diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 01:10:21 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 01:10:21 +0000 |
commit | abcb145b38db4996205078d41061ffb2d7c3c017 (patch) | |
tree | 69e4a54411675f59168c6313f1e72cca3c1af5d4 | |
parent | 5c15958230492f1f42fedb72337485f908d86a98 (diff) |
- markus@cvs.openbsd.org 2002/03/14 16:38:26
[sshd.c]
split out ssh1 session key decryption; ok provos@
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | sshd.c | 85 |
2 files changed, 51 insertions, 39 deletions
@@ -12,6 +12,9 @@ | |||
12 | - markus@cvs.openbsd.org 2002/03/14 15:24:27 | 12 | - markus@cvs.openbsd.org 2002/03/14 15:24:27 |
13 | [sshconnect1.c] | 13 | [sshconnect1.c] |
14 | don't trust size sent by (rogue) server; noted by s.esser@e-matters.de | 14 | don't trust size sent by (rogue) server; noted by s.esser@e-matters.de |
15 | - markus@cvs.openbsd.org 2002/03/14 16:38:26 | ||
16 | [sshd.c] | ||
17 | split out ssh1 session key decryption; ok provos@ | ||
15 | 18 | ||
16 | 20020317 | 19 | 20020317 |
17 | - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, | 20 | - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, |
@@ -7858,4 +7861,4 @@ | |||
7858 | - Wrote replacements for strlcpy and mkdtemp | 7861 | - Wrote replacements for strlcpy and mkdtemp |
7859 | - Released 1.0pre1 | 7862 | - Released 1.0pre1 |
7860 | 7863 | ||
7861 | $Id: ChangeLog,v 1.1927 2002/03/22 01:08:07 mouring Exp $ | 7864 | $Id: ChangeLog,v 1.1928 2002/03/22 01:10:21 mouring Exp $ |
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: sshd.c,v 1.228 2002/02/27 21:23:13 stevesk Exp $"); | 43 | RCSID("$OpenBSD: sshd.c,v 1.229 2002/03/14 16:38:26 markus Exp $"); |
44 | 44 | ||
45 | #include <openssl/dh.h> | 45 | #include <openssl/dh.h> |
46 | #include <openssl/bn.h> | 46 | #include <openssl/bn.h> |
@@ -1252,6 +1252,50 @@ main(int ac, char **av) | |||
1252 | } | 1252 | } |
1253 | 1253 | ||
1254 | /* | 1254 | /* |
1255 | * Decrypt session_key_int using our private server key and private host key | ||
1256 | * (key with larger modulus first). | ||
1257 | */ | ||
1258 | static int | ||
1259 | ssh1_session_key(BIGNUM *session_key_int) | ||
1260 | { | ||
1261 | int rsafail = 0; | ||
1262 | |||
1263 | if (BN_cmp(sensitive_data.server_key->rsa->n, sensitive_data.ssh1_host_key->rsa->n) > 0) { | ||
1264 | /* Server key has bigger modulus. */ | ||
1265 | if (BN_num_bits(sensitive_data.server_key->rsa->n) < | ||
1266 | BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { | ||
1267 | fatal("do_connection: %s: server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", | ||
1268 | get_remote_ipaddr(), | ||
1269 | BN_num_bits(sensitive_data.server_key->rsa->n), | ||
1270 | BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), | ||
1271 | SSH_KEY_BITS_RESERVED); | ||
1272 | } | ||
1273 | if (rsa_private_decrypt(session_key_int, session_key_int, | ||
1274 | sensitive_data.server_key->rsa) <= 0) | ||
1275 | rsafail++; | ||
1276 | if (rsa_private_decrypt(session_key_int, session_key_int, | ||
1277 | sensitive_data.ssh1_host_key->rsa) <= 0) | ||
1278 | rsafail++; | ||
1279 | } else { | ||
1280 | /* Host key has bigger modulus (or they are equal). */ | ||
1281 | if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) < | ||
1282 | BN_num_bits(sensitive_data.server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { | ||
1283 | fatal("do_connection: %s: host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d", | ||
1284 | get_remote_ipaddr(), | ||
1285 | BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), | ||
1286 | BN_num_bits(sensitive_data.server_key->rsa->n), | ||
1287 | SSH_KEY_BITS_RESERVED); | ||
1288 | } | ||
1289 | if (rsa_private_decrypt(session_key_int, session_key_int, | ||
1290 | sensitive_data.ssh1_host_key->rsa) < 0) | ||
1291 | rsafail++; | ||
1292 | if (rsa_private_decrypt(session_key_int, session_key_int, | ||
1293 | sensitive_data.server_key->rsa) < 0) | ||
1294 | rsafail++; | ||
1295 | } | ||
1296 | return (rsafail); | ||
1297 | } | ||
1298 | /* | ||
1255 | * SSH1 key exchange | 1299 | * SSH1 key exchange |
1256 | */ | 1300 | */ |
1257 | static void | 1301 | static void |
@@ -1366,43 +1410,8 @@ do_ssh1_kex(void) | |||
1366 | packet_set_protocol_flags(protocol_flags); | 1410 | packet_set_protocol_flags(protocol_flags); |
1367 | packet_check_eom(); | 1411 | packet_check_eom(); |
1368 | 1412 | ||
1369 | /* | 1413 | /* Decrypt session_key_int using host/server keys */ |
1370 | * Decrypt it using our private server key and private host key (key | 1414 | rsafail = ssh1_session_key(session_key_int); |
1371 | * with larger modulus first). | ||
1372 | */ | ||
1373 | if (BN_cmp(sensitive_data.server_key->rsa->n, sensitive_data.ssh1_host_key->rsa->n) > 0) { | ||
1374 | /* Server key has bigger modulus. */ | ||
1375 | if (BN_num_bits(sensitive_data.server_key->rsa->n) < | ||
1376 | BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { | ||
1377 | fatal("do_connection: %s: server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", | ||
1378 | get_remote_ipaddr(), | ||
1379 | BN_num_bits(sensitive_data.server_key->rsa->n), | ||
1380 | BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), | ||
1381 | SSH_KEY_BITS_RESERVED); | ||
1382 | } | ||
1383 | if (rsa_private_decrypt(session_key_int, session_key_int, | ||
1384 | sensitive_data.server_key->rsa) <= 0) | ||
1385 | rsafail++; | ||
1386 | if (rsa_private_decrypt(session_key_int, session_key_int, | ||
1387 | sensitive_data.ssh1_host_key->rsa) <= 0) | ||
1388 | rsafail++; | ||
1389 | } else { | ||
1390 | /* Host key has bigger modulus (or they are equal). */ | ||
1391 | if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) < | ||
1392 | BN_num_bits(sensitive_data.server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { | ||
1393 | fatal("do_connection: %s: host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d", | ||
1394 | get_remote_ipaddr(), | ||
1395 | BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), | ||
1396 | BN_num_bits(sensitive_data.server_key->rsa->n), | ||
1397 | SSH_KEY_BITS_RESERVED); | ||
1398 | } | ||
1399 | if (rsa_private_decrypt(session_key_int, session_key_int, | ||
1400 | sensitive_data.ssh1_host_key->rsa) < 0) | ||
1401 | rsafail++; | ||
1402 | if (rsa_private_decrypt(session_key_int, session_key_int, | ||
1403 | sensitive_data.server_key->rsa) < 0) | ||
1404 | rsafail++; | ||
1405 | } | ||
1406 | /* | 1415 | /* |
1407 | * Extract session key from the decrypted integer. The key is in the | 1416 | * Extract session key from the decrypted integer. The key is in the |
1408 | * least significant 256 bits of the integer; the first byte of the | 1417 | * least significant 256 bits of the integer; the first byte of the |