diff options
author | djm@openbsd.org <djm@openbsd.org> | 2017-04-30 23:10:43 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-05-01 09:37:40 +1000 |
commit | 56912dea6ef63dae4eb1194e5d88973a7c6c5740 (patch) | |
tree | c0425585449d257a90a42efce5f602f7ce16779f /authfd.c | |
parent | d4084cd230f7319056559b00db8b99296dad49d5 (diff) |
upstream commit
unifdef WITH_SSH1 ok markus@
Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
Diffstat (limited to 'authfd.c')
-rw-r--r-- | authfd.c | 123 |
1 files changed, 1 insertions, 122 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.c,v 1.100 2015/12/04 16:41:28 markus Exp $ */ | 1 | /* $OpenBSD: authfd.c,v 1.101 2017/04/30 23:10:43 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -199,43 +199,6 @@ ssh_lock_agent(int sock, int lock, const char *password) | |||
199 | return r; | 199 | return r; |
200 | } | 200 | } |
201 | 201 | ||
202 | #ifdef WITH_SSH1 | ||
203 | static int | ||
204 | deserialise_identity1(struct sshbuf *ids, struct sshkey **keyp, char **commentp) | ||
205 | { | ||
206 | struct sshkey *key; | ||
207 | int r, keybits; | ||
208 | u_int32_t bits; | ||
209 | char *comment = NULL; | ||
210 | |||
211 | if ((key = sshkey_new(KEY_RSA1)) == NULL) | ||
212 | return SSH_ERR_ALLOC_FAIL; | ||
213 | if ((r = sshbuf_get_u32(ids, &bits)) != 0 || | ||
214 | (r = sshbuf_get_bignum1(ids, key->rsa->e)) != 0 || | ||
215 | (r = sshbuf_get_bignum1(ids, key->rsa->n)) != 0 || | ||
216 | (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0) | ||
217 | goto out; | ||
218 | keybits = BN_num_bits(key->rsa->n); | ||
219 | /* XXX previously we just warned here. I think we should be strict */ | ||
220 | if (keybits < 0 || bits != (u_int)keybits) { | ||
221 | r = SSH_ERR_KEY_BITS_MISMATCH; | ||
222 | goto out; | ||
223 | } | ||
224 | if (keyp != NULL) { | ||
225 | *keyp = key; | ||
226 | key = NULL; | ||
227 | } | ||
228 | if (commentp != NULL) { | ||
229 | *commentp = comment; | ||
230 | comment = NULL; | ||
231 | } | ||
232 | r = 0; | ||
233 | out: | ||
234 | sshkey_free(key); | ||
235 | free(comment); | ||
236 | return r; | ||
237 | } | ||
238 | #endif | ||
239 | 202 | ||
240 | static int | 203 | static int |
241 | deserialise_identity2(struct sshbuf *ids, struct sshkey **keyp, char **commentp) | 204 | deserialise_identity2(struct sshbuf *ids, struct sshkey **keyp, char **commentp) |
@@ -331,11 +294,6 @@ ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp) | |||
331 | for (i = 0; i < num;) { | 294 | for (i = 0; i < num;) { |
332 | switch (version) { | 295 | switch (version) { |
333 | case 1: | 296 | case 1: |
334 | #ifdef WITH_SSH1 | ||
335 | if ((r = deserialise_identity1(msg, | ||
336 | &(idl->keys[i]), &(idl->comments[i]))) != 0) | ||
337 | goto out; | ||
338 | #endif | ||
339 | break; | 297 | break; |
340 | case 2: | 298 | case 2: |
341 | if ((r = deserialise_identity2(msg, | 299 | if ((r = deserialise_identity2(msg, |
@@ -385,46 +343,6 @@ ssh_free_identitylist(struct ssh_identitylist *idl) | |||
385 | * otherwise. | 343 | * otherwise. |
386 | */ | 344 | */ |
387 | 345 | ||
388 | #ifdef WITH_SSH1 | ||
389 | int | ||
390 | ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge, | ||
391 | u_char session_id[16], u_char response[16]) | ||
392 | { | ||
393 | struct sshbuf *msg; | ||
394 | int r; | ||
395 | u_char type; | ||
396 | |||
397 | if (key->type != KEY_RSA1) | ||
398 | return SSH_ERR_INVALID_ARGUMENT; | ||
399 | if ((msg = sshbuf_new()) == NULL) | ||
400 | return SSH_ERR_ALLOC_FAIL; | ||
401 | if ((r = sshbuf_put_u8(msg, SSH_AGENTC_RSA_CHALLENGE)) != 0 || | ||
402 | (r = sshbuf_put_u32(msg, BN_num_bits(key->rsa->n))) != 0 || | ||
403 | (r = sshbuf_put_bignum1(msg, key->rsa->e)) != 0 || | ||
404 | (r = sshbuf_put_bignum1(msg, key->rsa->n)) != 0 || | ||
405 | (r = sshbuf_put_bignum1(msg, challenge)) != 0 || | ||
406 | (r = sshbuf_put(msg, session_id, 16)) != 0 || | ||
407 | (r = sshbuf_put_u32(msg, 1)) != 0) /* Response type for proto 1.1 */ | ||
408 | goto out; | ||
409 | if ((r = ssh_request_reply(sock, msg, msg)) != 0) | ||
410 | goto out; | ||
411 | if ((r = sshbuf_get_u8(msg, &type)) != 0) | ||
412 | goto out; | ||
413 | if (agent_failed(type)) { | ||
414 | r = SSH_ERR_AGENT_FAILURE; | ||
415 | goto out; | ||
416 | } else if (type != SSH_AGENT_RSA_RESPONSE) { | ||
417 | r = SSH_ERR_INVALID_FORMAT; | ||
418 | goto out; | ||
419 | } | ||
420 | if ((r = sshbuf_get(msg, response, 16)) != 0) | ||
421 | goto out; | ||
422 | r = 0; | ||
423 | out: | ||
424 | sshbuf_free(msg); | ||
425 | return r; | ||
426 | } | ||
427 | #endif | ||
428 | 346 | ||
429 | /* encode signature algoritm in flag bits, so we can keep the msg format */ | 347 | /* encode signature algoritm in flag bits, so we can keep the msg format */ |
430 | static u_int | 348 | static u_int |
@@ -494,25 +412,6 @@ ssh_agent_sign(int sock, struct sshkey *key, | |||
494 | 412 | ||
495 | /* Encode key for a message to the agent. */ | 413 | /* Encode key for a message to the agent. */ |
496 | 414 | ||
497 | #ifdef WITH_SSH1 | ||
498 | static int | ||
499 | ssh_encode_identity_rsa1(struct sshbuf *b, RSA *key, const char *comment) | ||
500 | { | ||
501 | int r; | ||
502 | |||
503 | /* To keep within the protocol: p < q for ssh. in SSL p > q */ | ||
504 | if ((r = sshbuf_put_u32(b, BN_num_bits(key->n))) != 0 || | ||
505 | (r = sshbuf_put_bignum1(b, key->n)) != 0 || | ||
506 | (r = sshbuf_put_bignum1(b, key->e)) != 0 || | ||
507 | (r = sshbuf_put_bignum1(b, key->d)) != 0 || | ||
508 | (r = sshbuf_put_bignum1(b, key->iqmp)) != 0 || | ||
509 | (r = sshbuf_put_bignum1(b, key->q)) != 0 || | ||
510 | (r = sshbuf_put_bignum1(b, key->p)) != 0 || | ||
511 | (r = sshbuf_put_cstring(b, comment)) != 0) | ||
512 | return r; | ||
513 | return 0; | ||
514 | } | ||
515 | #endif | ||
516 | 415 | ||
517 | static int | 416 | static int |
518 | ssh_encode_identity_ssh2(struct sshbuf *b, struct sshkey *key, | 417 | ssh_encode_identity_ssh2(struct sshbuf *b, struct sshkey *key, |
@@ -561,16 +460,6 @@ ssh_add_identity_constrained(int sock, struct sshkey *key, const char *comment, | |||
561 | return SSH_ERR_ALLOC_FAIL; | 460 | return SSH_ERR_ALLOC_FAIL; |
562 | 461 | ||
563 | switch (key->type) { | 462 | switch (key->type) { |
564 | #ifdef WITH_SSH1 | ||
565 | case KEY_RSA1: | ||
566 | type = constrained ? | ||
567 | SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : | ||
568 | SSH_AGENTC_ADD_RSA_IDENTITY; | ||
569 | if ((r = sshbuf_put_u8(msg, type)) != 0 || | ||
570 | (r = ssh_encode_identity_rsa1(msg, key->rsa, comment)) != 0) | ||
571 | goto out; | ||
572 | break; | ||
573 | #endif | ||
574 | #ifdef WITH_OPENSSL | 463 | #ifdef WITH_OPENSSL |
575 | case KEY_RSA: | 464 | case KEY_RSA: |
576 | case KEY_RSA_CERT: | 465 | case KEY_RSA_CERT: |
@@ -620,16 +509,6 @@ ssh_remove_identity(int sock, struct sshkey *key) | |||
620 | if ((msg = sshbuf_new()) == NULL) | 509 | if ((msg = sshbuf_new()) == NULL) |
621 | return SSH_ERR_ALLOC_FAIL; | 510 | return SSH_ERR_ALLOC_FAIL; |
622 | 511 | ||
623 | #ifdef WITH_SSH1 | ||
624 | if (key->type == KEY_RSA1) { | ||
625 | if ((r = sshbuf_put_u8(msg, | ||
626 | SSH_AGENTC_REMOVE_RSA_IDENTITY)) != 0 || | ||
627 | (r = sshbuf_put_u32(msg, BN_num_bits(key->rsa->n))) != 0 || | ||
628 | (r = sshbuf_put_bignum1(msg, key->rsa->e)) != 0 || | ||
629 | (r = sshbuf_put_bignum1(msg, key->rsa->n)) != 0) | ||
630 | goto out; | ||
631 | } else | ||
632 | #endif | ||
633 | if (key->type != KEY_UNSPEC) { | 512 | if (key->type != KEY_UNSPEC) { |
634 | if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) | 513 | if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) |
635 | goto out; | 514 | goto out; |