(k1);	TEST_DONE();	TEST_START("new/free KEY_RSA1");	k1 = sshkey_new(KEY_RSA1);	ASSERT_PTR_NE(k1, NULL);	ASSERT_PTR_NE(k1->rsa, NULL);	ASSERT_PTR_NE(k1->rsa->n, NULL);	ASSERT_PTR_NE(k1->rsa->e, NULL);	ASSERT_PTR_EQ(k1->rsa->p, NULL);	sshkey_free(k1);	TEST_DONE();	TEST_START("new/free KEY_RSA");	k1 = sshkey_new(KEY_RSA);	ASSERT_PTR_NE(k1, NULL);	ASSERT_PTR_NE(k1->rsa, NULL);	ASSERT_PTR_NE(k1->rsa->n, NULL);	ASSERT_PTR_NE(k1->rsa->e, NULL);	ASSERT_PTR_EQ(k1->rsa->p, NULL);	sshkey_free(k1);	TEST_DONE();	TEST_START("new/free KEY_DSA");	k1 = sshkey_new(KEY_DSA);	ASSERT_PTR_NE(k1, NULL);	ASSERT_PTR_NE(k1->dsa, NULL);	ASSERT_PTR_NE(k1->dsa->g, NULL);	ASSERT_PTR_EQ(k1->dsa->priv_key, NULL);	sshkey_free(k1);	TEST_DONE();	TEST_START("new/free KEY_ECDSA");	k1 = sshkey_new(KEY_ECDSA);	ASSERT_PTR_NE(k1, NULL);	ASSERT_PTR_EQ(k1->ecdsa, NULL);  /* Can't allocate without NID */	sshkey_free(k1);	TEST_DONE();	TEST_START("new/free KEY_ED25519");	k1 = sshkey_new(KEY_ED25519);	ASSERT_PTR_NE(k1, NULL);	/* These should be blank until key loaded or generated */	ASSERT_PTR_EQ(k1->ed25519_sk, NULL);	ASSERT_PTR_EQ(k1->ed25519_pk, NULL);	sshkey_free(k1);	TEST_DONE();	TEST_START("new_private KEY_RSA");	k1 = sshkey_new_private(KEY_RSA);	ASSERT_PTR_NE(k1, NULL);	ASSERT_PTR_NE(k1->rsa, NULL);	ASSERT_PTR_NE(k1->rsa->n, NULL);	ASSERT_PTR_NE(k1->rsa->e, NULL);	ASSERT_PTR_NE(k1->rsa->p, NULL);	ASSERT_INT_EQ(sshkey_add_private(k1), 0);	sshkey_free(k1);	TEST_DONE();	TEST_START("new_private KEY_DSA");	k1 = sshkey_new_private(KEY_DSA);	ASSERT_PTR_NE(k1, NULL);	ASSERT_PTR_NE(k1->dsa, NULL);	ASSERT_PTR_NE(k1->dsa->g, NULL);	ASSERT_PTR_NE(k1->dsa->priv_key, NULL);	ASSERT_INT_EQ(sshkey_add_private(k1), 0);	sshkey_free(k1);	TEST_DONE();	TEST_START("generate KEY_RSA too small modulus");	ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 128, &k1),	    SSH_ERR_INVALID_ARGUMENT);	ASSERT_PTR_EQ(k1, NULL);	TEST_DONE();	TEST_START("generate KEY_RSA too large modulus");	ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1 << 20, &k1),	    SSH_ERR_INVALID_ARGUMENT);	ASSERT_PTR_EQ(k1, NULL);	TEST_DONE();	TEST_START("generate KEY_DSA wrong bits");	ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 2048, &k1),	    SSH_ERR_INVALID_ARGUMENT);	ASSERT_PTR_EQ(k1, NULL);	sshkey_free(k1);//.........这里部分代码省略.........

voidsshkey_file_tests(void){	struct sshkey *k1, *k2;	struct sshbuf *buf, *pw;	BIGNUM *a, *b, *c;	char *cp;	TEST_START("load passphrase");	pw = load_text_file("pw");	TEST_DONE();#ifdef WITH_SSH1	TEST_START("parse RSA1 from private");	buf = load_file("rsa1_1");	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa1_1",	    &k1, NULL), 0);	sshbuf_free(buf);	ASSERT_PTR_NE(k1, NULL);	a = load_bignum("rsa1_1.param.n");	ASSERT_BIGNUM_EQ(k1->rsa->n, a);	BN_free(a);	TEST_DONE();	TEST_START("parse RSA1 from private w/ passphrase");	buf = load_file("rsa1_1_pw");	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,	    (const char *)sshbuf_ptr(pw), "rsa1_1_pw", &k2, NULL), 0);	sshbuf_free(buf);	ASSERT_PTR_NE(k2, NULL);	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);	sshkey_free(k2);	TEST_DONE();	TEST_START("load RSA1 from public");	ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa1_1.pub"), &k2,	    NULL), 0);	ASSERT_PTR_NE(k2, NULL);	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);	sshkey_free(k2);	TEST_DONE();	TEST_START("RSA1 key hex fingerprint");	buf = load_text_file("rsa1_1.fp");	cp = sshkey_fingerprint(k1, SSH_DIGEST_MD5, SSH_FP_HEX);	ASSERT_PTR_NE(cp, NULL);	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));	sshbuf_free(buf);	free(cp);	TEST_DONE();	TEST_START("RSA1 key bubblebabble fingerprint");	buf = load_text_file("rsa1_1.fp.bb");	cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);	ASSERT_PTR_NE(cp, NULL);	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));	sshbuf_free(buf);	free(cp);	TEST_DONE();	sshkey_free(k1);#endif	TEST_START("parse RSA from private");	buf = load_file("rsa_1");	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1",	    &k1, NULL), 0);	sshbuf_free(buf);	ASSERT_PTR_NE(k1, NULL);	a = load_bignum("rsa_1.param.n");	b = load_bignum("rsa_1.param.p");	c = load_bignum("rsa_1.param.q");	ASSERT_BIGNUM_EQ(k1->rsa->n, a);	ASSERT_BIGNUM_EQ(k1->rsa->p, b);	ASSERT_BIGNUM_EQ(k1->rsa->q, c);	BN_free(a);	BN_free(b);	BN_free(c);	TEST_DONE();	TEST_START("parse RSA from private w/ passphrase");	buf = load_file("rsa_1_pw");	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,	    (const char *)sshbuf_ptr(pw), "rsa_1_pw", &k2, NULL), 0);	sshbuf_free(buf);	ASSERT_PTR_NE(k2, NULL);	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);	sshkey_free(k2);	TEST_DONE();	TEST_START("parse RSA from new-format");	buf = load_file("rsa_n");	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,	    "", "rsa_n", &k2, NULL), 0);	sshbuf_free(buf);	ASSERT_PTR_NE(k2, NULL);	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);	sshkey_free(k2);	TEST_DONE();//.........这里部分代码省略.........

static intinput_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh){	struct kex *kex = ssh->kex;	struct sshkey *server_host_key = NULL;	struct sshbuf *shared_secret = NULL;	u_char *server_pubkey = NULL;	u_char *server_host_key_blob = NULL, *signature = NULL;	u_char *hash;	size_t slen, pklen, sbloblen, hashlen;	int r;	if (kex->verify_host_key == NULL) {		r = SSH_ERR_INVALID_ARGUMENT;		goto out;	}	/* hostkey */	if ((r = sshpkt_get_string(ssh, &server_host_key_blob,	    &sbloblen)) != 0 ||	    (r = sshkey_from_blob(server_host_key_blob, sbloblen,	    &server_host_key)) != 0)		goto out;	if (server_host_key->type != kex->hostkey_type) {		r = SSH_ERR_KEY_TYPE_MISMATCH;		goto out;	}	if (kex->verify_host_key(server_host_key, ssh) == -1) {		r = SSH_ERR_SIGNATURE_INVALID;		goto out;	}	/* Q_S, server public key */	/* signed H */	if ((r = sshpkt_get_string(ssh, &server_pubkey, &pklen)) != 0 ||	    (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||	    (r = sshpkt_get_end(ssh)) != 0)		goto out;	if (pklen != CURVE25519_SIZE) {		r = SSH_ERR_SIGNATURE_INVALID;		goto out;	}#ifdef DEBUG_KEXECDH	dump_digest("server public key:", server_pubkey, CURVE25519_SIZE);#endif	if ((shared_secret = sshbuf_new()) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	if ((r = kexc25519_shared_key(kex->c25519_client_key, server_pubkey,	    shared_secret)) < 0)		goto out;	/* calc and verify H */	if ((r = kex_c25519_hash(	    kex->hash_alg,	    kex->client_version_string,	    kex->server_version_string,	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),	    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),	    server_host_key_blob, sbloblen,	    kex->c25519_client_pubkey,	    server_pubkey,	    sshbuf_ptr(shared_secret), sshbuf_len(shared_secret),	    &hash, &hashlen)) < 0)		goto out;	if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,	    ssh->compat)) != 0)		goto out;	/* save session id */	if (kex->session_id == NULL) {		kex->session_id_len = hashlen;		kex->session_id = malloc(kex->session_id_len);		if (kex->session_id == NULL) {			r = SSH_ERR_ALLOC_FAIL;			goto out;		}		memcpy(kex->session_id, hash, kex->session_id_len);	}	if ((r = kex_derive_keys(ssh, hash, hashlen, sshbuf_ptr(shared_secret),	    sshbuf_len(shared_secret))) == 0)		r = kex_send_newkeys(ssh);	r = 0;out:	explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key));	free(server_host_key_blob);	free(server_pubkey);	free(signature);	sshkey_free(server_host_key);	sshbuf_free(shared_secret);	return r;}

/* load public key from ssh v1 private or any pubkey file */intsshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp){	struct sshkey *pub = NULL;	char file[PATH_MAX];	int r, fd;	if (keyp != NULL)		*keyp = NULL;	if (commentp != NULL)		*commentp = NULL;	/* XXX should load file once and attempt to parse each format */	if ((fd = open(filename, O_RDONLY)) < 0)		goto skip;#ifdef WITH_SSH1	/* try rsa1 private key */	r = sshkey_load_public_rsa1(fd, keyp, commentp);	close(fd);	switch (r) {	case SSH_ERR_INTERNAL_ERROR:	case SSH_ERR_ALLOC_FAIL:	case SSH_ERR_INVALID_ARGUMENT:	case SSH_ERR_SYSTEM_ERROR:	case 0:		return r;	}#endif /* WITH_SSH1 */	/* try ssh2 public key */	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)		return SSH_ERR_ALLOC_FAIL;	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {		if (keyp != NULL)			*keyp = pub;		return 0;	}	sshkey_free(pub);#ifdef WITH_SSH1	/* try rsa1 public key */	if ((pub = sshkey_new(KEY_RSA1)) == NULL)		return SSH_ERR_ALLOC_FAIL;	if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {		if (keyp != NULL)			*keyp = pub;		return 0;	}	sshkey_free(pub);#endif /* WITH_SSH1 */ skip:	/* try .pub suffix */	if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)		return SSH_ERR_ALLOC_FAIL;	r = SSH_ERR_ALLOC_FAIL;	/* in case strlcpy or strlcat fail */	if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&	    (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&	    (r = sshkey_try_load_public(pub, file, commentp)) == 0) {		if (keyp != NULL)			*keyp = pub;		return 0;	}	sshkey_free(pub);	return r;}

//.........这里部分代码省略.........	if (server_host_key->type != kex->hostkey_type ||	    (kex->hostkey_type == KEY_ECDSA &&	    server_host_key->ecdsa_nid != kex->hostkey_nid)) {		r = SSH_ERR_KEY_TYPE_MISMATCH;		goto out;	}	if (kex->verify_host_key(server_host_key, ssh) == -1) {		r = SSH_ERR_SIGNATURE_INVALID;		goto out;	}	/* Q_S, server public key */	/* signed H */	if ((server_public = EC_POINT_new(group)) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	if ((r = sshpkt_get_ec(ssh, server_public, group)) != 0 ||	    (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||	    (r = sshpkt_get_end(ssh)) != 0)		goto out;#ifdef DEBUG_KEXECDH	fputs("server public key:/n", stderr);	sshkey_dump_ec_point(group, server_public);#endif	if (sshkey_ec_validate_public(group, server_public) != 0) {		sshpkt_disconnect(ssh, "invalid server public key");		r = SSH_ERR_MESSAGE_INCOMPLETE;		goto out;	}	klen = (EC_GROUP_get_degree(group) + 7) / 8;	if ((kbuf = malloc(klen)) == NULL ||	    (shared_secret = BN_new()) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	if (ECDH_compute_key(kbuf, klen, server_public,	    client_key, NULL) != (int)klen ||	    BN_bin2bn(kbuf, klen, shared_secret) == NULL) {		r = SSH_ERR_LIBCRYPTO_ERROR;		goto out;	}#ifdef DEBUG_KEXECDH	dump_digest("shared secret", kbuf, klen);#endif	/* calc and verify H */	hashlen = sizeof(hash);	if ((r = kex_ecdh_hash(	    kex->hash_alg,	    group,	    kex->client_version_string,	    kex->server_version_string,	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),	    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),	    server_host_key_blob, sbloblen,	    EC_KEY_get0_public_key(client_key),	    server_public,	    shared_secret,	    hash, &hashlen)) != 0)		goto out;	if ((r = sshkey_verify(server_host_key, signature, slen, hash,	    hashlen, ssh->compat)) != 0)		goto out;	/* save session id */	if (kex->session_id == NULL) {		kex->session_id_len = hashlen;		kex->session_id = malloc(kex->session_id_len);		if (kex->session_id == NULL) {			r = SSH_ERR_ALLOC_FAIL;			goto out;		}		memcpy(kex->session_id, hash, kex->session_id_len);	}	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)		r = kex_send_newkeys(ssh); out:	explicit_bzero(hash, sizeof(hash));	if (kex->ec_client_key) {		EC_KEY_free(kex->ec_client_key);		kex->ec_client_key = NULL;	}	if (server_public)		EC_POINT_clear_free(server_public);	if (kbuf) {		explicit_bzero(kbuf, klen);		free(kbuf);	}	if (shared_secret)		BN_clear_free(shared_secret);	sshkey_free(server_host_key);	free(server_host_key_blob);	free(signature);	return r;}

//.........这里部分代码省略.........			options.forward_agent = 0;			cancelled_forwarding = 1;		}		if (options.forward_x11) {			error("X11 forwarding is disabled to avoid "			    "man-in-the-middle attacks.");			options.forward_x11 = 0;			cancelled_forwarding = 1;		}		if (options.num_local_forwards > 0 ||		    options.num_remote_forwards > 0) {			error("Port forwarding is disabled to avoid "			    "man-in-the-middle attacks.");			options.num_local_forwards =			    options.num_remote_forwards = 0;			cancelled_forwarding = 1;		}		if (options.tun_open != SSH_TUNMODE_NO) {			error("Tunnel forwarding is disabled to avoid "			    "man-in-the-middle attacks.");			options.tun_open = SSH_TUNMODE_NO;			cancelled_forwarding = 1;		}		if (options.exit_on_forward_failure && cancelled_forwarding)			fatal("Error: forwarding disabled due to host key "			    "check failure");				/*		 * XXX Should permit the user to change to use the new id.		 * This could be done by converting the host key to an		 * identifying sentence, tell that the host identifies itself		 * by that sentence, and ask the user if he/she wishes to		 * accept the authentication.		 */		break;	case HOST_FOUND:		fatal("internal error");		break;	}	if (options.check_host_ip && host_status != HOST_CHANGED &&	    ip_status == HOST_CHANGED) {		snprintf(msg, sizeof(msg),		    "Warning: the %s host key for '%.200s' "		    "differs from the key for the IP address '%.128s'"		    "/nOffending key for IP in %s:%lu",		    type, host, ip, ip_found->file, ip_found->line);		if (host_status == HOST_OK) {			len = strlen(msg);			snprintf(msg + len, sizeof(msg) - len,			    "/nMatching host key in %s:%lu",			    host_found->file, host_found->line);		}		if (options.strict_host_key_checking == 1) {			logit("%s", msg);			error("Exiting, you have requested strict checking.");			goto fail;		} else if (options.strict_host_key_checking == 2) {			strlcat(msg, "/nAre you sure you want "			    "to continue connecting (yes/no)? ", sizeof(msg));			if (!confirm(msg))				goto fail;		} else {			logit("%s", msg);		}	}	xfree(ip);	xfree(host);	if (host_hostkeys != NULL)		free_hostkeys(host_hostkeys);	if (ip_hostkeys != NULL)		free_hostkeys(ip_hostkeys);	return 0;fail:	if (want_cert && host_status != HOST_REVOKED) {		/*		 * No matching certificate. Downgrade cert to raw key and		 * search normally.		 */		debug("No matching CA found. Retry with plain key");		if ((r = sshkey_from_private(host_key, &raw_key)) != 0)			fatal("%s: sshkey_from_private: %s",			    __func__, ssh_err(r));		if ((r = sshkey_drop_cert(raw_key)) != 0)			fatal("Couldn't drop certificate: %s", ssh_err(r));		host_key = raw_key;		goto retry;	}	if (raw_key != NULL)		sshkey_free(raw_key);	xfree(ip);	xfree(host);	if (host_hostkeys != NULL)		free_hostkeys(host_hostkeys);	if (ip_hostkeys != NULL)		free_hostkeys(ip_hostkeys);	return -1;}

static intsshkey_parse_private_pem(struct sshbuf *blob, int type, const char *passphrase,    struct sshkey **keyp, char **commentp){	EVP_PKEY *pk = NULL;	struct sshkey *prv = NULL;	char *name = "<no key>";	BIO *bio = NULL;	int r;	*keyp = NULL;	if (commentp != NULL)		*commentp = NULL;	if ((bio = BIO_new(BIO_s_mem())) == NULL || sshbuf_len(blob) > INT_MAX)		return SSH_ERR_ALLOC_FAIL;	if (BIO_write(bio, sshbuf_ptr(blob), sshbuf_len(blob)) !=	    (int)sshbuf_len(blob)) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}		if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,	    (char *)passphrase)) == NULL) {		r = SSH_ERR_KEY_WRONG_PASSPHRASE;		goto out;	}	if (pk->type == EVP_PKEY_RSA &&	    (type == KEY_UNSPEC || type == KEY_RSA)) {		if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {			r = SSH_ERR_ALLOC_FAIL;			goto out;		}		prv->rsa = EVP_PKEY_get1_RSA(pk);		prv->type = KEY_RSA;		name = "rsa w/o comment";#ifdef DEBUG_PK		RSA_print_fp(stderr, prv->rsa, 8);#endif		if (RSA_blinding_on(prv->rsa, NULL) != 1) {			r = SSH_ERR_LIBCRYPTO_ERROR;			goto out;		}	} else if (pk->type == EVP_PKEY_DSA &&	    (type == KEY_UNSPEC || type == KEY_DSA)) {		if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {			r = SSH_ERR_ALLOC_FAIL;			goto out;		}		prv->dsa = EVP_PKEY_get1_DSA(pk);		prv->type = KEY_DSA;		name = "dsa w/o comment";#ifdef DEBUG_PK		DSA_print_fp(stderr, prv->dsa, 8);#endif	} else if (pk->type == EVP_PKEY_EC &&	    (type == KEY_UNSPEC || type == KEY_ECDSA)) {		if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {			r = SSH_ERR_ALLOC_FAIL;			goto out;		}		prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk);		prv->type = KEY_ECDSA;		prv->ecdsa_nid = sshkey_ecdsa_key_to_nid(prv->ecdsa);		if (prv->ecdsa_nid == -1 ||		    sshkey_curve_nid_to_name(prv->ecdsa_nid) == NULL ||		    sshkey_ec_validate_public(EC_KEY_get0_group(prv->ecdsa),		    EC_KEY_get0_public_key(prv->ecdsa)) != 0 ||		    sshkey_ec_validate_private(prv->ecdsa) != 0) {			r = SSH_ERR_INVALID_FORMAT;			goto out;		}		name = "ecdsa w/o comment";#ifdef DEBUG_PK		if (prv != NULL && prv->ecdsa != NULL)			sshkey_dump_ec_key(prv->ecdsa);#endif	} else {		r = SSH_ERR_INVALID_FORMAT;		goto out;	}	if (commentp != NULL &&	    (*commentp = strdup(name)) == NULL) {		r = SSH_ERR_ALLOC_FAIL;		goto out;	}	r = 0;	*keyp = prv;	prv = NULL; out:	BIO_free(bio);	if (pk != NULL)		EVP_PKEY_free(pk);	if (prv != NULL)		sshkey_free(prv);	return r;}