mirror of
git://anongit.mindrot.org/openssh.git
synced 2025-02-05 16:41:32 +00:00
- Merged OpenBSD CVS changes:
- [rsa.c] bugfix: use correct size for memset() - [sshconnect.c] warn if announced size of modulus 'n' != real size
This commit is contained in:
Damien Miller
parent
c7b38ceed6
commit
da217a0279
@ -4,6 +4,9 @@
|
||||
- Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
|
||||
- Autodetection of RSAref library for US users
|
||||
- Minor doc updates
|
||||
- Merged OpenBSD CVS changes:
|
||||
- [rsa.c] bugfix: use correct size for memset()
|
||||
- [sshconnect.c] warn if announced size of modulus 'n' != real size
|
||||
|
||||
19991108
|
||||
- Removed debian/ directory. This is now being maintained separately.
|
||||
|
||||
38
rsa.c
38
rsa.c
@ -35,7 +35,7 @@ Description of the RSA algorithm can be found e.g. from the following sources:
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: rsa.c,v 1.2 1999/11/08 04:30:59 damien Exp $");
|
||||
RCSID("$Id: rsa.c,v 1.3 1999/11/08 23:35:52 damien Exp $");
|
||||
|
||||
#include "rsa.h"
|
||||
#include "ssh.h"
|
||||
@ -110,28 +110,26 @@ void
|
||||
rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA* key)
|
||||
{
|
||||
char *inbuf, *outbuf;
|
||||
int in_len;
|
||||
int out_len;
|
||||
int len;
|
||||
int len, ilen, olen;
|
||||
|
||||
if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
|
||||
fatal("rsa_public_encrypt() exponent too small or not odd");
|
||||
|
||||
out_len = BN_num_bytes(key->n);
|
||||
outbuf = xmalloc(out_len);
|
||||
olen = BN_num_bytes(key->n);
|
||||
outbuf = xmalloc(olen);
|
||||
|
||||
in_len = BN_num_bytes(in);
|
||||
inbuf = xmalloc(in_len);
|
||||
ilen = BN_num_bytes(in);
|
||||
inbuf = xmalloc(ilen);
|
||||
BN_bn2bin(in, inbuf);
|
||||
|
||||
if ((len = RSA_public_encrypt(in_len, inbuf, outbuf, key,
|
||||
if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key,
|
||||
RSA_PKCS1_PADDING)) <= 0)
|
||||
fatal("rsa_public_encrypt() failed");
|
||||
|
||||
BN_bin2bn(outbuf, len, out);
|
||||
|
||||
memset(outbuf, 0, out_len);
|
||||
memset(inbuf, 0, in_len);
|
||||
memset(outbuf, 0, olen);
|
||||
memset(inbuf, 0, ilen);
|
||||
xfree(outbuf);
|
||||
xfree(inbuf);
|
||||
}
|
||||
@ -140,25 +138,23 @@ void
|
||||
rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
|
||||
{
|
||||
char *inbuf, *outbuf;
|
||||
int in_len;
|
||||
int out_len;
|
||||
int len;
|
||||
int len, ilen, olen;
|
||||
|
||||
out_len = BN_num_bytes(key->n);
|
||||
outbuf = xmalloc(out_len);
|
||||
olen = BN_num_bytes(key->n);
|
||||
outbuf = xmalloc(olen);
|
||||
|
||||
in_len = BN_num_bytes(in);
|
||||
inbuf = xmalloc(in_len);
|
||||
ilen = BN_num_bytes(in);
|
||||
inbuf = xmalloc(ilen);
|
||||
BN_bn2bin(in, inbuf);
|
||||
|
||||
if ((len = RSA_private_decrypt(in_len, inbuf, outbuf, key,
|
||||
if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
|
||||
RSA_SSLV23_PADDING)) <= 0)
|
||||
fatal("rsa_private_decrypt() failed");
|
||||
|
||||
BN_bin2bn(outbuf, len, out);
|
||||
|
||||
memset(outbuf, 0, out_len);
|
||||
memset(inbuf, 0, in_len);
|
||||
memset(outbuf, 0, olen);
|
||||
memset(inbuf, 0, ilen);
|
||||
xfree(outbuf);
|
||||
xfree(inbuf);
|
||||
}
|
||||
|
||||
21
sshconnect.c
21
sshconnect.c
@ -16,7 +16,7 @@ login (authentication) dialog.
|
||||
|
||||
#include "config.h"
|
||||
#include "includes.h"
|
||||
RCSID("$Id: sshconnect.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
|
||||
RCSID("$Id: sshconnect.c,v 1.5 1999/11/08 23:35:52 damien Exp $");
|
||||
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/bn.h>
|
||||
@ -1022,6 +1022,7 @@ void ssh_login(int host_key_valid,
|
||||
BIGNUM *key;
|
||||
RSA *host_key, *file_key;
|
||||
RSA *public_key;
|
||||
int bits, rbits;
|
||||
unsigned char session_key[SSH_SESSION_KEY_LENGTH];
|
||||
const char *server_user, *local_user;
|
||||
char *cp, *host, *ip = NULL;
|
||||
@ -1068,7 +1069,7 @@ void ssh_login(int host_key_valid,
|
||||
|
||||
/* Get the public key. */
|
||||
public_key = RSA_new();
|
||||
packet_get_int(); /* bits */
|
||||
bits = packet_get_int(); /* bits */
|
||||
public_key->e = BN_new();
|
||||
packet_get_bignum(public_key->e, &clen);
|
||||
sum_len += clen;
|
||||
@ -1076,9 +1077,16 @@ void ssh_login(int host_key_valid,
|
||||
packet_get_bignum(public_key->n, &clen);
|
||||
sum_len += clen;
|
||||
|
||||
rbits = BN_num_bits(public_key->n);
|
||||
if (bits != rbits) {
|
||||
log("Warning: Server lies about size of server public key,");
|
||||
log("Warning: this may be due to an old implementation of ssh.");
|
||||
log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits);
|
||||
}
|
||||
|
||||
/* Get the host key. */
|
||||
host_key = RSA_new();
|
||||
packet_get_int(); /* bits */
|
||||
bits = packet_get_int(); /* bits */
|
||||
host_key->e = BN_new();
|
||||
packet_get_bignum(host_key->e, &clen);
|
||||
sum_len += clen;
|
||||
@ -1086,6 +1094,13 @@ void ssh_login(int host_key_valid,
|
||||
packet_get_bignum(host_key->n, &clen);
|
||||
sum_len += clen;
|
||||
|
||||
rbits = BN_num_bits(host_key->n);
|
||||
if (bits != rbits) {
|
||||
log("Warning: Server lies about size of server host key,");
|
||||
log("Warning: this may be due to an old implementation of ssh.");
|
||||
log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits);
|
||||
}
|
||||
|
||||
/* Store the host key from the known host file in here
|
||||
* so that we can compare it with the key for the IP
|
||||
* address. */
|
||||
|
||||
Loading…
Reference in New Issue
Block a user