diff options
author | djm@openbsd.org <djm@openbsd.org> | 2017-04-30 23:10:43 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-05-01 09:37:40 +1000 |
commit | 56912dea6ef63dae4eb1194e5d88973a7c6c5740 (patch) | |
tree | c0425585449d257a90a42efce5f602f7ce16779f /ssh-agent.c | |
parent | d4084cd230f7319056559b00db8b99296dad49d5 (diff) |
upstream commit
unifdef WITH_SSH1 ok markus@
Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
Diffstat (limited to 'ssh-agent.c')
-rw-r--r-- | ssh-agent.c | 173 |
1 files changed, 1 insertions, 172 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index b987562b9..6788287b7 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.218 2017/03/15 03:52:30 deraadt Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.219 2017/04/30 23:10:43 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -257,16 +257,6 @@ process_request_identities(SocketEntry *e, int version) | |||
257 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 257 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
258 | TAILQ_FOREACH(id, &tab->idlist, next) { | 258 | TAILQ_FOREACH(id, &tab->idlist, next) { |
259 | if (id->key->type == KEY_RSA1) { | 259 | if (id->key->type == KEY_RSA1) { |
260 | #ifdef WITH_SSH1 | ||
261 | if ((r = sshbuf_put_u32(msg, | ||
262 | BN_num_bits(id->key->rsa->n))) != 0 || | ||
263 | (r = sshbuf_put_bignum1(msg, | ||
264 | id->key->rsa->e)) != 0 || | ||
265 | (r = sshbuf_put_bignum1(msg, | ||
266 | id->key->rsa->n)) != 0) | ||
267 | fatal("%s: buffer error: %s", | ||
268 | __func__, ssh_err(r)); | ||
269 | #endif | ||
270 | } else { | 260 | } else { |
271 | u_char *blob; | 261 | u_char *blob; |
272 | size_t blen; | 262 | size_t blen; |
@@ -289,87 +279,6 @@ process_request_identities(SocketEntry *e, int version) | |||
289 | sshbuf_free(msg); | 279 | sshbuf_free(msg); |
290 | } | 280 | } |
291 | 281 | ||
292 | #ifdef WITH_SSH1 | ||
293 | /* ssh1 only */ | ||
294 | static void | ||
295 | process_authentication_challenge1(SocketEntry *e) | ||
296 | { | ||
297 | u_char buf[32], mdbuf[16], session_id[16]; | ||
298 | u_int response_type; | ||
299 | BIGNUM *challenge; | ||
300 | Identity *id; | ||
301 | int r, len; | ||
302 | struct sshbuf *msg; | ||
303 | struct ssh_digest_ctx *md; | ||
304 | struct sshkey *key; | ||
305 | |||
306 | if ((msg = sshbuf_new()) == NULL) | ||
307 | fatal("%s: sshbuf_new failed", __func__); | ||
308 | if ((key = sshkey_new(KEY_RSA1)) == NULL) | ||
309 | fatal("%s: sshkey_new failed", __func__); | ||
310 | if ((challenge = BN_new()) == NULL) | ||
311 | fatal("%s: BN_new failed", __func__); | ||
312 | |||
313 | if ((r = sshbuf_get_u32(e->request, NULL)) != 0 || /* ignored */ | ||
314 | (r = sshbuf_get_bignum1(e->request, key->rsa->e)) != 0 || | ||
315 | (r = sshbuf_get_bignum1(e->request, key->rsa->n)) != 0 || | ||
316 | (r = sshbuf_get_bignum1(e->request, challenge))) | ||
317 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
318 | |||
319 | /* Only protocol 1.1 is supported */ | ||
320 | if (sshbuf_len(e->request) == 0) | ||
321 | goto failure; | ||
322 | if ((r = sshbuf_get(e->request, session_id, sizeof(session_id))) != 0 || | ||
323 | (r = sshbuf_get_u32(e->request, &response_type)) != 0) | ||
324 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
325 | if (response_type != 1) | ||
326 | goto failure; | ||
327 | |||
328 | id = lookup_identity(key, 1); | ||
329 | if (id != NULL && (!id->confirm || confirm_key(id) == 0)) { | ||
330 | struct sshkey *private = id->key; | ||
331 | /* Decrypt the challenge using the private key. */ | ||
332 | if ((r = rsa_private_decrypt(challenge, challenge, | ||
333 | private->rsa) != 0)) { | ||
334 | fatal("%s: rsa_public_encrypt: %s", __func__, | ||
335 | ssh_err(r)); | ||
336 | goto failure; /* XXX ? */ | ||
337 | } | ||
338 | |||
339 | /* The response is MD5 of decrypted challenge plus session id */ | ||
340 | len = BN_num_bytes(challenge); | ||
341 | if (len <= 0 || len > 32) { | ||
342 | logit("%s: bad challenge length %d", __func__, len); | ||
343 | goto failure; | ||
344 | } | ||
345 | memset(buf, 0, 32); | ||
346 | BN_bn2bin(challenge, buf + 32 - len); | ||
347 | if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || | ||
348 | ssh_digest_update(md, buf, 32) < 0 || | ||
349 | ssh_digest_update(md, session_id, 16) < 0 || | ||
350 | ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0) | ||
351 | fatal("%s: md5 failed", __func__); | ||
352 | ssh_digest_free(md); | ||
353 | |||
354 | /* Send the response. */ | ||
355 | if ((r = sshbuf_put_u8(msg, SSH_AGENT_RSA_RESPONSE)) != 0 || | ||
356 | (r = sshbuf_put(msg, mdbuf, sizeof(mdbuf))) != 0) | ||
357 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
358 | goto send; | ||
359 | } | ||
360 | |||
361 | failure: | ||
362 | /* Unknown identity or protocol error. Send failure. */ | ||
363 | if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) | ||
364 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
365 | send: | ||
366 | if ((r = sshbuf_put_stringb(e->output, msg)) != 0) | ||
367 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
368 | sshkey_free(key); | ||
369 | BN_clear_free(challenge); | ||
370 | sshbuf_free(msg); | ||
371 | } | ||
372 | #endif | ||
373 | 282 | ||
374 | static char * | 283 | static char * |
375 | agent_decode_alg(struct sshkey *key, u_int flags) | 284 | agent_decode_alg(struct sshkey *key, u_int flags) |
@@ -448,28 +357,8 @@ process_remove_identity(SocketEntry *e, int version) | |||
448 | int r, success = 0; | 357 | int r, success = 0; |
449 | struct sshkey *key = NULL; | 358 | struct sshkey *key = NULL; |
450 | u_char *blob; | 359 | u_char *blob; |
451 | #ifdef WITH_SSH1 | ||
452 | u_int bits; | ||
453 | #endif /* WITH_SSH1 */ | ||
454 | 360 | ||
455 | switch (version) { | 361 | switch (version) { |
456 | #ifdef WITH_SSH1 | ||
457 | case 1: | ||
458 | if ((key = sshkey_new(KEY_RSA1)) == NULL) { | ||
459 | error("%s: sshkey_new failed", __func__); | ||
460 | return; | ||
461 | } | ||
462 | if ((r = sshbuf_get_u32(e->request, &bits)) != 0 || | ||
463 | (r = sshbuf_get_bignum1(e->request, key->rsa->e)) != 0 || | ||
464 | (r = sshbuf_get_bignum1(e->request, key->rsa->n)) != 0) | ||
465 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
466 | |||
467 | if (bits != sshkey_size(key)) | ||
468 | logit("Warning: identity keysize mismatch: " | ||
469 | "actual %u, announced %u", | ||
470 | sshkey_size(key), bits); | ||
471 | break; | ||
472 | #endif /* WITH_SSH1 */ | ||
473 | case 2: | 362 | case 2: |
474 | if ((r = sshbuf_get_string(e->request, &blob, &blen)) != 0) | 363 | if ((r = sshbuf_get_string(e->request, &blob, &blen)) != 0) |
475 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 364 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
@@ -559,45 +448,6 @@ reaper(void) | |||
559 | * XXX this and the corresponding serialisation function probably belongs | 448 | * XXX this and the corresponding serialisation function probably belongs |
560 | * in key.c | 449 | * in key.c |
561 | */ | 450 | */ |
562 | #ifdef WITH_SSH1 | ||
563 | static int | ||
564 | agent_decode_rsa1(struct sshbuf *m, struct sshkey **kp) | ||
565 | { | ||
566 | struct sshkey *k = NULL; | ||
567 | int r = SSH_ERR_INTERNAL_ERROR; | ||
568 | |||
569 | *kp = NULL; | ||
570 | if ((k = sshkey_new_private(KEY_RSA1)) == NULL) | ||
571 | return SSH_ERR_ALLOC_FAIL; | ||
572 | |||
573 | if ((r = sshbuf_get_u32(m, NULL)) != 0 || /* ignored */ | ||
574 | (r = sshbuf_get_bignum1(m, k->rsa->n)) != 0 || | ||
575 | (r = sshbuf_get_bignum1(m, k->rsa->e)) != 0 || | ||
576 | (r = sshbuf_get_bignum1(m, k->rsa->d)) != 0 || | ||
577 | (r = sshbuf_get_bignum1(m, k->rsa->iqmp)) != 0 || | ||
578 | /* SSH1 and SSL have p and q swapped */ | ||
579 | (r = sshbuf_get_bignum1(m, k->rsa->q)) != 0 || /* p */ | ||
580 | (r = sshbuf_get_bignum1(m, k->rsa->p)) != 0) /* q */ | ||
581 | goto out; | ||
582 | |||
583 | /* Generate additional parameters */ | ||
584 | if ((r = rsa_generate_additional_parameters(k->rsa)) != 0) | ||
585 | goto out; | ||
586 | /* enable blinding */ | ||
587 | if (RSA_blinding_on(k->rsa, NULL) != 1) { | ||
588 | r = SSH_ERR_LIBCRYPTO_ERROR; | ||
589 | goto out; | ||
590 | } | ||
591 | |||
592 | r = 0; /* success */ | ||
593 | out: | ||
594 | if (r == 0) | ||
595 | *kp = k; | ||
596 | else | ||
597 | sshkey_free(k); | ||
598 | return r; | ||
599 | } | ||
600 | #endif /* WITH_SSH1 */ | ||
601 | 451 | ||
602 | static void | 452 | static void |
603 | process_add_identity(SocketEntry *e, int version) | 453 | process_add_identity(SocketEntry *e, int version) |
@@ -613,11 +463,6 @@ process_add_identity(SocketEntry *e, int version) | |||
613 | int r = SSH_ERR_INTERNAL_ERROR; | 463 | int r = SSH_ERR_INTERNAL_ERROR; |
614 | 464 | ||
615 | switch (version) { | 465 | switch (version) { |
616 | #ifdef WITH_SSH1 | ||
617 | case 1: | ||
618 | r = agent_decode_rsa1(e->request, &k); | ||
619 | break; | ||
620 | #endif /* WITH_SSH1 */ | ||
621 | case 2: | 466 | case 2: |
622 | r = sshkey_private_deserialize(e->request, &k); | 467 | r = sshkey_private_deserialize(e->request, &k); |
623 | break; | 468 | break; |
@@ -912,22 +757,6 @@ process_message(SocketEntry *e) | |||
912 | case SSH_AGENTC_UNLOCK: | 757 | case SSH_AGENTC_UNLOCK: |
913 | process_lock_agent(e, type == SSH_AGENTC_LOCK); | 758 | process_lock_agent(e, type == SSH_AGENTC_LOCK); |
914 | break; | 759 | break; |
915 | #ifdef WITH_SSH1 | ||
916 | /* ssh1 */ | ||
917 | case SSH_AGENTC_RSA_CHALLENGE: | ||
918 | process_authentication_challenge1(e); | ||
919 | break; | ||
920 | case SSH_AGENTC_REQUEST_RSA_IDENTITIES: | ||
921 | process_request_identities(e, 1); | ||
922 | break; | ||
923 | case SSH_AGENTC_ADD_RSA_IDENTITY: | ||
924 | case SSH_AGENTC_ADD_RSA_ID_CONSTRAINED: | ||
925 | process_add_identity(e, 1); | ||
926 | break; | ||
927 | case SSH_AGENTC_REMOVE_RSA_IDENTITY: | ||
928 | process_remove_identity(e, 1); | ||
929 | break; | ||
930 | #endif | ||
931 | case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: | 760 | case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: |
932 | process_remove_all_identities(e, 1); /* safe for !WITH_SSH1 */ | 761 | process_remove_all_identities(e, 1); /* safe for !WITH_SSH1 */ |
933 | break; | 762 | break; |