- Merged OpenBSD CVS changes:

   - [rsa.c] bugfix: use correct size for memset()
   - [sshconnect.c] warn if announced size of modulus 'n' != real size

3 files changed, 38 insertions, 24 deletions

diff --git a/ChangeLog b/ChangeLog
index 368f1f674..47f90bc2f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
  - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
  - Autodetection of RSAref library for US users
  - Minor doc updates
+ - Merged OpenBSD CVS changes:
+   - [rsa.c] bugfix: use correct size for memset()
+   - [sshconnect.c] warn if announced size of modulus 'n' != real size
 
 19991108
  - Removed debian/ directory. This is now being maintained separately.
diff --git a/rsa.c b/rsa.c
index 6845fab9d..61e53759d 100644
--- a/rsa.c
+++ b/rsa.c
@@ -35,7 +35,7 @@ Description of the RSA algorithm can be found e.g. from the following sources:
 */
 
 #include "includes.h"
-RCSID("$Id: rsa.c,v 1.2 1999/11/08 04:30:59 damien Exp $");
+RCSID("$Id: rsa.c,v 1.3 1999/11/08 23:35:52 damien Exp $");
 
 #include "rsa.h"
 #include "ssh.h"
@@ -110,28 +110,26 @@ void
 rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA* key)
 {
   char *inbuf, *outbuf;
-  int in_len;
-  int out_len;
-  int len;
+  int len, ilen, olen;
 
   if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
     fatal("rsa_public_encrypt() exponent too small or not odd");
 
-  out_len = BN_num_bytes(key->n);
-  outbuf = xmalloc(out_len);
+  olen = BN_num_bytes(key->n);
+  outbuf = xmalloc(olen);
 
-  in_len = BN_num_bytes(in);
-  inbuf = xmalloc(in_len);
+  ilen = BN_num_bytes(in);
+  inbuf = xmalloc(ilen);
   BN_bn2bin(in, inbuf);
 
-  if ((len = RSA_public_encrypt(in_len, inbuf, outbuf, key,
+  if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key,
                                 RSA_PKCS1_PADDING)) <= 0)
     fatal("rsa_public_encrypt() failed");
 
   BN_bin2bn(outbuf, len, out);
 
-  memset(outbuf, 0, out_len);
-  memset(inbuf, 0, in_len);
+  memset(outbuf, 0, olen);
+  memset(inbuf, 0, ilen);
   xfree(outbuf);
   xfree(inbuf);
 }
@@ -140,25 +138,23 @@ void
 rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
 {
   char *inbuf, *outbuf;
-  int in_len;
-  int out_len;
-  int len;
+  int len, ilen, olen;
 
-  out_len = BN_num_bytes(key->n);
-  outbuf = xmalloc(out_len);
+  olen = BN_num_bytes(key->n);
+  outbuf = xmalloc(olen);
 
-  in_len = BN_num_bytes(in);
-  inbuf = xmalloc(in_len);
+  ilen = BN_num_bytes(in);
+  inbuf = xmalloc(ilen);
   BN_bn2bin(in, inbuf);
 
-  if ((len = RSA_private_decrypt(in_len, inbuf, outbuf, key,
+  if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
                                  RSA_SSLV23_PADDING)) <= 0)
     fatal("rsa_private_decrypt() failed");
 
   BN_bin2bn(outbuf, len, out);
 
-  memset(outbuf, 0, out_len);
-  memset(inbuf, 0, in_len);
+  memset(outbuf, 0, olen);
+  memset(inbuf, 0, ilen);
   xfree(outbuf);
   xfree(inbuf);
 }
diff --git a/sshconnect.c b/sshconnect.c
index a6f3788f5..a16e25a8d 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -16,7 +16,7 @@ login (authentication) dialog.
 
 #include "config.h"
 #include "includes.h"
-RCSID("$Id: sshconnect.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
+RCSID("$Id: sshconnect.c,v 1.5 1999/11/08 23:35:52 damien Exp $");
 
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
@@ -1022,6 +1022,7 @@ void ssh_login(int host_key_valid,
   BIGNUM *key;
   RSA *host_key, *file_key;
   RSA *public_key;
+  int bits, rbits;
   unsigned char session_key[SSH_SESSION_KEY_LENGTH];
   const char *server_user, *local_user;
   char *cp, *host, *ip = NULL;
@@ -1068,7 +1069,7 @@ void ssh_login(int host_key_valid,
 
   /* Get the public key. */
   public_key = RSA_new();
-  packet_get_int();     /* bits */
+  bits = packet_get_int();      /* bits */
   public_key->e = BN_new();
   packet_get_bignum(public_key->e, &clen);
   sum_len += clen;
@@ -1076,9 +1077,16 @@ void ssh_login(int host_key_valid,
   packet_get_bignum(public_key->n, &clen);
   sum_len += clen;
 
+  rbits = BN_num_bits(public_key->n);
+  if (bits != rbits) {
+    log("Warning: Server lies about size of server public key,");
+    log("Warning: this may be due to an old implementation of ssh.");
+    log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits);
+  }
+
   /* Get the host key. */
   host_key = RSA_new();
-  packet_get_int();     /* bits */
+  bits = packet_get_int();      /* bits */
   host_key->e = BN_new();
   packet_get_bignum(host_key->e, &clen);
   sum_len += clen;
@@ -1086,6 +1094,13 @@ void ssh_login(int host_key_valid,
   packet_get_bignum(host_key->n, &clen);
   sum_len += clen;
 
+  rbits = BN_num_bits(host_key->n);
+  if (bits != rbits) {
+    log("Warning: Server lies about size of server host key,");
+    log("Warning: this may be due to an old implementation of ssh.");
+    log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits);
+  }
+
   /* Store the host key from the known host file in here
    * so that we can compare it with the key for the IP
    * address. */