- markus@cvs.openbsd.org 2001/06/23 06:41:10

[ssh-keygen.c] try to decode ssh-3.0.0 private rsa keys (allow migration to openssh, not vice versa), #910
author: Ben Lindstrom <mouring@eviladmin.org> 2001-06-25 04:47:54 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2001-06-25 04:47:54 +0000
commit: 34f91883a6f3123656b0a8017d68b658f7cf2403 (patch)
tree: cd6d3386df38e8a2a6702bcdbf08365f12ba9472
parent: 90fd060bc852072ebe351ddacaced7c267d53f96 (diff)
2 files changed, 26 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index f53da6f85..a663e1210 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -63,6 +63,10 @@
   - deraadt@cvs.openbsd.org 2001/06/23 05:57:09
     [sftp.1 sftp-server.8 ssh-keygen.1]
     ok, tmac is now fixed
+   - markus@cvs.openbsd.org 2001/06/23 06:41:10
+     [ssh-keygen.c]
+     try to decode ssh-3.0.0 private rsa keys
+     (allow migration to openssh, not vice versa), #910
 20010622
 - (stevesk) handle systems without pw_expire and pw_change.
@@ -5747,4 +5751,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1313 2001/06/25 04:45:33 mouring Exp $
+$Id: ChangeLog,v 1.1314 2001/06/25 04:47:54 mouring Exp $
diff --git a/ssh-keygen.c b/ssh-keygen.c
index d1b2a583a..bd7eea9af 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.61 2001/05/25 14:37:32 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.62 2001/06/23 06:41:10 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -187,7 +187,8 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
 {
        Buffer b;
        Key *key = NULL;
-        int ignore, magic, rlen, ktype;
+        int magic, rlen, ktype, i1, i2, i3, i4;
+        u_long e;
        char *type, *cipher;
        buffer_init(&b);
@@ -199,13 +200,13 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
                buffer_free(&b);
                return NULL;
        }
-        ignore = buffer_get_int(&b);
+        i1 = buffer_get_int(&b);
        type   = buffer_get_string(&b, NULL);
        cipher = buffer_get_string(&b, NULL);
-        ignore = buffer_get_int(&b);
+        i2 = buffer_get_int(&b);
-        ignore = buffer_get_int(&b);
+        i3 = buffer_get_int(&b);
-        ignore = buffer_get_int(&b);
+        i4 = buffer_get_int(&b);
+        debug("ignore (%d %d %d %d)", i1,i2,i3,i4);
        if (strcmp(cipher, "none") != 0) {
                error("unsupported cipher %s", cipher);
                xfree(cipher);
@@ -235,7 +236,17 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
                buffer_get_bignum_bits(&b, key->dsa->priv_key);
                break;
        case KEY_RSA:
-                if (!BN_set_word(key->rsa->e, (u_long) buffer_get_char(&b))) {
+                e  = buffer_get_char(&b);
+                debug("e %lx", e);
+                if (e < 30) {
+                        e <<= 8;
+                        e += buffer_get_char(&b);
+                        debug("e %lx", e);
+                        e <<= 8;
+                        e += buffer_get_char(&b);
+                        debug("e %lx", e);
+                }
+                if (!BN_set_word(key->rsa->e, e)) {
                        buffer_free(&b);
                        key_free(key);
                        return NULL;
@@ -258,8 +269,8 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
                u_int slen;
                u_char *sig, data[10] = "abcde12345";
-                key_sign(key, &sig, &slen, data, sizeof data);
+                key_sign(key, &sig, &slen, data, sizeof(data));
-                key_verify(key, sig, slen, data, sizeof data);
+                key_verify(key, sig, slen, data, sizeof(data));
                xfree(sig);
        }
 #endif
author	Ben Lindstrom <mouring@eviladmin.org>	2001-06-25 04:47:54 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2001-06-25 04:47:54 +0000
commit	34f91883a6f3123656b0a8017d68b658f7cf2403 (patch)
tree	cd6d3386df38e8a2a6702bcdbf08365f12ba9472
parent	90fd060bc852072ebe351ddacaced7c267d53f96 (diff)

diff --git a/ChangeLog b/ChangeLog index f53da6f85..a663e1210 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -63,6 +63,10 @@
63	- deraadt@cvs.openbsd.org 2001/06/23 05:57:09	63	- deraadt@cvs.openbsd.org 2001/06/23 05:57:09
64	[sftp.1 sftp-server.8 ssh-keygen.1]	64	[sftp.1 sftp-server.8 ssh-keygen.1]
65	ok, tmac is now fixed	65	ok, tmac is now fixed
		66	- markus@cvs.openbsd.org 2001/06/23 06:41:10
		67	[ssh-keygen.c]
		68	try to decode ssh-3.0.0 private rsa keys
		69	(allow migration to openssh, not vice versa), #910
66		70
67	20010622	71	20010622
68	- (stevesk) handle systems without pw_expire and pw_change.	72	- (stevesk) handle systems without pw_expire and pw_change.
@@ -5747,4 +5751,4 @@
5747	- Wrote replacements for strlcpy and mkdtemp	5751	- Wrote replacements for strlcpy and mkdtemp
5748	- Released 1.0pre1	5752	- Released 1.0pre1
5749		5753
5750	$Id: ChangeLog,v 1.1313 2001/06/25 04:45:33 mouring Exp $	5754	$Id: ChangeLog,v 1.1314 2001/06/25 04:47:54 mouring Exp $


diff --git a/ssh-keygen.c b/ssh-keygen.c index d1b2a583a..bd7eea9af 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12	*/	12	*/
13		13
14	#include "includes.h"	14	#include "includes.h"
15	RCSID("$OpenBSD: ssh-keygen.c,v 1.61 2001/05/25 14:37:32 markus Exp $");	15	RCSID("$OpenBSD: ssh-keygen.c,v 1.62 2001/06/23 06:41:10 markus Exp $");
16		16
17	#include <openssl/evp.h>	17	#include <openssl/evp.h>
18	#include <openssl/pem.h>	18	#include <openssl/pem.h>
@@ -187,7 +187,8 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
187	{	187	{
188	Buffer b;	188	Buffer b;
189	Key *key = NULL;	189	Key *key = NULL;
190	int ignore, magic, rlen, ktype;	190	int magic, rlen, ktype, i1, i2, i3, i4;
		191	u_long e;
191	char type, cipher;	192	char type, cipher;
192		193
193	buffer_init(&b);	194	buffer_init(&b);
@@ -199,13 +200,13 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
199	buffer_free(&b);	200	buffer_free(&b);
200	return NULL;	201	return NULL;
201	}	202	}
202	ignore = buffer_get_int(&b);	203	i1 = buffer_get_int(&b);
203	type = buffer_get_string(&b, NULL);	204	type = buffer_get_string(&b, NULL);
204	cipher = buffer_get_string(&b, NULL);	205	cipher = buffer_get_string(&b, NULL);
205	ignore = buffer_get_int(&b);	206	i2 = buffer_get_int(&b);
206	ignore = buffer_get_int(&b);	207	i3 = buffer_get_int(&b);
207	ignore = buffer_get_int(&b);	208	i4 = buffer_get_int(&b);
208		209	debug("ignore (%d %d %d %d)", i1,i2,i3,i4);
209	if (strcmp(cipher, "none") != 0) {	210	if (strcmp(cipher, "none") != 0) {
210	error("unsupported cipher %s", cipher);	211	error("unsupported cipher %s", cipher);
211	xfree(cipher);	212	xfree(cipher);
@@ -235,7 +236,17 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
235	buffer_get_bignum_bits(&b, key->dsa->priv_key);	236	buffer_get_bignum_bits(&b, key->dsa->priv_key);
236	break;	237	break;
237	case KEY_RSA:	238	case KEY_RSA:
238	if (!BN_set_word(key->rsa->e, (u_long) buffer_get_char(&b))) {	239	e = buffer_get_char(&b);
		240	debug("e %lx", e);
		241	if (e < 30) {
		242	e <<= 8;
		243	e += buffer_get_char(&b);
		244	debug("e %lx", e);
		245	e <<= 8;
		246	e += buffer_get_char(&b);
		247	debug("e %lx", e);
		248	}
		249	if (!BN_set_word(key->rsa->e, e)) {
239	buffer_free(&b);	250	buffer_free(&b);
240	key_free(key);	251	key_free(key);
241	return NULL;	252	return NULL;
@@ -258,8 +269,8 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
258	u_int slen;	269	u_int slen;
259	u_char *sig, data[10] = "abcde12345";	270	u_char *sig, data[10] = "abcde12345";
260		271
261	key_sign(key, &sig, &slen, data, sizeof data);	272	key_sign(key, &sig, &slen, data, sizeof(data));
262	key_verify(key, sig, slen, data, sizeof data);	273	key_verify(key, sig, slen, data, sizeof(data));
263	xfree(sig);	274	xfree(sig);
264	}	275	}
265	#endif	276	#endif