diff options
author | Damien Miller <djm@mindrot.org> | 1999-11-16 13:37:16 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 1999-11-16 13:37:16 +1100 |
commit | 7e8e820153a620ab1dcd81857a7de0969c41d043 (patch) | |
tree | 226cc4185feae97f4069ad60b4c18d259aa5df2f /authfd.c | |
parent | 4874c79a3a05fc18678d7a85d7091f5139630fac (diff) |
- Merged OpenBSD CVS changes:
- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
[mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
the keysize of rsa-parameter 'n' is passed implizit,
a few more checks and warnings about 'pretended' keysizes.
- [cipher.c cipher.h packet.c packet.h sshd.c]
remove support for cipher RC4
- [ssh.c]
a note for legay systems about secuity issues with permanently_set_uid(),
the private hostkey and ptrace()
- [sshconnect.c]
more detailed messages about adding and checking hostkeys
Diffstat (limited to 'authfd.c')
-rw-r--r-- | authfd.c | 20 |
1 files changed, 13 insertions, 7 deletions
@@ -14,7 +14,7 @@ Functions for connecting the local authentication agent. | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$Id: authfd.c,v 1.3 1999/11/12 23:51:58 damien Exp $"); | 17 | RCSID("$Id: authfd.c,v 1.4 1999/11/16 02:37:16 damien Exp $"); |
18 | 18 | ||
19 | #include "ssh.h" | 19 | #include "ssh.h" |
20 | #include "rsa.h" | 20 | #include "rsa.h" |
@@ -117,7 +117,7 @@ void ssh_close_authentication_connection(AuthenticationConnection *ac) | |||
117 | 117 | ||
118 | int | 118 | int |
119 | ssh_get_first_identity(AuthenticationConnection *auth, | 119 | ssh_get_first_identity(AuthenticationConnection *auth, |
120 | int *bitsp, BIGNUM *e, BIGNUM *n, char **comment) | 120 | BIGNUM *e, BIGNUM *n, char **comment) |
121 | { | 121 | { |
122 | unsigned char msg[8192]; | 122 | unsigned char msg[8192]; |
123 | int len, l; | 123 | int len, l; |
@@ -179,7 +179,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, | |||
179 | fatal("Too many identities in authentication reply: %d\n", auth->howmany); | 179 | fatal("Too many identities in authentication reply: %d\n", auth->howmany); |
180 | 180 | ||
181 | /* Return the first entry (if any). */ | 181 | /* Return the first entry (if any). */ |
182 | return ssh_get_next_identity(auth, bitsp, e, n, comment); | 182 | return ssh_get_next_identity(auth, e, n, comment); |
183 | } | 183 | } |
184 | 184 | ||
185 | /* Returns the next authentication identity for the agent. Other functions | 185 | /* Returns the next authentication identity for the agent. Other functions |
@@ -189,19 +189,25 @@ ssh_get_first_identity(AuthenticationConnection *auth, | |||
189 | 189 | ||
190 | int | 190 | int |
191 | ssh_get_next_identity(AuthenticationConnection *auth, | 191 | ssh_get_next_identity(AuthenticationConnection *auth, |
192 | int *bitsp, BIGNUM *e, BIGNUM *n, char **comment) | 192 | BIGNUM *e, BIGNUM *n, char **comment) |
193 | { | 193 | { |
194 | unsigned int bits; | ||
195 | |||
194 | /* Return failure if no more entries. */ | 196 | /* Return failure if no more entries. */ |
195 | if (auth->howmany <= 0) | 197 | if (auth->howmany <= 0) |
196 | return 0; | 198 | return 0; |
197 | 199 | ||
198 | /* Get the next entry from the packet. These will abort with a fatal | 200 | /* Get the next entry from the packet. These will abort with a fatal |
199 | error if the packet is too short or contains corrupt data. */ | 201 | error if the packet is too short or contains corrupt data. */ |
200 | *bitsp = buffer_get_int(&auth->identities); | 202 | bits = buffer_get_int(&auth->identities); |
201 | buffer_get_bignum(&auth->identities, e); | 203 | buffer_get_bignum(&auth->identities, e); |
202 | buffer_get_bignum(&auth->identities, n); | 204 | buffer_get_bignum(&auth->identities, n); |
203 | *comment = buffer_get_string(&auth->identities, NULL); | 205 | *comment = buffer_get_string(&auth->identities, NULL); |
204 | 206 | ||
207 | if (bits != BN_num_bits(n)) | ||
208 | error("Warning: keysize mismatch: actual %d, announced %s", | ||
209 | BN_num_bits(n), bits); | ||
210 | |||
205 | /* Decrement the number of remaining entries. */ | 211 | /* Decrement the number of remaining entries. */ |
206 | auth->howmany--; | 212 | auth->howmany--; |
207 | 213 | ||
@@ -216,7 +222,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, | |||
216 | 222 | ||
217 | int | 223 | int |
218 | ssh_decrypt_challenge(AuthenticationConnection *auth, | 224 | ssh_decrypt_challenge(AuthenticationConnection *auth, |
219 | int bits, BIGNUM *e, BIGNUM *n, BIGNUM *challenge, | 225 | BIGNUM *e, BIGNUM *n, BIGNUM *challenge, |
220 | unsigned char session_id[16], | 226 | unsigned char session_id[16], |
221 | unsigned int response_type, | 227 | unsigned int response_type, |
222 | unsigned char response[16]) | 228 | unsigned char response[16]) |
@@ -233,7 +239,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, | |||
233 | buf[0] = SSH_AGENTC_RSA_CHALLENGE; | 239 | buf[0] = SSH_AGENTC_RSA_CHALLENGE; |
234 | buffer_init(&buffer); | 240 | buffer_init(&buffer); |
235 | buffer_append(&buffer, (char *)buf, 1); | 241 | buffer_append(&buffer, (char *)buf, 1); |
236 | buffer_put_int(&buffer, bits); | 242 | buffer_put_int(&buffer, BN_num_bits(n)); |
237 | buffer_put_bignum(&buffer, e); | 243 | buffer_put_bignum(&buffer, e); |
238 | buffer_put_bignum(&buffer, n); | 244 | buffer_put_bignum(&buffer, n); |
239 | buffer_put_bignum(&buffer, challenge); | 245 | buffer_put_bignum(&buffer, challenge); |