diff options
author | Damien Miller <djm@mindrot.org> | 2000-10-14 16:23:11 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-10-14 16:23:11 +1100 |
commit | 874d77bb134a21a5cf625956b60173376a993ba8 (patch) | |
tree | 93dd73b2ff1fbf0ad5f3978a2c4e0d8438a0bf7c /authfile.c | |
parent | 89d9796fbedef4eed6956a2c095c7cc25330c28d (diff) |
- (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org 2000/09/30 10:27:44
[log.c]
allow loglevel debug
- markus@cvs.openbsd.org 2000/10/03 11:59:57
[packet.c]
hmac->mac
- markus@cvs.openbsd.org 2000/10/03 12:03:03
[auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
move fake-auth from auth1.c to individual auth methods, disables s/key in
debug-msg
- markus@cvs.openbsd.org 2000/10/03 12:16:48
ssh.c
do not resolve canonname, i have no idea why this was added oin ossh
- markus@cvs.openbsd.org 2000/10/09 15:30:44
ssh-keygen.1 ssh-keygen.c
-X now reads private ssh.com DSA keys, too.
- markus@cvs.openbsd.org 2000/10/09 15:32:34
auth-options.c
clear options on every call.
- markus@cvs.openbsd.org 2000/10/09 15:51:00
authfd.c authfd.h
interop with ssh-agent2, from <res@shore.net>
- markus@cvs.openbsd.org 2000/10/10 14:20:45
compat.c
use rexexp for version string matching
- provos@cvs.openbsd.org 2000/10/10 22:02:18
[kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
First rough implementation of the diffie-hellman group exchange. The
client can ask the server for bigger groups to perform the diffie-hellman
in, thus increasing the attack complexity when using ciphers with longer
keys. University of Windsor provided network, T the company.
- markus@cvs.openbsd.org 2000/10/11 13:59:52
[auth-rsa.c auth2.c]
clear auth options unless auth sucessfull
- markus@cvs.openbsd.org 2000/10/11 14:00:27
[auth-options.h]
clear auth options unless auth sucessfull
- markus@cvs.openbsd.org 2000/10/11 14:03:27
[scp.1 scp.c]
support 'scp -o' with help from mouring@pconline.com
- markus@cvs.openbsd.org 2000/10/11 14:11:35
[dh.c]
Wall
- markus@cvs.openbsd.org 2000/10/11 14:14:40
[auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
[ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
add support for s/key (kbd-interactive) to ssh2, based on work by
mkiernan@avantgo.com and me
- markus@cvs.openbsd.org 2000/10/11 14:27:24
[auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
[myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
[sshconnect2.c sshd.c]
new cipher framework
- markus@cvs.openbsd.org 2000/10/11 14:45:21
[cipher.c]
remove DES
- markus@cvs.openbsd.org 2000/10/12 03:59:20
[cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
enable DES in SSH-1 clients only
- markus@cvs.openbsd.org 2000/10/12 08:21:13
[kex.h packet.c]
remove unused
- markus@cvs.openbsd.org 2000/10/13 12:34:46
[sshd.c]
Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
- markus@cvs.openbsd.org 2000/10/13 12:59:15
[cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
rijndael/aes support
- markus@cvs.openbsd.org 2000/10/13 13:10:54
[sshd.8]
more info about -V
- markus@cvs.openbsd.org 2000/10/13 13:12:02
[myproposal.h]
prefer no compression
Diffstat (limited to 'authfile.c')
-rw-r--r-- | authfile.c | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/authfile.c b/authfile.c index afedd7bbb..d1a97d773 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -36,7 +36,7 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: authfile.c,v 1.19 2000/09/07 20:27:49 deraadt Exp $"); | 39 | RCSID("$OpenBSD: authfile.c,v 1.20 2000/10/11 20:27:23 markus Exp $"); |
40 | 40 | ||
41 | #include <openssl/bn.h> | 41 | #include <openssl/bn.h> |
42 | #include <openssl/dsa.h> | 42 | #include <openssl/dsa.h> |
@@ -47,7 +47,6 @@ RCSID("$OpenBSD: authfile.c,v 1.19 2000/09/07 20:27:49 deraadt Exp $"); | |||
47 | #include "xmalloc.h" | 47 | #include "xmalloc.h" |
48 | #include "buffer.h" | 48 | #include "buffer.h" |
49 | #include "bufaux.h" | 49 | #include "bufaux.h" |
50 | #include "cipher.h" | ||
51 | #include "ssh.h" | 50 | #include "ssh.h" |
52 | #include "key.h" | 51 | #include "key.h" |
53 | 52 | ||
@@ -68,8 +67,8 @@ save_private_key_rsa(const char *filename, const char *passphrase, | |||
68 | Buffer buffer, encrypted; | 67 | Buffer buffer, encrypted; |
69 | char buf[100], *cp; | 68 | char buf[100], *cp; |
70 | int fd, i; | 69 | int fd, i; |
71 | CipherContext cipher; | 70 | CipherContext ciphercontext; |
72 | int cipher_type; | 71 | Cipher *cipher; |
73 | u_int32_t rand; | 72 | u_int32_t rand; |
74 | 73 | ||
75 | /* | 74 | /* |
@@ -77,9 +76,11 @@ save_private_key_rsa(const char *filename, const char *passphrase, | |||
77 | * to another cipher; otherwise use SSH_AUTHFILE_CIPHER. | 76 | * to another cipher; otherwise use SSH_AUTHFILE_CIPHER. |
78 | */ | 77 | */ |
79 | if (strcmp(passphrase, "") == 0) | 78 | if (strcmp(passphrase, "") == 0) |
80 | cipher_type = SSH_CIPHER_NONE; | 79 | cipher = cipher_by_number(SSH_CIPHER_NONE); |
81 | else | 80 | else |
82 | cipher_type = SSH_AUTHFILE_CIPHER; | 81 | cipher = cipher_by_number(SSH_AUTHFILE_CIPHER); |
82 | if (cipher == NULL) | ||
83 | fatal("save_private_key_rsa: bad cipher"); | ||
83 | 84 | ||
84 | /* This buffer is used to built the secret part of the private key. */ | 85 | /* This buffer is used to built the secret part of the private key. */ |
85 | buffer_init(&buffer); | 86 | buffer_init(&buffer); |
@@ -116,7 +117,7 @@ save_private_key_rsa(const char *filename, const char *passphrase, | |||
116 | buffer_put_char(&encrypted, 0); | 117 | buffer_put_char(&encrypted, 0); |
117 | 118 | ||
118 | /* Store cipher type. */ | 119 | /* Store cipher type. */ |
119 | buffer_put_char(&encrypted, cipher_type); | 120 | buffer_put_char(&encrypted, cipher->number); |
120 | buffer_put_int(&encrypted, 0); /* For future extension */ | 121 | buffer_put_int(&encrypted, 0); /* For future extension */ |
121 | 122 | ||
122 | /* Store public key. This will be in plain text. */ | 123 | /* Store public key. This will be in plain text. */ |
@@ -128,11 +129,10 @@ save_private_key_rsa(const char *filename, const char *passphrase, | |||
128 | /* Allocate space for the private part of the key in the buffer. */ | 129 | /* Allocate space for the private part of the key in the buffer. */ |
129 | buffer_append_space(&encrypted, &cp, buffer_len(&buffer)); | 130 | buffer_append_space(&encrypted, &cp, buffer_len(&buffer)); |
130 | 131 | ||
131 | cipher_set_key_string(&cipher, cipher_type, passphrase); | 132 | cipher_set_key_string(&ciphercontext, cipher, passphrase); |
132 | cipher_encrypt(&cipher, (unsigned char *) cp, | 133 | cipher_encrypt(&ciphercontext, (unsigned char *) cp, |
133 | (unsigned char *) buffer_ptr(&buffer), | 134 | (unsigned char *) buffer_ptr(&buffer), buffer_len(&buffer)); |
134 | buffer_len(&buffer)); | 135 | memset(&ciphercontext, 0, sizeof(ciphercontext)); |
135 | memset(&cipher, 0, sizeof(cipher)); | ||
136 | 136 | ||
137 | /* Destroy temporary data. */ | 137 | /* Destroy temporary data. */ |
138 | memset(buf, 0, sizeof(buf)); | 138 | memset(buf, 0, sizeof(buf)); |
@@ -313,7 +313,8 @@ load_private_key_rsa(int fd, const char *filename, | |||
313 | off_t len; | 313 | off_t len; |
314 | Buffer buffer, decrypted; | 314 | Buffer buffer, decrypted; |
315 | char *cp; | 315 | char *cp; |
316 | CipherContext cipher; | 316 | CipherContext ciphercontext; |
317 | Cipher *cipher; | ||
317 | BN_CTX *ctx; | 318 | BN_CTX *ctx; |
318 | BIGNUM *aux; | 319 | BIGNUM *aux; |
319 | 320 | ||
@@ -364,10 +365,10 @@ load_private_key_rsa(int fd, const char *filename, | |||
364 | xfree(buffer_get_string(&buffer, NULL)); | 365 | xfree(buffer_get_string(&buffer, NULL)); |
365 | 366 | ||
366 | /* Check that it is a supported cipher. */ | 367 | /* Check that it is a supported cipher. */ |
367 | if (((cipher_mask1() | SSH_CIPHER_NONE | SSH_AUTHFILE_CIPHER) & | 368 | cipher = cipher_by_number(cipher_type); |
368 | (1 << cipher_type)) == 0) { | 369 | if (cipher == NULL) { |
369 | debug("Unsupported cipher %.100s used in key file %.200s.", | 370 | debug("Unsupported cipher %d used in key file %.200s.", |
370 | cipher_name(cipher_type), filename); | 371 | cipher_type, filename); |
371 | buffer_free(&buffer); | 372 | buffer_free(&buffer); |
372 | goto fail; | 373 | goto fail; |
373 | } | 374 | } |
@@ -376,11 +377,10 @@ load_private_key_rsa(int fd, const char *filename, | |||
376 | buffer_append_space(&decrypted, &cp, buffer_len(&buffer)); | 377 | buffer_append_space(&decrypted, &cp, buffer_len(&buffer)); |
377 | 378 | ||
378 | /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ | 379 | /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ |
379 | cipher_set_key_string(&cipher, cipher_type, passphrase); | 380 | cipher_set_key_string(&ciphercontext, cipher, passphrase); |
380 | cipher_decrypt(&cipher, (unsigned char *) cp, | 381 | cipher_decrypt(&ciphercontext, (unsigned char *) cp, |
381 | (unsigned char *) buffer_ptr(&buffer), | 382 | (unsigned char *) buffer_ptr(&buffer), buffer_len(&buffer)); |
382 | buffer_len(&buffer)); | 383 | memset(&ciphercontext, 0, sizeof(ciphercontext)); |
383 | |||
384 | buffer_free(&buffer); | 384 | buffer_free(&buffer); |
385 | 385 | ||
386 | check1 = buffer_get_char(&decrypted); | 386 | check1 = buffer_get_char(&decrypted); |